Jump to content

random audio and tons of read to decrypt! files


Recommended Posts

hello

 

I am currently getting random audio playing in the back round and have many random http files that showed up on my computer with this text

 

____________________________________________________________________________________________________

"""YOU ID: **********************************************

Warning!
All of your important documents and files are encrypted by crypto-algorithm!
You will not able to decrypt data without the key phrase.
Do not worry, we have the key phrase and you will get it.

Follow next steps and you will get your data back decrypted:

1) Run Internet Explorer or another Internet browser

2) Go to link: https://launchpad.net/i2p/trunk or https://code.google.com/p/i2p/ and download i2pinstall_0.9.7_windows.exe

3) Open folder with downloaded application and run it (in case of JAVA error please install Java and run the installation again).

4) Use default settings during the installation process.

5) After successful installation click Start, and then click Start I2P (no window)

6) If firewall will ask about an internet access, please allow it (if necessary).

If you are using LAN connection, you should do next steps:

1) Click Start and then click Control Panel.

2) Click Network and Internet and click Internet Options.

3) In the Internet Options dialog box click the Connection tab.

4) Click the LAN Settings button.

5) To enable use a proxy server check the box "Use a proxy server for your LAN"

6) Enter IP address 127.0.0.1 in the Address text field.

7) Enter the 4444 port number in the Port field.

8) Select "Bypass proxy server for local address" checkbox.

9) Click OK to complete the proxy configuration process.



If you are using dial-up or VPN you should do next steps:

1) Click Start->Control Panel. Then click Network and Internet->Internet Options->Connections tab.

2) Under Dial-up and Virtual Private Network Settings, click the connection you want to work with and then click Settings.

3) In the Connection Settings dialog box, enable the use of a proxy server by checking the box for "Use a proxy server for this connection (These settings will not apply to other connections)."

4) Enter the IP address 127.0.0.1 in the Address text box.

5) Enter the 4444 port number in the Port field.

6) Click OK to complete the proxy configuration process.

After finalizing all the configuration process please run Internet Explorer or another browser and go to the link:

http://nzv3m4nyc7k4ndmxwnhfw2mg7abjkfwreonino2qmj7mtbofop5q.b32.i2p

If the given page is not available, please try again later. Sometimes this page opens very slowly.


REMEMBER!
THIS IS THE ONLY WAY TO DECRYPT YOUR DATA!
DO NOT ATTEMPT TO RECOVER YOUR FILES BY YOURSELF! IT IS IMPOSSIBLE WITHOUT KEY PHRASE!
You have only 7 days to get your personal key phrase. At the end of the seven days, your key phrase will be permanently removed from the database and all your files will be lost forever."""

____________________________________________________________________________________________________

 

any help would be greatly appreciated.

 

-Cevebed

Link to post
Share on other sites

Hello cevebed and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.

    Vista/Windows 7 users right-click and select Run As Administrator.

  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.

  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

 

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

hello D-FRED-BROWN

 

i followed ur instructions

 

step 1

 

14:50:31.0586 4792  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
14:50:32.0201 4792  ============================================================
14:50:32.0201 4792  Current date / time: 2013/08/07 14:50:32.0201
14:50:32.0201 4792  SystemInfo:
14:50:32.0201 4792 
14:50:32.0201 4792  OS Version: 6.1.7601 ServicePack: 1.0
14:50:32.0201 4792  Product type: Workstation
14:50:32.0201 4792  ComputerName: FUSIONII-PC
14:50:32.0201 4792  UserName: FusionII
14:50:32.0201 4792  Windows directory: C:\Windows
14:50:32.0201 4792  System windows directory: C:\Windows
14:50:32.0201 4792  Running under WOW64
14:50:32.0201 4792  Processor architecture: Intel x64
14:50:32.0201 4792  Number of processors: 8
14:50:32.0201 4792  Page size: 0x1000
14:50:32.0201 4792  Boot type: Normal boot
14:50:32.0201 4792  ============================================================
14:50:32.0388 4792  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:50:32.0391 4792  ============================================================
14:50:32.0391 4792  \Device\Harddisk0\DR0:
14:50:32.0391 4792  MBR partitions:
14:50:32.0391 4792  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:50:32.0391 4792  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000
14:50:32.0391 4792  ============================================================
14:50:32.0392 4792  C: <-> \Device\Harddisk0\DR0\Partition2
14:50:32.0392 4792  ============================================================
14:50:32.0392 4792  Initialize success
14:50:32.0392 4792  ============================================================
14:50:41.0065 5844  ============================================================
14:50:41.0065 5844  Scan started
14:50:41.0065 5844  Mode: Manual;
14:50:41.0065 5844  ============================================================
14:50:41.0435 5844  ================ Scan system memory ========================
14:50:41.0435 5844  System memory - ok
14:50:41.0436 5844  ================ Scan services =============================
14:50:41.0467 5844  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:50:41.0469 5844  1394ohci - ok
14:50:41.0473 5844  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:50:41.0475 5844  ACPI - ok
14:50:41.0480 5844  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:50:41.0481 5844  AcpiPmi - ok
14:50:41.0485 5844  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:50:41.0486 5844  AdobeARMservice - ok
14:50:41.0500 5844  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:50:41.0502 5844  AdobeFlashPlayerUpdateSvc - ok
14:50:41.0508 5844  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:50:41.0511 5844  adp94xx - ok
14:50:41.0515 5844  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:50:41.0518 5844  adpahci - ok
14:50:41.0521 5844  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:50:41.0522 5844  adpu320 - ok
14:50:41.0526 5844  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:50:41.0526 5844  AeLookupSvc - ok
14:50:41.0532 5844  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:50:41.0535 5844  AFD - ok
14:50:41.0537 5844  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:50:41.0538 5844  agp440 - ok
14:50:41.0540 5844  [ 4BFB41025FA1C37205EDEEFDE36F7771 ] AiChargerPlus   C:\Windows\system32\DRIVERS\AiChargerPlus.sys
14:50:41.0540 5844  AiChargerPlus - ok
14:50:41.0543 5844  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:50:41.0543 5844  ALG - ok
14:50:41.0545 5844  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:50:41.0546 5844  aliide - ok
14:50:41.0548 5844  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:50:41.0548 5844  amdide - ok
14:50:41.0551 5844  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:50:41.0551 5844  AmdK8 - ok
14:50:41.0553 5844  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:50:41.0554 5844  AmdPPM - ok
14:50:41.0556 5844  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:50:41.0557 5844  amdsata - ok
14:50:41.0561 5844  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:50:41.0562 5844  amdsbs - ok
14:50:41.0564 5844  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:50:41.0565 5844  amdxata - ok
14:50:41.0567 5844  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:50:41.0568 5844  AppID - ok
14:50:41.0570 5844  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:50:41.0570 5844  AppIDSvc - ok
14:50:41.0573 5844  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
14:50:41.0573 5844  Appinfo - ok
14:50:41.0577 5844  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:50:41.0577 5844  Apple Mobile Device - ok
14:50:41.0581 5844  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:50:41.0582 5844  AppMgmt - ok
14:50:41.0585 5844  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:50:41.0586 5844  arc - ok
14:50:41.0588 5844  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:50:41.0589 5844  arcsas - ok
14:50:41.0592 5844  [ EB6DC008A1F36DFD7999EB57E97EAACE ] asahci64        C:\Windows\system32\DRIVERS\asahci64.sys
14:50:41.0592 5844  asahci64 - ok
14:50:41.0602 5844  [ 31E2470E61D5A390405BA41C279D8446 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
14:50:41.0608 5844  asComSvc - ok
14:50:41.0617 5844  [ 0466B91EE5767A769E9F8EDB8EF94DDB ] asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
14:50:41.0621 5844  asHmComSvc - ok
14:50:41.0624 5844  [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
14:50:41.0624 5844  AsIO - ok
14:50:41.0627 5844  [ 22842362DF890F5492F85AA60916A697 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
14:50:41.0627 5844  asmthub3 - ok
14:50:41.0632 5844  [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
14:50:41.0633 5844  asmtxhci - ok
14:50:41.0637 5844  [ AD8947D621FDCA48F1F39F4624B60AA1 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
14:50:41.0637 5844  AsSysCtrlService - ok
14:50:41.0640 5844  [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
14:50:41.0640 5844  AsUpIO - ok
14:50:41.0645 5844  [ 55B8384F53CF6405A7729F1CECEB0FA0 ] AsusFanControlService C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
14:50:41.0646 5844  AsusFanControlService - ok
14:50:41.0649 5844  [ A5E4CDB420540095D1293C874B5F89AA ] ASUSFILTER      C:\Windows\syswow64\drivers\ASUSFILTER.sys
14:50:41.0649 5844  ASUSFILTER - ok
14:50:41.0651 5844  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:50:41.0652 5844  AsyncMac - ok
14:50:41.0655 5844  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:50:41.0655 5844  atapi - ok
14:50:41.0663 5844  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:50:41.0667 5844  AudioEndpointBuilder - ok
14:50:41.0673 5844  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:50:41.0675 5844  AudioSrv - ok
14:50:41.0678 5844  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:50:41.0679 5844  AxInstSV - ok
14:50:41.0685 5844  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:50:41.0688 5844  b06bdrv - ok
14:50:41.0692 5844  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:50:41.0694 5844  b57nd60a - ok
14:50:41.0698 5844  [ 638AC077E7EF7D27D03062E486E8BF01 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
14:50:41.0698 5844  bcbtums - ok
14:50:41.0701 5844  [ C369B2C5CBBA005B1818644749CEB1F2 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
14:50:41.0701 5844  BCM42RLY - ok
14:50:41.0732 5844  [ 1F9B46C475E9DD32402B960D974BF69C ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
14:50:41.0746 5844  BCM43XX - ok
14:50:41.0750 5844  [ B6FA52DE682784889E700B9B467F4D7A ] BcmVWL          C:\Windows\system32\DRIVERS\bcmvwl64.sys
14:50:41.0750 5844  BcmVWL - ok
14:50:41.0753 5844  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:50:41.0754 5844  BDESVC - ok
14:50:41.0756 5844  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:50:41.0756 5844  Beep - ok
14:50:41.0764 5844  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:50:41.0768 5844  BFE - ok
14:50:41.0777 5844  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:50:41.0783 5844  BITS - ok
14:50:41.0785 5844  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:50:41.0786 5844  blbdrive - ok
14:50:41.0793 5844  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:50:41.0795 5844  Bonjour Service - ok
14:50:41.0798 5844  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:50:41.0799 5844  bowser - ok
14:50:41.0800 5844  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:50:41.0801 5844  BrFiltLo - ok
14:50:41.0803 5844  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:50:41.0803 5844  BrFiltUp - ok
14:50:41.0806 5844  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:50:41.0807 5844  Browser - ok
14:50:41.0811 5844  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:50:41.0813 5844  Brserid - ok
14:50:41.0815 5844  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:50:41.0816 5844  BrSerWdm - ok
14:50:41.0818 5844  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:50:41.0818 5844  BrUsbMdm - ok
14:50:41.0820 5844  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:50:41.0820 5844  BrUsbSer - ok
14:50:41.0822 5844  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
14:50:41.0823 5844  BthEnum - ok
14:50:41.0825 5844  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:50:41.0825 5844  BTHMODEM - ok
14:50:41.0828 5844  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:50:41.0829 5844  BthPan - ok
14:50:41.0835 5844  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
14:50:41.0838 5844  BTHPORT - ok
14:50:41.0841 5844  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:50:41.0842 5844  bthserv - ok
14:50:41.0844 5844  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:50:41.0845 5844  BTHUSB - ok
14:50:41.0852 5844  [ 0E78584D5FACA0509DFA97BD8B635075 ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
14:50:41.0854 5844  btwampfl - ok
14:50:41.0857 5844  [ 409C4117E6027672EF41E68ACE1468AD ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
14:50:41.0858 5844  btwaudio - ok
14:50:41.0861 5844  [ 8CA7CABD13316ABACE386D9F380B4CF3 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
14:50:41.0862 5844  btwavdt - ok
14:50:41.0873 5844  [ CF077B1C29B1EE9C699723689045FF3E ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:50:41.0880 5844  btwdins - ok
14:50:41.0882 5844  [ 41933521A618475644B6E8D8487AF326 ] BTWDPAN         C:\Windows\system32\DRIVERS\btwdpan.sys
14:50:41.0883 5844  BTWDPAN - ok
14:50:41.0885 5844  [ B9354F9F111C64F2495B60F1E24CB453 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
14:50:41.0885 5844  btwl2cap - ok
14:50:41.0886 5844  [ 71A04F2D9DEB21B162561EB574D7D629 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
14:50:41.0887 5844  btwrchid - ok
14:50:41.0889 5844  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:50:41.0890 5844  cdfs - ok
14:50:41.0893 5844  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:50:41.0894 5844  cdrom - ok
14:50:41.0897 5844  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:50:41.0897 5844  CertPropSvc - ok
14:50:41.0899 5844  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:50:41.0900 5844  circlass - ok
14:50:41.0905 5844  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:50:41.0907 5844  CLFS - ok
14:50:41.0913 5844  [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
14:50:41.0914 5844  CLKMSVC10_38F51D56 - ok
14:50:41.0919 5844  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:50:41.0920 5844  clr_optimization_v2.0.50727_32 - ok
14:50:41.0924 5844  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:50:41.0925 5844  clr_optimization_v2.0.50727_64 - ok
14:50:41.0929 5844  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:50:41.0930 5844  clr_optimization_v4.0.30319_32 - ok
14:50:41.0934 5844  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:50:41.0935 5844  clr_optimization_v4.0.30319_64 - ok
14:50:41.0937 5844  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:50:41.0937 5844  CmBatt - ok
14:50:41.0939 5844  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:50:41.0940 5844  cmdide - ok
14:50:41.0945 5844  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:50:41.0948 5844  CNG - ok
14:50:41.0950 5844  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:50:41.0951 5844  Compbatt - ok
14:50:41.0952 5844  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:50:41.0953 5844  CompositeBus - ok
14:50:41.0954 5844  COMSysApp - ok
14:50:41.0958 5844  [ 75DBD5DB9892D7451D0429BEC1AABE1A ] cpuz135         C:\Windows\system32\drivers\cpuz135_x64.sys
14:50:41.0958 5844  cpuz135 - ok
14:50:41.0960 5844  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:50:41.0961 5844  crcdisk - ok
14:50:41.0965 5844  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:50:41.0966 5844  CryptSvc - ok
14:50:41.0975 5844  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
14:50:41.0979 5844  CSC - ok
14:50:41.0991 5844  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
14:50:41.0996 5844  CscService - ok
14:50:41.0998 5844  [ 01ACB9228C303DE1FFF82B807D28B2B0 ] Ctafiltv        C:\Windows\system32\drivers\Ctafiltv.sys
14:50:41.0999 5844  Ctafiltv - ok
14:50:42.0005 5844  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:50:42.0009 5844  DcomLaunch - ok
14:50:42.0013 5844  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:50:42.0015 5844  defragsvc - ok
14:50:42.0017 5844  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:50:42.0018 5844  DfsC - ok
14:50:42.0023 5844  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:50:42.0025 5844  Dhcp - ok
14:50:42.0027 5844  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:50:42.0027 5844  discache - ok
14:50:42.0030 5844  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:50:42.0031 5844  Disk - ok
14:50:42.0034 5844  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:50:42.0035 5844  Dnscache - ok
14:50:42.0040 5844  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:50:42.0042 5844  dot3svc - ok
14:50:42.0045 5844  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:50:42.0046 5844  DPS - ok
14:50:42.0048 5844  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:50:42.0048 5844  drmkaud - ok
14:50:42.0058 5844  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:50:42.0061 5844  DXGKrnl - ok
14:50:42.0067 5844  [ E53D32044F4A03D64D6C91CF0A22A77E ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
14:50:42.0068 5844  e1cexpress - ok
14:50:42.0071 5844  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:50:42.0073 5844  EapHost - ok
14:50:42.0095 5844  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:50:42.0114 5844  ebdrv - ok
14:50:42.0116 5844  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:50:42.0117 5844  EFS - ok
14:50:42.0125 5844  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:50:42.0129 5844  ehRecvr - ok
14:50:42.0132 5844  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:50:42.0133 5844  ehSched - ok
14:50:42.0139 5844  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:50:42.0142 5844  elxstor - ok
14:50:42.0145 5844  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:50:42.0145 5844  ErrDev - ok
14:50:42.0151 5844  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:50:42.0154 5844  EventSystem - ok
14:50:42.0157 5844  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:50:42.0159 5844  exfat - ok
14:50:42.0162 5844  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:50:42.0163 5844  fastfat - ok
14:50:42.0171 5844  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:50:42.0176 5844  Fax - ok
14:50:42.0178 5844  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:50:42.0178 5844  fdc - ok
14:50:42.0180 5844  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:50:42.0181 5844  fdPHost - ok
14:50:42.0183 5844  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:50:42.0184 5844  FDResPub - ok
14:50:42.0187 5844  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:50:42.0188 5844  FileInfo - ok
14:50:42.0190 5844  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:50:42.0190 5844  Filetrace - ok
14:50:42.0192 5844  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:50:42.0193 5844  flpydisk - ok
14:50:42.0197 5844  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:50:42.0198 5844  FltMgr - ok
14:50:42.0209 5844  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
14:50:42.0216 5844  FontCache - ok
14:50:42.0219 5844  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:50:42.0219 5844  FontCache3.0.0.0 - ok
14:50:42.0221 5844  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:50:42.0222 5844  FsDepends - ok
14:50:42.0224 5844  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:50:42.0225 5844  Fs_Rec - ok
14:50:42.0228 5844  [ 79B4CDE2B69ED8BA4011859780A66A4D ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
14:50:42.0228 5844  Futuremark SystemInfo Service - ok
14:50:42.0232 5844  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:50:42.0233 5844  fvevol - ok
14:50:42.0236 5844  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:50:42.0237 5844  gagp30kx - ok
14:50:42.0239 5844  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:50:42.0239 5844  GEARAspiWDM - ok
14:50:42.0247 5844  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:50:42.0252 5844  gpsvc - ok
14:50:42.0254 5844  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:50:42.0255 5844  hcw85cir - ok
14:50:42.0259 5844  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:50:42.0261 5844  HdAudAddService - ok
14:50:42.0264 5844  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:50:42.0265 5844  HDAudBus - ok
14:50:42.0267 5844  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:50:42.0267 5844  HidBatt - ok
14:50:42.0270 5844  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:50:42.0271 5844  HidBth - ok
14:50:42.0273 5844  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:50:42.0273 5844  HidIr - ok
14:50:42.0275 5844  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
14:50:42.0276 5844  hidserv - ok
14:50:42.0278 5844  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:50:42.0278 5844  HidUsb - ok
14:50:42.0281 5844  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:50:42.0282 5844  hkmsvc - ok
14:50:42.0286 5844  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:50:42.0287 5844  HomeGroupListener - ok
14:50:42.0291 5844  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:50:42.0293 5844  HomeGroupProvider - ok
14:50:42.0295 5844  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:50:42.0296 5844  HpSAMD - ok
14:50:42.0303 5844  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:50:42.0308 5844  HTTP - ok
14:50:42.0310 5844  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:50:42.0310 5844  hwpolicy - ok
14:50:42.0312 5844  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:50:42.0313 5844  i8042prt - ok
14:50:42.0320 5844  [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:50:42.0323 5844  iaStor - ok
14:50:42.0327 5844  [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:50:42.0327 5844  IAStorDataMgrSvc - ok
14:50:42.0332 5844  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:50:42.0335 5844  iaStorV - ok
14:50:42.0338 5844  [ 90D95B25F8413F937A2E155F196D892C ] ICCS            C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
14:50:42.0339 5844  ICCS - ok
14:50:42.0341 5844  [ C1010ADD3DDAE1196ED21057AF7B2AAE ] ICCWDT          C:\Windows\system32\DRIVERS\ICCWDT.sys
14:50:42.0341 5844  ICCWDT - ok
14:50:42.0350 5844  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:50:42.0355 5844  idsvc - ok
14:50:42.0357 5844  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:50:42.0358 5844  iirsp - ok
14:50:42.0366 5844  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:50:42.0372 5844  IKEEXT - ok
14:50:42.0400 5844  [ 9CC645EB9697AA4F2D5A39835C80A0A2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:50:42.0412 5844  IntcAzAudAddService - ok
14:50:42.0420 5844  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
14:50:42.0424 5844  Intel® Capability Licensing Service Interface - ok
14:50:42.0428 5844  [ 4A9EB8AC8959C580ADCADDBDBBEBE033 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
14:50:42.0429 5844  Intel® PROSet Monitoring Service - ok
14:50:42.0431 5844  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:50:42.0432 5844  intelide - ok
14:50:42.0434 5844  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:50:42.0434 5844  intelppm - ok
14:50:42.0437 5844  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:50:42.0438 5844  IPBusEnum - ok
14:50:42.0441 5844  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:50:42.0441 5844  IpFilterDriver - ok
14:50:42.0448 5844  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:50:42.0451 5844  iphlpsvc - ok
14:50:42.0454 5844  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:50:42.0455 5844  IPMIDRV - ok
14:50:42.0457 5844  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:50:42.0458 5844  IPNAT - ok
14:50:42.0466 5844  [ 2872B90D57C8310194A78A9787406467 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:50:42.0470 5844  iPod Service - ok
14:50:42.0472 5844  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:50:42.0472 5844  IRENUM - ok
14:50:42.0474 5844  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:50:42.0475 5844  isapnp - ok
14:50:42.0479 5844  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:50:42.0481 5844  iScsiPrt - ok
14:50:42.0483 5844  [ B2381712638B0B714D0EEAB9A1F7C640 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
14:50:42.0483 5844  iusb3hcs - ok
14:50:42.0488 5844  [ FD2C6457232E95C014DAD21DEBC64867 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
14:50:42.0489 5844  iusb3hub - ok
14:50:42.0497 5844  [ F6A2B5D030BE7EDF8ADC12C9A40825A8 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
14:50:42.0500 5844  iusb3xhc - ok
14:50:42.0504 5844  [ C44B44E24B929631D9D7368F5B2B40CF ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
14:50:42.0505 5844  jhi_service - ok
14:50:42.0507 5844  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:50:42.0508 5844  kbdclass - ok
14:50:42.0510 5844  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:50:42.0510 5844  kbdhid - ok
14:50:42.0512 5844  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:50:42.0512 5844  KeyIso - ok
14:50:42.0515 5844  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:50:42.0516 5844  KSecDD - ok
14:50:42.0519 5844  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:50:42.0520 5844  KSecPkg - ok
14:50:42.0522 5844  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:50:42.0522 5844  ksthunk - ok
14:50:42.0527 5844  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:50:42.0530 5844  KtmRm - ok
14:50:42.0533 5844  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:50:42.0536 5844  LanmanServer - ok
14:50:42.0538 5844  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:50:42.0540 5844  LanmanWorkstation - ok
14:50:42.0543 5844  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:50:42.0543 5844  lltdio - ok
14:50:42.0548 5844  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:50:42.0550 5844  lltdsvc - ok
14:50:42.0552 5844  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:50:42.0553 5844  lmhosts - ok
14:50:42.0556 5844  [ 75F29D77B0540FCF47EE3BE000BBABDA ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:50:42.0558 5844  LMS - ok
14:50:42.0561 5844  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:50:42.0562 5844  LSI_FC - ok
14:50:42.0565 5844  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:50:42.0565 5844  LSI_SAS - ok
14:50:42.0568 5844  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:50:42.0568 5844  LSI_SAS2 - ok
14:50:42.0571 5844  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:50:42.0572 5844  LSI_SCSI - ok
14:50:42.0575 5844  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:50:42.0576 5844  luafv - ok
14:50:42.0578 5844  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:50:42.0579 5844  Mcx2Svc - ok
14:50:42.0581 5844  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:50:42.0582 5844  megasas - ok
14:50:42.0586 5844  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:50:42.0588 5844  MegaSR - ok
14:50:42.0590 5844  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:50:42.0591 5844  MEIx64 - ok
14:50:42.0593 5844  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:50:42.0594 5844  MMCSS - ok
14:50:42.0596 5844  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:50:42.0597 5844  Modem - ok
14:50:42.0599 5844  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:50:42.0599 5844  monitor - ok
14:50:42.0601 5844  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:50:42.0602 5844  mouclass - ok
14:50:42.0604 5844  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:50:42.0604 5844  mouhid - ok
14:50:42.0607 5844  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:50:42.0608 5844  mountmgr - ok
14:50:42.0611 5844  [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:50:42.0612 5844  MozillaMaintenance - ok
14:50:42.0615 5844  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:50:42.0616 5844  mpio - ok
14:50:42.0618 5844  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:50:42.0619 5844  mpsdrv - ok
14:50:42.0627 5844  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:50:42.0633 5844  MpsSvc - ok
14:50:42.0636 5844  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:50:42.0637 5844  MRxDAV - ok
14:50:42.0640 5844  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:50:42.0641 5844  mrxsmb - ok
14:50:42.0645 5844  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:50:42.0647 5844  mrxsmb10 - ok
14:50:42.0650 5844  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:50:42.0651 5844  mrxsmb20 - ok
14:50:42.0653 5844  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:50:42.0654 5844  msahci - ok
14:50:42.0657 5844  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:50:42.0658 5844  msdsm - ok
14:50:42.0661 5844  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:50:42.0662 5844  MSDTC - ok
14:50:42.0665 5844  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:50:42.0666 5844  Msfs - ok
14:50:42.0668 5844  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:50:42.0668 5844  mshidkmdf - ok
14:50:42.0670 5844  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:50:42.0670 5844  msisadrv - ok
14:50:42.0673 5844  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:50:42.0675 5844  MSiSCSI - ok
14:50:42.0677 5844  msiserver - ok
14:50:42.0679 5844  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:50:42.0679 5844  MSKSSRV - ok
14:50:42.0681 5844  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:50:42.0681 5844  MSPCLOCK - ok
14:50:42.0683 5844  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:50:42.0683 5844  MSPQM - ok
14:50:42.0688 5844  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:50:42.0691 5844  MsRPC - ok
14:50:42.0694 5844  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:50:42.0694 5844  mssmbios - ok
14:50:42.0696 5844  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:50:42.0696 5844  MSTEE - ok
14:50:42.0698 5844  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:50:42.0699 5844  MTConfig - ok
14:50:42.0701 5844  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:50:42.0702 5844  Mup - ok
14:50:42.0707 5844  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:50:42.0711 5844  napagent - ok
14:50:42.0715 5844  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:50:42.0717 5844  NativeWifiP - ok
14:50:42.0726 5844  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:50:42.0732 5844  NDIS - ok
14:50:42.0734 5844  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:50:42.0735 5844  NdisCap - ok
14:50:42.0737 5844  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:50:42.0737 5844  NdisTapi - ok
14:50:42.0740 5844  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:50:42.0740 5844  Ndisuio - ok
14:50:42.0744 5844  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:50:42.0745 5844  NdisWan - ok
14:50:42.0747 5844  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:50:42.0748 5844  NDProxy - ok
14:50:42.0750 5844  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:50:42.0750 5844  NetBIOS - ok
14:50:42.0754 5844  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:50:42.0756 5844  NetBT - ok
14:50:42.0758 5844  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:50:42.0758 5844  Netlogon - ok
14:50:42.0763 5844  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:50:42.0766 5844  Netman - ok
14:50:42.0771 5844  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:50:42.0774 5844  netprofm - ok
14:50:42.0777 5844  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:50:42.0778 5844  NetTcpPortSharing - ok
14:50:42.0780 5844  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:50:42.0781 5844  nfrd960 - ok
14:50:42.0785 5844  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:50:42.0787 5844  NlaSvc - ok
14:50:42.0790 5844  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:50:42.0791 5844  Npfs - ok
14:50:42.0793 5844  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:50:42.0794 5844  nsi - ok
14:50:42.0796 5844  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:50:42.0796 5844  nsiproxy - ok
14:50:42.0810 5844  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:50:42.0820 5844  Ntfs - ok
14:50:42.0823 5844  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:50:42.0823 5844  Null - ok
14:50:42.0827 5844  [ 5F1FF880ADACF7E0FF7C27BA188B05DA ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
14:50:42.0828 5844  NVHDA - ok
14:50:42.0896 5844  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:50:42.0928 5844  nvlddmkm - ok
14:50:42.0933 5844  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:50:42.0934 5844  nvraid - ok
14:50:42.0938 5844  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:50:42.0939 5844  nvstor - ok
14:50:42.0948 5844  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:50:42.0954 5844  nvsvc - ok
14:50:42.0967 5844  [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:50:42.0974 5844  nvUpdatusService - ok
14:50:42.0977 5844  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:50:42.0978 5844  nv_agp - ok
14:50:42.0981 5844  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:50:42.0982 5844  ohci1394 - ok
14:50:42.0987 5844  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:50:42.0989 5844  p2pimsvc - ok
14:50:42.0994 5844  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:50:42.0998 5844  p2psvc - ok
14:50:43.0000 5844  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:50:43.0001 5844  Parport - ok
14:50:43.0004 5844  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:50:43.0005 5844  partmgr - ok
14:50:43.0008 5844  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:50:43.0010 5844  PcaSvc - ok
14:50:43.0013 5844  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:50:43.0014 5844  pci - ok
14:50:43.0017 5844  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:50:43.0017 5844  pciide - ok
14:50:43.0021 5844  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:50:43.0022 5844  pcmcia - ok
14:50:43.0024 5844  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:50:43.0025 5844  pcw - ok
14:50:43.0032 5844  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:50:43.0036 5844  PEAUTH - ok
14:50:43.0047 5844  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:50:43.0056 5844  PeerDistSvc - ok
14:50:43.0069 5844  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:50:43.0070 5844  PerfHost - ok
14:50:43.0084 5844  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:50:43.0093 5844  pla - ok
14:50:43.0098 5844  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:50:43.0101 5844  PlugPlay - ok
14:50:43.0103 5844  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:50:43.0104 5844  PNRPAutoReg - ok
14:50:43.0108 5844  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:50:43.0110 5844  PNRPsvc - ok
14:50:43.0112 5844  [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
14:50:43.0113 5844  Point64 - ok
14:50:43.0118 5844  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:50:43.0121 5844  PolicyAgent - ok
14:50:43.0126 5844  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:50:43.0127 5844  Power - ok
14:50:43.0130 5844  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:50:43.0131 5844  PptpMiniport - ok
14:50:43.0133 5844  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:50:43.0133 5844  Processor - ok
14:50:43.0137 5844  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:50:43.0139 5844  ProfSvc - ok
14:50:43.0141 5844  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:50:43.0141 5844  ProtectedStorage - ok
14:50:43.0144 5844  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:50:43.0145 5844  Psched - ok
14:50:43.0158 5844  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:50:43.0167 5844  ql2300 - ok
14:50:43.0170 5844  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:50:43.0171 5844  ql40xx - ok
14:50:43.0177 5844  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:50:43.0179 5844  QWAVE - ok
14:50:43.0181 5844  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:50:43.0182 5844  QWAVEdrv - ok
14:50:43.0184 5844  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:50:43.0184 5844  RasAcd - ok
14:50:43.0187 5844  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:50:43.0187 5844  RasAgileVpn - ok
14:50:43.0190 5844  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:50:43.0191 5844  RasAuto - ok
14:50:43.0194 5844  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:50:43.0195 5844  Rasl2tp - ok
14:50:43.0200 5844  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:50:43.0203 5844  RasMan - ok
14:50:43.0205 5844  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:50:43.0206 5844  RasPppoe - ok
14:50:43.0209 5844  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:50:43.0210 5844  RasSstp - ok
14:50:43.0214 5844  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:50:43.0216 5844  rdbss - ok
14:50:43.0218 5844  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:50:43.0218 5844  rdpbus - ok
14:50:43.0220 5844  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:50:43.0220 5844  RDPCDD - ok
14:50:43.0224 5844  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:50:43.0226 5844  RDPDR - ok
14:50:43.0227 5844  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:50:43.0228 5844  RDPENCDD - ok
14:50:43.0230 5844  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:50:43.0230 5844  RDPREFMP - ok
14:50:43.0233 5844  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:50:43.0234 5844  RdpVideoMiniport - ok
14:50:43.0237 5844  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:50:43.0239 5844  RDPWD - ok
14:50:43.0242 5844  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:50:43.0244 5844  rdyboost - ok
14:50:43.0246 5844  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:50:43.0247 5844  RemoteAccess - ok
14:50:43.0251 5844  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:50:43.0252 5844  RemoteRegistry - ok
14:50:43.0256 5844  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:50:43.0257 5844  RFCOMM - ok
14:50:43.0259 5844  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:50:43.0260 5844  RpcEptMapper - ok
14:50:43.0262 5844  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:50:43.0263 5844  RpcLocator - ok
14:50:43.0268 5844  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:50:43.0270 5844  RpcSs - ok
14:50:43.0273 5844  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:50:43.0274 5844  rspndr - ok
14:50:43.0276 5844  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:50:43.0277 5844  s3cap - ok
14:50:43.0279 5844  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:50:43.0279 5844  SamSs - ok
14:50:43.0282 5844  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:50:43.0283 5844  sbp2port - ok
14:50:43.0286 5844  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:50:43.0288 5844  SCardSvr - ok
14:50:43.0291 5844  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:50:43.0291 5844  scfilter - ok
14:50:43.0301 5844  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:50:43.0308 5844  Schedule - ok
14:50:43.0311 5844  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:50:43.0311 5844  SCPolicySvc - ok
14:50:43.0315 5844  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:50:43.0316 5844  SDRSVC - ok
14:50:43.0327 5844  [ D98E936BDD4A6CFE39535F3696D0EC6F ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
14:50:43.0333 5844  SDScannerService - ok
14:50:43.0345 5844  [ 2D5088524613D1ED55D20195AF42DDC7 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
14:50:43.0353 5844  SDUpdateService - ok
14:50:43.0356 5844  [ 59DCE6783F9ED27EB72C81466E363BF8 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
14:50:43.0357 5844  SDWSCService - ok
14:50:43.0359 5844  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:50:43.0360 5844  secdrv - ok
14:50:43.0362 5844  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:50:43.0363 5844  seclogon - ok
14:50:43.0365 5844  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
14:50:43.0366 5844  SENS - ok
14:50:43.0369 5844  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:50:43.0370 5844  SensrSvc - ok
14:50:43.0372 5844  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:50:43.0373 5844  Serenum - ok
14:50:43.0375 5844  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:50:43.0376 5844  Serial - ok
14:50:43.0378 5844  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:50:43.0379 5844  sermouse - ok
14:50:43.0383 5844  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:50:43.0385 5844  SessionEnv - ok
14:50:43.0387 5844  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:50:43.0388 5844  sffdisk - ok
14:50:43.0390 5844  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:50:43.0390 5844  sffp_mmc - ok
14:50:43.0392 5844  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:50:43.0392 5844  sffp_sd - ok
14:50:43.0394 5844  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:50:43.0395 5844  sfloppy - ok
14:50:43.0399 5844  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:50:43.0401 5844  SharedAccess - ok
14:50:43.0406 5844  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:50:43.0409 5844  ShellHWDetection - ok
14:50:43.0411 5844  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:50:43.0412 5844  SiSRaid2 - ok
14:50:43.0414 5844  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:50:43.0415 5844  SiSRaid4 - ok
14:50:43.0418 5844  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:50:43.0419 5844  Smb - ok
14:50:43.0422 5844  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:50:43.0423 5844  SNMPTRAP - ok
14:50:43.0425 5844  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:50:43.0426 5844  spldr - ok
14:50:43.0432 5844  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:50:43.0436 5844  Spooler - ok
14:50:43.0461 5844  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:50:43.0481 5844  sppsvc - ok
14:50:43.0485 5844  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:50:43.0486 5844  sppuinotify - ok
14:50:43.0492 5844  [ 4B3F898DC1378CED2F35D04E5B0CE0DF ] sptd            C:\Windows\System32\Drivers\sptd.sys
14:50:43.0492 5844  Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 4B3F898DC1378CED2F35D04E5B0CE0DF
14:50:43.0493 5844  sptd ( LockedFile.Multi.Generic ) - warning
14:50:43.0493 5844  sptd - detected LockedFile.Multi.Generic (1)
14:50:43.0499 5844  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:50:43.0502 5844  srv - ok
14:50:43.0507 5844  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:50:43.0510 5844  srv2 - ok
14:50:43.0514 5844  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:50:43.0515 5844  srvnet - ok
14:50:43.0519 5844  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:50:43.0521 5844  SSDPSRV - ok
14:50:43.0524 5844  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:50:43.0525 5844  SstpSvc - ok
14:50:43.0527 5844  Steam Client Service - ok
14:50:43.0533 5844  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:50:43.0535 5844  Stereo Service - ok
14:50:43.0537 5844  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:50:43.0537 5844  stexstor - ok
14:50:43.0544 5844  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:50:43.0548 5844  stisvc - ok
14:50:43.0551 5844  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:50:43.0551 5844  storflt - ok
14:50:43.0553 5844  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:50:43.0554 5844  storvsc - ok
14:50:43.0556 5844  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:50:43.0556 5844  swenum - ok
14:50:43.0562 5844  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:50:43.0566 5844  swprv - ok
14:50:43.0567 5844  Synth3dVsc - ok
14:50:43.0582 5844  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:50:43.0593 5844  SysMain - ok
14:50:43.0596 5844  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:50:43.0597 5844  TabletInputService - ok
14:50:43.0602 5844  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:50:43.0605 5844  TapiSrv - ok
14:50:43.0608 5844  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:50:43.0609 5844  TBS - ok
14:50:43.0623 5844  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:50:43.0635 5844  Tcpip - ok
14:50:43.0649 5844  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:50:43.0654 5844  TCPIP6 - ok
14:50:43.0658 5844  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:50:43.0658 5844  tcpipreg - ok
14:50:43.0661 5844  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:50:43.0662 5844  TDPIPE - ok
14:50:43.0664 5844  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:50:43.0665 5844  TDTCP - ok
14:50:43.0668 5844  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:50:43.0669 5844  tdx - ok
14:50:43.0671 5844  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:50:43.0672 5844  TermDD - ok
14:50:43.0679 5844  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:50:43.0684 5844  TermService - ok
14:50:43.0687 5844  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:50:43.0688 5844  Themes - ok
14:50:43.0693 5844  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:50:43.0694 5844  THREADORDER - ok
14:50:43.0697 5844  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:50:43.0698 5844  TrkWks - ok
14:50:43.0702 5844  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:50:43.0703 5844  TrustedInstaller - ok
14:50:43.0706 5844  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:50:43.0707 5844  tssecsrv - ok
14:50:43.0709 5844  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:50:43.0711 5844  TsUsbFlt - ok
14:50:43.0713 5844  tsusbhub - ok
14:50:43.0717 5844  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:50:43.0718 5844  tunnel - ok
14:50:43.0721 5844  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:50:43.0722 5844  uagp35 - ok
14:50:43.0727 5844  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:50:43.0729 5844  udfs - ok
14:50:43.0733 5844  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:50:43.0734 5844  UI0Detect - ok
14:50:43.0736 5844  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:50:43.0737 5844  uliagpkx - ok
14:50:43.0739 5844  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:50:43.0740 5844  umbus - ok
14:50:43.0742 5844  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:50:43.0742 5844  UmPass - ok
14:50:43.0746 5844  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
14:50:43.0748 5844  UmRdpService - ok
14:50:43.0754 5844  [ 193AD338F2A64D17300AD640ADFA5D0A ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:50:43.0756 5844  UNS - ok
14:50:43.0761 5844  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:50:43.0764 5844  upnphost - ok
14:50:43.0767 5844  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:50:43.0767 5844  USBAAPL64 - ok
14:50:43.0770 5844  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:50:43.0771 5844  usbaudio - ok
14:50:43.0774 5844  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:50:43.0775 5844  usbccgp - ok
14:50:43.0778 5844  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:50:43.0779 5844  usbcir - ok
14:50:43.0782 5844  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:50:43.0782 5844  usbehci - ok
14:50:43.0787 5844  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:50:43.0789 5844  usbhub - ok
14:50:43.0791 5844  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:50:43.0792 5844  usbohci - ok
14:50:43.0794 5844  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:50:43.0794 5844  usbprint - ok
14:50:43.0797 5844  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:50:43.0797 5844  USBSTOR - ok
14:50:43.0800 5844  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:50:43.0800 5844  usbuhci - ok
14:50:43.0802 5844  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:50:43.0803 5844  UxSms - ok
14:50:43.0805 5844  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:50:43.0806 5844  VaultSvc - ok
14:50:43.0808 5844  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:50:43.0808 5844  vdrvroot - ok
14:50:43.0814 5844  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:50:43.0819 5844  vds - ok
14:50:43.0821 5844  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:50:43.0821 5844  vga - ok
14:50:43.0824 5844  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:50:43.0824 5844  VgaSave - ok
14:50:43.0826 5844  VGPU - ok
14:50:43.0830 5844  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:50:43.0831 5844  vhdmp - ok
14:50:43.0833 5844  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:50:43.0834 5844  viaide - ok
14:50:43.0837 5844  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:50:43.0839 5844  vmbus - ok
14:50:43.0841 5844  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:50:43.0841 5844  VMBusHID - ok
14:50:43.0843 5844  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:50:43.0844 5844  volmgr - ok
14:50:43.0849 5844  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:50:43.0851 5844  volmgrx - ok
14:50:43.0856 5844  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:50:43.0857 5844  volsnap - ok
14:50:43.0861 5844  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:50:43.0862 5844  vsmraid - ok
14:50:43.0875 5844  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:50:43.0886 5844  VSS - ok
14:50:43.0888 5844  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:50:43.0888 5844  vwifibus - ok
14:50:43.0890 5844  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:50:43.0891 5844  vwififlt - ok
14:50:43.0893 5844  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:50:43.0893 5844  vwifimp - ok
14:50:43.0898 5844  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:50:43.0901 5844  W32Time - ok
14:50:43.0904 5844  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:50:43.0905 5844  WacomPen - ok
14:50:43.0907 5844  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:50:43.0908 5844  WANARP - ok
14:50:43.0910 5844  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:50:43.0910 5844  Wanarpv6 - ok
14:50:43.0922 5844  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:50:43.0929 5844  WatAdminSvc - ok
14:50:43.0943 5844  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:50:43.0952 5844  wbengine - ok
14:50:43.0956 5844  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:50:43.0958 5844  WbioSrvc - ok
14:50:43.0963 5844  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:50:43.0966 5844  wcncsvc - ok
14:50:43.0968 5844  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:50:43.0969 5844  WcsPlugInService - ok
14:50:43.0971 5844  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:50:43.0972 5844  Wd - ok
14:50:43.0980 5844  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:50:43.0985 5844  Wdf01000 - ok
14:50:43.0988 5844  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:50:43.0989 5844  WdiServiceHost - ok
14:50:43.0991 5844  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:50:43.0992 5844  WdiSystemHost - ok
14:50:43.0997 5844  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:50:43.0999 5844  WebClient - ok
14:50:44.0003 5844  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:50:44.0005 5844  Wecsvc - ok
14:50:44.0008 5844  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:50:44.0009 5844  wercplsupport - ok
14:50:44.0012 5844  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:50:44.0014 5844  WerSvc - ok
14:50:44.0016 5844  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:50:44.0016 5844  WfpLwf - ok
14:50:44.0018 5844  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:50:44.0018 5844  WIMMount - ok
14:50:44.0020 5844  WinDefend - ok
14:50:44.0022 5844  WinHttpAutoProxySvc - ok
14:50:44.0028 5844  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:50:44.0030 5844  Winmgmt - ok
14:50:44.0046 5844  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:50:44.0058 5844  WinRM - ok
14:50:44.0062 5844  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:50:44.0063 5844  WinUsb - ok
14:50:44.0072 5844  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:50:44.0078 5844  Wlansvc - ok
14:50:44.0082 5844  [ 4FC20AC43DAC9ADF37F9835034D3816C ] wltrysvc        C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
14:50:44.0083 5844  wltrysvc - ok
14:50:44.0085 5844  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:50:44.0085 5844  WmiAcpi - ok
14:50:44.0090 5844  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:50:44.0092 5844  wmiApSrv - ok
14:50:44.0093 5844  WMPNetworkSvc - ok
14:50:44.0096 5844  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:50:44.0097 5844  WPCSvc - ok
14:50:44.0099 5844  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:50:44.0101 5844  WPDBusEnum - ok
14:50:44.0103 5844  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:50:44.0104 5844  ws2ifsl - ok
14:50:44.0106 5844  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
14:50:44.0108 5844  wscsvc - ok
14:50:44.0110 5844  WSearch - ok
14:50:44.0129 5844  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:50:44.0143 5844  wuauserv - ok
14:50:44.0146 5844  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:50:44.0147 5844  WudfPf - ok
14:50:44.0151 5844  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:50:44.0152 5844  WUDFRd - ok
14:50:44.0155 5844  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:50:44.0156 5844  wudfsvc - ok
14:50:44.0160 5844  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:50:44.0163 5844  WwanSvc - ok
14:50:44.0166 5844  [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
14:50:44.0167 5844  xusb21 - ok
14:50:44.0172 5844  ================ Scan global ===============================
14:50:44.0174 5844  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:50:44.0177 5844  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:50:44.0182 5844  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:50:44.0185 5844  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:50:44.0189 5844  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:50:44.0192 5844  [Global] - ok
14:50:44.0192 5844  ================ Scan MBR ==================================
14:50:44.0193 5844  [ C3C93F1CA51BBACBABEA804D2CC62CA1 ] \Device\Harddisk0\DR0
14:50:44.0194 5844  Suspicious mbr (Forged): \Device\Harddisk0\DR0
14:50:44.0194 5844  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected
14:50:44.0194 5844  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)
14:50:44.0195 5844  ================ Scan VBR ==================================
14:50:44.0196 5844  [ 438E3A4BA05619795287877A0F495C8F ] \Device\Harddisk0\DR0\Partition1
14:50:44.0196 5844  \Device\Harddisk0\DR0\Partition1 - ok
14:50:44.0198 5844  [ E063E6827A535F5289CA555017C55178 ] \Device\Harddisk0\DR0\Partition2
14:50:44.0198 5844  \Device\Harddisk0\DR0\Partition2 - ok
14:50:44.0199 5844  ============================================================
14:50:44.0199 5844  Scan finished
14:50:44.0199 5844  ============================================================
14:50:44.0202 6652  Detected object count: 2
14:50:44.0202 6652  Actual detected object count: 2
14:52:17.0879 6652  sptd ( LockedFile.Multi.Generic ) - skipped by user
14:52:17.0879 6652  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:52:18.0066 6652  \Device\Harddisk0\DR0\# - copied to quarantine
14:52:18.0066 6652  \Device\Harddisk0\DR0 - copied to quarantine
14:52:18.0086 6652  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot
14:52:18.0087 6652  \Device\Harddisk0\DR0 - ok
14:52:18.0092 6652  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure
14:52:24.0891 1700  Deinitialize success
 

step 2

 

mbar-log-2013-08-07 (15-02-13).txt

system-log.txt

 

step 3

 

ComboFix.txt

 

step 4

 

 Results of screen317's Security Check version 0.99.71 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java 7 Update 9 
 Java version out of Date!
 Adobe Flash Player 11.7.700.224 
 Adobe Reader 10.1.4 Adobe Reader out of Date! 
 Mozilla Firefox 17.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````

 

step 5 posted above

 

 

So far the system seems stable no more random audio playing in the backround. i still have the read to decrypt files all over the place and i am still not able to access saved docs on my computer.

 

-Cevebed

 

 

 

 

Link to post
Share on other sites

We're making progress, but we still have some more to go:

 

1.Please download HitmanPro.

  • For 64-bit Operating System - dEMD6.gif
  • For 32-bit dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

3.Click on the next button. You must agree with the terms of EULA.

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

8.Click on the next button.

9.Click on the "Export scan results to XML file".

10.Save that file to your desktop and zip and attach it in your next reply.

Link to post
Share on other sites

 

also another thing i just noticed is that i can not enter direct websites in the address bar while using internet explorer

Try resetting IE. http://support.microsoft.com/kb/923737

 

------

 

Please Launch Malwarebytes' Anti-Malware.

  • Please click Check for Updates to see if any updates are found.  If so, please allow MBAM to download and install them.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK for either of the prompts and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

 

Link to post
Share on other sites

internet explorer is still having issues as well as firefox

 

here the file

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.07.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
FusionII :: FUSIONII-PC [administrator]

Protection: Enabled

8/7/2013 5:38:40 PM
mbam-log-2013-08-07 (17-38-40).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 421457
Time elapsed: 9 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

 

internet explorer is still having issues as well as firefox

Okay we'll come back to all that, we need to verify you're clean first as there may still be malware on the machine.

 

----------Step 1----------------

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

----------Step 3----------------

We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 5----------------

Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

Link to post
Share on other sites

We're making progress. Are things running any better?

 

----------Step 1----------------
We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.

     

    :OTL
    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]

  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

----------Step 2----------------
Instructions for DELETE:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Afterwards, please reboot the computer.

----------Step 3----------------
Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

Link to post
Share on other sites

here are the next to files

 

AdwCleanerS1.txt

 

# AdwCleaner v2.306 - Logfile created 08/13/2013 at 07:35:17
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : FusionII - FUSIONII-PC
# Boot Mode : Normal
# Running from : C:\Users\FusionII\Desktop\AdwCleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1038 octets] - [07/08/2013 21:02:48]
AdwCleaner[s1].txt - [820 octets] - [13/08/2013 07:35:17]

########## EOF - C:\AdwCleaner[s1].txt - [879 octets] ##########

 

08132013_073141.log

 

All processes killed
========== OTL ==========
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
File rity] not found.
File ptytemp] not found.
File ptyjava] not found.
File ptyflash] not found.
File boot] not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 08132013_073141

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

not sure but looks like the files of my that were encrypted are all gone now :( not sure why but all the "read to Decrypt!!!" files are still on my computer as well as internet explorer is still giving me problems.

 

-cevebed

Link to post
Share on other sites

another thing I have noticed is that all the files that have been effected have been set to hidden files as well. so I will remove my orginal statement claiming that they were gone. I still have all my files. I just cant read them still. when I open them they are full of this kind of text "see below"

 

 

覼堾뉚좀猴ᡁᖦ虝鍜⋪⁘틍뻞긟녻虵㛬箪ᢐꑡí瓷蟘鏣ꢔ몏혈뷰胬ҧ袅㒠侺꣑䗁䗏㯵⸚僄霣蟄폾ᖉ볾葡०诺䧯兤쮑⒜暄캍츤놬噼鶱荰飅ⳗ驶✻䕃謸ᘗᏎ潤Ⳏ흈鈃鷶꥿滺᧕퀤鲟隖᧠諝诺꾚膬뤆ࣙḪ␦牜♽⸟䙫୅ꆁ읞櫜㭙죺鋵돥헹툼뼗䃑䶃⑞蔢冝鉂ଦ퟿삫敪观糖娹ꩼ䑏缇亨季敪靵픳➃ꛅ菓ࡣዻ㶈嚖⣦㇞ꏟ렝 恉섯᛬Μ⎥켅ꤖ⁣ޥ⸣筷뀦觽⤟㐓誸⭏䱭䡇짦銯⾉㌏햪闽굍ꪩ誹ꔂ둔쯯降㫍寧迦朸쐩蔴쯰⏧䃎㷁嵧왨ꡦ毣ꕜ췣쉬稧琨躄ꮂ뫃㋷鐃刓ΰ廒쌂擎౉⛙躲秴ᴼᥱ燇苞㛯䆹석䍼ᠥ系轨詆틮⩷ತฒᇡ钼菍첈됴趣 豢븆ዃⴣ偬맡폹衜錗驹赱聡핋鎙隽㶝⸂ᴮᦃ揁˩ᇂ嫗Қꁊˎ개Ꞛ鱯傅傊⠯蚤驴バⱾ鯛〸ӻ搢ꌧ夗ꮰ㎅箣ᴬ硳凃莮맏䒦爪愮䜊⃸戇梺⹬౦衆㖯渥媄셔䤚ᄀ樅㷖莶㈂칼芠汫ဖ᪖椮峫⶯⛆௛ꅍ뻽⌻侾冡몫섮䂢㝩㽫㩝楩苘崸꼵劻甐➘ᨼ㺴侰뀧䵂錧ꚓ䱔멷㿚埉瞙돺ṭ홰鼢햨๷庣萂✡櫰㺃뺼虪볷ꥒ碍㴵⿽롷ი睌ޜ싢欝ᡗ간跳沸ꘟ遴璤Ά㰩鴤瀧쟅Ꮜ꼬ୢ새ꦔ崟職䕞䣿ᚌ漳や㡎谚ݦʑകㅦ䣗ˮḐ໊≭㺌꫍廻牎쭄녞㱋锖⑾룮쬺躮楪ឬꛘ伃㟮㤼끧픭쨍誶䴈鮣䧬틜₾螼᭨⊊륟䵤벒媯ዖ支꼖爌ު♚䀲駏렀羙翫邖褾竞ퟣ绐꼜֋㘸像볭⇾⊅㡀꟎⢀璨뢌⒝浟勰뼸耥䈪谳ⴚ䧤绾땿셒Ằ۟喍儽뀹咏ꔫ㍪騭献뜻绹敌擺ڹᔄ阶둌멥╴呈률것囀渀開綧ㄅԙ딎뛀䧣ᛰ˜섟一ᇦ峱紡㺰兌龱㈂⾆᷐㝛뗵҉ฺ᧨濹뿡ټ២ꉮ萯㦌ቻ毨럔ꎛ褊汎胓沒⳱ꨋ羽湣褃❂⤼㭗뜓竎〳兠梺꣚䅅懽譶땫䡎뭟㷩晑觘ℽ轷瓋⢶῝嶠뮊꼷ʐേ㴐ᦵ밒鋑㍛뮻啔藻厽韖ᯝꄢ驣ಈ㦅㶽죁ᤣ栥恠⃨匣鈋♇ꞣ⼚ᑴ乂̊⩼꘴硰ꠈኸ㾱ᛓ囻뜬伻탎㤸럥擣佈䝩ꨮ킿ꪧ뛉旙㡰룸꾔줉챋䭞ඌⷆؖ䊮薞䫃怋켡쯗㷽옒馦跺ㄿ놱磉괪툱⭩䛓剋雤맲䅖扆⃏ៜ麈ꚁ㇈腺汑揫傻蹫ꜞ뼺壿ദ竅攈酗䣡ꇛ▮鴧鯧辦頡י膴枖浧髰鍍衖뽞㝛휩䷓綸査૊㸁鲵䀛崽퍸讥챂䗍뭝㥃䳒舠堖鎌푣젺㿍룀輴왌㟳⯂ᦔ푪ፄ砅젗≎泺䅛離⡈ᢰ吏ଌ弩儞곳瘠꿚袵훅麭텣슉⣊顩䴅㺜⏷绵䚪콊è㍎Ꝺ⣃ᖝ쎬攃䣝랂彂李琚륭엞৲鞀醋曀კ㲉죺쵈㫺⻜᧱窖尨声铵猯ꎼᑅ䪙톸糀툆ᔗ湴ẋ쟱ㄑ툈㋑锛쎋㳭賊ꏒ䱁ݟ鯕䦣뛢ꐅ땠텻䆧⯠뗏ҷ늿㉼㯰臟䩃곃귲⚫棌糀楅輫嬍㣊۳遈픘ꞘШ劏揨⩧鱂㉾憬閩ʴ꥔簛胠䱪磮ⅷ땻팮腷ꗔⲼ䲊邲項橡俦Ꙩ⽳瘻뚩鶎⚟惀趱듑㜱쪼韋臰剚৫䉺໌諷毕湱幜ờ읯黁䀩ܳ둱筷뻇䙦㧖뾫涿繁宛Ӟ䉋꼱喸엔㾨ጬ摸潼▲쬟齊곶爭넥哣㱶轡ꌣ彞櫝ኈ纠쵝ͧ猙▐炶쩨ꂺ䧜㕩绑羼퇩뙲魊縨頥굉泴࿟㕴䎸羖䜺䬱噎ꈞ⫥√暫칇핟畕⠞鏲册項黮㟿꫄⶛婱ꋶ묊䬸傘탙祜톲䥖瑁㮒遝輜쀃⠈棯ꓝ놂ຯ炓吠䙼ꉲᮮ枩Ὧ뻣ꠚ杆酅ᴘ澨쵒⍌던ᜡ옡翇擭カꗐ癃흖䓨鹃嵠煘憃腠騵錚⒱띠䐶怪풔㠅ᒦ눞⟤杦鷙副鳁胲柶쀚ꂌ⟟Ꙡ蛌涓竖浢컫꜒毰㙩毵䭭乃㼇띊㤨퉾䴄旙〯ᮆ㷉哱☬⩰䤄兌軼ⲕ湘쪕ꢏሃ劋鏜顋駻汲寨顏傘혚洰ⶓ䥔ꞹʤ痻ք୘谐琙죥犼姾㬒᫽觴릦摲䣳鉋쇉ځ깦棧㔎窢⌼ࣆ痧࠶侲䕋覀괘冹ᆈ⣰܉踃禊࿝딢槂㿊Ꝥ눵媗௵℣䛇᫣仃彤ᏻ஄橉㚊衣䧬눁뉉塹낵※譳漂뇦㯭栲풔ꅳ韬ಫ௜衝쯮滕濴손狸즥忔悵문ꨮ᤮آ¸凰吓씕ǽ퐢蔱ṹ槠ʮ灱杀マ嚭嗛嶰碥讲˾戠ز鵱᷌囘خ骽ୀ順諹ᦞ譓舐뚟⊄ꊪ⩱畖眫뤕萗쐩꣖夺Ꝭ줓酻岫嫏퉖慍㬺塡ꭁꛯ醩㯰敤ꕲ첏ߙ鮥Ỏꮈ┶鬴졲늾譴ꅘ岜伌긤颧榽謵ⴢ鬲瑷ꘪ黅쳶ι안軌쮐導涏眛ꑘ쫴㘳ᳲӼ칩굹⤙힑ꐗ蛎ꞻી픊㚶菁ᵔº䢠㦆ኘᄏ뾿뇢ࠪ润珉伞쮁╿륰䘳鐘䒟䢕尗ꋩᮘ㸝尪楧葁冎豀块ຟจ肹鿀稌毨屜误㖮嗼⎴輟双麅뻣ፈꭁ㨓蜢壨ਬ뿕匝퍳鮖휀銘釳欹㌾字䘠餳䟍雨鹔혴꓈漦ჭ同⋠㴥焨⭶됿埲ォ츩Ҏ⇯봼硻䏾緅슦蹍ᬑ퇪摠怟퇱壂뗛告硒䖠䞹掬宺䟶ឆ갬넇ᤝ馰ƣ߹෌夻ꮷ훋Ⳓ䵱䮰Ł⯾㫔з⭄靻᪛䆒当እ傝侪胈犘跜搯ᥓ䱧뜳빠贛⺴翴䟲䫂벹숐撥쫞컒㷞꽕ᇝ葪羃캧齪Ƛ䚥꺣꯱娯邯灁⭕炅롎췯屶혃헏栐ㇶ෧ቷ벺삫Ѳ綡稧놅峵⎠럧ྱ嘅뜦趕쭺쀃惎贺飢붙ꯘ譞ꏗ㪶ὴ償㢔ᒃて鐦竢Ớ틜甗∀㕄㠕⻦奐嫞ꌸ䅄쀤횐ᑟᾡỜ桄ᨀ孟趦๤╻훨⑈쉨㐽⑪霸ꞟ麠⎬顖瘜꣫ꃞ꼸栬쉈炌ᇊ숮巳鄡ᢈՠ犸㍻粡ᡊ屦⻬Ȿ痚⼌ꩻ弽灯雍⍑谅∰谞抁唷킾靯ι욇廽ិ횤㞡靹멽㗃講룫ᔮ㣎咚ủ앱厩涄ꞷ䦿Ỹ치밗ࡹ䗬಼㬲廖麃泀휼룲芮牁혷쨕ྫ쓢焇ූ즌ᨁ֛ᒖ桛邩ꃌ뽪᧩䧌馍敋틗菕鋢Ꮅ왎띢泬㻲Ꙍ㌓懚칩坥뉉☑꧟䯔寈뭋揌铥㆐盔น熹멙㌬곭촒஭嶹ᩥႸ冶藍Ṁ儩☪뎗暏ᤈ觓岂鍩슔꼅ꂃ輴છަ閃⫦胗꘏錣枮䰨⽴챺벢獧迄㱕竞䧿웽禩䂳▞澴㹛ȏ܅峚悭坣귦쓂㗷焅傔緟鑃䵵玹虻쓯愍ꛒ緘儕苬蘄덪탥셏峾㱔ॐ嬫瑹쫷姱않塧鞿⼏㶍縬朞ⶍÉ嘸돁ꃲ攕㈖㱍硫ꬶ鳵꬘ꏦ뷚㬛洂䯬붞跛쒓伲헭ꂌ②⺬抛쪬崪ᅧ钃㰜瀐醈爔쎉茨袮ⶇ嗒偝䩲鰃妥ꎻ䯲놏몁㮄햙쎇뾳뙴耏贺㧘ꁠ⮗턓轿☛כ잨뜷ⶡ韼㲶㳃墼桯斲么骍㽓ꖌ㉿ꎲ兾税ᙩ볤簞轔镢捺荖㑺뷑脍ፊ☳乮ꄒ阁챝⫯菨퐔ࣹ䢦癸乛豭檥続礩睗衿ꞹ鰜䢓崒엌晘笡谉㳂齢ꙫ題䪒⑲ỽ괾ື骍ᅼ쓱囫◦≦綥䍤䲊駀蔳䀁ᔢ줞⨸粈䙣偽ך΁떝濈ᫌ殔䌀෨蛳隀筠炬⌾銤豪湇捋섄揷彻糮踁ᱥཆꃠᗩ턆챸袶㔩鹜屺闻뒕ꪊ̫䭆彽㱅穴웲픆ᩚ♛꤭倌讥㳑⨐耝ꇅদ呷䫻큱읆㢘ᤗ✼靜ⷽꕏ엍鍧쌹콖毟擊㫦텵౎ᩪ䒄읞썊ڙꠠꇫ⑂馺䣜氾茼ℨ猛⬔ᖔἑ긋큠秧䶝븒ᆆ찚誳ꡦ쪰가㫞笊흾橸飥⯬馜裏坡ꭝ퐭鎊痔鿯烗筊鲓♦⫕ㅬᤧ냯㿈꒺锊톥껼誖▹⤝Ꚍ⳨ꁥ옘㇉⌻鏆ᩇⴗμ懈ጐ溲鵂옿듉蔢и鈮඾ኖ霁㶒瓁㡖쌙⑑岔㠙ɼꖊ鯚ቔ䌒ଫ瞖谡哻愉뎑綆魹બඤဏ㾄脗䢅鸭榄鏣㳻೶윺㐗鹔킃㱰퇤≾멝⥧즦흔ᣳ负惫᧿뻀ᬅ嵷뵳ꔣ暿糰줊屌ꬥ꘵伤柁Ǘ溔味鹑ꋵ鿩폭ሬ炙ᰆ㵺第䐐೟࿎랺粀떬㻣䪣뮔뎏栩酲暲컠铎宒썖Ԋ쩓욏炿駑些펞점샢⺊珋㞚宓롢坲柵ꖈᄲ闕舶ӕ홯獕ꭧ㐻疣ꜥ䬩뭑』邴厾ර䑕驳ᦝա㙊湀ᶝ珆Ц蠛茖탢쑝䧲닷功⠰㘌暟㦗옑䱺夙팇쇤窞셾엇蓭捫뉊핰筱⛅策锔Ḫപⲃꌠ๒丠櫘掍㽿棹䗧왷⚃䃄ⶬ흸孂诌瞵퐷ả슛쓝鸳Ơꪕᣣ榜撴눍劄㔁偆딸믄잚㦰쪸죔Ǧ瞶뼯姧쪳鮯瑛礉䙒䭕鑤仍頾䯡嘵⁥凓闐酶嘥ే돩䑃둓脂ᶽ⺄⢲簡꺝㋔ꮾ䴭鬨渳唐롤畘팾쩙믷㼤㜠Ø⋵핓⑥偵뀙૊⒞䮄᱐띈✉蘪硘펹귘퟼别兾闇棄ퟚ쥼ȃ⨸쌀璹Ḿ⫼欒᪮뚒㵢狋탻됊ꠋ䖊ⰾ따避Ὁꕈ誷領䆤끤蹱졉巁욧휡끶㑢珯ꄧ洬踄῏Ẓ䫯烯硈嬼檽Ί懴ᅛ둮Ὥ폣ȅ菊顕ꊨǜ缢鑫鬛༇⺃襢ॾȱ᧊믂⹬㾸혔Ὦ钤÷氽ᠠ趐˧摑ܖத腻鶒׭嘈昝䍃捶拜뫭范钸▄䂃쳸ޝ거킵蟴餋闷쎛崎䠠湯쵪軷絃捝犙鿯殢쀰긅ꑔ薱뺀烖䱁콠ꉄ뮨妩⳨꜠ⷑꣿඈᦑ⌧Ꞙ飤⭠瓬糂님㇅踃⌟뎿驳Ӄ且㳩ጽ陟뉲᭭ൃ渵퓱萰퇷壒榵㬟㐵ג䶯啷푱嶈㎒禝뙭喁㣮ቺࢤ냨ᝬ뒄褯儥圞呞㩍맬䅦鼋ў鄁瞋䙨펶倷㢴眂皍贻ᐠ縉䢬䨪蓦臿讚컰莫燛釲㱞㤃❌矂牬载䂅࢒福뛎ʌᡖ֌즰吀⊆颩曡凩쎳堳粨徇硒쵓靀箙ީ♲䢍臎섴钑ꆦ뮅姸᧧朂㈰ỉ妔텈陟␻罪媚⫄萜梛耡⾀銓╷㜍剄୲≹큡਷⽵쏿㻘覹떸⨆ㅝ䭺窽孵䄡䥓“㭥荢䝲೭ᒑϏॹ誋隼搀藂⅕暒雋评픱鸢狗ꫭꬨ૤螇뺋ꚧ䧝삄坫Ⅽ쵻ꚠ嘣ᔐ捪轳仐곻扳韾ꄖ㶕⛙⡗輆ໄ⒟吣퉆敗❷㫁鿫蝴ഄ♭基ด捷ᬬ더邸블姧ᤱړ꫈⹫藅㼞䰘槞ꥦ᧜䑞홀牎ⴟ⇪砷眠爑㲿粩搇룿빹旱渠繝덱厹祹㪫旈Ꮼ牡㲓㕹뜂ڢ肃쾮召貮楖䤥꽵㮩୆⣡䲆ⵞ㵤愝썭禬튧爫뱥;ꭠ荖匆髣兗煬㰮ꎬ鮲ᱠ饌爊낊껧៰傭䷖ఙຨ틅긣鯧醅鼂숢᥍ꖓ槕َ⪙쁠珵ಥ²ℇ账⅞蝽荂੠半׽촟ꂵ䥻炟搉㨁ႆ匂ꣅꥒ콇基ꍩ奐䖙龵鼲Ἁ죀들Ɜ›攔찖鷓犌ꎭ왮姛䵽럥⫉࿬쇤刏Õ鑆큲괖ꊍ堹颼ꖱ珽湁뻾ەꙗ㊾凱᱅㚩₳醓ᢦ烛듂䎱찱⺆޾㵦↿갶갋✭ᗒ麋縎꧶燷喟ᒏ벅齁諊㊎塂⮌㈱훙詗讇䢊럨ී뵬륁᳙鄐ꨭ뎁氛ᥛ讳慭ꙫ䑸먦䜡擣잣᠆ᶞ쉏≩뼢릀㎤툞듓냯篜䐔嶫ꠐ㹣雵୺⭁뇯㧞ᙢʾ㜹苯㩫鈔ʄ肊䙕巩櫣俽鋜찲߻攑㌤ꩀ狻뫞疁Ӗ쫆ῐ棄韂뛮ꬩ溻雄ꄋ㤼ń碡矲娰㰻ኗ嘎㧷ữ௻췛圲梺譡뺞蔔ᥘᗦ植ᱞꧫ性쑨儹糒芲䖑馛쉄㈧⇗⯠ᗐꃘ耚ಋ魼戚垏䇵됿傗쵈톐뉻ᒡ멓舎庀倐鱶䠘遷狀ꐩ㼥䷯ᖟ賖驷揕㓺䭽膣字恵ᘐ皯䲓䈘༅壡Ŵ᫶᛽뀢ᇔ缁᭧櫱伡밃忸ꛝ쀆᫄䗎虳瞙䷜ㄶ㺥黔믋짰⬒橳癅ꝧỊ膼齂㏱㠈톆吤郉蠑ᆲ참ۙ锢᪕穿룜煙她洉摷띕㰏琁꙾ʭ麨蜖謐ꩥ⋁歯뉊井ᐸ坽䚙蹠㭁紳綨蔰젊厊쿷ෂ⠽扅杩猜봎첐채ꀥ퉛㽩ς䫾濐ᩭ鬆㫼顲唨뾀Ⅷ洔넏舿㤗ꚩ놴ⱉ솥ਸ਼伦棍룓ḅ댲噽稡樅帇퐏₤袉䳽㴲芠辍֡㶭㰡青ퟕ∳㩆驔癡븊송怫뒄磷Ⴝ伴쩄鉩㋱誘呙䌒풱ᠵ∹戰佄ᝌ♈蚛娿釚珈栾㩎蟯ৎꪌ䌐䰤ꨩ籹⤺ᅼ뙕趸鸅整け嘷諾㻱ꅔ㖣㠼១렜蹢㾲⦣怍ꥥ龷嬃ⅶ᎘奻毪ⵔ隠⦬꧳媸챁悸❪ྐྵ쪧譌䢞킂㣶֬填㝽ሗ澄졍䲑뷮㡲쩔㘌辬餲ڞ 阜䍾繒

 

 

 

not sure if that helps at all but all I know is its kind of frustrating :)

 

-Cevebed

Link to post
Share on other sites

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:

  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Link to post
Share on other sites

had a lot of issues with ur instruction for dr.web cure it. it found 1900 things but I couldnt find any way to save a log file...... the randomly named file wouldn't work at all and kept directing me to download the free trial so I did that because it was the only thing that would run properly to detect the 1900 problems it cleaned and move everything successfully. other then that I pretty much screwed up ur instructions. not sure what to do next

 

-cevebed

 

I did find these files though

 

cureit.log

 

CureIt1.log

Link to post
Share on other sites

Let's try this:

 

I'd like you to download the Kaspersky Rescue Disk and run it from a USB device. There are detailed instructions available on Kaspersky's official website, here: http://support.kaspersky.com/8092

After you have run the utility on the infected computer, please copy and paste the logfile here for me to see.

If at any point you have questions regarding how to proceed, please let me know immediately.

Let me know how things go.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.