Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Persistent malware invading Chrome (Windows 7)


Recommended Posts

Hello Malwarebytes community,

 

First, thanks for any help you might offer! I've been trying for the last few days to get this "BuyNsave" virus off my wife's computer. It appears as an extension in Chrome and fills the browser with ads and redirects websites. I've tried Malwarebytes cleaner, and it recognizes the trojan -- and a few others -- but after the computer has restarted the malware just seems to keep coming back. I've tried a few other cleaners but just can't seem to shake this malware off. Thanks for any help!

 

Here are the requested logs:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015

Ran by MASRET (administrator) on MASRET-PC on 05-01-2015 18:23:08
Running from C:\Users\MASRET\Downloads
Loaded Profile: MASRET (Available profiles: MASRET)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: 한국어(대한민국)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Unetsystem (www.unetsystem.co.kr)) C:\Program Files\Unetsystem\AnyClick\AnySVC.exe
(Unetsystem) C:\Program Files\Unetsystem\AnyClick\AnySens.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Unetsystem (www.unetsystem.co.kr)) C:\Program Files\Unetsystem\AnyClick\AnyTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Unetsystem (www.unetsystem.co.kr)) C:\Program Files\Unetsystem\AnyClick\systmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iME14 KOR Setup] => C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9745312 2014-11-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5374880 2014-11-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [AnyTray] => C:\Program Files\Unetsystem\AnyClick\AnyTray.exe [335872 2013-03-11] (Unetsystem (www.unetsystem.co.kr))
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [iME14 KOR Setup] => C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1107877409-3792303618-1399779585-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-13] (Piriform Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1107877409-3792303618-1399779585-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1107877409-3792303618-1399779585-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ko-kr/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1107877409-3792303618-1399779585-1000 -> DefaultScope {FFECAB6B-3FD5-48E2-9A4C-0E6193CF988B} URL = http://esearch.ilikeclick.com/ilikeclick/?ec=20077999&MD=B&TT=%BC%D5%BD%AC%BF%EE+%B0%CB%BB%F6+-+%C0%CC%C1%F6%BC%AD%C4%A1&HK=&AT=&PL=10&TP=4&BT=4&query={searchTerms}
SearchScopes: HKU\S-1-5-21-1107877409-3792303618-1399779585-1000 -> {FFECAB6B-3FD5-48E2-9A4C-0E6193CF988B} URL = http://esearch.ilikeclick.com/ilikeclick/?ec=20077999&MD=B&TT=%BC%D5%BD%AC%BF%EE+%B0%CB%BB%F6+-+%C0%CC%C1%F6%BC%AD%C4%A1&HK=&AT=&PL=10&TP=4&BT=4&query={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM {6CE20149-ABE3-462E-A1B4-5B549971AA38} 
DPF: HKLM-x32 {1219B6C3-CD4D-4243-9A4F-4C9F12FCC6E7} https://ck.softforum.co.kr/CKKeyPro/yessign/CKKeyProInst.cab
DPF: HKLM-x32 {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} https://mpi.dacom.net/XMPI/js/LGUplus_XMPI_20110503.cab
DPF: HKLM-x32 {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} https://plugin.inicis.com/wallet61/INIwallet61_win8.cab
DPF: HKLM-x32 {42E8651D-C437-4203-93F5-24E20C2C4465} https://www.vpay.co.kr/kvpfiles/KVPCyberCard.cab
DPF: HKLM-x32 {55399877-B7F0-4A0F-BDEE-6FD1982EAB20} http://webmail.sogangedu.com/images/activex/WebMailFileUpDown.cab
DPF: HKLM-x32 {60AEFD89-586A-462F-B828-EAA243EBE69C} http://webmail.sogangedu.com/images/activex/AddressBookCtl.cab
DPF: HKLM-x32 {63A7D575-8E63-464E-947B-57D5A6773D79} https://supdate.nprotect.net/netizen/card/shinhan/slm/npEfdsWCtrl.cab
DPF: HKLM-x32 {7E9FDB80-5316-11D4-B02C-00C04F0CD404} https://download.softforum.com/Published/XecureWeb/v7.2.5.8/xw_install.cab
DPF: HKLM-x32 {99C709C7-4F58-46C1-855B-90213C760395} https://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: HKLM-x32 {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} https://www.bankpay.or.kr/BankPayEFT.cab
DPF: HKLM-x32 {B1D16D27-B5AC-434D-85D2-9D1CD4C0E018} https://pay.kcp.co.kr/plugin_new/file/KCPPayUX.cab
DPF: HKLM-x32 {C1143E84-B2B1-473B-9F20-E62DD754FCAF} https://vbv.shinhancard.com/infovine/VineTransfer.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E42F7FEB-DE20-43F4-A342-47F1DA77F667} https://pgdownload.uplus.co.kr/lguplus/XPayPlugin_3.0.0.3.cab
DPF: HKLM-x32 {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab
DPF: HKLM-x32 {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} https://kspay.ksnet.to/totmpi/KSNetMPI.cab
Handler-x32: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11018.dll (© INITECH)
Tcpip\Parameters: [DhcpNameServer] 1.214.68.2 61.41.153.2
 
FireFox:
========
FF ProfilePath: C:\Users\MASRET\AppData\Roaming\Mozilla\Firefox\Profiles\2v9xkndu.default
FF DefaultSearchEngine: Wikipedia (en)
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.autoconfig_url", "");
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.ftp", "");
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.ftp_port", 0);
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.http", "");
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.http_port", 0);
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.no_proxies_on", "localhost, 127.0.0.1");
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.share_proxy_settings", false);
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.ssl", "");
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.ssl_port", 0);
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.type", 5);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll (AhnLab, Inc.)
FF Plugin-x32: @interezen.co.kr/npi3gmanager -> C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll (Interezen © Interezen.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nprotect.com/npEfdsWPlugin -> C:\Users\MASRET\AppData\Local\nProtect\npEfdsWCtrl\npEfdsWPlugin.dll (INCA Internet Co., Ltd)
FF Plugin-x32: @softforum.com/npKeyPro -> C:\Windows\system32\npKeyPro.dll No File
FF Plugin-x32: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll (Softforum Co., LTD.)
FF Plugin-x32: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF Plugin-x32: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll ()
FF Plugin-x32: @www.ubikey.co.kr/application/npvinetransfer-plugin -> C:\Program Files (x86)\INFovine\npVineTransfer.dll (INFOVINE)
FF Plugin HKU\S-1-5-21-1107877409-3792303618-1399779585-1000: @designmade.com/application/designmade-printmade -> C:\Program Files (x86)\Printmade2\npPrintmade2.dll ( )
FF Plugin HKU\S-1-5-21-1107877409-3792303618-1399779585-1000: @hola.org/vlc,version=1.6.64 -> C:\Users\MASRET\AppData\Local\Hola\firefox\app\vlc ()
FF Plugin HKU\S-1-5-21-1107877409-3792303618-1399779585-1000: @kcp.co.kr/plugin;version=1 -> C:\Program Files (x86)\KCP\Plugin\npKCPPlugin.dll (KCP CO.,LTD)
FF Plugin HKU\S-1-5-21-1107877409-3792303618-1399779585-1000: @kcp.co.kr/plugin_hub;version=1 -> C:\Program Files (x86)\KCP\Plugin\npKCPHubPlugin.dll (KCP CO.,LTD)
FF Plugin HKU\S-1-5-21-1107877409-3792303618-1399779585-1000: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-1107877409-3792303618-1399779585-1000: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-1107877409-3792303618-1399779585-1000: @www.inicis.com/application/x-INIwallet61-INICIS -> C:\Program Files (x86)\INICIS61\plugins\npINIwallet61.dll (INICIS)
FF Plugin HKU\S-1-5-21-1107877409-3792303618-1399779585-1000: @www.ubikey.co.kr/application/npvinetransfer-plugin -> C:\Program Files (x86)\INFovine\npVineTransfer.dll (INFOVINE)
FF Extension: Browsec - C:\Users\MASRET\AppData\Roaming\Mozilla\Firefox\Profiles\2v9xkndu.default\Extensions\browsec@browsec.com [2014-12-25]
FF Extension: Hola Better Internet - C:\Users\MASRET\AppData\Roaming\Mozilla\Firefox\Profiles\2v9xkndu.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-01-03]
FF Extension: Adblock Plus - C:\Users\MASRET\AppData\Roaming\Mozilla\Firefox\Profiles\2v9xkndu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-25]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://websearch.searchoholic.info/?pid=625&r=2014/12/20&hid=14117903565556566877&lg=EN&cc=KR&unqvl=72"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\MASRET\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\MASRET\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MASRET\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-23]
CHR Extension: (WOT) - C:\Users\MASRET\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-04]
CHR Extension: (YouTube) - C:\Users\MASRET\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-23]
CHR Extension: (Adblock Plus) - C:\Users\MASRET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-04]
CHR Extension: (Google Search) - C:\Users\MASRET\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-23]
CHR Extension: (Hola Better Internet Engine) - C:\Users\MASRET\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2015-01-04]
CHR Extension: (Google Wallet) - C:\Users\MASRET\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-23]
CHR Extension: (Gmail) - C:\Users\MASRET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AnySens; C:\Program Files\Unetsystem\AnyClick\AnySens.exe [23552 2013-03-11] (Unetsystem) [File not signed]
R2 AnySVC; C:\Program Files\Unetsystem\AnyClick\AnySVC.exe [428032 2013-03-11] (Unetsystem (www.unetsystem.co.kr)) [File not signed]
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2010-06-16] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AMonTDLH; C:\Windows\system32\Drivers\AMonTDLH.sys [118072 2012-09-14] (AhnLab, Inc.)
S3 CdmDrvNt; C:\Windows\system32\Drivers\CdmDrvNt.sys [25656 2009-07-21] (AhnLab, Inc.)
S3 kcrtx64; C:\Windows\system32\kcrtx64.sys [141848 2015-01-04] (Kings Information & Network)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
S3 MfFWEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [127224 2014-10-16] (AhnLab, Inc.)
S3 MfIPSEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [156408 2014-10-16] (AhnLab, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 scsk5; C:\Windows\SysWow64\drivers\scsk5.sys [50608 2014-11-30] ()
R1 UPF; C:\Windows\System32\Drivers\upf.sys [40144 2013-03-11] (UnetSystem CORP)
S3 AhnFlt2K; \??\C:\Windows\system32\drivers\AhnFlt2K.sys [X]
S3 AhnRec2K; \??\C:\Windows\system32\drivers\AhnRec2K.sys [X]
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-05 18:23 - 2015-01-05 18:23 - 00019113 _____ () C:\Users\MASRET\Downloads\FRST.txt
2015-01-05 18:22 - 2015-01-05 18:23 - 00000000 ____D () C:\FRST
2015-01-05 18:22 - 2015-01-05 18:22 - 02123776 _____ (Farbar) C:\Users\MASRET\Downloads\FRST64.exe
2015-01-04 21:04 - 2015-01-04 21:04 - 00000000 ____D () C:\Users\MASRET\AppData\Local\Hola
2015-01-04 20:47 - 2015-01-04 20:47 - 00159240 ____R (RaonSecure Co., Ltd.) C:\Windows\SysWOW64\CKAgent.exe
2015-01-04 20:47 - 2015-01-04 20:47 - 00159240 ____R (RaonSecure Co., Ltd.) C:\Windows\system32\CKAgent.exe
2015-01-04 20:23 - 2015-01-04 20:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-04 20:23 - 2015-01-04 20:23 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-04 20:23 - 2015-01-04 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-04 20:23 - 2015-01-04 20:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-04 20:23 - 2015-01-04 20:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-04 20:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-04 20:23 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-04 20:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-04 20:22 - 2015-01-04 20:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\MASRET\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-04 20:15 - 2015-01-04 20:19 - 02968219 _____ () C:\Users\MASRET\Downloads\revouninstaller.zip
2015-01-04 20:07 - 2015-01-05 18:16 - 00000280 _____ () C:\Windows\setupact.log
2015-01-04 20:07 - 2015-01-05 18:06 - 00003258 _____ () C:\Windows\PFRO.log
2015-01-04 20:07 - 2015-01-04 20:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-04 20:04 - 2015-01-04 20:04 - 02173952 _____ () C:\Users\MASRET\Downloads\AdwCleaner.exe
2015-01-04 20:00 - 2015-01-04 20:00 - 00032242 _____ () C:\Users\MASRET\Documents\cc_20150104_200040.reg
2015-01-04 19:54 - 2015-01-04 19:54 - 05317104 _____ (Piriform Ltd) C:\Users\MASRET\Downloads\ccsetup501.exe
2015-01-04 19:54 - 2015-01-04 19:54 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-04 19:54 - 2015-01-04 19:54 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-04 19:54 - 2015-01-04 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-04 19:54 - 2015-01-04 19:54 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-04 19:13 - 2015-01-04 19:13 - 00000000 ____D () C:\Users\MASRET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-04 19:10 - 2015-01-04 19:10 - 00002233 _____ () C:\Users\Public\Desktop\Chrome.lnk
2015-01-04 19:10 - 2015-01-04 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chrome
2015-01-04 19:09 - 2015-01-05 18:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-04 19:09 - 2015-01-05 18:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-04 19:09 - 2015-01-04 19:09 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-04 19:09 - 2015-01-04 19:09 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-04 19:08 - 2015-01-04 19:08 - 00880784 _____ (Google Inc.) C:\Users\MASRET\Downloads\ChromeSetup(1).exe
2015-01-04 13:13 - 2015-01-04 13:13 - 00040988 _____ () C:\Users\MASRET\Downloads\13030055.html
2015-01-02 22:21 - 2015-01-02 22:25 - 00008118 _____ () C:\Users\MASRET\Documents\simplexi_WebMail.log
2014-12-25 20:00 - 2014-12-25 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-25 20:00 - 2014-12-25 20:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-25 20:00 - 2014-12-25 20:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-25 19:59 - 2014-12-25 19:59 - 13087456 _____ (Microsoft Corporation) C:\Users\MASRET\Downloads\Silverlight_x64.exe
2014-12-25 19:35 - 2014-12-25 19:36 - 15627752 _____ (Hola Networks Ltd.) C:\Users\MASRET\Downloads\Hola-Setup-x64-1.5.903.exe
2014-12-25 14:31 - 2015-01-04 20:07 - 00000000 ____D () C:\AdwCleaner
2014-12-21 17:18 - 2014-12-21 17:18 - 00000000 ____D () C:\Users\MASRET\AppData\Roaming\WinRAR
2014-12-21 17:17 - 2014-12-21 17:17 - 00003152 _____ () C:\Windows\System32\Tasks\{5178F5B8-5AEB-4859-B409-FEAFDFC7442D}
2014-12-21 17:17 - 2014-12-21 17:17 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-21 17:15 - 2014-12-21 17:15 - 01766368 _____ () C:\Users\MASRET\Downloads\wrar520.exe
2014-12-21 17:15 - 2014-12-21 17:15 - 00000000 ____D () C:\Users\MASRET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-21 17:15 - 2014-12-21 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-21 17:15 - 2014-12-21 17:15 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-12-21 17:04 - 2014-12-21 20:01 - 00000000 ____D () C:\Users\MASRET\AppData\Roaming\vlc
2014-12-21 17:03 - 2014-12-21 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-21 17:03 - 2014-12-21 17:03 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-12-21 17:02 - 2014-12-21 17:02 - 24743106 _____ () C:\Users\MASRET\Downloads\vlc-2.1.5-win32.exe
2014-12-21 16:45 - 2014-12-21 16:45 - 00077359 _____ () C:\Users\MASRET\Downloads\gone-girl_HI_english-1033077.zip
2014-12-21 16:42 - 2014-12-21 17:17 - 00000000 ____D () C:\ProgramData\WinZip
2014-12-21 16:40 - 2014-12-21 16:40 - 00906024 _____ ( ) C:\Users\MASRET\Downloads\winzip19-lan_ko.exe
2014-12-20 19:33 - 2014-12-20 19:33 - 00392839 _____ ( ) C:\Users\MASRET\Downloads\KCPPluginSetup.exe
2014-12-20 18:17 - 2014-12-20 18:17 - 00000000 ____D () C:\ProgramData\jddpgpkeooicpbbcgmpifjjeminhmdom
2014-12-20 18:14 - 2014-12-20 18:15 - 01233920 _____ () C:\Users\MASRET\Downloads\Led.GnGl72.FY.rar (1).exe
2014-12-20 18:08 - 2015-01-04 20:31 - 00000000 ____D () C:\Program Files (x86)\YaoutoubeaAdBBllocke
2014-12-20 18:07 - 2015-01-04 20:31 - 00000000 ____D () C:\Program Files (x86)\BuyNsavee
2014-12-20 18:07 - 2015-01-04 20:31 - 00000000 ____D () C:\Program Files (x86)\BUUyNssavE
2014-12-20 18:07 - 2014-12-20 18:07 - 00000000 ____D () C:\ProgramData\nnenenhlkjeijekegpihadgifakldhni
2014-12-20 18:05 - 2014-12-20 18:05 - 01233920 _____ () C:\Users\MASRET\Downloads\Led.GnGl72.FY.rar.exe
2014-12-20 17:59 - 2014-12-20 17:59 - 01233920 _____ () C:\Users\MASRET\Downloads\Download_Manager-TW.Gngrl7wdl-HD3D.rar.exe
2014-12-20 14:35 - 2014-12-20 14:35 - 00200363 _____ () C:\Users\MASRET\Downloads\Gone.Girl.2014.1080p.BluRay.x264-SPARKS.srt
2014-12-18 16:05 - 2014-12-13 14:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 16:05 - 2014-12-13 12:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 14:45 - 2014-12-16 14:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-14 14:22 - 2014-12-14 14:22 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-14 14:20 - 2014-11-11 12:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-14 14:20 - 2014-11-11 11:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-14 14:18 - 2014-11-22 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-14 14:18 - 2014-11-22 10:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-14 14:17 - 2014-11-27 10:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-14 14:17 - 2014-11-27 10:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-14 14:17 - 2014-11-22 12:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-14 14:17 - 2014-11-22 12:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-14 14:17 - 2014-11-22 12:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-14 14:17 - 2014-11-22 11:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-14 14:17 - 2014-11-22 11:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-14 14:17 - 2014-11-22 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-14 14:17 - 2014-11-22 11:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-14 14:17 - 2014-11-22 11:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-14 14:17 - 2014-11-22 11:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-14 14:17 - 2014-11-22 11:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-14 14:17 - 2014-11-22 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-14 14:17 - 2014-11-22 11:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-14 14:17 - 2014-11-22 11:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-14 14:17 - 2014-11-22 11:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-14 14:17 - 2014-11-22 11:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-14 14:17 - 2014-11-22 11:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-14 14:17 - 2014-11-22 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-14 14:17 - 2014-11-22 11:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-14 14:17 - 2014-11-22 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-14 14:17 - 2014-11-22 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-14 14:17 - 2014-11-22 11:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-14 14:17 - 2014-11-22 11:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-14 14:17 - 2014-11-22 11:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-14 14:17 - 2014-11-22 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-14 14:17 - 2014-11-22 11:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-14 14:17 - 2014-11-22 11:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-14 14:17 - 2014-11-22 10:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-14 14:17 - 2014-11-22 10:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-14 14:17 - 2014-11-22 10:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-14 14:17 - 2014-11-22 10:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-14 14:17 - 2014-11-22 10:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-14 14:17 - 2014-11-22 10:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-14 14:17 - 2014-11-22 10:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-14 14:17 - 2014-11-22 10:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-14 14:17 - 2014-11-22 10:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-14 14:17 - 2014-11-22 10:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-14 14:17 - 2014-11-22 10:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-14 14:17 - 2014-11-22 10:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-14 14:17 - 2014-11-22 10:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-14 14:17 - 2014-11-22 10:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-14 14:17 - 2014-11-22 10:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-14 14:17 - 2014-11-22 10:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-14 14:17 - 2014-11-22 10:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-14 14:17 - 2014-11-22 10:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-14 14:17 - 2014-11-22 10:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-14 14:17 - 2014-11-22 10:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-14 14:17 - 2014-11-22 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-14 14:17 - 2014-11-22 10:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-14 14:17 - 2014-11-22 09:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-14 14:17 - 2014-11-22 09:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-13 19:32 - 2014-12-13 19:32 - 00000000 ____D () C:\Program Files (x86)\INFovine
2014-12-13 19:32 - 2012-09-12 15:26 - 00039936 _____ ((주)인포바인) C:\Windows\SysWOW64\UbiKeyWin32.dll
2014-12-13 19:32 - 2012-09-12 15:22 - 00056328 _____ ((주)인포바인) C:\Windows\SysWOW64\VineTransfer.ocx
2014-12-13 19:32 - 2012-09-12 15:22 - 00048136 _____ ((주)인포바인) C:\Windows\SysWOW64\UbiKeyUninstall.exe
2014-12-13 19:32 - 2012-09-12 15:22 - 00039928 _____ ((주)인포바인) C:\Windows\SysWOW64\UbiKey.dll
2014-12-07 15:17 - 2013-12-25 08:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-07 15:17 - 2013-12-25 07:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-07 15:17 - 2013-11-26 17:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-12-07 15:17 - 2013-11-23 07:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-12-07 15:16 - 2011-04-28 12:55 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-12-07 15:16 - 2011-04-28 12:54 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2014-12-07 15:00 - 2014-12-07 15:00 - 00000000 __SHD () C:\Users\MASRET\AppData\Local\EmieUserList
2014-12-07 15:00 - 2014-12-07 15:00 - 00000000 __SHD () C:\Users\MASRET\AppData\Local\EmieSiteList
2014-12-07 15:00 - 2014-12-07 15:00 - 00000000 __SHD () C:\Users\MASRET\AppData\Local\EmieBrowserModeList
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-05 18:21 - 2011-04-13 05:58 - 00402982 _____ () C:\Windows\system32\perfh012.dat
2015-01-05 18:21 - 2011-04-13 05:58 - 00101898 _____ () C:\Windows\system32\perfc012.dat
2015-01-05 18:21 - 2009-07-14 14:13 - 01209372 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 18:21 - 2009-07-14 13:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 18:21 - 2009-07-14 13:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 18:19 - 2014-11-23 14:11 - 01413094 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 18:16 - 2009-07-14 14:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 21:42 - 2014-11-23 20:28 - 00000622 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-04 20:47 - 2014-11-23 20:24 - 00141848 _____ (Kings Information & Network) C:\Windows\system32\kcrtx64.sys
2015-01-04 20:31 - 2009-07-14 12:20 - 00000000 ____D () C:\Windows\Resources
2015-01-04 19:59 - 2012-04-19 18:39 - 00000000 ____D () C:\Windows\Panther
2015-01-04 19:10 - 2014-11-23 14:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-25 20:56 - 2014-11-30 10:44 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts_tmp
2014-12-24 23:38 - 2014-11-30 10:45 - 03595656 _____ (AhnLab, Inc.) C:\Windows\system32\btscan.exe
2014-12-21 17:19 - 2009-07-14 12:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-21 17:17 - 2009-07-14 12:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-21 17:08 - 2009-07-14 14:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-21 16:43 - 2009-07-14 13:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-19 20:13 - 2014-11-25 10:53 - 00000109 _____ () C:\Windows\system32\anyclick_info
2014-12-19 12:50 - 2014-11-25 11:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-14 17:35 - 2009-07-14 12:20 - 00000000 ____D () C:\Windows\rescache
2014-12-14 16:48 - 2014-11-23 14:28 - 00164360 _____ () C:\Users\MASRET\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-14 16:48 - 2009-07-14 13:45 - 00726656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-14 16:47 - 2009-07-14 12:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-14 14:25 - 2012-04-19 19:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-14 14:08 - 2009-07-14 11:34 - 00000478 _____ () C:\Windows\win.ini
2014-12-13 18:42 - 2014-11-23 20:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-13 18:42 - 2014-11-23 20:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-13 18:42 - 2014-11-23 20:28 - 00003560 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-07 15:42 - 2014-11-23 20:24 - 01251848 _____ (RaonSecure Co., Ltd.) C:\Windows\SysWOW64\CKSetup64.exe
2014-12-07 15:01 - 2009-07-14 14:32 - 00000000 ____D () C:\Windows\system32\restore
2014-12-07 14:55 - 2014-11-23 14:10 - 00001349 _____ () C:\Users\MASRET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-06 00:53 - 2011-04-13 06:09 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-06 00:53 - 2009-07-14 14:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-06 00:53 - 2009-07-14 14:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-06 00:53 - 2009-07-14 12:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-12-06 00:53 - 2009-07-14 12:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-12-06 00:53 - 2009-07-14 12:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-12-06 00:53 - 2009-07-14 12:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-12-06 00:53 - 2009-07-14 12:20 - 00000000 ____D () C:\Program Files\Common Files\System
 
Some content of TEMP:
====================
C:\Users\MASRET\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.64.exe
C:\Users\MASRET\AppData\Local\Temp\Quarantine.exe
C:\Users\MASRET\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-25 21:38
 
==================== End Of Log ============================

 

Plus the addition log:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015

Ran by MASRET at 2015-01-05 18:23:53
Running from C:\Users\MASRET\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DP Chip v14.07 (HKLM-x32\...\3DP Chip) (Version: v14.07 - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version:  - AhnLab, Inc)
Anyclick (HKLM\...\AnyClick) (Version: Anyclick AUS v6.0-640 - UNETsystem Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.6 - Lenovo)
Energy Management (x32 Version: 6.0.1.6 - Lenovo) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
INISafe SFilter v7.2 (HKLM-x32\...\UnINISafeWeb7) (Version: 7.2.0.13 - ©INITECH)
IPinside Agent (HKLM-x32\...\IPinside Agent) (Version: 1.0.1.23 - interezen)
KCP CrossBrowsing Version (HKLM-x32\...\KCP Payment Plugin_is1) (Version:  - )
KCP 크로스브라우징 HUB 버전 (HKLM-x32\...\KCP Payment Hub Plugin_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
npEfdsWCtrl (HKLM-x32\...\npEfdsWCtrl) (Version:  - INCA Internet Co., Ltd.)
Printmade2 (HKLM-x32\...\{4EF8C716-1E9A-4FD4-BC4F-E18BD949974C}_is1) (Version: 2.0.1.16 - NagoSoft, Inc.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Samsung ML-2160 Series (HKLM-x32\...\Samsung ML-2160 Series) (Version: 1.20 (2014-09-29) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SoftCamp Secure KeyStroke 4.0 (HKLM-x32\...\SoftcampSCSK) (Version:  - )
TouchEn key with E2E for 32bit (HKLM-x32\...\TouchEn_key) (Version:  - RaonSecure Co., Ltd.)
Veraport20(보안모듈 관리 프로그램) - 2,5,6,1 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 2,5,6,1 - Wizvera)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows 드라이버 패키지 - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XecureWeb Control (HKLM-x32\...\XecureWeb Control) (Version:  - )
XecureWeb UnifiedPlugin (HKLM-x32\...\XecureWeb UnifiedPlugin) (Version: 1.0.5.16 - SoftForum Co., Ltd.)
x-INIpay Plugin v.1.0.0.3 (HKLM-x32\...\{CA0EE02C-0EF3-4127-BC88-D68F6F456FA5}_is1) (Version:  - INICIS)
삼성 프린터 진단 (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.0.15 - Samsung Electronics Co., Ltd.)
한컴오피스 한글 2010 (HKLM-x32\...\Haansoft HWord 80 Korean) (Version: 8.0.1 - Hancom)
한컴오피스 한글 2010 (x32 Version: 8.0.1 - hancom) Hidden
휴대폰인증서(보관)서비스 (HKLM-x32\...\INFovine) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 11:34 - 2009-06-11 06:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {4077CD07-FFB3-4291-96D9-8463FBEE655E} - System32\Tasks\{5178F5B8-5AEB-4859-B409-FEAFDFC7442D} => pcalua.exe -a C:\Users\MASRET\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {53D4BCEC-AE67-4030-9E9B-E0847BB68A06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated)
Task: {58E394C8-F3CD-4484-92BC-B30FA727A38D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-13] (Piriform Ltd)
Task: {5C9A5145-9CC9-4857-8838-9D58F5D590AC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9A956A3B-1653-487F-A8FC-C784CD20A3DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-04] (Google Inc)
Task: {D6469576-DD5A-4097-99F9-03CEBCAFFBD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-04] (Google Inc)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-30 19:32 - 2011-04-25 20:24 - 00034304 _____ () C:\Windows\System32\ssj1mlm.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-23 14:13 - 2010-06-16 08:44 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2014-11-23 14:13 - 2013-03-18 09:39 - 00307741 _____ () C:\Windows\KMService.exe
2014-11-23 14:10 - 2012-12-12 17:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 03:20 - 2014-11-23 21:48 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 03:20 - 2014-11-23 21:48 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-04 19:10 - 2014-12-06 10:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2015-01-04 19:10 - 2014-12-06 10:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2015-01-04 19:10 - 2014-12-06 10:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2015-01-04 19:10 - 2014-12-06 10:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1107877409-3792303618-1399779585-500 - Administrator - Disabled)
Guest (S-1-5-21-1107877409-3792303618-1399779585-501 - Limited - Disabled)
MASRET (S-1-5-21-1107877409-3792303618-1399779585-1000 - Administrator - Enabled) => C:\Users\MASRET
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/05/2015 06:21:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1"에 대한 활성화 컨텍스트를 생성하지 못했습니다.
종속 어셈블리 Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"을(를) 찾을 수 없습니다.
자세한 진단을 위해서는 sxstrace.exe를 사용하십시오.
 
Error: (01/05/2015 06:20:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1"에 대한 활성화 컨텍스트를 생성하지 못했습니다.
종속 어셈블리 Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"을(를) 찾을 수 없습니다.
자세한 진단을 위해서는 sxstrace.exe를 사용하십시오.
 
Error: (01/05/2015 06:20:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1"에 대한 활성화 컨텍스트를 생성하지 못했습니다.
종속 어셈블리 Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"을(를) 찾을 수 없습니다.
자세한 진단을 위해서는 sxstrace.exe를 사용하십시오.
 
Error: (01/05/2015 06:20:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1"에 대한 활성화 컨텍스트를 생성하지 못했습니다.
종속 어셈블리 Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"을(를) 찾을 수 없습니다.
자세한 진단을 위해서는 sxstrace.exe를 사용하십시오.
 
Error: (01/05/2015 06:16:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1"에 대한 활성화 컨텍스트를 생성하지 못했습니다.
종속 어셈블리 Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"을(를) 찾을 수 없습니다.
자세한 진단을 위해서는 sxstrace.exe를 사용하십시오.
 
Error: (01/05/2015 06:16:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1"에 대한 활성화 컨텍스트를 생성하지 못했습니다.
종속 어셈블리 Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"을(를) 찾을 수 없습니다.
자세한 진단을 위해서는 sxstrace.exe를 사용하십시오.
 
Error: (01/05/2015 06:16:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1"에 대한 활성화 컨텍스트를 생성하지 못했습니다.
종속 어셈블리 Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"을(를) 찾을 수 없습니다.
자세한 진단을 위해서는 sxstrace.exe를 사용하십시오.
 
Error: (01/05/2015 06:16:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1"에 대한 활성화 컨텍스트를 생성하지 못했습니다.
종속 어셈블리 Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"을(를) 찾을 수 없습니다.
자세한 진단을 위해서는 sxstrace.exe를 사용하십시오.
 
Error: (01/05/2015 06:16:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1"에 대한 활성화 컨텍스트를 생성하지 못했습니다.
종속 어셈블리 Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"을(를) 찾을 수 없습니다.
자세한 진단을 위해서는 sxstrace.exe를 사용하십시오.
 
Error: (01/05/2015 06:11:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1"에 대한 활성화 컨텍스트를 생성하지 못했습니다.
종속 어셈블리 Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"을(를) 찾을 수 없습니다.
자세한 진단을 위해서는 sxstrace.exe를 사용하십시오.
 
 
System errors:
=============
Error: (01/05/2015 06:16:43 PM) (Source: volmgr) (EventID: 46) (User: )
Description: 크래시 덤프를 초기화하지 못했습니다!
 
Error: (01/05/2015 06:16:41 PM) (Source: volmgr) (EventID: 46) (User: )
Description: 크래시 덤프를 초기화하지 못했습니다!
 
Error: (01/05/2015 06:16:41 PM) (Source: volmgr) (EventID: 46) (User: )
Description: 크래시 덤프를 초기화하지 못했습니다!
 
Error: (01/05/2015 06:06:57 PM) (Source: volmgr) (EventID: 46) (User: )
Description: 크래시 덤프를 초기화하지 못했습니다!
 
Error: (01/05/2015 06:06:55 PM) (Source: volmgr) (EventID: 46) (User: )
Description: 크래시 덤프를 초기화하지 못했습니다!
 
Error: (01/05/2015 06:06:55 PM) (Source: volmgr) (EventID: 46) (User: )
Description: 크래시 덤프를 초기화하지 못했습니다!
 
Error: (01/04/2015 08:31:23 PM) (Source: volmgr) (EventID: 46) (User: )
Description: 크래시 덤프를 초기화하지 못했습니다!
 
Error: (01/04/2015 08:31:21 PM) (Source: volmgr) (EventID: 46) (User: )
Description: 크래시 덤프를 초기화하지 못했습니다!
 
Error: (01/04/2015 08:31:21 PM) (Source: volmgr) (EventID: 46) (User: )
Description: 크래시 덤프를 초기화하지 못했습니다!
 
Error: (01/04/2015 08:08:13 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Windows Search 서비스가 예기치 않게 종료된 후에 서비스 제어 관리자가 수정 작업(서비스 다시 시작)을 시도했으나, 다음 오류 때문에 이 작업이 실패했습니다. 
%%1056
 
 
Microsoft Office Sessions:
=========================
Error: (01/05/2015 06:21:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Unetsystem\AnyClick\MFC80.DLL
 
Error: (01/05/2015 06:20:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Unetsystem\AnyClick\MFC80.DLL
 
Error: (01/05/2015 06:20:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Unetsystem\AnyClick\MFC80.DLL
 
Error: (01/05/2015 06:20:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Unetsystem\AnyClick\MFC80.DLL
 
Error: (01/05/2015 06:16:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Unetsystem\AnyClick\MFC80.DLL
 
Error: (01/05/2015 06:16:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Unetsystem\AnyClick\MFC80.DLL
 
Error: (01/05/2015 06:16:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Unetsystem\AnyClick\MFC80.DLL
 
Error: (01/05/2015 06:16:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Unetsystem\AnyClick\MFC80.DLL
 
Error: (01/05/2015 06:16:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Unetsystem\AnyClick\MFC80.DLL
 
Error: (01/05/2015 06:11:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Unetsystem\AnyClick\MFC80.DLL
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-2467M CPU @ 1.60GHz
Percentage of memory in use: 35%
Total physical RAM: 4001.5 MB
Available physical RAM: 2594.18 MB
Total Pagefile: 8001.17 MB
Available Pagefile: 6504.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:94.12 GB) (Free:68.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:25.12 GB) (Free:3.96 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 7DB9BDE9)
Partition 1: (Active) - (Size=94.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=25.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

 

I should also mention that we live in Seoul -- apologies for any files that appear written in Korean. Please let me know if I can provide any more info. 

 

I really appreciate the help. 

 

--Rob

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.

Link to post
Share on other sites

Hello, Marius, and thanks for your help!

 

I have followed your instructions and will post the requested logs below:

GMER 2.1.19357 - http://www.gmer.netRootkit scan 2015-01-06 08:57:26Windows 6.1.7601 Service Pack 1 x64 Running: p3pb21gs.exe---- Registry - GMER 2.1 ----Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb42826134                      Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb42826134 (not active ControlSet)  ---- EOF - GMER 2.1 ----

I'll attach the TDSSKiller log and also upload it as a txt. file:

08:59:11.0936 0x0ba4  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:2008:59:24.0603 0x0ba4  ============================================================08:59:24.0603 0x0ba4  Current date / time: 2015/01/06 08:59:24.060308:59:24.0603 0x0ba4  SystemInfo:08:59:24.0603 0x0ba4  08:59:24.0603 0x0ba4  OS Version: 6.1.7601 ServicePack: 1.008:59:24.0603 0x0ba4  Product type: Workstation08:59:24.0603 0x0ba4  ComputerName: MASRET-PC08:59:24.0603 0x0ba4  UserName: MASRET08:59:24.0603 0x0ba4  Windows directory: C:\Windows08:59:24.0603 0x0ba4  System windows directory: C:\Windows08:59:24.0603 0x0ba4  Running under WOW6408:59:24.0603 0x0ba4  Processor architecture: Intel x6408:59:24.0603 0x0ba4  Number of processors: 408:59:24.0603 0x0ba4  Page size: 0x100008:59:24.0603 0x0ba4  Boot type: Normal boot08:59:24.0603 0x0ba4  ============================================================08:59:24.0697 0x0ba4  KLMD registered as C:\Windows\system32\drivers\64517259.sys08:59:24.0822 0x0ba4  System UUID: {DB93346D-74E4-06D3-1B4D-6684CEF3B130}08:59:25.0274 0x0ba4  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004008:59:25.0274 0x0ba4  ============================================================08:59:25.0274 0x0ba4  \Device\Harddisk0\DR0:08:59:25.0274 0x0ba4  MBR partitions:08:59:25.0274 0x0ba4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBC3F10008:59:25.0274 0x0ba4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBC3F13F, BlocksNum 0x323C6C108:59:25.0274 0x0ba4  ============================================================08:59:25.0274 0x0ba4  C: <-> \Device\Harddisk0\DR0\Partition108:59:25.0290 0x0ba4  D: <-> \Device\Harddisk0\DR0\Partition208:59:25.0290 0x0ba4  ============================================================08:59:25.0290 0x0ba4  Initialize success08:59:25.0290 0x0ba4  ============================================================08:59:39.0735 0x029c  ============================================================08:59:39.0735 0x029c  Scan started08:59:39.0735 0x029c  Mode: Manual; 08:59:39.0735 0x029c  ============================================================08:59:39.0735 0x029c  KSN ping started08:59:42.0715 0x029c  KSN ping finished: true08:59:42.0840 0x029c  ================ Scan system memory ========================08:59:42.0840 0x029c  System memory - ok08:59:42.0840 0x029c  ================ Scan services =============================08:59:42.0887 0x029c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys08:59:42.0902 0x029c  1394ohci - ok08:59:42.0934 0x029c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys08:59:42.0934 0x029c  ACPI - ok08:59:42.0934 0x029c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys08:59:42.0949 0x029c  AcpiPmi - ok08:59:42.0949 0x029c  [ 5BBFF8B826EC38D32C26334E079C7EFC, 673D46409F0225A804B55FFB77E82AF34F8C7A93BEEF92DC3DFAC7EFCC5F09B6 ] ACPIVPC         C:\Windows\system32\DRIVERS\AcpiVpc.sys08:59:42.0949 0x029c  ACPIVPC - ok08:59:42.0980 0x029c  [ 749F94C424524285DCDA84D695ABC12F, E5AD194AF5B8B4FDB3976D3E3F9EF942DECFEC4EBAA9881A8EF7707BB781E4AD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe08:59:42.0980 0x029c  AdobeFlashPlayerUpdateSvc - ok08:59:42.0996 0x029c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys08:59:43.0012 0x029c  adp94xx - ok08:59:43.0027 0x029c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys08:59:43.0043 0x029c  adpahci - ok08:59:43.0043 0x029c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys08:59:43.0058 0x029c  adpu320 - ok08:59:43.0058 0x029c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll08:59:43.0074 0x029c  AeLookupSvc - ok08:59:43.0090 0x029c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys08:59:43.0105 0x029c  AFD - ok08:59:43.0105 0x029c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys08:59:43.0105 0x029c  agp440 - ok08:59:43.0121 0x029c  AhnFlt2K - ok08:59:43.0121 0x029c  AhnRec2K - ok08:59:43.0121 0x029c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe08:59:43.0136 0x029c  ALG - ok08:59:43.0136 0x029c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys08:59:43.0136 0x029c  aliide - ok08:59:43.0136 0x029c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys08:59:43.0136 0x029c  amdide - ok08:59:43.0152 0x029c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys08:59:43.0152 0x029c  AmdK8 - ok08:59:43.0152 0x029c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys08:59:43.0168 0x029c  AmdPPM - ok08:59:43.0168 0x029c  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys08:59:43.0168 0x029c  amdsata - ok08:59:43.0183 0x029c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys08:59:43.0199 0x029c  amdsbs - ok08:59:43.0199 0x029c  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys08:59:43.0199 0x029c  amdxata - ok08:59:43.0199 0x029c  [ 79F812BDF6916103F69DBA024326BD8F, E00B86AA36361A29899AB690F6470EDEC9A9792B5EDD69BAB2AE20D3E14083E8 ] AMonTDLH        C:\Windows\system32\Drivers\AMonTDLH.sys08:59:43.0214 0x029c  AMonTDLH - ok08:59:43.0214 0x029c  [ D9F0CDD6AF2C516F6D21D06B16E5AB01, 8F7DB1C0D3045A6CA9FEE72000B1E8BECF0BF49D9BF1BCCEC3EFA877810C4551 ] AnySens         C:\Program Files\Unetsystem\AnyClick\AnySens.exe08:59:43.0214 0x029c  AnySens - ok08:59:43.0230 0x029c  [ 4DC32DDF753E141BB56EB0C7710767C4, 042942158390CED1690D44698C92A4E3CBA1113CDFA8BF87BCEDB840B1233D73 ] AnySVC          C:\Program Files\Unetsystem\AnyClick\AnySVC.exe08:59:43.0246 0x029c  AnySVC - ok08:59:43.0246 0x029c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys08:59:43.0246 0x029c  AppID - ok08:59:43.0261 0x029c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll08:59:43.0261 0x029c  AppIDSvc - ok08:59:43.0261 0x029c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll08:59:43.0261 0x029c  Appinfo - ok08:59:43.0277 0x029c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll08:59:43.0277 0x029c  AppMgmt - ok08:59:43.0292 0x029c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys08:59:43.0292 0x029c  arc - ok08:59:43.0308 0x029c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys08:59:43.0308 0x029c  arcsas - ok08:59:43.0308 0x029c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys08:59:43.0308 0x029c  AsyncMac - ok08:59:43.0324 0x029c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys08:59:43.0324 0x029c  atapi - ok08:59:43.0339 0x029c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll08:59:43.0355 0x029c  AudioEndpointBuilder - ok08:59:43.0386 0x029c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll08:59:43.0402 0x029c  AudioSrv - ok08:59:43.0402 0x029c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll08:59:43.0417 0x029c  AxInstSV - ok08:59:43.0433 0x029c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys08:59:43.0448 0x029c  b06bdrv - ok08:59:43.0464 0x029c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys08:59:43.0464 0x029c  b57nd60a - ok08:59:43.0480 0x029c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll08:59:43.0480 0x029c  BDESVC - ok08:59:43.0480 0x029c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys08:59:43.0480 0x029c  Beep - ok08:59:43.0511 0x029c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll08:59:43.0526 0x029c  BFE - ok08:59:43.0558 0x029c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll08:59:43.0589 0x029c  BITS - ok08:59:43.0589 0x029c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys08:59:43.0589 0x029c  blbdrive - ok08:59:43.0604 0x029c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys08:59:43.0604 0x029c  bowser - ok08:59:43.0604 0x029c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys08:59:43.0604 0x029c  BrFiltLo - ok08:59:43.0620 0x029c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys08:59:43.0620 0x029c  BrFiltUp - ok08:59:43.0620 0x029c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll08:59:43.0636 0x029c  Browser - ok08:59:43.0636 0x029c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys08:59:43.0651 0x029c  Brserid - ok08:59:43.0698 0x029c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys08:59:43.0698 0x029c  BrSerWdm - ok08:59:43.0714 0x029c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys08:59:43.0714 0x029c  BrUsbMdm - ok08:59:43.0729 0x029c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys08:59:43.0729 0x029c  BrUsbSer - ok08:59:43.0729 0x029c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys08:59:43.0729 0x029c  BthEnum - ok08:59:43.0745 0x029c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys08:59:43.0745 0x029c  BTHMODEM - ok08:59:43.0760 0x029c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys08:59:43.0760 0x029c  BthPan - ok08:59:43.0776 0x029c  [ 64C198198501F7560EE41D8D1EFA7952, 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys08:59:43.0792 0x029c  BTHPORT - ok08:59:43.0807 0x029c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll08:59:43.0807 0x029c  bthserv - ok08:59:43.0807 0x029c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys08:59:43.0823 0x029c  BTHUSB - ok08:59:43.0823 0x029c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys08:59:43.0823 0x029c  cdfs - ok08:59:43.0838 0x029c  [ 715DAD1D219E6231EEC37A9A711E4D3F, 8E406C64F2428E179540C891E7633DECFF7E6208CA0167A058C927BA7424563B ] CdmDrvNt        C:\Windows\system32\Drivers\CdmDrvNt.sys08:59:43.0838 0x029c  CdmDrvNt - ok08:59:43.0838 0x029c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys08:59:43.0854 0x029c  cdrom - ok08:59:43.0854 0x029c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll08:59:43.0854 0x029c  CertPropSvc - ok08:59:43.0870 0x029c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys08:59:43.0870 0x029c  circlass - ok08:59:43.0885 0x029c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys08:59:43.0901 0x029c  CLFS - ok08:59:43.0901 0x029c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe08:59:43.0901 0x029c  clr_optimization_v2.0.50727_32 - ok08:59:43.0916 0x029c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe08:59:43.0916 0x029c  clr_optimization_v2.0.50727_64 - ok08:59:43.0932 0x029c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys08:59:43.0932 0x029c  CmBatt - ok08:59:43.0932 0x029c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys08:59:43.0932 0x029c  cmdide - ok08:59:43.0948 0x029c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys08:59:43.0963 0x029c  CNG - ok08:59:43.0963 0x029c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys08:59:43.0963 0x029c  Compbatt - ok08:59:43.0979 0x029c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys08:59:43.0979 0x029c  CompositeBus - ok08:59:43.0979 0x029c  COMSysApp - ok08:59:43.0994 0x029c  [ 06B278D3D74D3AD7FA8E8D8D6300F574, A5CF516AB8BC378B1EABFF8D6741189CB16C2E9868B29F0389727DCC776FC2A3 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe08:59:44.0010 0x029c  cphs - ok08:59:44.0010 0x029c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys08:59:44.0010 0x029c  crcdisk - ok08:59:44.0026 0x029c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll08:59:44.0026 0x029c  CryptSvc - ok08:59:44.0057 0x029c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys08:59:44.0072 0x029c  CSC - ok08:59:44.0088 0x029c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll08:59:44.0104 0x029c  CscService - ok08:59:44.0135 0x029c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll08:59:44.0150 0x029c  DcomLaunch - ok08:59:44.0150 0x029c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll08:59:44.0166 0x029c  defragsvc - ok08:59:44.0166 0x029c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys08:59:44.0182 0x029c  DfsC - ok08:59:44.0197 0x029c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll08:59:44.0197 0x029c  Dhcp - ok08:59:44.0197 0x029c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys08:59:44.0213 0x029c  discache - ok08:59:44.0213 0x029c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys08:59:44.0213 0x029c  Disk - ok08:59:44.0228 0x029c  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys08:59:44.0228 0x029c  dmvsc - ok08:59:44.0228 0x029c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll08:59:44.0244 0x029c  Dnscache - ok08:59:44.0260 0x029c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll08:59:44.0260 0x029c  dot3svc - ok08:59:44.0275 0x029c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll08:59:44.0275 0x029c  DPS - ok08:59:44.0275 0x029c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys08:59:44.0275 0x029c  drmkaud - ok08:59:44.0306 0x029c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys08:59:44.0338 0x029c  DXGKrnl - ok08:59:44.0338 0x029c  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD, 967829CE37158020F6026C588260FCFC6F9852DDDACD622FAF7AB75121DF5B3D ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys08:59:44.0353 0x029c  E1G60 - ok08:59:44.0353 0x029c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll08:59:44.0353 0x029c  EapHost - ok08:59:44.0447 0x029c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys08:59:44.0525 0x029c  ebdrv - ok08:59:44.0540 0x029c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe08:59:44.0540 0x029c  EFS - ok08:59:44.0572 0x029c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe08:59:44.0587 0x029c  ehRecvr - ok08:59:44.0587 0x029c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe08:59:44.0603 0x029c  ehSched - ok08:59:44.0618 0x029c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys08:59:44.0634 0x029c  elxstor - ok08:59:44.0634 0x029c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys08:59:44.0634 0x029c  ErrDev - ok08:59:44.0665 0x029c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll08:59:44.0665 0x029c  EventSystem - ok08:59:44.0681 0x029c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys08:59:44.0681 0x029c  exfat - ok08:59:44.0696 0x029c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys08:59:44.0712 0x029c  fastfat - ok08:59:44.0728 0x029c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe08:59:44.0743 0x029c  Fax - ok08:59:44.0759 0x029c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys08:59:44.0759 0x029c  fdc - ok08:59:44.0759 0x029c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll08:59:44.0759 0x029c  fdPHost - ok08:59:44.0774 0x029c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll08:59:44.0774 0x029c  FDResPub - ok08:59:44.0774 0x029c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys08:59:44.0774 0x029c  FileInfo - ok08:59:44.0790 0x029c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys08:59:44.0790 0x029c  Filetrace - ok08:59:44.0790 0x029c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys08:59:44.0790 0x029c  flpydisk - ok08:59:44.0806 0x029c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys08:59:44.0821 0x029c  FltMgr - ok08:59:44.0852 0x029c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll08:59:44.0884 0x029c  FontCache - ok08:59:44.0899 0x029c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe08:59:44.0899 0x029c  FontCache3.0.0.0 - ok08:59:44.0899 0x029c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys08:59:44.0899 0x029c  FsDepends - ok08:59:44.0915 0x029c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys08:59:44.0915 0x029c  Fs_Rec - ok08:59:44.0915 0x029c  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys08:59:44.0930 0x029c  fvevol - ok08:59:44.0930 0x029c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys08:59:44.0930 0x029c  gagp30kx - ok08:59:44.0962 0x029c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll08:59:44.0977 0x029c  gpsvc - ok08:59:44.0993 0x029c  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe08:59:44.0993 0x029c  gupdate - ok08:59:45.0008 0x029c  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe08:59:45.0008 0x029c  gupdatem - ok08:59:45.0008 0x029c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys08:59:45.0008 0x029c  hcw85cir - ok08:59:45.0024 0x029c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys08:59:45.0040 0x029c  HdAudAddService - ok08:59:45.0055 0x029c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys08:59:45.0055 0x029c  HDAudBus - ok08:59:45.0055 0x029c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys08:59:45.0055 0x029c  HidBatt - ok08:59:45.0071 0x029c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys08:59:45.0071 0x029c  HidBth - ok08:59:45.0071 0x029c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys08:59:45.0071 0x029c  HidIr - ok08:59:45.0086 0x029c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll08:59:45.0086 0x029c  hidserv - ok08:59:45.0086 0x029c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys08:59:45.0086 0x029c  HidUsb - ok08:59:45.0102 0x029c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll08:59:45.0102 0x029c  hkmsvc - ok08:59:45.0118 0x029c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll08:59:45.0118 0x029c  HomeGroupListener - ok08:59:45.0133 0x029c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll08:59:45.0133 0x029c  HomeGroupProvider - ok08:59:45.0149 0x029c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys08:59:45.0149 0x029c  HpSAMD - ok08:59:45.0180 0x029c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys08:59:45.0196 0x029c  HTTP - ok08:59:45.0196 0x029c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys08:59:45.0196 0x029c  hwpolicy - ok08:59:45.0211 0x029c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys08:59:45.0211 0x029c  i8042prt - ok08:59:45.0227 0x029c  [ CCFA835960E35F30D28A868E0B3B8722, 47D95E75685F9D40229902A92426FBCB358EA929202EAFBBF79C72873B8B9032 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys08:59:45.0242 0x029c  iaStor - ok08:59:45.0258 0x029c  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys08:59:45.0274 0x029c  iaStorV - ok08:59:45.0305 0x029c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe08:59:45.0320 0x029c  idsvc - ok08:59:45.0336 0x029c  IEEtwCollectorService - ok08:59:45.0476 0x029c  [ 348214F96642FD4FEF630DE021BA3540, B6A7D2EA41F6866F5AFF5022BB459E5AFF683FF2FF470B84F3E911C8AEC47C30 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys08:59:45.0601 0x029c  igfx - ok08:59:45.0617 0x029c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys08:59:45.0617 0x029c  iirsp - ok08:59:45.0648 0x029c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll08:59:45.0664 0x029c  IKEEXT - ok08:59:45.0679 0x029c  [ 4552B448CF9C00BA2A94032AF35BD9FC, 01E82C42FDC8EA8F0BA7AA7AF78AD769A909801433DCA13CEC820B301B4BA27E ] ImeDictUpdateService C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE08:59:45.0679 0x029c  ImeDictUpdateService - ok08:59:45.0695 0x029c  [ 8E4044C6B71B2F837166F6EDB6BF9100, 441A4EA0C3EF686B8B7884EC96FD8EE1017EB3F462FB4376638F461E41D97C72 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys08:59:45.0710 0x029c  IntcDAud - ok08:59:45.0710 0x029c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys08:59:45.0710 0x029c  intelide - ok08:59:45.0726 0x029c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys08:59:45.0726 0x029c  intelppm - ok08:59:45.0726 0x029c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll08:59:45.0742 0x029c  IPBusEnum - ok08:59:45.0742 0x029c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys08:59:45.0742 0x029c  IpFilterDriver - ok08:59:45.0773 0x029c  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll08:59:45.0788 0x029c  iphlpsvc - ok08:59:45.0788 0x029c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys08:59:45.0788 0x029c  IPMIDRV - ok08:59:45.0804 0x029c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys08:59:45.0804 0x029c  IPNAT - ok08:59:45.0804 0x029c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys08:59:45.0804 0x029c  IRENUM - ok08:59:45.0820 0x029c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys08:59:45.0820 0x029c  isapnp - ok08:59:45.0835 0x029c  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys08:59:45.0835 0x029c  iScsiPrt - ok08:59:45.0835 0x029c  JRSKD24 - ok08:59:45.0851 0x029c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys08:59:45.0851 0x029c  kbdclass - ok08:59:45.0851 0x029c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys08:59:45.0866 0x029c  kbdhid - ok08:59:45.0866 0x029c  [ B2023B8C0ACA7A4FF75A69E877DFB2D4, D8628B1C2B9103F80447B28082D7E59AAB1D763C740AB9C4A5269B49651A300B ] kcrtx64         C:\Windows\system32\kcrtx64.sys08:59:45.0866 0x029c  kcrtx64 - ok08:59:45.0882 0x029c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe08:59:45.0882 0x029c  KeyIso - ok08:59:45.0882 0x029c  KMService - ok08:59:45.0898 0x029c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys08:59:45.0898 0x029c  KSecDD - ok08:59:45.0898 0x029c  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys08:59:45.0913 0x029c  KSecPkg - ok08:59:45.0913 0x029c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys08:59:45.0913 0x029c  ksthunk - ok08:59:45.0929 0x029c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll08:59:45.0944 0x029c  KtmRm - ok08:59:45.0960 0x029c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll08:59:45.0960 0x029c  LanmanServer - ok08:59:45.0976 0x029c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll08:59:45.0976 0x029c  LanmanWorkstation - ok08:59:45.0991 0x029c  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\Windows\system32\DRIVERS\LhdX64.sys08:59:45.0991 0x029c  LHDmgr - ok08:59:45.0991 0x029c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys08:59:45.0991 0x029c  lltdio - ok08:59:46.0007 0x029c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll08:59:46.0022 0x029c  lltdsvc - ok08:59:46.0022 0x029c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll08:59:46.0022 0x029c  lmhosts - ok08:59:46.0038 0x029c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys08:59:46.0038 0x029c  LSI_FC - ok08:59:46.0054 0x029c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys08:59:46.0054 0x029c  LSI_SAS - ok08:59:46.0054 0x029c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys08:59:46.0069 0x029c  LSI_SAS2 - ok08:59:46.0069 0x029c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys08:59:46.0069 0x029c  LSI_SCSI - ok08:59:46.0085 0x029c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys08:59:46.0085 0x029c  luafv - ok08:59:46.0100 0x029c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll08:59:46.0100 0x029c  Mcx2Svc - ok08:59:46.0100 0x029c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys08:59:46.0116 0x029c  megasas - ok08:59:46.0116 0x029c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys08:59:46.0132 0x029c  MegaSR - ok08:59:46.0132 0x029c  [ 6FE7B681F1840366B2E4E8B15BE8E2CB, D60DB52345FB17160C1761AE5BF6C8CF56B350FC626A40C985CA2AE5C88B2F50 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys08:59:46.0147 0x029c  MEIx64 - ok08:59:46.0147 0x029c  [ E044C21C021394763497FB17A6B67096, 4F2BC2F73097330A7FD65AE9750BDC6AAA6B24C6F4F2FBBAB388E508188219F8 ] MfFWEnt         C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys08:59:46.0147 0x029c  MfFWEnt - ok08:59:46.0163 0x029c  [ 0643736678CB18BD14114FA6798BD51E, 37D4D40347675652C410167B5427BC2D0A8CBB36FAF51F8348C6E6210CB73464 ] MfIPSEnt        C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys08:59:46.0163 0x029c  MfIPSEnt - ok08:59:46.0178 0x029c  Microsoft SharePoint Workspace Audit Service - ok08:59:46.0178 0x029c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll08:59:46.0194 0x029c  MMCSS - ok08:59:46.0194 0x029c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys08:59:46.0194 0x029c  Modem - ok08:59:46.0194 0x029c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys08:59:46.0194 0x029c  monitor - ok08:59:46.0210 0x029c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys08:59:46.0210 0x029c  mouclass - ok08:59:46.0210 0x029c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys08:59:46.0210 0x029c  mouhid - ok08:59:46.0225 0x029c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys08:59:46.0225 0x029c  mountmgr - ok08:59:46.0241 0x029c  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe08:59:46.0241 0x029c  MozillaMaintenance - ok08:59:46.0256 0x029c  [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys08:59:46.0256 0x029c  MpFilter - ok08:59:46.0272 0x029c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys08:59:46.0272 0x029c  mpio - ok08:59:46.0288 0x029c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys08:59:46.0288 0x029c  mpsdrv - ok08:59:46.0319 0x029c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll08:59:46.0334 0x029c  MpsSvc - ok08:59:46.0350 0x029c  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys08:59:46.0350 0x029c  MRxDAV - ok08:59:46.0366 0x029c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys08:59:46.0366 0x029c  mrxsmb - ok08:59:46.0381 0x029c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys08:59:46.0381 0x029c  mrxsmb10 - ok08:59:46.0397 0x029c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys08:59:46.0397 0x029c  mrxsmb20 - ok08:59:46.0397 0x029c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys08:59:46.0412 0x029c  msahci - ok08:59:46.0412 0x029c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys08:59:46.0412 0x029c  msdsm - ok08:59:46.0428 0x029c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe08:59:46.0428 0x029c  MSDTC - ok08:59:46.0444 0x029c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys08:59:46.0444 0x029c  Msfs - ok08:59:46.0444 0x029c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys08:59:46.0444 0x029c  mshidkmdf - ok08:59:46.0459 0x029c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys08:59:46.0459 0x029c  msisadrv - ok08:59:46.0475 0x029c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll08:59:46.0475 0x029c  MSiSCSI - ok08:59:46.0475 0x029c  msiserver - ok08:59:46.0490 0x029c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys08:59:46.0490 0x029c  MSKSSRV - ok08:59:46.0490 0x029c  [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe08:59:46.0490 0x029c  MsMpSvc - ok08:59:46.0490 0x029c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys08:59:46.0506 0x029c  MSPCLOCK - ok08:59:46.0506 0x029c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys08:59:46.0506 0x029c  MSPQM - ok08:59:46.0522 0x029c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys08:59:46.0537 0x029c  MsRPC - ok08:59:46.0537 0x029c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys08:59:46.0537 0x029c  mssmbios - ok08:59:46.0553 0x029c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys08:59:46.0553 0x029c  MSTEE - ok08:59:46.0553 0x029c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys08:59:46.0553 0x029c  MTConfig - ok08:59:46.0568 0x029c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys08:59:46.0568 0x029c  Mup - ok08:59:46.0584 0x029c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll08:59:46.0600 0x029c  napagent - ok08:59:46.0615 0x029c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys08:59:46.0615 0x029c  NativeWifiP - ok08:59:46.0646 0x029c  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys08:59:46.0678 0x029c  NDIS - ok08:59:46.0678 0x029c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys08:59:46.0678 0x029c  NdisCap - ok08:59:46.0693 0x029c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys08:59:46.0693 0x029c  NdisTapi - ok08:59:46.0693 0x029c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys08:59:46.0693 0x029c  Ndisuio - ok08:59:46.0709 0x029c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys08:59:46.0709 0x029c  NdisWan - ok08:59:46.0724 0x029c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys08:59:46.0724 0x029c  NDProxy - ok08:59:46.0724 0x029c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys08:59:46.0724 0x029c  NetBIOS - ok08:59:46.0740 0x029c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys08:59:46.0756 0x029c  NetBT - ok08:59:46.0756 0x029c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe08:59:46.0756 0x029c  Netlogon - ok08:59:46.0771 0x029c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll08:59:46.0787 0x029c  Netman - ok08:59:46.0802 0x029c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll08:59:46.0818 0x029c  netprofm - ok08:59:46.0818 0x029c  [ 9D0157074866FCF3EA2A07185D93FC72, C4107EE60ADA7E326DF7B27602166E9D57CB9982717605730BF7C7D2401E30A9 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe08:59:46.0834 0x029c  NetTcpPortSharing - ok08:59:47.0146 0x029c  [ FC851489C6A46442FB0BA36738424581, DA3273DAD8AABBA56BD766402FB11DC1732E2694DBBF48B58122636B9A1CF7B2 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwsw00.sys08:59:47.0380 0x029c  NETwNs64 - ok08:59:47.0411 0x029c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys08:59:47.0411 0x029c  nfrd960 - ok08:59:47.0411 0x029c  [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys08:59:47.0426 0x029c  NisDrv - ok08:59:47.0442 0x029c  [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe08:59:47.0442 0x029c  NisSrv - ok08:59:47.0458 0x029c  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll08:59:47.0473 0x029c  NlaSvc - ok08:59:47.0473 0x029c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys08:59:47.0473 0x029c  Npfs - ok08:59:47.0489 0x029c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll08:59:47.0489 0x029c  nsi - ok08:59:47.0489 0x029c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys08:59:47.0489 0x029c  nsiproxy - ok08:59:47.0551 0x029c  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys08:59:47.0582 0x029c  Ntfs - ok08:59:47.0598 0x029c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys08:59:47.0598 0x029c  Null - ok08:59:47.0598 0x029c  [ B01C1E6D7477961D6D1CBDCD44AF3E67, 407BD335FE7C87DFBD9EDE49BDD828263D8C8D25C8216FF04AC70320E74AE8B6 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys08:59:47.0598 0x029c  nusb3hub - ok08:59:47.0614 0x029c  [ 796BAE22DD827DB8AD7AE7C3F775E92F, D26C921679888D90EEC6FBFDF3884FF151E4C28FD3920CE7F3AB58A8EEF3845E ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys08:59:47.0629 0x029c  nusb3xhc - ok08:59:47.0629 0x029c  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys08:59:47.0645 0x029c  nvraid - ok08:59:47.0645 0x029c  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys08:59:47.0645 0x029c  nvstor - ok08:59:47.0660 0x029c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys08:59:47.0660 0x029c  nv_agp - ok08:59:47.0676 0x029c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys08:59:47.0676 0x029c  ohci1394 - ok08:59:47.0676 0x029c  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE08:59:47.0692 0x029c  ose64 - ok08:59:47.0832 0x029c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE08:59:47.0957 0x029c  osppsvc - ok08:59:47.0972 0x029c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll08:59:47.0988 0x029c  p2pimsvc - ok08:59:48.0004 0x029c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll08:59:48.0019 0x029c  p2psvc - ok08:59:48.0019 0x029c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys08:59:48.0035 0x029c  Parport - ok08:59:48.0035 0x029c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys08:59:48.0035 0x029c  partmgr - ok08:59:48.0050 0x029c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll08:59:48.0050 0x029c  PcaSvc - ok08:59:48.0066 0x029c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys08:59:48.0066 0x029c  pci - ok08:59:48.0082 0x029c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys08:59:48.0082 0x029c  pciide - ok08:59:48.0082 0x029c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys08:59:48.0097 0x029c  pcmcia - ok08:59:48.0097 0x029c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys08:59:48.0097 0x029c  pcw - ok08:59:48.0128 0x029c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys08:59:48.0144 0x029c  PEAUTH - ok08:59:48.0191 0x029c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll08:59:48.0222 0x029c  PeerDistSvc - ok08:59:48.0238 0x029c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe08:59:48.0238 0x029c  PerfHost - ok08:59:48.0284 0x029c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll08:59:48.0331 0x029c  pla - ok08:59:48.0347 0x029c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll08:59:48.0362 0x029c  PlugPlay - ok08:59:48.0362 0x029c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll08:59:48.0362 0x029c  PNRPAutoReg - ok08:59:48.0378 0x029c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll08:59:48.0394 0x029c  PNRPsvc - ok08:59:48.0409 0x029c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll08:59:48.0425 0x029c  PolicyAgent - ok08:59:48.0440 0x029c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll08:59:48.0440 0x029c  Power - ok08:59:48.0456 0x029c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys08:59:48.0456 0x029c  PptpMiniport - ok08:59:48.0456 0x029c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys08:59:48.0456 0x029c  Processor - ok08:59:48.0472 0x029c  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll08:59:48.0472 0x029c  ProfSvc - ok08:59:48.0487 0x029c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe08:59:48.0487 0x029c  ProtectedStorage - ok08:59:48.0487 0x029c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys08:59:48.0503 0x029c  Psched - ok08:59:48.0550 0x029c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys08:59:48.0581 0x029c  ql2300 - ok08:59:48.0596 0x029c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys08:59:48.0596 0x029c  ql40xx - ok08:59:48.0612 0x029c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll08:59:48.0612 0x029c  QWAVE - ok08:59:48.0628 0x029c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys08:59:48.0628 0x029c  QWAVEdrv - ok08:59:48.0628 0x029c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys08:59:48.0628 0x029c  RasAcd - ok08:59:48.0643 0x029c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys08:59:48.0643 0x029c  RasAgileVpn - ok08:59:48.0643 0x029c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll08:59:48.0643 0x029c  RasAuto - ok08:59:48.0659 0x029c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys08:59:48.0659 0x029c  Rasl2tp - ok08:59:48.0674 0x029c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll08:59:48.0690 0x029c  RasMan - ok08:59:48.0690 0x029c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys08:59:48.0690 0x029c  RasPppoe - ok08:59:48.0706 0x029c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys08:59:48.0706 0x029c  RasSstp - ok08:59:48.0721 0x029c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys08:59:48.0737 0x029c  rdbss - ok08:59:48.0737 0x029c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys08:59:48.0737 0x029c  rdpbus - ok08:59:48.0737 0x029c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys08:59:48.0752 0x029c  RDPCDD - ok08:59:48.0752 0x029c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys08:59:48.0768 0x029c  RDPDR - ok08:59:48.0768 0x029c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys08:59:48.0768 0x029c  RDPENCDD - ok08:59:48.0784 0x029c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys08:59:48.0784 0x029c  RDPREFMP - ok08:59:48.0784 0x029c  [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys08:59:48.0784 0x029c  RdpVideoMiniport - ok08:59:48.0799 0x029c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys08:59:48.0799 0x029c  RDPWD - ok08:59:48.0815 0x029c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys08:59:48.0830 0x029c  rdyboost - ok08:59:48.0830 0x029c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll08:59:48.0830 0x029c  RemoteAccess - ok08:59:48.0846 0x029c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll08:59:48.0846 0x029c  RemoteRegistry - ok08:59:48.0862 0x029c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys08:59:48.0862 0x029c  RFCOMM - ok08:59:48.0877 0x029c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll08:59:48.0877 0x029c  RpcEptMapper - ok08:59:48.0877 0x029c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe08:59:48.0877 0x029c  RpcLocator - ok08:59:48.0908 0x029c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll08:59:48.0908 0x029c  RpcSs - ok08:59:48.0924 0x029c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys08:59:48.0924 0x029c  rspndr - ok08:59:48.0924 0x029c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys08:59:48.0940 0x029c  s3cap - ok08:59:48.0940 0x029c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe08:59:48.0940 0x029c  SamSs - ok08:59:48.0940 0x029c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys08:59:48.0955 0x029c  sbp2port - ok08:59:48.0955 0x029c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll08:59:48.0971 0x029c  SCardSvr - ok08:59:48.0971 0x029c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys08:59:48.0971 0x029c  scfilter - ok08:59:49.0018 0x029c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll08:59:49.0033 0x029c  Schedule - ok08:59:49.0049 0x029c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll08:59:49.0049 0x029c  SCPolicySvc - ok08:59:49.0064 0x029c  [ E608833349AD153EBB8B42A997BE5121, 4CA91C2C92F9F52BAACDAC9E4DE083F9FC6BA4DC8F900592DD24F63B45D16AE4 ] scsk5           C:\Windows\syswow64\drivers\scsk5.sys08:59:49.0064 0x029c  scsk5 - ok08:59:49.0064 0x029c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll08:59:49.0080 0x029c  SDRSVC - ok08:59:49.0080 0x029c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys08:59:49.0080 0x029c  secdrv - ok08:59:49.0080 0x029c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll08:59:49.0096 0x029c  seclogon - ok08:59:49.0096 0x029c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll08:59:49.0096 0x029c  SENS - ok08:59:49.0111 0x029c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll08:59:49.0111 0x029c  SensrSvc - ok08:59:49.0111 0x029c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys08:59:49.0111 0x029c  Serenum - ok08:59:49.0127 0x029c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys08:59:49.0127 0x029c  Serial - ok08:59:49.0127 0x029c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys08:59:49.0142 0x029c  sermouse - ok08:59:49.0158 0x029c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll08:59:49.0158 0x029c  SessionEnv - ok08:59:49.0158 0x029c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys08:59:49.0158 0x029c  sffdisk - ok08:59:49.0174 0x029c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys08:59:49.0174 0x029c  sffp_mmc - ok08:59:49.0174 0x029c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys08:59:49.0174 0x029c  sffp_sd - ok08:59:49.0174 0x029c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys08:59:49.0189 0x029c  sfloppy - ok08:59:49.0189 0x029c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll08:59:49.0205 0x029c  SharedAccess - ok08:59:49.0220 0x029c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll08:59:49.0236 0x029c  ShellHWDetection - ok08:59:49.0252 0x029c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys08:59:49.0252 0x029c  SiSRaid2 - ok08:59:49.0252 0x029c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys08:59:49.0252 0x029c  SiSRaid4 - ok08:59:49.0267 0x029c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys08:59:49.0267 0x029c  Smb - ok08:59:49.0283 0x029c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe08:59:49.0283 0x029c  SNMPTRAP - ok08:59:49.0283 0x029c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys08:59:49.0283 0x029c  spldr - ok08:59:49.0314 0x029c  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe08:59:49.0330 0x029c  Spooler - ok08:59:49.0423 0x029c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe08:59:49.0517 0x029c  sppsvc - ok08:59:49.0517 0x029c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll08:59:49.0532 0x029c  sppuinotify - ok08:59:49.0548 0x029c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys08:59:49.0564 0x029c  srv - ok08:59:49.0579 0x029c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys08:59:49.0579 0x029c  srv2 - ok08:59:49.0595 0x029c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys08:59:49.0595 0x029c  srvnet - ok08:59:49.0610 0x029c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll08:59:49.0610 0x029c  SSDPSRV - ok08:59:49.0626 0x029c  [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys08:59:49.0626 0x029c  SSPORT - ok08:59:49.0626 0x029c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll08:59:49.0642 0x029c  SstpSvc - ok08:59:49.0642 0x029c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys08:59:49.0642 0x029c  stexstor - ok08:59:49.0657 0x029c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll08:59:49.0673 0x029c  stisvc - ok08:59:49.0688 0x029c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys08:59:49.0688 0x029c  storflt - ok08:59:49.0688 0x029c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys08:59:49.0688 0x029c  storvsc - ok08:59:49.0704 0x029c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys08:59:49.0704 0x029c  swenum - ok08:59:49.0720 0x029c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll08:59:49.0735 0x029c  swprv - ok08:59:49.0735 0x029c  [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc      C:\Windows\system32\drivers\Synth3dVsc.sys08:59:49.0751 0x029c  Synth3dVsc - ok08:59:49.0798 0x029c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll08:59:49.0844 0x029c  SysMain - ok08:59:49.0844 0x029c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll08:59:49.0860 0x029c  TabletInputService - ok08:59:49.0860 0x029c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll08:59:49.0876 0x029c  TapiSrv - ok08:59:49.0876 0x029c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll08:59:49.0891 0x029c  TBS - ok08:59:49.0938 0x029c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\System32\drivers\tcpip.sys08:59:49.0969 0x029c  Tcpip - ok08:59:50.0032 0x029c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys08:59:50.0078 0x029c  TCPIP6 - ok08:59:50.0094 0x029c  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys08:59:50.0094 0x029c  tcpipreg - ok08:59:50.0094 0x029c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys08:59:50.0094 0x029c  TDPIPE - ok08:59:50.0110 0x029c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys08:59:50.0110 0x029c  TDTCP - ok08:59:50.0110 0x029c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys08:59:50.0110 0x029c  tdx - ok08:59:50.0125 0x029c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys08:59:50.0125 0x029c  TermDD - ok08:59:50.0125 0x029c  [ 2B5BDFF688EC9871D7EC5837833374E9, BD6C629FA2938987ABF95B790B20F0B7D4D023D5013E575F343A802D6213074E ] terminpt        C:\Windows\system32\drivers\terminpt.sys08:59:50.0125 0x029c  terminpt - ok08:59:50.0156 0x029c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll08:59:50.0172 0x029c  TermService - ok08:59:50.0188 0x029c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll08:59:50.0188 0x029c  Themes - ok08:59:50.0188 0x029c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll08:59:50.0188 0x029c  THREADORDER - ok08:59:50.0203 0x029c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll08:59:50.0203 0x029c  TrkWks - ok08:59:50.0219 0x029c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe08:59:50.0219 0x029c  TrustedInstaller - ok08:59:50.0234 0x029c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys08:59:50.0234 0x029c  tssecsrv - ok08:59:50.0234 0x029c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys08:59:50.0234 0x029c  TsUsbFlt - ok08:59:50.0250 0x029c  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys08:59:50.0250 0x029c  TsUsbGD - ok08:59:50.0250 0x029c  [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys08:59:50.0266 0x029c  tsusbhub - ok08:59:50.0266 0x029c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys08:59:50.0281 0x029c  tunnel - ok08:59:50.0281 0x029c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys08:59:50.0281 0x029c  uagp35 - ok08:59:50.0297 0x029c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys08:59:50.0312 0x029c  udfs - ok08:59:50.0312 0x029c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe08:59:50.0328 0x029c  UI0Detect - ok08:59:50.0328 0x029c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys08:59:50.0328 0x029c  uliagpkx - ok08:59:50.0344 0x029c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys08:59:50.0344 0x029c  umbus - ok08:59:50.0344 0x029c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys08:59:50.0344 0x029c  UmPass - ok08:59:50.0359 0x029c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll08:59:50.0359 0x029c  UmRdpService - ok08:59:50.0375 0x029c  [ 61B7E2818FED564FB6D06018437EED0B, 53973222443E12DFAF636B78E46A5F86BF8652206A0F7211A675AE2E957C8CC1 ] UPF             C:\Windows\system32\Drivers\upf.sys08:59:50.0375 0x029c  UPF - ok08:59:50.0390 0x029c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll08:59:50.0406 0x029c  upnphost - ok08:59:50.0406 0x029c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys08:59:50.0406 0x029c  usbaudio - ok08:59:50.0422 0x029c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys08:59:50.0422 0x029c  usbccgp - ok08:59:50.0437 0x029c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys08:59:50.0437 0x029c  usbcir - ok08:59:50.0437 0x029c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys08:59:50.0437 0x029c  usbehci - ok08:59:50.0453 0x029c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys08:59:50.0468 0x029c  usbhub - ok08:59:50.0468 0x029c  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys08:59:50.0468 0x029c  usbohci - ok08:59:50.0484 0x029c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys08:59:50.0484 0x029c  usbprint - ok08:59:50.0484 0x029c  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS08:59:50.0500 0x029c  USBSTOR - ok08:59:50.0500 0x029c  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys08:59:50.0500 0x029c  usbuhci - ok08:59:50.0500 0x029c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll08:59:50.0515 0x029c  UxSms - ok08:59:50.0515 0x029c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe08:59:50.0515 0x029c  VaultSvc - ok08:59:50.0515 0x029c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys08:59:50.0515 0x029c  vdrvroot - ok08:59:50.0546 0x029c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe08:59:50.0562 0x029c  vds - ok08:59:50.0562 0x029c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys08:59:50.0562 0x029c  vga - ok08:59:50.0578 0x029c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys08:59:50.0578 0x029c  VgaSave - ok08:59:50.0578 0x029c  VGPU - ok08:59:50.0593 0x029c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys08:59:50.0593 0x029c  vhdmp - ok08:59:50.0609 0x029c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys08:59:50.0609 0x029c  viaide - ok08:59:50.0609 0x029c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys08:59:50.0624 0x029c  vmbus - ok08:59:50.0624 0x029c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys08:59:50.0624 0x029c  VMBusHID - ok08:59:50.0640 0x029c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys08:59:50.0640 0x029c  volmgr - ok08:59:50.0656 0x029c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys08:59:50.0656 0x029c  volmgrx - ok08:59:50.0671 0x029c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys08:59:50.0687 0x029c  volsnap - ok08:59:50.0702 0x029c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys08:59:50.0702 0x029c  vsmraid - ok08:59:50.0749 0x029c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe08:59:50.0796 0x029c  VSS - ok08:59:50.0796 0x029c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys08:59:50.0796 0x029c  vwifibus - ok08:59:50.0812 0x029c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys08:59:50.0812 0x029c  vwififlt - ok08:59:50.0827 0x029c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll08:59:50.0843 0x029c  W32Time - ok08:59:50.0843 0x029c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys08:59:50.0843 0x029c  WacomPen - ok08:59:50.0858 0x029c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys08:59:50.0858 0x029c  WANARP - ok08:59:50.0858 0x029c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys08:59:50.0858 0x029c  Wanarpv6 - ok08:59:50.0905 0x029c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe08:59:50.0936 0x029c  WatAdminSvc - ok08:59:50.0983 0x029c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe08:59:51.0030 0x029c  wbengine - ok08:59:51.0030 0x029c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll08:59:51.0046 0x029c  WbioSrvc - ok08:59:51.0061 0x029c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll08:59:51.0061 0x029c  wcncsvc - ok08:59:51.0077 0x029c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll08:59:51.0077 0x029c  WcsPlugInService - ok08:59:51.0077 0x029c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys08:59:51.0077 0x029c  Wd - ok08:59:51.0108 0x029c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys08:59:51.0124 0x029c  Wdf01000 - ok08:59:51.0139 0x029c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll08:59:51.0139 0x029c  WdiServiceHost - ok08:59:51.0155 0x029c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll08:59:51.0155 0x029c  WdiSystemHost - ok08:59:51.0170 0x029c  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll08:59:51.0170 0x029c  WebClient - ok08:59:51.0186 0x029c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll08:59:51.0186 0x029c  Wecsvc - ok08:59:51.0202 0x029c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll08:59:51.0202 0x029c  wercplsupport - ok08:59:51.0217 0x029c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll08:59:51.0217 0x029c  WerSvc - ok08:59:51.0217 0x029c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys08:59:51.0217 0x029c  WfpLwf - ok08:59:51.0233 0x029c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys08:59:51.0233 0x029c  WIMMount - ok08:59:51.0233 0x029c  WinDefend - ok08:59:51.0233 0x029c  WinHttpAutoProxySvc - ok08:59:51.0248 0x029c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll08:59:51.0264 0x029c  Winmgmt - ok08:59:51.0326 0x029c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll08:59:51.0373 0x029c  WinRM - ok08:59:51.0404 0x029c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll08:59:51.0436 0x029c  Wlansvc - ok08:59:51.0436 0x029c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys08:59:51.0436 0x029c  WmiAcpi - ok08:59:51.0451 0x029c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe08:59:51.0451 0x029c  wmiApSrv - ok08:59:51.0467 0x029c  WMPNetworkSvc - ok08:59:51.0467 0x029c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll08:59:51.0467 0x029c  WPCSvc - ok08:59:51.0482 0x029c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll08:59:51.0482 0x029c  WPDBusEnum - ok08:59:51.0482 0x029c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys08:59:51.0482 0x029c  ws2ifsl - ok08:59:51.0498 0x029c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll08:59:51.0498 0x029c  wscsvc - ok08:59:51.0514 0x029c  WSearch - ok08:59:51.0592 0x029c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll08:59:51.0654 0x029c  wuauserv - ok08:59:51.0654 0x029c  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys08:59:51.0670 0x029c  WudfPf - ok08:59:51.0670 0x029c  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys08:59:51.0685 0x029c  WUDFRd - ok08:59:51.0685 0x029c  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll08:59:51.0685 0x029c  wudfsvc - ok08:59:51.0701 0x029c  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll08:59:51.0716 0x029c  WwanSvc - ok08:59:51.0716 0x029c  ================ Scan global ===============================08:59:51.0732 0x029c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll08:59:51.0732 0x029c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll08:59:51.0748 0x029c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll08:59:51.0763 0x029c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll08:59:51.0779 0x029c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe08:59:51.0779 0x029c  [ Global ] - ok08:59:51.0779 0x029c  ================ Scan MBR ==================================08:59:51.0794 0x029c  [ B61FF8CBDC1D02E8294078333C67C3D5 ] \Device\Harddisk0\DR008:59:51.0888 0x029c  \Device\Harddisk0\DR0 - ok08:59:51.0888 0x029c  ================ Scan VBR ==================================08:59:51.0904 0x029c  [ FF5D236553B71BB30F15278FCE8D1C2D ] \Device\Harddisk0\DR0\Partition108:59:51.0904 0x029c  \Device\Harddisk0\DR0\Partition1 - ok08:59:51.0904 0x029c  [ 7CBD0EFBA16B128350C78354BB1DC346 ] \Device\Harddisk0\DR0\Partition208:59:51.0904 0x029c  \Device\Harddisk0\DR0\Partition2 - ok08:59:51.0919 0x029c  ================ Scan generic autorun ======================08:59:51.0919 0x029c  [ 6E729363CD56CA036C4087F8AE7D9EC8, 906428FA804038DBD8B733AF374C1182067EFB66837E43752D4DE125648E8B66 ] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE08:59:51.0919 0x029c  IME14 KOR Setup - ok08:59:51.0935 0x029c  [ 39CF316EB5842AE27CC0D3CC4E2840DE, BC4D4ED926F988B7B70CC87B7EC92D148DA6BC39C5C514751F1B0CA69D0F9081 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe08:59:51.0935 0x029c  BCSSync - ok08:59:51.0950 0x029c  [ 7D77F0A8CEE308849297B5A3DB00A69F, 60837FC08F6270E1241A695C9F769A9402D9B7725B853A43431BA7D4126225C8 ] C:\Windows\system32\igfxtray.exe08:59:51.0950 0x029c  IgfxTray - ok08:59:51.0966 0x029c  [ C77B3A6DD1D1E2187E901B8D31C41135, F9A55421E1F2B3690D9E42DF3C34250BDE889A98C3C6ED200109C0BA9E9421F7 ] C:\Windows\system32\hkcmd.exe08:59:51.0982 0x029c  HotKeysCmds - ok08:59:51.0997 0x029c  [ 8C71E6D87C5FEF0BFC4B1FC75EA0CB0A, 5A5056EAC2BC9643F80DAFABF1FE76980E0CF9A39CE877A7C48CB49121BF0660 ] C:\Windows\system32\igfxpers.exe08:59:52.0013 0x029c  Persistence - ok08:59:52.0278 0x029c  [ 79FE52037E84582800D7E9E6CD505F6C, EB42F4421A0A60478F9CE274C10783357AA02B924AD9189226BD603656624589 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe08:59:52.0543 0x029c  Energy Management - ok08:59:52.0699 0x029c  [ 3C489726BD233D2D251AAC6121AB2A14, 89A6931879565F65BAF84F5DA11280E2A86387E7817AF71BD639212DEE791412 ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe08:59:52.0840 0x029c  EnergyUtility - ok08:59:52.0855 0x029c  [ 545690C648505058A7DF0E4CA182B431, 63B489ABC4682EBBAE1C423A615C0AA374C24D6F8089E04EF08A3FAEA0C36A41 ] C:\Program Files\Unetsystem\AnyClick\AnyTray.exe08:59:52.0871 0x029c  AnyTray - ok08:59:52.0918 0x029c  [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] c:\Program Files\Microsoft Security Client\msseces.exe08:59:52.0949 0x029c  MSC - ok08:59:52.0949 0x029c  [ C6CD17ECF67A189D5CD4C58C5CAF08BF, FED8C7AF2145A62AC11DC289DB57B73E61531E64A9DDC195C753BB7DB5569BDC ] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE08:59:52.0964 0x029c  IME14 KOR Setup - ok08:59:52.0964 0x029c  [ 8943465BEFA91044227D42E84ECB8280, 76D19CE3EB7E6C6573F250543CDC10B3601604535BFB756805AE246FA55AC265 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe08:59:52.0964 0x029c  NUSB3MON - ok08:59:52.0996 0x029c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe08:59:53.0027 0x029c  Sidebar - ok08:59:53.0042 0x029c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe08:59:53.0042 0x029c  mctadmin - ok08:59:53.0074 0x029c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe08:59:53.0105 0x029c  Sidebar - ok08:59:53.0105 0x029c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe08:59:53.0120 0x029c  mctadmin - ok08:59:53.0354 0x029c  [ B2BAE2D76FBE9FDC3F6E0D1F886DF367, 964EBF736891BE252C68FCE1F9EAD5E60E6E0C2119D21C6DF49FBD30FBB678EF ] C:\Program Files\CCleaner\CCleaner64.exe08:59:53.0573 0x029c  CCleaner Monitoring - ok08:59:53.0588 0x029c  Waiting for KSN requests completion. In queue: 26608:59:54.0602 0x029c  Waiting for KSN requests completion. In queue: 26608:59:55.0616 0x029c  Waiting for KSN requests completion. In queue: 26608:59:56.0630 0x029c  Waiting for KSN requests completion. In queue: 23408:59:57.0691 0x029c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )08:59:57.0707 0x029c  Win FW state via NFP2: enabled09:00:00.0671 0x029c  ============================================================09:00:00.0671 0x029c  Scan finished09:00:00.0671 0x029c  ============================================================09:00:00.0686 0x05c8  Detected object count: 009:00:00.0686 0x05c8  Actual detected object count: 0

Thanks again, Marius -- your help is much appreciated.

 

All best,

Rob

TDSSKiller.3.0.0.42_06.01.2015_08.59.11_log.txt

Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

Hi, Marius,

 

I've run Combofix as requested. I'll post the log below:

ComboFix 15-01-05.01 - MASRET 2015-01-06  18:59:00.1.4 - x64Microsoft Windows 7 Ultimate K   6.1.7601.1.949.82.1042.18.4001.2915 [GMT 9:00]Running from: c:\users\MASRET\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\BUUyNssavEc:\program files (x86)\BUUyNssavE\vQIsiQT6AOiwE0.datc:\program files (x86)\BUUyNssavE\vQIsiQT6AOiwE0.tlbc:\program files (x86)\YaoutoubeaAdBBllockec:\program files (x86)\YaoutoubeaAdBBllocke\zXS3MKgQXngHBJ.datc:\program files (x86)\YaoutoubeaAdBBllocke\zXS3MKgQXngHBJ.tlbc:\programdata\AnyClickc:\programdata\AnyClick\Profiles\Yonsei_Wireless.wcfc:\programdata\AnyClickUPc:\users\MASRET\AppData\Roaming\AnyClickc:\users\MASRET\AppData\Roaming\AnyClick\AnyClickLogin.logc:\users\MASRET\AppData\Roaming\AnyClick\AnySharedMemory.logc:\users\MASRET\AppData\Roaming\AnyClick\AnySystmon.logc:\users\MASRET\AppData\Roaming\AnyClick\AnyTray_AUS.logc:\users\MASRET\AppData\Roaming\AnyClick\AnyUpdate.logc:\users\MASRET\Favorites\CJmall.urlc:\users\MASRET\Favorites\GS SHOP.urlc:\users\MASRET\Favorites\G마켓.urlc:\users\MASRET\Favorites\옥션.urlc:\windows\Downloaded Program Files\XPayPluginc:\windows\Downloaded Program Files\XPayPlugin\LGDacomPaymentView.ocxc:\windows\SysWow64\CKAgent.datc:\windows\Unetsystemc:\windows\Unetsystem\AnyClick\acsSet_eng.bmpc:\windows\Unetsystem\AnyClick\acsSet_kor.bmpc:\windows\Unetsystem\AnyClick\acsSetUP_kor.bmpc:\windows\Unetsystem\AnyClick\acsUnUP_kor.bmpc:\windows\Unetsystem\AnyClick\AnyACLInit.infoc:\windows\Unetsystem\AnyClick\AnyACLMain.infoc:\windows\Unetsystem\AnyClick\AnyClickSetup.exec:\windows\Unetsystem\AnyClick\AnyClickSetup.inic:\windows\Unetsystem\AnyClick\AnyClickSetup7.inic:\windows\Unetsystem\AnyClick\AnyClickSetup8.inic:\windows\Unetsystem\AnyClick\AnyInteroID.dllc:\windows\Unetsystem\AnyClick\AnyPwdpl.inic:\windows\Unetsystem\AnyClick\EULA_eng.txtc:\windows\Unetsystem\AnyClick\EULA_kor.txtc:\windows\Unetsystem\AnyClick\mfc80.dllc:\windows\Unetsystem\AnyClick\Microsoft.VC80.CRT.manifestc:\windows\Unetsystem\AnyClick\Microsoft.VC80.MFC.manifestc:\windows\Unetsystem\AnyClick\msvcr80.dllc:\windows\Unetsystem\AnyClick\sc.exec:\windows\Unetsystem\AnyClick\Set1-1_eng.bmpc:\windows\Unetsystem\AnyClick\Set1-1_kor.bmpc:\windows\Unetsystem\AnyClick\Set2-1_eng.bmpc:\windows\Unetsystem\AnyClick\Set2-1_kor.bmpc:\windows\Unetsystem\AnyClick\Set3-1_eng.bmpc:\windows\Unetsystem\AnyClick\Set3-1_kor.bmpc:\windows\Unetsystem\AnyClick\Set3-2_eng.bmpc:\windows\Unetsystem\AnyClick\Set3-2_kor.bmpc:\windows\Unetsystem\AnyClick\Set4-1_eng.bmpc:\windows\Unetsystem\AnyClick\Set4-1_kor.bmpc:\windows\Unetsystem\AnyClick\Set4-2_eng.bmpc:\windows\Unetsystem\AnyClick\Set4-2_kor.bmpc:\windows\Unetsystem\AnyClick\Set5-1_eng.bmpc:\windows\Unetsystem\AnyClick\Set5-1_kor.bmpc:\windows\Unetsystem\AnyClick\Set6-1_eng.bmpc:\windows\Unetsystem\AnyClick\Set6-1_kor.bmpc:\windows\Unetsystem\AnyClick\Setup_eng.txtc:\windows\Unetsystem\AnyClick\Setup_kor.txtc:\windows\Unetsystem\AnyClick\ssleay32.dllc:\windows\Unetsystem\AnyClick\Un1-1_eng.bmpc:\windows\Unetsystem\AnyClick\Un1-1_kor.bmpc:\windows\Unetsystem\AnyClick\Un2-1_eng.bmpc:\windows\Unetsystem\AnyClick\Un2-1_kor.bmpc:\windows\Unetsystem\AnyClick\Un2-2_eng.bmpc:\windows\Unetsystem\AnyClick\Un2-2_kor.bmpc:\windows\Unetsystem\AnyClick\un3-1_eng.bmpc:\windows\Unetsystem\AnyClick\un3-1_kor.bmpc:\windows\Unetsystem\AnyClick\un4-1_eng.bmpc:\windows\Unetsystem\AnyClick\un4-1_kor.bmpc:\windows\Unetsystem\SafeAnyClick\01be08fb.0c:\windows\Unetsystem\SafeAnyClick\163f5fc1.0c:\windows\Unetsystem\SafeAnyClick\172e3ab5.0c:\windows\Unetsystem\SafeAnyClick\2cf181f1.0c:\windows\Unetsystem\SafeAnyClick\2e8714cb.0c:\windows\Unetsystem\SafeAnyClick\3fbda7ab.0c:\windows\Unetsystem\SafeAnyClick\4479e138.0c:\windows\Unetsystem\SafeAnyClick\48478734.0c:\windows\Unetsystem\SafeAnyClick\635067f0.0c:\windows\Unetsystem\SafeAnyClick\6913a74c.0c:\windows\Unetsystem\SafeAnyClick\8c602d2d.0c:\windows\Unetsystem\SafeAnyClick\8ee774c9.0c:\windows\Unetsystem\SafeAnyClick\acsSet_eng.bmpc:\windows\Unetsystem\SafeAnyClick\acsSet_kor.bmpc:\windows\Unetsystem\SafeAnyClick\acsSetUP_kor.bmpc:\windows\Unetsystem\SafeAnyClick\acsUnUP_kor.bmpc:\windows\Unetsystem\SafeAnyClick\adb96894.0c:\windows\Unetsystem\SafeAnyClick\AnyACLInit.infoc:\windows\Unetsystem\SafeAnyClick\AnyACLMain.infoc:\windows\Unetsystem\SafeAnyClick\anycli.dllc:\windows\Unetsystem\SafeAnyClick\AnyClick.exec:\windows\Unetsystem\SafeAnyClick\AnyClickSetup.exec:\windows\Unetsystem\SafeAnyClick\AnyClickSetup.inic:\windows\Unetsystem\SafeAnyClick\AnyClickSetup7.inic:\windows\Unetsystem\SafeAnyClick\AnyClickSetup8.inic:\windows\Unetsystem\SafeAnyClick\AnyDrive.dllc:\windows\Unetsystem\SafeAnyClick\AnyGina.dllc:\windows\Unetsystem\SafeAnyClick\AnyHelp.chmc:\windows\Unetsystem\SafeAnyClick\AnyInteroID.dllc:\windows\Unetsystem\SafeAnyClick\anyLogTi.bmpc:\windows\Unetsystem\SafeAnyClick\AnyMes0.txtc:\windows\Unetsystem\SafeAnyClick\AnyMes1.txtc:\windows\Unetsystem\SafeAnyClick\AnyMgm.exec:\windows\Unetsystem\SafeAnyClick\AnyPro0.txtc:\windows\Unetsystem\SafeAnyClick\AnyPro1.txtc:\windows\Unetsystem\SafeAnyClick\AnyPwdpl.inic:\windows\Unetsystem\SafeAnyClick\AnyReg.dllc:\windows\Unetsystem\SafeAnyClick\AnySens.exec:\windows\Unetsystem\SafeAnyClick\AnySet.exec:\windows\Unetsystem\SafeAnyClick\AnyShMem.dllc:\windows\Unetsystem\SafeAnyClick\AnySVC.exec:\windows\Unetsystem\SafeAnyClick\AnyText.dllc:\windows\Unetsystem\SafeAnyClick\AnyTray.exec:\windows\Unetsystem\SafeAnyClick\AnyUpdat.exec:\windows\Unetsystem\SafeAnyClick\AUS_lang.dllc:\windows\Unetsystem\SafeAnyClick\AUS_peap.dllc:\windows\Unetsystem\SafeAnyClick\AUS_res.dllc:\windows\Unetsystem\SafeAnyClick\AUS_tls.dllc:\windows\Unetsystem\SafeAnyClick\AUS_ttls.dllc:\windows\Unetsystem\SafeAnyClick\c60fcdef.0c:\windows\Unetsystem\SafeAnyClick\CAcert.pemc:\windows\Unetsystem\SafeAnyClick\ccf40bff.0c:\windows\Unetsystem\SafeAnyClick\daff0655.0c:\windows\Unetsystem\SafeAnyClick\EULA_eng.txtc:\windows\Unetsystem\SafeAnyClick\EULA_kor.txtc:\windows\Unetsystem\SafeAnyClick\GN_1XFD_eng.txtc:\windows\Unetsystem\SafeAnyClick\GN_1XFD_kor.txtc:\windows\Unetsystem\SafeAnyClick\GN_1XSC_eng.txtc:\windows\Unetsystem\SafeAnyClick\GN_1XSC_kor.txtc:\windows\Unetsystem\SafeAnyClick\GN_802NO_eng.txtc:\windows\Unetsystem\SafeAnyClick\GN_802NO_kor.txtc:\windows\Unetsystem\SafeAnyClick\GN_802US_eng.txtc:\windows\Unetsystem\SafeAnyClick\GN_802US_kor.txtc:\windows\Unetsystem\SafeAnyClick\GN_CNG1X_eng.txtc:\windows\Unetsystem\SafeAnyClick\GN_CNG1X_kor.txtc:\windows\Unetsystem\SafeAnyClick\GN_CRE1X_eng.txtc:\windows\Unetsystem\SafeAnyClick\GN_CRE1X_kor.txtc:\windows\Unetsystem\SafeAnyClick\GN_DEFAU_eng.bmpc:\windows\Unetsystem\SafeAnyClick\GN_DEFAU_kor.bmpc:\windows\Unetsystem\SafeAnyClick\GN_HELP_eng.bmpc:\windows\Unetsystem\SafeAnyClick\GN_HELP_kor.bmpc:\windows\Unetsystem\SafeAnyClick\hash.sigc:\windows\Unetsystem\SafeAnyClick\hash.txtc:\windows\Unetsystem\SafeAnyClick\mfc80.dllc:\windows\Unetsystem\SafeAnyClick\mgmTitle.bmpc:\windows\Unetsystem\SafeAnyClick\mgmWired.bmpc:\windows\Unetsystem\SafeAnyClick\mgmWless.bmpc:\windows\Unetsystem\SafeAnyClick\Microsoft.VC80.CRT.manifestc:\windows\Unetsystem\SafeAnyClick\Microsoft.VC80.MFC.manifestc:\windows\Unetsystem\SafeAnyClick\msvcp80.dllc:\windows\Unetsystem\SafeAnyClick\msvcr80.dllc:\windows\Unetsystem\SafeAnyClick\nxc1xu32.dllc:\windows\Unetsystem\SafeAnyClick\sc.exec:\windows\Unetsystem\SafeAnyClick\Set1-1_eng.bmpc:\windows\Unetsystem\SafeAnyClick\Set1-1_kor.bmpc:\windows\Unetsystem\SafeAnyClick\Set2-1_eng.bmpc:\windows\Unetsystem\SafeAnyClick\Set2-1_kor.bmpc:\windows\Unetsystem\SafeAnyClick\Set3-1_eng.bmpc:\windows\Unetsystem\SafeAnyClick\Set3-1_kor.bmpc:\windows\Unetsystem\SafeAnyClick\Set3-2_eng.bmpc:\windows\Unetsystem\SafeAnyClick\Set3-2_kor.bmpc:\windows\Unetsystem\SafeAnyClick\Set4-1_eng.bmpc:\windows\Unetsystem\SafeAnyClick\Set4-1_kor.bmpc:\windows\Unetsystem\SafeAnyClick\Set4-2_eng.bmpc:\windows\Unetsystem\SafeAnyClick\Set4-2_kor.bmpc:\windows\Unetsystem\SafeAnyClick\Set5-1_eng.bmpc:\windows\Unetsystem\SafeAnyClick\Set5-1_kor.bmpc:\windows\Unetsystem\SafeAnyClick\Set6-1_eng.bmpc:\windows\Unetsystem\SafeAnyClick\Set6-1_kor.bmpc:\windows\Unetsystem\SafeAnyClick\setAstbg.bmpc:\windows\Unetsystem\SafeAnyClick\setLogo.bmpc:\windows\Unetsystem\SafeAnyClick\Setup_eng.txtc:\windows\Unetsystem\SafeAnyClick\Setup_kor.txtc:\windows\Unetsystem\SafeAnyClick\smc_cli.exec:\windows\Unetsystem\SafeAnyClick\ssleay32.dllc:\windows\Unetsystem\SafeAnyClick\systmon.exec:\windows\Unetsystem\SafeAnyClick\Un1-1_eng.bmpc:\windows\Unetsystem\SafeAnyClick\Un1-1_kor.bmpc:\windows\Unetsystem\SafeAnyClick\Un2-1_eng.bmpc:\windows\Unetsystem\SafeAnyClick\Un2-1_kor.bmpc:\windows\Unetsystem\SafeAnyClick\Un2-2_eng.bmpc:\windows\Unetsystem\SafeAnyClick\Un2-2_kor.bmpc:\windows\Unetsystem\SafeAnyClick\un3-1_eng.bmpc:\windows\Unetsystem\SafeAnyClick\un3-1_kor.bmpc:\windows\Unetsystem\SafeAnyClick\un4-1_eng.bmpc:\windows\Unetsystem\SafeAnyClick\un4-1_kor.bmpc:\windows\Unetsystem\SafeAnyClick\unetadpt.dllc:\windows\Unetsystem\SafeAnyClick\UNETCert2IE.dllc:\windows\Unetsystem\SafeAnyClick\unetpkt.dllc:\windows\Unetsystem\SafeAnyClick\upf.sysc:\windows\Unetsystem\SafeAnyClick\upf_mgm.exec:\windows\Unetsystem\SafeAnyClick\Version.txtc:\windows\Unetsystem\SafeAnyClick\Yonsei_Wireless.wcf.Infected copy of c:\windows\System32\winver.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe ..(((((((((((((((((((((((((   Files Created from 2014-12-06 to 2015-01-06  )))))))))))))))))))))))))))))))..2015-01-05 12:23 . 2015-01-05 12:24	159240	----a-r-	c:\windows\system32\CKAgent.exe2015-01-05 12:23 . 2015-01-05 12:23	159240	----a-r-	c:\windows\SysWow64\CKAgent.exe2015-01-05 09:22 . 2015-01-05 09:24	--------	d-----w-	C:\FRST2015-01-05 09:08 . 2014-11-30 12:13	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{81158480-A4C4-4BC8-8544-9A7BDEBE1B03}\gapaengine.dll2015-01-05 09:08 . 2014-12-02 10:26	11870360	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5453384A-0309-4BCC-81BC-3FD0BB202791}\mpengine.dll2015-01-04 12:04 . 2015-01-04 12:04	--------	d-----w-	c:\users\MASRET\AppData\Local\Hola2015-01-04 11:23 . 2015-01-04 11:23	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys2015-01-04 11:23 . 2015-01-04 11:23	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware2015-01-04 11:23 . 2015-01-04 11:23	--------	d-----w-	c:\programdata\Malwarebytes2015-01-04 11:23 . 2014-11-20 21:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys2015-01-04 11:23 . 2014-11-20 21:14	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys2015-01-04 11:23 . 2014-11-20 21:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys2015-01-04 10:54 . 2015-01-04 10:54	--------	d-----w-	c:\program files\CCleaner2015-01-03 11:46 . 2014-12-02 10:26	11870360	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-12-25 11:00 . 2014-12-25 11:00	--------	d-----w-	c:\program files\Microsoft Silverlight2014-12-25 11:00 . 2014-12-25 11:00	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight2014-12-25 05:31 . 2015-01-04 11:07	--------	d-----w-	C:\AdwCleaner2014-12-21 08:17 . 2014-12-21 08:17	--------	d-----w-	c:\windows\system32\appmgmt2014-12-21 08:04 . 2014-12-21 11:01	--------	d-----w-	c:\users\MASRET\AppData\Roaming\vlc2014-12-21 08:03 . 2014-12-21 08:03	--------	d-----w-	c:\program files (x86)\VideoLAN2014-12-21 07:42 . 2014-12-21 08:17	--------	d-----w-	c:\programdata\WinZip2014-12-20 09:17 . 2014-12-20 09:17	--------	d-----w-	c:\programdata\jddpgpkeooicpbbcgmpifjjeminhmdom2014-12-20 09:07 . 2015-01-04 11:31	--------	d-----w-	c:\program files (x86)\BuyNsavee2014-12-20 09:07 . 2014-12-20 09:07	--------	d-----w-	c:\programdata\nnenenhlkjeijekegpihadgifakldhni2014-12-18 07:05 . 2014-12-13 03:33	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe2014-12-18 07:05 . 2014-12-13 05:09	144384	----a-w-	c:\windows\system32\ieUnatt.exe2014-12-14 05:22 . 2014-12-14 05:22	--------	d-----w-	c:\program files\Common Files\DESIGNER2014-12-14 05:20 . 2014-11-11 02:44	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll2014-12-14 05:20 . 2014-11-11 03:09	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll2014-12-14 05:18 . 2014-11-22 01:09	382976	----a-w-	c:\program files\Internet Explorer\IEShims.dll2014-12-14 05:18 . 2014-11-22 00:58	287232	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll2014-12-14 05:18 . 2014-11-22 02:37	633856	----a-w-	c:\windows\system32\ieui.dll2014-12-13 10:32 . 2014-12-13 10:32	--------	d-----w-	c:\program files (x86)\INFovine2014-12-13 10:32 . 2012-09-12 06:26	39936	----a-w-	c:\windows\SysWow64\UbiKeyWin32.dll2014-12-13 10:32 . 2012-09-12 06:22	48136	----a-w-	c:\windows\SysWow64\UbiKeyUninstall.exe2014-12-13 10:32 . 2012-09-12 06:22	39928	----a-w-	c:\windows\SysWow64\UbiKey.dll2014-12-13 10:32 . 2012-09-12 06:22	56328	----a-w-	c:\windows\SysWow64\VineTransfer.ocx...((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2015-01-05 12:24 . 2014-11-23 11:24	141848	----a-w-	c:\windows\system32\kcrtx64.sys2014-12-24 14:38 . 2014-11-30 01:45	3595656	----a-w-	c:\windows\system32\btscan.exe2014-12-13 09:42 . 2014-11-23 11:28	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-12-13 09:42 . 2014-11-23 11:28	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe2014-12-07 06:42 . 2014-11-23 11:24	1251848	----a-w-	c:\windows\SysWow64\CKSetup64.exe2014-12-05 13:09 . 2014-12-05 13:09	194048	----a-w-	c:\windows\SysWow64\elshyph.dll2014-12-05 13:09 . 2014-12-05 13:09	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe2014-12-05 13:09 . 2014-12-05 13:09	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll2014-12-05 13:09 . 2014-12-05 13:09	235008	----a-w-	c:\windows\system32\elshyph.dll2014-12-05 13:09 . 2014-12-05 13:09	182272	----a-w-	c:\windows\SysWow64\msls31.dll2014-12-05 13:09 . 2014-12-05 13:09	62464	----a-w-	c:\windows\SysWow64\tdc.ocx2014-12-05 13:09 . 2014-12-05 13:09	337408	----a-w-	c:\windows\SysWow64\html.iec2014-12-05 13:09 . 2014-12-05 13:09	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll2014-12-05 13:09 . 2014-12-05 13:09	151552	----a-w-	c:\windows\SysWow64\iexpress.exe2014-12-05 13:09 . 2014-12-05 13:09	139264	----a-w-	c:\windows\SysWow64\wextract.exe2014-12-05 13:09 . 2014-12-05 13:09	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe2014-12-05 13:09 . 2014-12-05 13:09	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll2014-12-05 13:09 . 2014-12-05 13:09	36352	----a-w-	c:\windows\SysWow64\imgutil.dll2014-12-05 13:09 . 2014-12-05 13:09	13312	----a-w-	c:\windows\SysWow64\mshta.exe2014-12-05 13:09 . 2014-12-05 13:09	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll2014-12-05 13:09 . 2014-12-05 13:09	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll2014-12-05 13:09 . 2014-12-05 13:09	942592	----a-w-	c:\windows\system32\jsIntl.dll2014-12-05 13:09 . 2014-12-05 13:09	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe2014-12-05 13:09 . 2014-12-05 13:09	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe2014-12-05 13:09 . 2014-12-05 13:09	77312	----a-w-	c:\windows\system32\tdc.ocx2014-12-05 13:09 . 2014-12-05 13:09	52224	----a-w-	c:\windows\system32\msfeedsbs.dll2014-12-05 13:09 . 2014-12-05 13:09	48640	----a-w-	c:\windows\system32\mshtmler.dll2014-12-05 13:09 . 2014-12-05 13:09	247808	----a-w-	c:\windows\system32\msls31.dll2014-12-05 13:09 . 2014-12-05 13:09	13312	----a-w-	c:\windows\system32\msfeedssync.exe2014-12-05 13:09 . 2014-12-05 13:09	131072	----a-w-	c:\windows\system32\IEAdvpack.dll2014-12-05 13:09 . 2014-12-05 13:09	105984	----a-w-	c:\windows\system32\iesysprep.dll2014-12-05 13:09 . 2014-12-05 13:09	81408	----a-w-	c:\windows\system32\icardie.dll2014-12-05 13:09 . 2014-12-05 13:09	616104	----a-w-	c:\windows\system32\ieapfltr.dat2014-12-05 13:09 . 2014-12-05 13:09	413696	----a-w-	c:\windows\system32\html.iec2014-12-05 13:09 . 2014-12-05 13:09	30208	----a-w-	c:\windows\system32\licmgr10.dll2014-12-05 13:09 . 2014-12-05 13:09	243200	----a-w-	c:\windows\system32\webcheck.dll2014-12-05 13:09 . 2014-12-05 13:09	235520	----a-w-	c:\windows\system32\url.dll2014-12-05 13:09 . 2014-12-05 13:09	167424	----a-w-	c:\windows\system32\iexpress.exe2014-12-05 13:09 . 2014-12-05 13:09	143872	----a-w-	c:\windows\system32\wextract.exe2014-12-05 13:09 . 2014-12-05 13:09	101376	----a-w-	c:\windows\system32\inseng.dll2014-12-05 13:09 . 2014-12-05 13:09	774144	----a-w-	c:\windows\system32\jscript.dll2014-12-05 13:09 . 2014-12-05 13:09	62464	----a-w-	c:\windows\system32\pngfilt.dll2014-12-05 13:09 . 2014-12-05 13:09	48128	----a-w-	c:\windows\system32\imgutil.dll2014-12-05 13:09 . 2014-12-05 13:09	147968	----a-w-	c:\windows\system32\occache.dll2014-12-05 13:09 . 2014-12-05 13:09	13824	----a-w-	c:\windows\system32\mshta.exe2014-12-05 13:09 . 2014-12-05 13:09	135680	----a-w-	c:\windows\system32\iepeers.dll2014-12-05 13:07 . 2014-12-05 13:07	878080	----a-w-	c:\windows\system32\advapi32.dll2014-12-05 13:07 . 2014-12-05 13:07	859648	----a-w-	c:\windows\system32\tdh.dll2014-12-05 13:07 . 2014-12-05 13:07	640512	----a-w-	c:\windows\SysWow64\advapi32.dll2014-12-05 13:07 . 2014-12-05 13:07	1732032	----a-w-	c:\windows\system32\ntdll.dll2014-12-05 13:07 . 2014-12-05 13:07	1292192	----a-w-	c:\windows\SysWow64\ntdll.dll2014-12-05 13:07 . 2014-12-05 13:07	619520	----a-w-	c:\windows\SysWow64\tdh.dll2014-12-05 13:06 . 2014-12-05 13:06	327168	----a-w-	c:\windows\system32\mswsock.dll2014-12-05 13:06 . 2014-12-05 13:06	231424	----a-w-	c:\windows\SysWow64\mswsock.dll2014-12-05 13:01 . 2014-12-05 13:01	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll2014-12-05 13:01 . 2014-12-05 13:01	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll2014-12-05 13:01 . 2014-12-05 13:01	465920	----a-w-	c:\windows\system32\WMPhoto.dll2014-12-05 13:01 . 2014-12-05 13:01	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll2014-12-05 13:01 . 2014-12-05 13:01	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll2014-12-05 13:01 . 2014-12-05 13:01	363008	----a-w-	c:\windows\system32\dxgi.dll2014-12-05 13:01 . 2014-12-05 13:01	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	333312	----a-w-	c:\windows\system32\d3d10_1core.dll2014-12-05 13:01 . 2014-12-05 13:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	296960	----a-w-	c:\windows\system32\d3d10core.dll2014-12-05 13:01 . 2014-12-05 13:01	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll2014-12-05 13:01 . 2014-12-05 13:01	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll2014-12-05 13:01 . 2014-12-05 13:01	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll2014-12-05 13:01 . 2014-12-05 13:01	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll2014-12-05 13:01 . 2014-12-05 13:01	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll2014-12-05 13:01 . 2014-12-05 13:01	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll2014-12-05 13:01 . 2014-12-05 13:01	194560	----a-w-	c:\windows\system32\d3d10_1.dll2014-12-05 13:01 . 2014-12-05 13:01	1682432	----a-w-	c:\windows\system32\XpsPrint.dll2014-12-05 13:01 . 2014-12-05 13:01	1643520	----a-w-	c:\windows\system32\DWrite.dll2014-12-05 13:01 . 2014-12-05 13:01	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll2014-12-05 13:01 . 2014-12-05 13:01	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll2014-12-05 13:01 . 2014-12-05 13:01	1238528	----a-w-	c:\windows\system32\d3d10.dll2014-12-05 13:01 . 2014-12-05 13:01	1175552	----a-w-	c:\windows\system32\FntCache.dll2014-12-05 13:01 . 2014-12-05 13:01	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll2014-12-05 13:01 . 2014-12-05 13:01	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll2014-12-05 13:01 . 2014-12-05 13:01	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	648192	----a-w-	c:\windows\system32\d3d10level9.dll2014-12-05 13:01 . 2014-12-05 13:01	293376	----a-w-	c:\windows\SysWow64\dxgi.dll2014-12-05 13:01 . 2014-12-05 13:01	221184	----a-w-	c:\windows\system32\UIAnimation.dll2014-12-05 13:01 . 2014-12-05 13:01	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll2014-12-05 12:59 . 2014-12-05 12:59	1887232	----a-w-	c:\windows\system32\d3d11.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll[-] 2011-01-16 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IME14 KOR Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 81200]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]   Ime File	REG_SZ         	IMKR14.IME.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2K.sys;c:\windows\SYSNATIVE\drivers\AhnFlt2K.sys [x]R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2K.sys;c:\windows\SYSNATIVE\drivers\AhnRec2K.sys [x]R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\Drivers\CdmDrvNt.sys;c:\windows\SYSNATIVE\Drivers\CdmDrvNt.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS;c:\windows\SYSNATIVE\JRSKD24.SYS [x]R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys;c:\windows\SYSNATIVE\kcrtx64.sys [x]R3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [x]R3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft 네트워크 검사;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 scsk5;SCSK5 Driver Service;syswow64\drivers\scsk5.sys;syswow64\drivers\scsk5.sys [x]R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows 정품 인증 기술 서비스;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]S1 AMonTDLH;AMonTDLH;c:\windows\system32\Drivers\AMonTDLH.sys;c:\windows\SYSNATIVE\Drivers\AMonTDLH.sys [x]S1 UPF;UPF NDIS Protocol Driver;c:\windows\system32\Drivers\upf.sys;c:\windows\SYSNATIVE\Drivers\upf.sys [x]S2 AnySens;AnySens;c:\program files\Unetsystem\AnyClick\AnySens.exe;c:\program files\Unetsystem\AnyClick\AnySens.exe [x]S2 AnySVC;AnyClick Service;c:\program files\Unetsystem\AnyClick\AnySVC.exe;c:\program files\Unetsystem\AnyClick\AnySVC.exe [x]S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [x]S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]S3 IntcDAud;인텔(R) 디스플레이 오디오;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2015-01-04 10:10	1087816	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2015-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-23 09:42].2015-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-04 10:09].2015-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-04 10:09]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IME14 KOR Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 110896]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-18 172168]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-18 400008]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-18 441992]"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2014-11-23 9745312]"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2014-11-23 5374880]"AnyTray"="c:\program files\Unetsystem\AnyClick\AnyTray.exe" [2013-03-11 335872]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmDefault_Search_URL = hxxp://www.google.commDefault_Page_URL = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmmSearch Page = hxxp://www.google.comIE: Microsoft Excel로 내보내기(&X) - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: OneNote로 보내기(&N) - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105Trusted Zone: abchina.comTrusted Zone: bankcomm.comTrusted Zone: bankofbeijing.coTrusted Zone: bankofshanghai.comTrusted Zone: boc.cnTrusted Zone: cbhb.com.cnTrusted Zone: ccb.comTrusted Zone: cebbank.comTrusted Zone: cgbchina.com.cnTrusted Zone: cib.com.cnTrusted Zone: citibank.co.krTrusted Zone: cmbc.com.cnTrusted Zone: cmbchina.comTrusted Zone: cu.co.krTrusted Zone: czbank.comTrusted Zone: dacom.netTrusted Zone: ecitic.comTrusted Zone: egbank.com.cnTrusted Zone: epaygen.co.krTrusted Zone: epaygen.comTrusted Zone: hanacard.co.krTrusted Zone: hxb.com.cnTrusted Zone: hyundaicard.comTrusted Zone: icbc.com.cnTrusted Zone: jbbank.co.krTrusted Zone: kcp.co.krTrusted Zone: keb.co.krTrusted Zone: kjbank.comTrusted Zone: lgcard.comTrusted Zone: lgdacom.netTrusted Zone: lottecard.co.krTrusted Zone: macromedia.comTrusted Zone: nonghyup.comTrusted Zone: nprotect.netTrusted Zone: pingan.comTrusted Zone: psbc.comTrusted Zone: samsungcard.co.krTrusted Zone: sdb.com.cnTrusted Zone: shinhancard.comTrusted Zone: spdb.com.cnTrusted Zone: suhyup.co.krTrusted Zone: unionpaysecure.comTrusted Zone: uplus.co.krTrusted Zone: vpay.co.krTrusted Zone: yescard.co.krTCP: DhcpNameServer = 1.214.68.2 61.41.153.2DPF: {1219B6C3-CD4D-4243-9A4F-4C9F12FCC6E7} - hxxps://ck.softforum.co.kr/CKKeyPro/yessign/CKKeyProInst.cabDPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxps://mpi.dacom.net/XMPI/js/LGUplus_XMPI_20110503.cabDPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxps://plugin.inicis.com/wallet61/INIwallet61_win8.cabDPF: {42E8651D-C437-4203-93F5-24E20C2C4465} - hxxps://www.vpay.co.kr/kvpfiles/KVPCyberCard.cabDPF: {55399877-B7F0-4A0F-BDEE-6FD1982EAB20} - hxxp://webmail.sogangedu.com/images/activex/WebMailFileUpDown.cabDPF: {60AEFD89-586A-462F-B828-EAA243EBE69C} - hxxp://webmail.sogangedu.com/images/activex/AddressBookCtl.cabDPF: {63A7D575-8E63-464E-947B-57D5A6773D79} - hxxps://supdate.nprotect.net/netizen/card/shinhan/slm/npEfdsWCtrl.cabDPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxps://download.softforum.com/Published/XecureWeb/v7.2.5.8/xw_install.cabDPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cabDPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} - hxxps://www.bankpay.or.kr/BankPayEFT.cabDPF: {B1D16D27-B5AC-434D-85D2-9D1CD4C0E018} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPayUX.cabDPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} - hxxps://vbv.shinhancard.com/infovine/VineTransfer.cabDPF: {E42F7FEB-DE20-43F4-A342-47F1DA77F667} - hxxps://pgdownload.uplus.co.kr/lguplus/XPayPlugin_3.0.0.3.cabDPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cabFF - ProfilePath - c:\users\MASRET\AppData\Roaming\Mozilla\Firefox\Profiles\2v9xkndu.default\.- - - - ORPHANS REMOVED - - - -.HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startAddRemove-INFovine - c:\windows\system32\UbiKeyUninstall.exeAddRemove-SoftcampSCSK - c:\windows\system32\UnSCSK.exeAddRemove-UnINISafeWeb7 - c:\windows\system32\UnINIS70.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.15".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\windows\SysWOW64\srvany.exec:\windows\KMService.exe.**************************************************************************.Completion time: 2015-01-06  19:04:35 - machine was rebootedComboFix-quarantined-files.txt  2015-01-06 10:04.Pre-Run: 72,860,426,240 바이트 남음Post-Run: 72,713,367,552 바이트 남음.- - End Of File - - 2556F9F023672165438305CB69BCF99A

Thanks so much for your help thus far!

 

Best,

Rob

Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

CFScript.txt

Link to post
Share on other sites

Thanks, Marius. Here are the latest Combofix results:

ComboFix 15-01-05.01 - MASRET 2015-01-06  19:50:51.2.4 - x64Microsoft Windows 7 Ultimate K   6.1.7601.1.949.82.1042.18.4001.2923 [GMT 9:00]Running from: c:\users\MASRET\Downloads\ComboFix.exeCommand switches used :: c:\users\MASRET\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\BuyNsaveec:\program files (x86)\BuyNsavee\BuyNsavee.datc:\programdata\jddpgpkeooicpbbcgmpifjjeminhmdomc:\programdata\jddpgpkeooicpbbcgmpifjjeminhmdom\background.htmlc:\programdata\jddpgpkeooicpbbcgmpifjjeminhmdom\content.jsc:\programdata\jddpgpkeooicpbbcgmpifjjeminhmdom\lsdb.jsc:\programdata\jddpgpkeooicpbbcgmpifjjeminhmdom\manifest.jsonc:\programdata\jddpgpkeooicpbbcgmpifjjeminhmdom\XlUSwHSihV.jsc:\programdata\nnenenhlkjeijekegpihadgifakldhnic:\programdata\nnenenhlkjeijekegpihadgifakldhni\background.htmlc:\programdata\nnenenhlkjeijekegpihadgifakldhni\bQen.jsc:\programdata\nnenenhlkjeijekegpihadgifakldhni\content.jsc:\programdata\nnenenhlkjeijekegpihadgifakldhni\lsdb.jsc:\programdata\nnenenhlkjeijekegpihadgifakldhni\manifest.jsonc:\users\MASRET\AppData\Roaming\AnyClickc:\users\MASRET\AppData\Roaming\AnyClick\AnySystmon.logc:\users\MASRET\AppData\Roaming\AnyClick\AnyTray_AUS.log.Infected copy of c:\windows\System32\winver.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe ..--------------- FCopy ---------------.c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --> c:\windows\system32\user32.dll.(((((((((((((((((((((((((   Files Created from 2014-12-06 to 2015-01-06  )))))))))))))))))))))))))))))))..2015-01-06 10:54 . 2015-01-06 10:54	--------	d-----w-	c:\users\MASRET\AppData\Roaming\AnyClick2015-01-06 10:53 . 2015-01-06 10:53	--------	d-----w-	c:\users\Default\AppData\Local\temp2015-01-05 12:23 . 2015-01-05 12:24	159240	----a-r-	c:\windows\system32\CKAgent.exe2015-01-05 12:23 . 2015-01-05 12:23	159240	----a-r-	c:\windows\SysWow64\CKAgent.exe2015-01-05 09:22 . 2015-01-05 09:24	--------	d-----w-	C:\FRST2015-01-05 09:08 . 2014-11-30 12:13	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{81158480-A4C4-4BC8-8544-9A7BDEBE1B03}\gapaengine.dll2015-01-05 09:08 . 2014-12-02 10:26	11870360	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5453384A-0309-4BCC-81BC-3FD0BB202791}\mpengine.dll2015-01-04 12:04 . 2015-01-04 12:04	--------	d-----w-	c:\users\MASRET\AppData\Local\Hola2015-01-04 11:23 . 2015-01-04 11:23	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys2015-01-04 11:23 . 2015-01-04 11:23	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware2015-01-04 11:23 . 2015-01-04 11:23	--------	d-----w-	c:\programdata\Malwarebytes2015-01-04 11:23 . 2014-11-20 21:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys2015-01-04 11:23 . 2014-11-20 21:14	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys2015-01-04 11:23 . 2014-11-20 21:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys2015-01-04 10:54 . 2015-01-04 10:54	--------	d-----w-	c:\program files\CCleaner2015-01-03 11:46 . 2014-12-02 10:26	11870360	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-12-25 11:00 . 2014-12-25 11:00	--------	d-----w-	c:\program files\Microsoft Silverlight2014-12-25 11:00 . 2014-12-25 11:00	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight2014-12-25 05:31 . 2015-01-04 11:07	--------	d-----w-	C:\AdwCleaner2014-12-21 08:17 . 2014-12-21 08:17	--------	d-----w-	c:\windows\system32\appmgmt2014-12-21 08:04 . 2014-12-21 11:01	--------	d-----w-	c:\users\MASRET\AppData\Roaming\vlc2014-12-21 08:03 . 2014-12-21 08:03	--------	d-----w-	c:\program files (x86)\VideoLAN2014-12-21 07:42 . 2014-12-21 08:17	--------	d-----w-	c:\programdata\WinZip2014-12-18 07:05 . 2014-12-13 03:33	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe2014-12-18 07:05 . 2014-12-13 05:09	144384	----a-w-	c:\windows\system32\ieUnatt.exe2014-12-14 05:22 . 2014-12-14 05:22	--------	d-----w-	c:\program files\Common Files\DESIGNER2014-12-14 05:20 . 2014-11-11 02:44	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll2014-12-14 05:20 . 2014-11-11 03:09	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll2014-12-14 05:18 . 2014-11-22 01:09	382976	----a-w-	c:\program files\Internet Explorer\IEShims.dll2014-12-14 05:18 . 2014-11-22 00:58	287232	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll2014-12-14 05:18 . 2014-11-22 02:37	633856	----a-w-	c:\windows\system32\ieui.dll2014-12-13 10:32 . 2014-12-13 10:32	--------	d-----w-	c:\program files (x86)\INFovine2014-12-13 10:32 . 2012-09-12 06:26	39936	----a-w-	c:\windows\SysWow64\UbiKeyWin32.dll2014-12-13 10:32 . 2012-09-12 06:22	48136	----a-w-	c:\windows\SysWow64\UbiKeyUninstall.exe2014-12-13 10:32 . 2012-09-12 06:22	39928	----a-w-	c:\windows\SysWow64\UbiKey.dll2014-12-13 10:32 . 2012-09-12 06:22	56328	----a-w-	c:\windows\SysWow64\VineTransfer.ocx...((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2015-01-05 12:24 . 2014-11-23 11:24	141848	----a-w-	c:\windows\system32\kcrtx64.sys2014-12-24 14:38 . 2014-11-30 01:45	3595656	----a-w-	c:\windows\system32\btscan.exe2014-12-13 09:42 . 2014-11-23 11:28	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-12-13 09:42 . 2014-11-23 11:28	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe2014-12-07 06:42 . 2014-11-23 11:24	1251848	----a-w-	c:\windows\SysWow64\CKSetup64.exe2014-12-05 13:09 . 2014-12-05 13:09	194048	----a-w-	c:\windows\SysWow64\elshyph.dll2014-12-05 13:09 . 2014-12-05 13:09	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe2014-12-05 13:09 . 2014-12-05 13:09	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll2014-12-05 13:09 . 2014-12-05 13:09	235008	----a-w-	c:\windows\system32\elshyph.dll2014-12-05 13:09 . 2014-12-05 13:09	182272	----a-w-	c:\windows\SysWow64\msls31.dll2014-12-05 13:09 . 2014-12-05 13:09	62464	----a-w-	c:\windows\SysWow64\tdc.ocx2014-12-05 13:09 . 2014-12-05 13:09	337408	----a-w-	c:\windows\SysWow64\html.iec2014-12-05 13:09 . 2014-12-05 13:09	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll2014-12-05 13:09 . 2014-12-05 13:09	151552	----a-w-	c:\windows\SysWow64\iexpress.exe2014-12-05 13:09 . 2014-12-05 13:09	139264	----a-w-	c:\windows\SysWow64\wextract.exe2014-12-05 13:09 . 2014-12-05 13:09	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe2014-12-05 13:09 . 2014-12-05 13:09	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll2014-12-05 13:09 . 2014-12-05 13:09	36352	----a-w-	c:\windows\SysWow64\imgutil.dll2014-12-05 13:09 . 2014-12-05 13:09	13312	----a-w-	c:\windows\SysWow64\mshta.exe2014-12-05 13:09 . 2014-12-05 13:09	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll2014-12-05 13:09 . 2014-12-05 13:09	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll2014-12-05 13:09 . 2014-12-05 13:09	942592	----a-w-	c:\windows\system32\jsIntl.dll2014-12-05 13:09 . 2014-12-05 13:09	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe2014-12-05 13:09 . 2014-12-05 13:09	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe2014-12-05 13:09 . 2014-12-05 13:09	77312	----a-w-	c:\windows\system32\tdc.ocx2014-12-05 13:09 . 2014-12-05 13:09	52224	----a-w-	c:\windows\system32\msfeedsbs.dll2014-12-05 13:09 . 2014-12-05 13:09	48640	----a-w-	c:\windows\system32\mshtmler.dll2014-12-05 13:09 . 2014-12-05 13:09	247808	----a-w-	c:\windows\system32\msls31.dll2014-12-05 13:09 . 2014-12-05 13:09	13312	----a-w-	c:\windows\system32\msfeedssync.exe2014-12-05 13:09 . 2014-12-05 13:09	131072	----a-w-	c:\windows\system32\IEAdvpack.dll2014-12-05 13:09 . 2014-12-05 13:09	105984	----a-w-	c:\windows\system32\iesysprep.dll2014-12-05 13:09 . 2014-12-05 13:09	81408	----a-w-	c:\windows\system32\icardie.dll2014-12-05 13:09 . 2014-12-05 13:09	616104	----a-w-	c:\windows\system32\ieapfltr.dat2014-12-05 13:09 . 2014-12-05 13:09	413696	----a-w-	c:\windows\system32\html.iec2014-12-05 13:09 . 2014-12-05 13:09	30208	----a-w-	c:\windows\system32\licmgr10.dll2014-12-05 13:09 . 2014-12-05 13:09	243200	----a-w-	c:\windows\system32\webcheck.dll2014-12-05 13:09 . 2014-12-05 13:09	235520	----a-w-	c:\windows\system32\url.dll2014-12-05 13:09 . 2014-12-05 13:09	167424	----a-w-	c:\windows\system32\iexpress.exe2014-12-05 13:09 . 2014-12-05 13:09	143872	----a-w-	c:\windows\system32\wextract.exe2014-12-05 13:09 . 2014-12-05 13:09	101376	----a-w-	c:\windows\system32\inseng.dll2014-12-05 13:09 . 2014-12-05 13:09	774144	----a-w-	c:\windows\system32\jscript.dll2014-12-05 13:09 . 2014-12-05 13:09	62464	----a-w-	c:\windows\system32\pngfilt.dll2014-12-05 13:09 . 2014-12-05 13:09	48128	----a-w-	c:\windows\system32\imgutil.dll2014-12-05 13:09 . 2014-12-05 13:09	147968	----a-w-	c:\windows\system32\occache.dll2014-12-05 13:09 . 2014-12-05 13:09	13824	----a-w-	c:\windows\system32\mshta.exe2014-12-05 13:09 . 2014-12-05 13:09	135680	----a-w-	c:\windows\system32\iepeers.dll2014-12-05 13:07 . 2014-12-05 13:07	878080	----a-w-	c:\windows\system32\advapi32.dll2014-12-05 13:07 . 2014-12-05 13:07	859648	----a-w-	c:\windows\system32\tdh.dll2014-12-05 13:07 . 2014-12-05 13:07	640512	----a-w-	c:\windows\SysWow64\advapi32.dll2014-12-05 13:07 . 2014-12-05 13:07	1732032	----a-w-	c:\windows\system32\ntdll.dll2014-12-05 13:07 . 2014-12-05 13:07	1292192	----a-w-	c:\windows\SysWow64\ntdll.dll2014-12-05 13:07 . 2014-12-05 13:07	619520	----a-w-	c:\windows\SysWow64\tdh.dll2014-12-05 13:06 . 2014-12-05 13:06	327168	----a-w-	c:\windows\system32\mswsock.dll2014-12-05 13:06 . 2014-12-05 13:06	231424	----a-w-	c:\windows\SysWow64\mswsock.dll2014-12-05 13:01 . 2014-12-05 13:01	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll2014-12-05 13:01 . 2014-12-05 13:01	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll2014-12-05 13:01 . 2014-12-05 13:01	465920	----a-w-	c:\windows\system32\WMPhoto.dll2014-12-05 13:01 . 2014-12-05 13:01	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll2014-12-05 13:01 . 2014-12-05 13:01	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll2014-12-05 13:01 . 2014-12-05 13:01	363008	----a-w-	c:\windows\system32\dxgi.dll2014-12-05 13:01 . 2014-12-05 13:01	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	333312	----a-w-	c:\windows\system32\d3d10_1core.dll2014-12-05 13:01 . 2014-12-05 13:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	296960	----a-w-	c:\windows\system32\d3d10core.dll2014-12-05 13:01 . 2014-12-05 13:01	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll2014-12-05 13:01 . 2014-12-05 13:01	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll2014-12-05 13:01 . 2014-12-05 13:01	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll2014-12-05 13:01 . 2014-12-05 13:01	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll2014-12-05 13:01 . 2014-12-05 13:01	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll2014-12-05 13:01 . 2014-12-05 13:01	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll2014-12-05 13:01 . 2014-12-05 13:01	194560	----a-w-	c:\windows\system32\d3d10_1.dll2014-12-05 13:01 . 2014-12-05 13:01	1682432	----a-w-	c:\windows\system32\XpsPrint.dll2014-12-05 13:01 . 2014-12-05 13:01	1643520	----a-w-	c:\windows\system32\DWrite.dll2014-12-05 13:01 . 2014-12-05 13:01	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll2014-12-05 13:01 . 2014-12-05 13:01	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll2014-12-05 13:01 . 2014-12-05 13:01	1238528	----a-w-	c:\windows\system32\d3d10.dll2014-12-05 13:01 . 2014-12-05 13:01	1175552	----a-w-	c:\windows\system32\FntCache.dll2014-12-05 13:01 . 2014-12-05 13:01	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll2014-12-05 13:01 . 2014-12-05 13:01	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll2014-12-05 13:01 . 2014-12-05 13:01	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-12-05 13:01 . 2014-12-05 13:01	648192	----a-w-	c:\windows\system32\d3d10level9.dll2014-12-05 13:01 . 2014-12-05 13:01	293376	----a-w-	c:\windows\SysWow64\dxgi.dll2014-12-05 13:01 . 2014-12-05 13:01	221184	----a-w-	c:\windows\system32\UIAnimation.dll2014-12-05 13:01 . 2014-12-05 13:01	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll2014-12-05 12:59 . 2014-12-05 12:59	1887232	----a-w-	c:\windows\system32\d3d11.dll..(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IME14 KOR Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 81200]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]   Ime File	REG_SZ         	IMKR14.IME.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2K.sys;c:\windows\SYSNATIVE\drivers\AhnFlt2K.sys [x]R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2K.sys;c:\windows\SYSNATIVE\drivers\AhnRec2K.sys [x]R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\Drivers\CdmDrvNt.sys;c:\windows\SYSNATIVE\Drivers\CdmDrvNt.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS;c:\windows\SYSNATIVE\JRSKD24.SYS [x]R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys;c:\windows\SYSNATIVE\kcrtx64.sys [x]R3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [x]R3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft 네트워크 검사;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 scsk5;SCSK5 Driver Service;syswow64\drivers\scsk5.sys;syswow64\drivers\scsk5.sys [x]R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows 정품 인증 기술 서비스;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]S1 AMonTDLH;AMonTDLH;c:\windows\system32\Drivers\AMonTDLH.sys;c:\windows\SYSNATIVE\Drivers\AMonTDLH.sys [x]S1 UPF;UPF NDIS Protocol Driver;c:\windows\system32\Drivers\upf.sys;c:\windows\SYSNATIVE\Drivers\upf.sys [x]S2 AnySens;AnySens;c:\program files\Unetsystem\AnyClick\AnySens.exe;c:\program files\Unetsystem\AnyClick\AnySens.exe [x]S2 AnySVC;AnyClick Service;c:\program files\Unetsystem\AnyClick\AnySVC.exe;c:\program files\Unetsystem\AnyClick\AnySVC.exe [x]S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [x]S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]S3 IntcDAud;인텔(R) 디스플레이 오디오;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2015-01-04 10:10	1087816	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2015-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-23 09:42].2015-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-04 10:09].2015-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-04 10:09]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IME14 KOR Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 110896]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-18 172168]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-18 400008]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-18 441992]"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2014-11-23 9745312]"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2014-11-23 5374880]"AnyTray"="c:\program files\Unetsystem\AnyClick\AnyTray.exe" [2013-03-11 335872]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmDefault_Search_URL = hxxp://www.google.commDefault_Page_URL = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmmSearch Page = hxxp://www.google.comIE: Microsoft Excel로 내보내기(&X) - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: OneNote로 보내기(&N) - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105Trusted Zone: abchina.comTrusted Zone: bankcomm.comTrusted Zone: bankofbeijing.coTrusted Zone: bankofshanghai.comTrusted Zone: boc.cnTrusted Zone: cbhb.com.cnTrusted Zone: ccb.comTrusted Zone: cebbank.comTrusted Zone: cgbchina.com.cnTrusted Zone: cib.com.cnTrusted Zone: citibank.co.krTrusted Zone: cmbc.com.cnTrusted Zone: cmbchina.comTrusted Zone: cu.co.krTrusted Zone: czbank.comTrusted Zone: dacom.netTrusted Zone: ecitic.comTrusted Zone: egbank.com.cnTrusted Zone: epaygen.co.krTrusted Zone: epaygen.comTrusted Zone: hanacard.co.krTrusted Zone: hxb.com.cnTrusted Zone: hyundaicard.comTrusted Zone: icbc.com.cnTrusted Zone: jbbank.co.krTrusted Zone: kcp.co.krTrusted Zone: keb.co.krTrusted Zone: kjbank.comTrusted Zone: lgcard.comTrusted Zone: lgdacom.netTrusted Zone: lottecard.co.krTrusted Zone: macromedia.comTrusted Zone: nonghyup.comTrusted Zone: nprotect.netTrusted Zone: pingan.comTrusted Zone: psbc.comTrusted Zone: samsungcard.co.krTrusted Zone: sdb.com.cnTrusted Zone: shinhancard.comTrusted Zone: spdb.com.cnTrusted Zone: suhyup.co.krTrusted Zone: unionpaysecure.comTrusted Zone: uplus.co.krTrusted Zone: vpay.co.krTrusted Zone: yescard.co.krTCP: DhcpNameServer = 1.214.68.2 61.41.153.2DPF: {1219B6C3-CD4D-4243-9A4F-4C9F12FCC6E7} - hxxps://ck.softforum.co.kr/CKKeyPro/yessign/CKKeyProInst.cabDPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxps://mpi.dacom.net/XMPI/js/LGUplus_XMPI_20110503.cabDPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxps://plugin.inicis.com/wallet61/INIwallet61_win8.cabDPF: {42E8651D-C437-4203-93F5-24E20C2C4465} - hxxps://www.vpay.co.kr/kvpfiles/KVPCyberCard.cabDPF: {55399877-B7F0-4A0F-BDEE-6FD1982EAB20} - hxxp://webmail.sogangedu.com/images/activex/WebMailFileUpDown.cabDPF: {60AEFD89-586A-462F-B828-EAA243EBE69C} - hxxp://webmail.sogangedu.com/images/activex/AddressBookCtl.cabDPF: {63A7D575-8E63-464E-947B-57D5A6773D79} - hxxps://supdate.nprotect.net/netizen/card/shinhan/slm/npEfdsWCtrl.cabDPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxps://download.softforum.com/Published/XecureWeb/v7.2.5.8/xw_install.cabDPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cabDPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} - hxxps://www.bankpay.or.kr/BankPayEFT.cabDPF: {B1D16D27-B5AC-434D-85D2-9D1CD4C0E018} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPayUX.cabDPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} - hxxps://vbv.shinhancard.com/infovine/VineTransfer.cabDPF: {E42F7FEB-DE20-43F4-A342-47F1DA77F667} - hxxps://pgdownload.uplus.co.kr/lguplus/XPayPlugin_3.0.0.3.cabDPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cabFF - ProfilePath - c:\users\MASRET\AppData\Roaming\Mozilla\Firefox\Profiles\2v9xkndu.default\.- - - - ORPHANS REMOVED - - - -.AddRemove-INFovine - c:\windows\system32\UbiKeyUninstall.exeAddRemove-SoftcampSCSK - c:\windows\system32\UnSCSK.exeAddRemove-UnINISafeWeb7 - c:\windows\system32\UnINIS70.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.15".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\windows\SysWOW64\srvany.exec:\windows\KMService.exe.**************************************************************************.Completion time: 2015-01-06  19:55:54 - machine was rebootedComboFix-quarantined-files.txt  2015-01-06 10:55.Pre-Run: 72,765,665,280 바이트 남음Post-Run: 72,721,780,736 바이트 남음.- - End Of File - - E2DE58B9CAA797801886E0C4CCF80CF6

I'll post the Malwarebytes scan log in the next reply. Posting in a few minutes . . .

Link to post
Share on other sites

Malewarebytes just finished scanning -- here's the new log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2015-01-06Scan Time: 오후 8:02:03Logfile: Administrator: YesVersion: 2.00.4.1028Malware Database: v2015.01.06.03Rootkit Database: v2014.12.30.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: MASRETScan Type: Threat ScanResult: CompletedObjects Scanned: 331793Time Elapsed: 5 min, 20 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end)

Looks okay?

 

Thanks again for your help so far, Marius.

 

Best,

Rob

Link to post
Share on other sites

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]Click Start[*]Wait for the scan to finish[*]When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."[*] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[*]Close the ESET online scan, and let me know how things are now.

Link to post
Share on other sites

The ESET scan just finished. Many threats were found -- I'll post the log below:

C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir	a variant of Win32/ELEX.BH potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\MASRET\AppData\Roaming\Mozilla\Firefox\Profiles\2v9xkndu.default\Extensions\9@Rk6ef8.net\content\bg.js.vir	JS/Kryptik.ATB trojanC:\AdwCleaner\Quarantine\C\Users\MASRET\AppData\Roaming\Mozilla\Firefox\Profiles\2v9xkndu.default\Extensions\m1164dQ@E.edu\content\bg.js.vir	JS/Kryptik.ATB trojanC:\Qoobox\Quarantine\C\ProgramData\jddpgpkeooicpbbcgmpifjjeminhmdom\content.js.vir	JS/Chromex.Agent.L trojanC:\Qoobox\Quarantine\C\ProgramData\jddpgpkeooicpbbcgmpifjjeminhmdom\lsdb.js.vir	JS/Kryptik.ATB trojanC:\Qoobox\Quarantine\C\ProgramData\jddpgpkeooicpbbcgmpifjjeminhmdom\XlUSwHSihV.js.vir	JS/Kryptik.ATB trojanC:\Qoobox\Quarantine\C\ProgramData\nnenenhlkjeijekegpihadgifakldhni\bQen.js.vir	JS/Kryptik.ATB trojanC:\Qoobox\Quarantine\C\ProgramData\nnenenhlkjeijekegpihadgifakldhni\content.js.vir	JS/Chromex.Agent.L trojanC:\Qoobox\Quarantine\C\ProgramData\nnenenhlkjeijekegpihadgifakldhni\lsdb.js.vir	JS/Kryptik.ATB trojanC:\Users\MASRET\Downloads\ccsetup501.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\MASRET\Downloads\Download_Manager-TW.Gngrl7wdl-HD3D.rar.exe	a variant of Win32/Adware.MultiPlug.ED applicationC:\Users\MASRET\Downloads\Led.GnGl72.FY.rar (1).exe	a variant of Win32/Adware.MultiPlug.ED applicationC:\Users\MASRET\Downloads\Led.GnGl72.FY.rar.exe	a variant of Win32/Adware.MultiPlug.ED applicationC:\Users\MASRET\Downloads\winzip19-lan_ko.exe	a variant of Win32/InstallCore.TS potentially unwanted applicationC:\Windows\KMService.exe	a variant of Win32/HackTool.KMSAuto.C potentially unsafe applicationD:\MASRET-PC\Backup Set 2014-12-07 150145\Backup Files 2014-12-21 190001\Backup files 1.zip	JS/Kryptik.ATB trojanD:\MASRET-PC\Backup Set 2014-12-07 150145\Backup Files 2014-12-21 190001\Backup files 2.zip	multiple threatsD:\MASRET-PC\Backup Set 2014-12-07 150145\Backup Files 2014-12-21 190001\Backup files 3.zip	multiple threatsD:\MASRET-PC\Backup Set 2014-12-28 204539\Backup Files 2014-12-28 204539\Backup files 2.zip	multiple threatsD:\MASRET-PC\Backup Set 2014-12-28 204539\Backup Files 2014-12-28 204539\Backup files 6.zip	a variant of Win32/Adware.MultiPlug.ED applicationD:\MASRET-PC\Backup Set 2014-12-28 204539\Backup Files 2014-12-28 204539\Backup files 7.zip	a variant of Win32/InstallCore.TS potentially unwanted applicationD:\MASRET-PC\Backup Set 2014-12-28 204539\Backup Files 2015-01-04 190437\Backup files 2.zip	a variant of Win32/OutBrowse.BQ potentially unwanted application

Thanks,

Rob

Link to post
Share on other sites

 

C:\Users\MASRET\Downloads\ccsetup501.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\MASRET\Downloads\Download_Manager-TW.Gngrl7wdl-HD3D.rar.exe    a variant of Win32/Adware.MultiPlug.ED application

C:\Users\MASRET\Downloads\Led.GnGl72.FY.rar (1).exe    a variant of Win32/Adware.MultiPlug.ED application

C:\Users\MASRET\Downloads\Led.GnGl72.FY.rar.exe    a variant of Win32/Adware.MultiPlug.ED application

C:\Users\MASRET\Downloads\winzip19-lan_ko.exe    a variant of Win32/InstallCore.TS potentially unwanted application

C:\Windows\KMService.exe    a variant of Win32/HackTool.KMSAuto.C potentially unsafe application

These files aren´t malware but contain security risks. I´d delete them immediately - your choice.

 

 

 

 

D:\MASRET-PC\Backup Set 2014-12-07 150145\Backup Files 2014-12-21 190001\Backup files 1.zip    JS/Kryptik.ATB trojan

D:\MASRET-PC\Backup Set 2014-12-07 150145\Backup Files 2014-12-21 190001\Backup files 2.zip    multiple threats

D:\MASRET-PC\Backup Set 2014-12-07 150145\Backup Files 2014-12-21 190001\Backup files 3.zip    multiple threats

D:\MASRET-PC\Backup Set 2014-12-28 204539\Backup Files 2014-12-28 204539\Backup files 2.zip    multiple threats

D:\MASRET-PC\Backup Set 2014-12-28 204539\Backup Files 2014-12-28 204539\Backup files 6.zip    a variant of Win32/Adware.MultiPlug.ED application

D:\MASRET-PC\Backup Set 2014-12-28 204539\Backup Files 2014-12-28 204539\Backup files 7.zip    a variant of Win32/InstallCore.TS potentially unwanted application

D:\MASRET-PC\Backup Set 2014-12-28 204539\Backup Files 2015-01-04 190437\Backup files 2.zip    a variant of Win32/OutBrowse.BQ potentially unwanted application

These backup sets are infected. I´d recommend to delete tehem and create a new one.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!

Link to post
Share on other sites

I deleted the files you indicated and the Adw, JRT, and Securitycheck scans are now complete. I'll post the logs below:

# AdwCleaner v4.106 - Report created 06/01/2015 at 22:54:00# Updated 21/12/2014 by Xplode# Database : 2015-01-03.1 [Live]# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : MASRET - MASRET-PC# Running from : C:\Users\MASRET\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Users\MASRET\AppData\Local\Hola***** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 en-US)-\\ Google Chrome v39.0.2171.95*************************AdwCleaner[R0].txt - [5349 octets] - [25/12/2014 14:31:45]AdwCleaner[R1].txt - [6135 octets] - [25/12/2014 14:37:20]AdwCleaner[R2].txt - [1203 octets] - [04/01/2015 20:05:24]AdwCleaner[R3].txt - [1199 octets] - [06/01/2015 22:52:25]AdwCleaner[S0].txt - [339 octets] - [25/12/2014 14:34:42]AdwCleaner[S1].txt - [5326 octets] - [25/12/2014 14:38:35]AdwCleaner[S2].txt - [1269 octets] - [04/01/2015 20:07:06]AdwCleaner[S3].txt - [1123 octets] - [06/01/2015 22:54:00]########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1183 octets] ##########

Plus:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.1 (12.28.2014:1)OS: Windows 7 Ultimate x64Ran by MASRET on 2015-01-06 at 23:00:28.20~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry Keys~~~ Files~~~ Folders~~~ FireFoxSuccessfully deleted the following from C:\Users\MASRET\AppData\Roaming\mozilla\firefox\profiles\2v9xkndu.default\prefs.jsuser_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.6.6\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\MASRET\\\~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 2015-01-06 at 23:03:51.41End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Plus the Securitycheck info:

 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  
 Mozilla Firefox (34.0.5) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
 
My wife's computer seems to be running much better! Thanks again for your help. 
 
Best,
Rob
Link to post
Share on other sites

Your system is clean now! :)

 

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

  • Get the actual player from

     

     

     

     

    Recommendations: How to protect yourself

    • System Updates
      Please ensure to have automatic updates activated in your control panel.
      For further information and a tutorial, see this Microsoft Support article.
    • Protection
      What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
      Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
      • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
        It will filter unwanted advertising out of the website´s content.
      • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
        It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
        In addition, before accessing a dangerous classified web site, a warning screen is displayed.
    • Up to date Software
      Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:
    • Backup
      Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
    • Behaviour
      The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
      • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
      • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
      • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
      • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
        They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.