Jump to content

USB virus/worm tmp5A5F.tmp.vbe


Recommended Posts

Hello people!

I've plugged my flashdrive in a public computer and that's the gift I get: a USB virus/worm called tmp5A5F.tmp.vbe. So all files/folders turn into shortcuts to hidden files, pointing to the vbe malicious file.

The problem is not the files in the flashdrive per se, but the fact that neither Malwarebytes nor Avast detected any suspiciuos file. And it is always coming again, no matter what I do to clean it.

 

I would appreciate any help in cleaning this up! :)

 

 

Here are my Farbar logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by eu (administrator) on HOME on 08-04-2014 08:44:41
Running from D:\Download
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Dropbox, Inc.) C:\Users\eu\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AdTrustMedia) C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6962400 2012-12-28] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-01] (AVAST Software)
HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [PrivDogService] - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe [525480 2013-12-13] (AdTrustMedia)
Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
HKU\S-1-5-21-22898457-475237953-2159820137-1000\...\Run: [tmp5A5F] - wscript.exe //B "C:\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbe" <===== ATTENTION
HKU\S-1-5-21-22898457-475237953-2159820137-1000\...\MountPoints2: {c40faf4e-69a3-11e2-86da-005056c00008} - G:\NokiaPCIA_Autorun.exe
Startup: C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\eu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEEA7CD5D4AFDCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1479528 2013-10-16] (Caixa Economica Federal)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default
FF NetworkProxy: "backup.ftp", "chasqueproxy.ufrgs.br"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "chasqueproxy.ufrgs.br"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "chasqueproxy.ufrgs.br"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "chasqueproxy.ufrgs.br"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "chasqueproxy.ufrgs.br"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "chasqueproxy.ufrgs.br"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "chasqueproxy.ufrgs.br"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: gastecnologia.com.br/sf/cef - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\npsf_CEF.dll (GAS Tecnologia)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF Extension: Ant Video Downloader - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\anttoolbar@ant.com [2013-12-30]
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\artur.dubovoy@gmail.com [2014-03-22]
FF Extension: PrivDog - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\PrivDog@AdTrustMedia.com.xpi [2014-04-06]
FF Extension: Download YouTube Videos as MP4 - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-12-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-27]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2014-01-05]
 
Chrome: 
=======
CHR HomePage: about:blank
CHR DefaultSearchKeyword: google.com.br
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Extension: (Google Docs) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-28]
CHR Extension: (Google Drive) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-28]
CHR Extension: (YouTube) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-28]
CHR Extension: (PrivDog) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-04-06]
CHR Extension: (Pesquisa do Google) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-28]
CHR Extension: (Google Wallet) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2013-12-17]
CHR Extension: (Gmail) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-28]
CHR HKCU\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-12-17]
CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-04-06]
 
==================== Services (Whitelisted) =================
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-03] (AVAST Software)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2014-02-27] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6812400 2014-03-25] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [452968 2013-10-16] (GAS Tecnologia)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-03] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-29] ()
S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows ® Win 7 DDK provider)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-03-25] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-03-25] (COMODO)
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [47192 2012-12-04] (GAS Tecnologia)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-03-25] (COMODO)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [32848 2013-10-18] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31824 2013-10-18] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-08 08:41 - 2014-04-08 08:44 - 00000000 ____D () C:\FRST
2014-04-06 08:14 - 2014-04-06 08:14 - 00000000 ____D () C:\Users\eu\AppData\Roaming\Comodo
2014-04-06 08:13 - 2014-04-06 08:13 - 00000000 ____D () C:\Users\eu\AppData\Local\AdTrustMedia
2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Users\Todos os Usuários\Adtrustmedia
2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-04-06 08:09 - 2014-04-06 12:16 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-04-06 08:09 - 2014-04-06 08:12 - 00000000 ____D () C:\Users\Todos os Usuários\Comodo Downloader
2014-04-06 08:09 - 2014-04-06 08:12 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\Users\Todos os Usuários\Shared Space
2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\ProgramData\Shared Space
2014-04-06 08:09 - 2014-03-25 16:22 - 00352984 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2014-04-06 08:09 - 2014-03-25 16:22 - 00284888 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2014-04-06 08:09 - 2014-03-25 16:22 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2014-04-06 08:09 - 2014-03-25 16:22 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2014-04-03 23:29 - 2014-04-08 08:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 23:29 - 2014-04-07 23:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 23:29 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 23:29 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 23:29 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 08:12 - 2014-03-01 03:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 08:12 - 2014-03-01 02:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 08:12 - 2014-03-01 02:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 08:12 - 2014-03-01 01:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 08:12 - 2014-03-01 01:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 08:12 - 2014-03-01 01:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 08:12 - 2014-03-01 01:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 08:12 - 2014-03-01 01:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 08:12 - 2014-03-01 01:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 08:12 - 2014-03-01 01:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 08:12 - 2014-03-01 01:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 08:12 - 2014-03-01 01:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 08:12 - 2014-03-01 01:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 08:12 - 2014-03-01 01:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 08:12 - 2014-03-01 01:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 08:12 - 2014-03-01 01:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 08:12 - 2014-03-01 01:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 08:12 - 2014-03-01 00:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 08:12 - 2014-03-01 00:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 08:12 - 2014-03-01 00:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 08:12 - 2014-03-01 00:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 08:12 - 2014-03-01 00:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 08:12 - 2014-03-01 00:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 08:12 - 2014-03-01 00:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 08:12 - 2014-03-01 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 08:12 - 2014-03-01 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 08:12 - 2014-03-01 00:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 08:12 - 2014-03-01 00:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 08:12 - 2014-03-01 00:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 08:12 - 2014-03-01 00:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 08:12 - 2014-03-01 00:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 08:12 - 2014-03-01 00:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 08:12 - 2014-03-01 00:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 08:12 - 2014-03-01 00:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 08:12 - 2014-02-28 23:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 08:12 - 2014-02-28 23:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 08:12 - 2014-02-28 23:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 08:12 - 2014-02-28 23:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 08:12 - 2014-02-28 23:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 08:12 - 2014-02-28 23:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 08:12 - 2014-02-06 22:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 08:12 - 2014-01-28 23:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 08:12 - 2014-01-28 23:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 08:12 - 2014-01-27 23:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 08:10 - 2014-02-03 23:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 08:10 - 2014-02-03 23:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 08:10 - 2014-02-03 23:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 08:10 - 2014-02-03 23:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
 
==================== One Month Modified Files and Folders =======
 
2014-04-08 08:44 - 2014-04-08 08:41 - 00000000 ____D () C:\FRST
2014-04-08 08:42 - 2009-07-14 01:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 08:42 - 2009-07-14 01:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 08:39 - 2013-01-28 20:43 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 08:23 - 2014-04-03 23:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 08:21 - 2013-01-26 09:07 - 01520385 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 08:20 - 2013-02-02 18:32 - 00000000 ____D () C:\Users\eu\AppData\Roaming\Dropbox
2014-04-08 08:17 - 2013-09-15 06:34 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\SysWOW64\Drivers\gbpndisrd.sys
2014-04-08 08:17 - 2013-09-15 06:34 - 00010266 _____ () C:\Windows\SysWOW64\Drivers\ndisrd.cat
2014-04-08 08:17 - 2013-09-15 06:34 - 00001402 _____ () C:\Windows\SysWOW64\Drivers\gas.cer
2014-04-08 08:17 - 2013-01-28 20:43 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 08:17 - 2013-01-27 22:13 - 00000000 ____D () C:\Users\Todos os Usuários\VMware
2014-04-08 08:17 - 2013-01-27 22:13 - 00000000 ____D () C:\ProgramData\VMware
2014-04-08 08:17 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 08:17 - 2009-07-14 01:51 - 00090828 _____ () C:\Windows\setupact.log
2014-04-08 08:16 - 2013-01-27 21:45 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA
2014-04-08 08:16 - 2013-01-27 21:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-08 08:07 - 2014-04-08 08:07 - 00000000 ____D () C:\tmp5A5F.tmp.vbe
2014-04-08 08:05 - 2009-07-14 14:55 - 00708536 _____ () C:\Windows\system32\prfh0416.dat
2014-04-08 08:05 - 2009-07-14 14:55 - 00148902 _____ () C:\Windows\system32\prfc0416.dat
2014-04-08 08:05 - 2009-07-14 02:13 - 01644176 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 23:34 - 2014-04-07 23:34 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-07 23:34 - 2014-04-03 23:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-07 23:17 - 2013-01-28 07:48 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-07 08:45 - 2013-01-28 20:15 - 00000000 ____D () C:\Users\eu\AppData\Local\VMware
2014-04-07 02:24 - 2013-01-28 20:15 - 00000000 ____D () C:\Users\eu\AppData\Roaming\VMware
2014-04-06 12:16 - 2014-04-06 08:09 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-04-06 08:14 - 2014-04-06 08:14 - 00000000 ____D () C:\Users\eu\AppData\Roaming\Comodo
2014-04-06 08:13 - 2014-04-06 08:13 - 00000000 ____D () C:\Users\eu\AppData\Local\AdTrustMedia
2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Users\Todos os Usuários\Adtrustmedia
2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-04-06 08:12 - 2014-04-06 08:09 - 00000000 ____D () C:\Users\Todos os Usuários\Comodo Downloader
2014-04-06 08:12 - 2014-04-06 08:09 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\Users\Todos os Usuários\Shared Space
2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\ProgramData\Shared Space
2014-04-06 08:09 - 2013-01-27 21:54 - 00002276 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-04-05 21:04 - 2009-07-14 02:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-05 18:26 - 2013-01-27 22:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-05 08:58 - 2009-07-14 02:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-04 07:20 - 2013-01-27 21:46 - 00201142 _____ () C:\Windows\PFRO.log
2014-04-03 23:39 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\IME
2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 09:51 - 2014-04-03 23:29 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-03 23:29 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-03 23:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
014-03-31 09:43 - 2013-01-26 09:08 - 00000000 ___RD () C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-31 07:34 - 2013-01-28 20:43 - 00004056 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-31 07:34 - 2013-01-28 20:43 - 00003804 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 16:22 - 2014-04-06 08:09 - 00352984 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2014-03-25 16:22 - 2014-04-06 08:09 - 00284888 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2014-03-25 16:22 - 2014-04-06 08:09 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2014-03-25 16:22 - 2014-04-06 08:09 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2014-03-25 16:22 - 2012-10-05 00:32 - 00738472 _____ (COMODO) C:\Windows\system32\Drivers\cmdGuard.sys
2014-03-25 16:22 - 2012-10-05 00:32 - 00453680 _____ (COMODO) C:\Windows\system32\guard64.dll
2014-03-25 16:22 - 2012-10-05 00:32 - 00363504 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2014-03-25 16:22 - 2012-10-05 00:32 - 00105552 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2014-03-25 16:22 - 2012-10-05 00:32 - 00048360 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2014-03-25 16:22 - 2012-10-05 00:32 - 00043216 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2014-03-25 16:22 - 2012-10-05 00:32 - 00023168 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2014-03-22 15:23 - 2013-12-28 00:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-17 23:43 - 2013-08-15 11:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-17 23:41 - 2013-01-28 19:16 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-12 21:57 - 2009-07-14 01:45 - 00414928 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 21:56 - 2014-01-01 20:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 21:56 - 2014-01-01 20:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 10:44 - 2013-02-15 22:01 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-03-12 10:44 - 2013-02-15 22:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-11 20:17 - 2013-01-28 07:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 20:17 - 2013-01-28 07:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 20:17 - 2013-01-28 07:48 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
Some content of TEMP:
====================
C:\Users\eu\AppData\Local\Temp\googleupdatesetup.exe
C:\Users\eu\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\eu\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\eu\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\eu\AppData\Local\Temp\nvStInst.exe
C:\Users\eu\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-30 11:35
 
==================== End Of Log ============================
 
 
Addition:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by eu at 2014-04-08 08:45:00
Running from D:\Download
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe)
Adobe Reader XI (11.0.06) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version:  - Microsoft)
Atualizações da NVIDIA 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Bullzip PDF Printer 9.7.0.1592 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.7.0.1592 - Bullzip)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 31.1.0.0 - COMODO)
COMODO Internet Security (HKLM\...\{E62381A7-B1C1-4121-8262-84D38C77786C}) (Version: 5.12.55693.2551 - COMODO Security Solutions Inc.)
Desinstalar impressora EPSON TX230 Series (HKLM\...\EPSON TX230 Series) (Version:  - SEIKO EPSON Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{E65AE514-9C14-48DE-BAE5-64A4F9CB6FE5}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM-x32\...\EEPPPlugIn) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (x32 Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Fences (HKLM-x32\...\Fences) (Version:  - Stardock Corporation)
Fences (Version: 1.0 - Stardock Corporation) Hidden
GBBD Caixa Econômica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.5.1.1 - )
GeekBuddy (HKLM-x32\...\{2E36CDA2-F82F-4A6D-B269-4BAB6CD9930E}) (Version: 4.11.91 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware versão 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (PTB) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 pt-BR)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MPC-HC 1.6.3.5818 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.3.5818 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)
NVIDIA Driver de áudio HD 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Driver de controle do 3D Vision 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Driver de gráficos 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA Software do sistema PhysX 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Painel de controle da NVIDIA 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
PANalytical X'Pert HighScore (HKLM-x32\...\{D81A0984-D494-4603-9BDE-C290B9DF02C8}) (Version: 2.0.1 - PANalytical B.V.)
PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6813 - Realtek Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.18 - Piriform)
tools-windows (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{52F3455A-9ADB-41A6-BCE7-8D99F3770590}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)
VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden
 
==================== Restore Points  =========================
 
18-03-2014 02:41:30 Windows Update
21-03-2014 10:22:43 Windows Update
25-03-2014 10:29:31 Windows Update
28-03-2014 22:48:22 Windows Update
01-04-2014 21:23:42 Windows Update
04-04-2014 22:56:05 Windows Update
08-04-2014 11:01:38 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 23:34 - 2013-12-17 19:35 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {124F6A4F-404E-4EAF-A157-604539B94266} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)
Task: {23EED20D-8797-4A30-8A37-BB46417FB42F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-28] (Google Inc.)
Task: {373AD6EF-C6E4-4695-8456-EE826772B7F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {4025F3BA-0EC5-49FA-93B1-851FE01EB26A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-03] (AVAST Software)
Task: {D12EDA79-E0C1-4A0B-8574-2CEA45912165} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)
Task: {D24AD88A-AC87-4BDE-8327-DAFF532F619C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-28] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-01-28 23:36 - 2013-03-15 01:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-28 11:35 - 2014-01-28 11:35 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2014-04-06 07:57 - 2014-04-06 04:21 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040600\algo.dll
2013-10-18 20:55 - 2013-10-18 20:55 - 25100288 _____ () C:\Users\eu\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-27 12:33 - 2014-02-27 12:33 - 00976080 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtNetwork4.dll
2014-02-27 12:33 - 2014-02-27 12:33 - 02254544 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtCore4.dll
2013-11-20 22:46 - 2013-11-20 22:46 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-27 12:33 - 2014-02-27 12:33 - 08024784 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtGui4.dll
2014-02-27 12:33 - 2014-02-27 12:33 - 01299664 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtScript4.dll
2013-10-18 11:46 - 2013-10-18 11:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-03-15 13:35 - 2014-03-14 21:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 13:35 - 2014-03-14 21:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 13:35 - 2014-03-14 21:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 13:35 - 2014-03-14 21:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 13:35 - 2014-03-14 21:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 13:35 - 2014-03-14 21:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 13:35 - 2014-03-14 21:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows\System32:9354C125_Cef.gbp
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/07/2014 11:54:13 PM) (Source: PerfNet) (User: )
Description: 
 
Error: (04/07/2014 11:54:13 PM) (Source: PerfNet) (User: )
Description: 
 
Error: (04/07/2014 11:54:13 PM) (Source: PerfNet) (User: )
Description: 
 
Error: (04/02/2014 07:51:24 PM) (Source: Application Hang) (User: )
Description: O programa explorer.exe versão 6.1.7601.17567 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
 
ID de Processo: 4cc
 
Hora de Início: 01cf4ec3e37d96f4
 
Hora de Término: 34
 
Caminho do Aplicativo: C:\Windows\explorer.exe
 
Id do Relatório: 4d31d85d-bab9-11e3-bde2-005056c00008
 
Error: (04/02/2014 07:35:45 PM) (Source: Application Hang) (User: )
Description: O programa Explorer.EXE versão 6.1.7601.17567 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
 
ID de Processo: 6e4
 
Hora de Início: 01cf4eb83ac60baf
 
Hora de Término: 22
 
Caminho do Aplicativo: C:\Windows\Explorer.EXE
 
Id do Relatório: 1a9f4af7-bab7-11e3-bde2-005056c00008
 
Error: (04/01/2014 08:07:25 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: wscript.exe, versão: 5.8.7601.18283, carimbo de hora: 0x5258a6e6
Nome do módulo de falhas: RPCRT4.dll, versão: 6.1.7601.18205, carimbo de hora: 0x51dba4dc
Código de exceção: 0xc0020043
Deslocamento com falha: 0x000000000008a5d3
Identificação do processo com falha: 0xdbc
Hora de início do aplicativo com falha: 0xwscript.exe0
Caminho do aplicativo com falha: wscript.exe1
FCaminho do módulo de falhas: wscript.exe2
Identificação do Relatório: wscript.exe3
 
Error: (03/28/2014 07:34:04 AM) (Source: Application Hang) (User: )
Description: O programa Explorer.EXE versão 6.1.7601.17567 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
 
ID de Processo: 6dc
 
Hora de Início: 01cf4a6f8a9f14ad
 
Hora de Término: 31
 
Caminho do Aplicativo: C:\Windows\Explorer.EXE
 
Id do Relatório: 73f232b9-b664-11e3-b6e3-005056c00008
 
Error: (02/26/2014 07:07:24 PM) (Source: Application Hang) (User: )
Description: O programa IEXPLORE.EXE versão 11.0.9600.16518 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
 
ID de Processo: ba0
 
Hora de Início: 01cf333f1d24cefd
 
Hora de Término: 10
 
Caminho do Aplicativo: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Id do Relatório:
 
Error: (02/12/2014 03:17:04 PM) (Source: vmauthd) (User: )
Description: 2014-02-12T16:17:04.474-02:00| vmware-authd.exe| E105: StartServiceCtrlDispatcher error = 1063
 
Error: (02/07/2014 01:54:03 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: IEXPLORE.EXE, versão: 11.0.9600.16428, carimbo de hora: 0x525b664c
Nome do módulo de falhas: aswWebRepIE.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x52d6c48c
Código de exceção: 0xc0000005
Deslocamento com falha: 0x62bd8162
Identificação do processo com falha: 0x444
Hora de início do aplicativo com falha: 0xIEXPLORE.EXE0
Caminho do aplicativo com falha: IEXPLORE.EXE1
FCaminho do módulo de falhas: IEXPLORE.EXE2
Identificação do Relatório: IEXPLORE.EXE3
 
 
System errors:
=============
Error: (04/08/2014 08:20:17 AM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço NVIDIA Update Service Daemon devido ao seguinte erro: 
%%1069
 
Error: (04/08/2014 08:20:17 AM) (Source: Service Control Manager) (User: )
Description: O serviço nvUpdatusService não pôde fazer logon como .\UpdatusUser com a senha configurada atualmente devido ao seguinte erro: 
%%1330
 
Para verificar se o serviço está configurado corretamente, use o snap-in de Serviços do Console de Gerenciamento Microsoft.
 
Error: (04/08/2014 08:17:53 AM) (Source: Service Control Manager) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: 
CFRMD
 
Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )
Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )
Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )
Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )
Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )
Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )
Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
Error: (04/08/2014 08:11:18 AM) (Source: Service Control Manager) (User: )
Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
 
Microsoft Office Sessions:
=========================
 

 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

Hi Marius!

Thank you very much for your assitance!

 

Here is Malwarebytes log. It didn't demand me to restart, so I had to ignore that step.

 

-----

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 08/04/2014
Scan Time: 20:37:29
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.08.09
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: eu
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280067
Time Elapsed: 8 min, 48 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
---------
 
And here is the FRST fixlog:
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by eu at 2014-04-08 20:22:58 Run:1
Running from D:\Download
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-22898457-475237953-2159820137-1000\...\Run: [tmp5A5F] - wscript.exe //B "C:\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbe" <===== ATTENTION
Startup: C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbe ()
AlternateDataStreams: C:\Windows\System32:9354C125_Cef.gbp
BHO-x32: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
FF Extension: PrivDog - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\PrivDog@AdTrustMedia.com.xpi [2014-04-06]
CHR Extension: (PrivDog) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-04-06]
CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-04-06]
 
C:\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbe
C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbe
C:\Program Files (x86)\AdTrustMedia
2014-04-06 08:13 - 2014-04-06 08:13 - 00000000 ____D () C:\Users\eu\AppData\Local\AdTrustMedia
2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Users\Todos os Usuários\Adtrustmedia
2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
 
REBOOT:
*****************
 
HKU\S-1-5-21-22898457-475237953-2159820137-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmp5A5F => Value deleted successfully.
C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbe => Moved successfully.
C:\Windows\System32 => ":9354C125_Cef.gbp" ADS removed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key deleted successfully.
C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\PrivDog@AdTrustMedia.com.xpi => Moved successfully.
C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cmaiofennmphjldldcpphcechfnnohja => Key deleted successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx => Moved successfully.
Could not move "C:\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbe" => Scheduled to move on reboot.
"C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbe" => File/Directory not found.
 
"C:\Program Files (x86)\AdTrustMedia" directory move:
 
C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_dragon.crx => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\UninstallTrustedAds.exe => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\finalizesetup.exe => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\magpie.dll => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\mfc100u.dll => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\msvcp100.dll => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\msvcr100.dll => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\scriptservice.dll => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\background.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\backgroundHandlers.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\backgroundSession.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\chrome_wrapper.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\configLoader.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\content.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\contentHandlers.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\contentSession.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\infoLookup.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\localConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\messaging.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\options.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\popup.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\scriptInjector.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\scriptLoader.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\searchActions.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\searchEngineUtils.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\serpInjector.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\settings.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\verifycontentloaded.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\schemas\exclusionsConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\schemas\lookupRequest.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\schemas\lookupResponse.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\schemas\scriptInjectConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\schemas\SERPConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\schemas\serverConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\schemas\trustAdConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\models\exclusionsConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\models\lookupRequest.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\models\lookupResponse.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\models\preloadJS.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\models\SERPConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\models\serverConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\models\trustAdConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\backbone-schema.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\backbone-xml.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\backbone.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\backbone.localStorage.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\backgroundDispatch.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\contentDispatch.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\ddr-ecma5.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\environments.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\events.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\ie-basiclibs.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\ie-basiclibs_svc.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\jquery.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\json-schema-draft-01.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\json-schema-draft-02.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\json-schema-draft-03.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\json3.min.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\jsv.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\require.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\sax.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\stacktrace.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\sys.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\underscore.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\uri.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\xml2js-schema.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\xml2js.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\action_bw.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\action_clr.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\action_none.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\arrow_right.gif => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\header_normal.gif => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\header_over.gif => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\icon.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\icon128.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\icon16.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\icon48.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\logo.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\html\background.html => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\html\background_chrome.html => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\html\chrome_wrapper.html => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\html\localStorage.html => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\config\advcon_2_0.json => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\config\exlst.json => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\config\icconfg_2_0_865_ie.json => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\config\messageDispatcher.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\config\serp\bing_ie.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\config\serp\google_ie.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\config\serp\serpinject_2_0_865_ie.json => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\finalizesetup.exe => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\magpie.dll => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\mfc100u.dll => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\msvcp100.dll => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\msvcr100.dll => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\scriptservice.dll => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\background.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\backgroundHandlers.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\backgroundSession.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\chrome_wrapper.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\cloudBasedRetargeting.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\configLoader.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\content.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\contentHandlers.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\contentSession.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\infoLookup.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\localConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\messaging.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\options.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\popup.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\scriptInjector.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\scriptLoader.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\searchActions.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\searchEngineUtils.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\serpInjector.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\settings.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\verifycontentloaded.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\schemas\exclusionsConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\schemas\lookupRequest.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\schemas\lookupResponse.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\schemas\scriptInjectConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\schemas\SERPConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\schemas\serverConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\schemas\trustAdConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\models\exclusionsConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\models\lookupRequest.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\models\lookupResponse.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\models\preloadJS.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\models\SERPConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\models\serverConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\models\trustAdConfig.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\backbone-schema.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\backbone-xml.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\backbone.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\backbone.localStorage.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\backgroundDispatch.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\contentDispatch.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\ddr-ecma5.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\environments.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\events.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\ie-basiclibs.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\jquery.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\json-schema-draft-01.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\json-schema-draft-02.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\json-schema-draft-03.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\json3.min.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\jsv.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\require.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\sax.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\stacktrace.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\sys.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\underscore.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\uri.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\xml2js-schema.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\xml2js.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\action_bw.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\action_clr.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\action_none.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\arrow_right.gif => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\header_normal.gif => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\header_over.gif => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\icon.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\icon128.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\icon16.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\icon48.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\logo.png => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\html\background.html => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\html\background_chrome.html => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\html\chrome_wrapper.html => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\html\localStorage.html => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\config\advcon_2_0.json => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\config\exlst.json => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\config\icconfg_2_0_865_ie.json => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\config\messageDispatcher.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\config\serp\bing_ie.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\config\serp\google_ie.js => Moved successfully.
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\config\serp\serpinject_2_0_865_ie.json => Moved successfully.
Could not move "C:\Program Files (x86)\AdTrustMedia" directory. => Scheduled to move on reboot.
 
C:\Users\eu\AppData\Local\AdTrustMedia => Moved successfully.
C:\Users\Todos os Usuários\Adtrustmedia => Moved successfully.
"C:\ProgramData\Adtrustmedia" => File/Directory not found.
C:\Program Files\AdTrustMedia => Moved successfully.
C:\Program Files (x86)\AdTrustMedia => Moved successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-08 20:24:31)<=
 
C:\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbe => Is moved successfully.
C:\Program Files (x86)\AdTrustMedia => Is moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Alright, there it goes...

 

By the way, the "AdTrustMedia\PrivDog\" entries removed in the first step were part of the Comodo Firewall Kit. Are you sure they were malicious?

 

 
TDSS-Killer:
 
07:41:49.0978 0x1208  TDSS rootkit removing tool 3.0.0.30 Apr  7 2014 15:39:12
07:41:56.0452 0x1208  ============================================================
07:41:56.0452 0x1208  Current date / time: 2014/04/09 07:41:56.0452
07:41:56.0452 0x1208  SystemInfo:
07:41:56.0452 0x1208  
07:41:56.0452 0x1208  OS Version: 6.1.7601 ServicePack: 1.0
07:41:56.0452 0x1208  Product type: Workstation
07:41:56.0453 0x1208  ComputerName: HOME
07:41:56.0453 0x1208  UserName: eu
07:41:56.0453 0x1208  Windows directory: C:\Windows
07:41:56.0453 0x1208  System windows directory: C:\Windows
07:41:56.0453 0x1208  Running under WOW64
07:41:56.0453 0x1208  Processor architecture: Intel x64
07:41:56.0453 0x1208  Number of processors: 4
07:41:56.0453 0x1208  Page size: 0x1000
07:41:56.0453 0x1208  Boot type: Normal boot
07:41:56.0453 0x1208  ============================================================
07:42:00.0393 0x1208  KLMD registered as C:\Windows\system32\drivers\36056622.sys
07:42:00.0506 0x1208  System UUID: {BA94DF31-47BE-ED8D-B811-2C83CBA3C2DD}
07:42:01.0465 0x1208  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:42:01.0494 0x1208  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:42:01.0549 0x1208  ============================================================
07:42:01.0549 0x1208  \Device\Harddisk0\DR0:
07:42:01.0554 0x1208  MBR partitions:
07:42:01.0554 0x1208  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:42:01.0554 0x1208  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x18DFC000
07:42:01.0554 0x1208  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x18E2E800, BlocksNum 0x5B8D7800
07:42:01.0554 0x1208  \Device\Harddisk1\DR1:
07:42:01.0561 0x1208  MBR partitions:
07:42:01.0561 0x1208  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
07:42:01.0561 0x1208  ============================================================
07:42:01.0631 0x1208  C: <-> \Device\Harddisk0\DR0\Partition2
07:42:01.0833 0x1208  D: <-> \Device\Harddisk0\DR0\Partition3
07:42:01.0866 0x1208  F: <-> \Device\Harddisk1\DR1\Partition1
07:42:01.0866 0x1208  ============================================================
07:42:01.0866 0x1208  Initialize success
07:42:01.0866 0x1208  ============================================================
07:42:12.0892 0x15d4  ============================================================
07:42:12.0892 0x15d4  Scan started
07:42:12.0892 0x15d4  Mode: Manual; 
07:42:12.0892 0x15d4  ============================================================
07:42:12.0892 0x15d4  KSN ping started
07:42:15.0972 0x15d4  KSN ping finished: true
07:42:16.0553 0x15d4  ================ Scan system memory ========================
07:42:16.0553 0x15d4  System memory - ok
07:42:16.0554 0x15d4  ================ Scan services =============================
07:42:16.0682 0x15d4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
07:42:16.0689 0x15d4  1394ohci - ok
07:42:16.0810 0x15d4  [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
07:42:16.0825 0x15d4  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
07:42:16.0858 0x15d4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:42:16.0864 0x15d4  ACPI - ok
07:42:16.0875 0x15d4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
07:42:16.0876 0x15d4  AcpiPmi - ok
07:42:16.0922 0x15d4  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:42:16.0924 0x15d4  AdobeARMservice - ok
07:42:16.0994 0x15d4  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:42:17.0000 0x15d4  AdobeFlashPlayerUpdateSvc - ok
07:42:17.0041 0x15d4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
07:42:17.0052 0x15d4  adp94xx - ok
07:42:17.0066 0x15d4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
07:42:17.0071 0x15d4  adpahci - ok
07:42:17.0082 0x15d4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
07:42:17.0085 0x15d4  adpu320 - ok
07:42:17.0098 0x15d4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:42:17.0101 0x15d4  AeLookupSvc - ok
07:42:17.0143 0x15d4  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
07:42:17.0151 0x15d4  AFD - ok
07:42:17.0163 0x15d4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
07:42:17.0164 0x15d4  agp440 - ok
07:42:17.0174 0x15d4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
07:42:17.0177 0x15d4  ALG - ok
07:42:17.0194 0x15d4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:42:17.0195 0x15d4  aliide - ok
07:42:17.0221 0x15d4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
07:42:17.0221 0x15d4  amdide - ok
07:42:17.0228 0x15d4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
07:42:17.0229 0x15d4  AmdK8 - ok
07:42:17.0237 0x15d4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
07:42:17.0238 0x15d4  AmdPPM - ok
07:42:17.0260 0x15d4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:42:17.0262 0x15d4  amdsata - ok
07:42:17.0305 0x15d4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
07:42:17.0311 0x15d4  amdsbs - ok
07:42:17.0336 0x15d4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:42:17.0337 0x15d4  amdxata - ok
07:42:17.0396 0x15d4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
07:42:17.0399 0x15d4  AppID - ok
07:42:17.0407 0x15d4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:42:17.0410 0x15d4  AppIDSvc - ok
07:42:17.0440 0x15d4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
07:42:17.0444 0x15d4  Appinfo - ok
07:42:17.0455 0x15d4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
07:42:17.0458 0x15d4  arc - ok
07:42:17.0474 0x15d4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
07:42:17.0478 0x15d4  arcsas - ok
07:42:17.0548 0x15d4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:42:17.0559 0x15d4  aspnet_state - ok
07:42:17.0611 0x15d4  [ 0ACC3F49015E628590CA4372322EB46B, EB4E22EB4E840261168AF750E878E7A28CC080A89CEF77B5037C2897C40D1DE3 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
07:42:17.0614 0x15d4  aswMonFlt - ok
07:42:17.0639 0x15d4  [ 679712B7A353EE665B9301592164A172, CA3C918106A355BAFD0833BB493DF2CCBC2D0F90CA7EBF5E27CC088C7170B0E0 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
07:42:17.0643 0x15d4  aswRdr - ok
07:42:17.0704 0x15d4  [ C04F7B373881009D7994D9BF55D24AB4, 5DEEA804F4F9862024F40A204E88DBCFFBDD2DC87CA86145E3FB649CFCCDC624 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
07:42:17.0707 0x15d4  aswRvrt - ok
07:42:17.0755 0x15d4  [ 43599E630DFC30AD4E6A2B4B269EB1C0, DA6C7FDC1F6A57117B17F697A94190CC0BB9E32B8CBB4F8C042AA461361CC74C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
07:42:17.0774 0x15d4  aswSnx - ok
07:42:17.0806 0x15d4  [ F22DE5F5BA8ADA0A861441B624B51EB5, 58EF9FB3328B6B470F3652DBCE8ACEDAEE6839AC393889A02052298CA204689B ] aswSP           C:\Windows\system32\drivers\aswSP.sys
07:42:17.0813 0x15d4  aswSP - ok
07:42:17.0850 0x15d4  [ FD3EA14ADF6216BDF4030DB2EFD43D96, 2D3009008AAE93285301B5844DC214D6B05ECB05D37AE08895D8E7187A0BB619 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
07:42:17.0851 0x15d4  aswStm - ok
07:42:17.0879 0x15d4  [ 90399625F341AB76BA4B85A5E860EB1F, 92DD461B14240222F451F971642844A4DAD9DF4FFEAA8F12D16EA117822BEEF3 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
07:42:17.0886 0x15d4  aswVmm - ok
07:42:17.0898 0x15d4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:42:17.0899 0x15d4  AsyncMac - ok
07:42:17.0934 0x15d4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
07:42:17.0936 0x15d4  atapi - ok
07:42:17.0993 0x15d4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:42:18.0017 0x15d4  AudioEndpointBuilder - ok
07:42:18.0032 0x15d4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
07:42:18.0043 0x15d4  AudioSrv - ok
07:42:18.0107 0x15d4  [ CC42F104172B4A62793083D380867317, 0B09823419B328E29EB9FFBD033B3295590E414F31E7B37F11F62BD4B7EBAF06 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:42:18.0109 0x15d4  avast! Antivirus - ok
07:42:18.0156 0x15d4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:42:18.0162 0x15d4  AxInstSV - ok
07:42:18.0222 0x15d4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
07:42:18.0234 0x15d4  b06bdrv - ok
07:42:18.0284 0x15d4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
07:42:18.0290 0x15d4  b57nd60a - ok
07:42:18.0311 0x15d4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:42:18.0315 0x15d4  BDESVC - ok
07:42:18.0323 0x15d4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:42:18.0324 0x15d4  Beep - ok
07:42:18.0373 0x15d4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
07:42:18.0393 0x15d4  BFE - ok
07:42:18.0420 0x15d4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
07:42:18.0438 0x15d4  BITS - ok
07:42:18.0446 0x15d4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
07:42:18.0447 0x15d4  blbdrive - ok
07:42:18.0478 0x15d4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:42:18.0480 0x15d4  bowser - ok
07:42:18.0489 0x15d4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:42:18.0490 0x15d4  BrFiltLo - ok
07:42:18.0492 0x15d4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:42:18.0493 0x15d4  BrFiltUp - ok
07:42:18.0522 0x15d4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
07:42:18.0525 0x15d4  Browser - ok
07:42:18.0533 0x15d4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
07:42:18.0538 0x15d4  Brserid - ok
07:42:18.0548 0x15d4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:42:18.0549 0x15d4  BrSerWdm - ok
07:42:18.0552 0x15d4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:42:18.0552 0x15d4  BrUsbMdm - ok
07:42:18.0564 0x15d4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:42:18.0565 0x15d4  BrUsbSer - ok
07:42:18.0571 0x15d4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
07:42:18.0573 0x15d4  BTHMODEM - ok
07:42:18.0580 0x15d4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
07:42:18.0583 0x15d4  bthserv - ok
07:42:18.0597 0x15d4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:42:18.0600 0x15d4  cdfs - ok
07:42:18.0626 0x15d4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
07:42:18.0629 0x15d4  cdrom - ok
07:42:18.0661 0x15d4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
07:42:18.0664 0x15d4  CertPropSvc - ok
07:42:18.0695 0x15d4  CFRMD - ok
07:42:18.0711 0x15d4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
07:42:18.0714 0x15d4  circlass - ok
07:42:18.0752 0x15d4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
07:42:18.0764 0x15d4  CLFS - ok
07:42:18.0831 0x15d4  [ 0D879DB3B6E84206AC10902526B6AE35, 10E29EE5AB61E7B91DBCF1CDC6576897103ECE2E85B4FA72B4D2BF4D0C3EC730 ] CLPSLauncher    C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
07:42:18.0833 0x15d4  CLPSLauncher - ok
07:42:18.0895 0x15d4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:42:18.0899 0x15d4  clr_optimization_v2.0.50727_32 - ok
07:42:18.0940 0x15d4  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:42:18.0944 0x15d4  clr_optimization_v2.0.50727_64 - ok
07:42:19.0030 0x15d4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:42:19.0035 0x15d4  clr_optimization_v4.0.30319_32 - ok
07:42:19.0079 0x15d4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:42:19.0084 0x15d4  clr_optimization_v4.0.30319_64 - ok
07:42:19.0098 0x15d4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
07:42:19.0100 0x15d4  CmBatt - ok
07:42:19.0324 0x15d4  [ 1C41DCC53A3F02912EA9BC06005FBD53, C871C4DEB74AA46D841C28F21D8C349CAA340F1672CB0CEB035BA8B2768E36A0 ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
07:42:19.0424 0x15d4  cmdAgent - ok
07:42:19.0470 0x15d4  [ 93D049245D74B1174AB1DE151F8D630A, 04F79E52C87B009604B9F63B02DBD8462FC3369DDFAF7DDE0267A6F539CB4632 ] cmdGuard        C:\Windows\system32\DRIVERS\cmdguard.sys
07:42:19.0481 0x15d4  cmdGuard - ok
07:42:19.0492 0x15d4  [ A5FA552398D98D8F7A38F3454AAA0FB6, 75CAAF0D3B07C2181419385AF4D08E90271F7162E1A5F0469DF984A713706F44 ] cmdHlp          C:\Windows\system32\DRIVERS\cmdhlp.sys
07:42:19.0493 0x15d4  cmdHlp - ok
07:42:19.0525 0x15d4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:42:19.0526 0x15d4  cmdide - ok
07:42:19.0618 0x15d4  [ E621EC50B1A85D875904CC0741F03D16, 644077BC4560DA3E8EEAD93170A0E1B7D67293338280A34315BED4A684D42EEB ] cmdvirth        C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
07:42:19.0651 0x15d4  cmdvirth - ok
07:42:19.0688 0x15d4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
07:42:19.0695 0x15d4  CNG - ok
07:42:19.0706 0x15d4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
07:42:19.0707 0x15d4  Compbatt - ok
07:42:19.0750 0x15d4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
07:42:19.0751 0x15d4  CompositeBus - ok
07:42:19.0765 0x15d4  COMSysApp - ok
07:42:19.0771 0x15d4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
07:42:19.0772 0x15d4  crcdisk - ok
07:42:19.0814 0x15d4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:42:19.0822 0x15d4  CryptSvc - ok
07:42:19.0869 0x15d4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:42:19.0891 0x15d4  DcomLaunch - ok
07:42:19.0922 0x15d4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
07:42:19.0929 0x15d4  defragsvc - ok
07:42:19.0957 0x15d4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:42:19.0960 0x15d4  DfsC - ok
07:42:19.0996 0x15d4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:42:20.0007 0x15d4  Dhcp - ok
07:42:20.0020 0x15d4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
07:42:20.0021 0x15d4  discache - ok
07:42:20.0045 0x15d4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
07:42:20.0047 0x15d4  Disk - ok
07:42:20.0089 0x15d4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:42:20.0096 0x15d4  Dnscache - ok
07:42:20.0135 0x15d4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:42:20.0146 0x15d4  dot3svc - ok
07:42:20.0175 0x15d4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
07:42:20.0179 0x15d4  DPS - ok
07:42:20.0296 0x15d4  [ 49B2C034D77F9F73C80AC55E795CCB6E, EC3B3AF80FA86222E63ABA646C3452C7AD1B9462A1A18D059F5F7EC18C37D97C ] DragonUpdater   C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
07:42:20.0328 0x15d4  DragonUpdater - ok
07:42:20.0360 0x15d4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:42:20.0360 0x15d4  drmkaud - ok
07:42:20.0425 0x15d4  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:42:20.0445 0x15d4  DXGKrnl - ok
07:42:20.0467 0x15d4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
07:42:20.0471 0x15d4  EapHost - ok
07:42:20.0554 0x15d4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
07:42:20.0603 0x15d4  ebdrv - ok
07:42:20.0644 0x15d4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
07:42:20.0646 0x15d4  EFS - ok
07:42:20.0697 0x15d4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:42:20.0719 0x15d4  ehRecvr - ok
07:42:20.0744 0x15d4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
07:42:20.0747 0x15d4  ehSched - ok
07:42:20.0767 0x15d4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
07:42:20.0775 0x15d4  elxstor - ok
07:42:20.0838 0x15d4  [ 757305C7AD34222F4A46D86FE0BEE241, 94540DC1EA19821EACC796EF4FE247005B02E417B30E91383D1260E9D9A8B747 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
07:42:20.0846 0x15d4  EpsonCustomerParticipation - ok
07:42:20.0876 0x15d4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:42:20.0877 0x15d4  ErrDev - ok
07:42:20.0900 0x15d4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
07:42:20.0910 0x15d4  EventSystem - ok
07:42:20.0928 0x15d4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
07:42:20.0932 0x15d4  exfat - ok
07:42:20.0942 0x15d4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:42:20.0947 0x15d4  fastfat - ok
07:42:20.0996 0x15d4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
07:42:21.0011 0x15d4  Fax - ok
07:42:21.0023 0x15d4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
07:42:21.0024 0x15d4  fdc - ok
07:42:21.0034 0x15d4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
07:42:21.0037 0x15d4  fdPHost - ok
07:42:21.0047 0x15d4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
07:42:21.0050 0x15d4  FDResPub - ok
07:42:21.0061 0x15d4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:42:21.0064 0x15d4  FileInfo - ok
07:42:21.0071 0x15d4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:42:21.0073 0x15d4  Filetrace - ok
07:42:21.0081 0x15d4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
07:42:21.0082 0x15d4  flpydisk - ok
07:42:21.0104 0x15d4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:42:21.0111 0x15d4  FltMgr - ok
07:42:21.0163 0x15d4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
07:42:21.0246 0x15d4  FontCache - ok
07:42:21.0328 0x15d4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:42:21.0330 0x15d4  FontCache3.0.0.0 - ok
07:42:21.0365 0x15d4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
07:42:21.0394 0x15d4  FsDepends - ok
07:42:21.0444 0x15d4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:42:21.0445 0x15d4  Fs_Rec - ok
07:42:21.0482 0x15d4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:42:21.0486 0x15d4  fvevol - ok
07:42:21.0534 0x15d4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
07:42:21.0535 0x15d4  gagp30kx - ok
07:42:21.0592 0x15d4  GbpKm - ok
07:42:21.0635 0x15d4  [ DAAA237C34A506EF56D44A56EA039CC0, 9819B804818EC1E8EEC78CA5F00E985977962FF5CAA08F4CC814E1E0DCFC063B ] GbpSv           C:\PROGRA~2\GbPlugin\GbpSv.exe
07:42:21.0642 0x15d4  GbpSv - ok
07:42:21.0739 0x15d4  [ 39B47A50DC3D5E898298468307765710, 06268FF65CF69E2B0822477C2D1DA44721B1ADBE4F06C0D3AC0B70C2A18D8DC6 ] GeekBuddyRSP    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
07:42:21.0779 0x15d4  GeekBuddyRSP - ok
07:42:21.0827 0x15d4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
07:42:21.0844 0x15d4  gpsvc - ok
07:42:21.0897 0x15d4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:42:21.0899 0x15d4  gupdate - ok
07:42:21.0905 0x15d4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:42:21.0907 0x15d4  gupdatem - ok
07:42:21.0946 0x15d4  [ 6E02DDFFA0E8C069A92A0888B0CB8415, 44816EA24121AD0C9EB8048BED9250D7992CD0C0ABA69C3269A633D48297B7A7 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
07:42:21.0948 0x15d4  hcmon - ok
07:42:21.0959 0x15d4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
07:42:21.0960 0x15d4  hcw85cir - ok
07:42:22.0013 0x15d4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:42:22.0025 0x15d4  HdAudAddService - ok
07:42:22.0060 0x15d4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
07:42:22.0062 0x15d4  HDAudBus - ok
07:42:22.0081 0x15d4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
07:42:22.0082 0x15d4  HidBatt - ok
07:42:22.0145 0x15d4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
07:42:22.0147 0x15d4  HidBth - ok
07:42:22.0168 0x15d4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
07:42:22.0169 0x15d4  HidIr - ok
07:42:22.0186 0x15d4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
07:42:22.0189 0x15d4  hidserv - ok
07:42:22.0218 0x15d4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
07:42:22.0219 0x15d4  HidUsb - ok
07:42:22.0248 0x15d4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:42:22.0254 0x15d4  hkmsvc - ok
07:42:22.0287 0x15d4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:42:22.0320 0x15d4  HomeGroupListener - ok
07:42:22.0343 0x15d4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:42:22.0354 0x15d4  HomeGroupProvider - ok
07:42:22.0390 0x15d4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:42:22.0393 0x15d4  HpSAMD - ok
07:42:22.0544 0x15d4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:42:22.0560 0x15d4  HTTP - ok
07:42:22.0589 0x15d4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:42:22.0590 0x15d4  hwpolicy - ok
07:42:22.0641 0x15d4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
07:42:22.0644 0x15d4  i8042prt - ok
07:42:22.0668 0x15d4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
07:42:22.0674 0x15d4  iaStorV - ok
07:42:22.0710 0x15d4  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:42:22.0723 0x15d4  idsvc - ok
07:42:22.0747 0x15d4  IEEtwCollectorService - ok
07:42:22.0760 0x15d4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
07:42:22.0763 0x15d4  iirsp - ok
07:42:22.0822 0x15d4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
07:42:22.0840 0x15d4  IKEEXT - ok
07:42:22.0882 0x15d4  [ F0DBF4E46E7F788D503FD1F0345D8843, F8E8E6B02CA36302F5860CEC7D7F1DE9828E0A5F045F34215F09CDCBEC4A12EE ] inspect         C:\Windows\system32\DRIVERS\inspect.sys
07:42:22.0884 0x15d4  inspect - ok
07:42:23.0001 0x15d4  [ A3A59F353985B0D68EDDD1AC3E6D511E, 648F817B891AC9E79B511DC26F884C09BE7819D0D2DA21EF6B40A5175A7103C1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:42:23.0051 0x15d4  IntcAzAudAddService - ok
07:42:23.0082 0x15d4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
07:42:23.0082 0x15d4  intelide - ok
07:42:23.0095 0x15d4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:42:23.0096 0x15d4  intelppm - ok
07:42:23.0114 0x15d4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:42:23.0118 0x15d4  IPBusEnum - ok
07:42:23.0144 0x15d4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:42:23.0146 0x15d4  IpFilterDriver - ok
07:42:23.0209 0x15d4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:42:23.0222 0x15d4  iphlpsvc - ok
07:42:23.0251 0x15d4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
07:42:23.0252 0x15d4  IPMIDRV - ok
07:42:23.0292 0x15d4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
07:42:23.0297 0x15d4  IPNAT - ok
07:42:23.0308 0x15d4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:42:23.0310 0x15d4  IRENUM - ok
07:42:23.0339 0x15d4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:42:23.0340 0x15d4  isapnp - ok
07:42:23.0358 0x15d4  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
07:42:23.0365 0x15d4  iScsiPrt - ok
07:42:23.0384 0x15d4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
07:42:23.0386 0x15d4  kbdclass - ok
07:42:23.0397 0x15d4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
07:42:23.0399 0x15d4  kbdhid - ok
07:42:23.0409 0x15d4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
07:42:23.0412 0x15d4  KeyIso - ok
07:42:23.0443 0x15d4  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:42:23.0446 0x15d4  KSecDD - ok
07:42:23.0461 0x15d4  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
07:42:23.0465 0x15d4  KSecPkg - ok
07:42:23.0479 0x15d4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
07:42:23.0480 0x15d4  ksthunk - ok
07:42:23.0507 0x15d4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:42:23.0519 0x15d4  KtmRm - ok
07:42:23.0548 0x15d4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
07:42:23.0554 0x15d4  LanmanServer - ok
07:42:23.0582 0x15d4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:42:23.0588 0x15d4  LanmanWorkstation - ok
07:42:23.0611 0x15d4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:42:23.0612 0x15d4  lltdio - ok
07:42:23.0635 0x15d4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:42:23.0643 0x15d4  lltdsvc - ok
07:42:23.0659 0x15d4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:42:23.0661 0x15d4  lmhosts - ok
07:42:23.0688 0x15d4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
07:42:23.0690 0x15d4  LSI_FC - ok
07:42:23.0701 0x15d4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
07:42:23.0703 0x15d4  LSI_SAS - ok
07:42:23.0714 0x15d4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:42:23.0715 0x15d4  LSI_SAS2 - ok
07:42:23.0723 0x15d4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:42:23.0725 0x15d4  LSI_SCSI - ok
07:42:23.0739 0x15d4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
07:42:23.0742 0x15d4  luafv - ok
07:42:23.0765 0x15d4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
07:42:23.0769 0x15d4  Mcx2Svc - ok
07:42:23.0779 0x15d4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
07:42:23.0780 0x15d4  megasas - ok
07:42:23.0798 0x15d4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
07:42:23.0802 0x15d4  MegaSR - ok
07:42:23.0839 0x15d4  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
07:42:23.0842 0x15d4  MEIx64 - ok
07:42:23.0963 0x15d4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
07:42:23.0983 0x15d4  MMCSS - ok
07:42:24.0031 0x15d4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
07:42:24.0033 0x15d4  Modem - ok
07:42:24.0125 0x15d4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:42:24.0127 0x15d4  monitor - ok
07:42:24.0167 0x15d4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
07:42:24.0170 0x15d4  mouclass - ok
07:42:24.0229 0x15d4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:42:24.0231 0x15d4  mouhid - ok
07:42:24.0281 0x15d4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:42:24.0285 0x15d4  mountmgr - ok
07:42:24.0351 0x15d4  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:42:24.0355 0x15d4  MozillaMaintenance - ok
07:42:24.0396 0x15d4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:42:24.0402 0x15d4  mpio - ok
07:42:24.0420 0x15d4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:42:24.0423 0x15d4  mpsdrv - ok
07:42:24.0477 0x15d4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:42:24.0503 0x15d4  MpsSvc - ok
07:42:24.0530 0x15d4  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:42:24.0533 0x15d4  MRxDAV - ok
07:42:24.0564 0x15d4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:42:24.0568 0x15d4  mrxsmb - ok
07:42:24.0578 0x15d4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:42:24.0585 0x15d4  mrxsmb10 - ok
07:42:24.0596 0x15d4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:42:24.0599 0x15d4  mrxsmb20 - ok
07:42:24.0634 0x15d4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
07:42:24.0635 0x15d4  msahci - ok
07:42:24.0644 0x15d4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:42:24.0646 0x15d4  msdsm - ok
07:42:24.0660 0x15d4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
07:42:24.0665 0x15d4  MSDTC - ok
07:42:24.0680 0x15d4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:42:24.0681 0x15d4  Msfs - ok
07:42:24.0699 0x15d4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
07:42:24.0699 0x15d4  mshidkmdf - ok
07:42:24.0707 0x15d4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:42:24.0708 0x15d4  msisadrv - ok
07:42:24.0735 0x15d4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:42:24.0743 0x15d4  MSiSCSI - ok
07:42:24.0748 0x15d4  msiserver - ok
07:42:24.0771 0x15d4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:42:24.0772 0x15d4  MSKSSRV - ok
07:42:24.0791 0x15d4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:42:24.0792 0x15d4  MSPCLOCK - ok
07:42:24.0796 0x15d4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:42:24.0797 0x15d4  MSPQM - ok
07:42:24.0839 0x15d4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:42:24.0852 0x15d4  MsRPC - ok
07:42:24.0881 0x15d4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
07:42:24.0882 0x15d4  mssmbios - ok
07:42:24.0885 0x15d4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:42:24.0885 0x15d4  MSTEE - ok
Link to post
Share on other sites

...

 

07:42:24.0892 0x15d4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
07:42:24.0893 0x15d4  MTConfig - ok
07:42:24.0901 0x15d4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
07:42:24.0903 0x15d4  Mup - ok
07:42:24.0939 0x15d4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
07:42:24.0950 0x15d4  napagent - ok
07:42:24.0977 0x15d4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:42:24.0982 0x15d4  NativeWifiP - ok
07:42:25.0044 0x15d4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:42:25.0059 0x15d4  NDIS - ok
07:42:25.0076 0x15d4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
07:42:25.0078 0x15d4  NdisCap - ok
07:42:25.0087 0x15d4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:42:25.0088 0x15d4  NdisTapi - ok
07:42:25.0121 0x15d4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:42:25.0122 0x15d4  Ndisuio - ok
07:42:25.0147 0x15d4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:42:25.0150 0x15d4  NdisWan - ok
07:42:25.0184 0x15d4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:42:25.0188 0x15d4  NDProxy - ok
07:42:25.0215 0x15d4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:42:25.0219 0x15d4  NetBIOS - ok
07:42:25.0242 0x15d4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
07:42:25.0249 0x15d4  NetBT - ok
07:42:25.0257 0x15d4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
07:42:25.0259 0x15d4  Netlogon - ok
07:42:25.0303 0x15d4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
07:42:25.0313 0x15d4  Netman - ok
07:42:25.0562 0x15d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:42:25.0567 0x15d4  NetMsmqActivator - ok
07:42:25.0607 0x15d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:42:25.0611 0x15d4  NetPipeActivator - ok
07:42:25.0635 0x15d4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
07:42:25.0646 0x15d4  netprofm - ok
07:42:25.0651 0x15d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:42:25.0654 0x15d4  NetTcpActivator - ok
07:42:25.0659 0x15d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:42:25.0662 0x15d4  NetTcpPortSharing - ok
07:42:25.0686 0x15d4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
07:42:25.0687 0x15d4  nfrd960 - ok
07:42:25.0705 0x15d4  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:42:25.0713 0x15d4  NlaSvc - ok
07:42:25.0726 0x15d4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:42:25.0728 0x15d4  Npfs - ok
07:42:25.0750 0x15d4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
07:42:25.0752 0x15d4  nsi - ok
07:42:25.0765 0x15d4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:42:25.0765 0x15d4  nsiproxy - ok
07:42:25.0838 0x15d4  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:42:25.0882 0x15d4  Ntfs - ok
07:42:25.0890 0x15d4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
07:42:25.0891 0x15d4  Null - ok
07:42:25.0932 0x15d4  [ B4F53BCA4C688FF47F04FA90098F896E, 6051CFC0CFE659A2C4CFC1029F19CF1B1B98A1A5E59C2B3A10D7B3407A7FA5C0 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
07:42:25.0935 0x15d4  NVHDA - ok
07:42:26.0229 0x15d4  [ 4EE399576F76D38C04745DB739BBC8C7, 7D7FB6013D5D3EE1908F37188AA440EE6EF80A432204EB59AE190ACD14CD1FE0 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:42:26.0394 0x15d4  nvlddmkm - ok
07:42:26.0444 0x15d4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:42:26.0447 0x15d4  nvraid - ok
07:42:26.0498 0x15d4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:42:26.0501 0x15d4  nvstor - ok
07:42:26.0595 0x15d4  [ 7335C3D78A7746D76D37F6722CC4A466, 18BDD51AB0EB4084E1DA2F27B8D4FCF488ED9161C034BB3CDFF5BE33F84C1D37 ] nvsvc           C:\Windows\system32\nvvsvc.exe
07:42:26.0610 0x15d4  nvsvc - ok
07:42:26.0728 0x15d4  [ B7C53DA1C73FF39F4A6248643EFD979A, 528C4984F09F66D4CBA5A9B7C78FBAA04E558309B0D66EB1C29AD2B30D9993F7 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
07:42:26.0747 0x15d4  nvUpdatusService - ok
07:42:26.0758 0x15d4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:42:26.0760 0x15d4  nv_agp - ok
07:42:26.0857 0x15d4  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:42:26.0869 0x15d4  odserv - ok
07:42:26.0886 0x15d4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:42:26.0888 0x15d4  ohci1394 - ok
07:42:26.0921 0x15d4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:42:26.0925 0x15d4  ose - ok
07:42:26.0950 0x15d4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:42:26.0960 0x15d4  p2pimsvc - ok
07:42:26.0995 0x15d4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
07:42:27.0008 0x15d4  p2psvc - ok
07:42:27.0039 0x15d4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
07:42:27.0041 0x15d4  Parport - ok
07:42:27.0071 0x15d4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:42:27.0073 0x15d4  partmgr - ok
07:42:27.0091 0x15d4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:42:27.0102 0x15d4  PcaSvc - ok
07:42:27.0116 0x15d4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
07:42:27.0120 0x15d4  pci - ok
07:42:27.0131 0x15d4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
07:42:27.0132 0x15d4  pciide - ok
07:42:27.0152 0x15d4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
07:42:27.0156 0x15d4  pcmcia - ok
07:42:27.0170 0x15d4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
07:42:27.0171 0x15d4  pcw - ok
07:42:27.0292 0x15d4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:42:27.0306 0x15d4  PEAUTH - ok
07:42:27.0358 0x15d4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
07:42:27.0363 0x15d4  PerfHost - ok
07:42:27.0442 0x15d4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
07:42:27.0478 0x15d4  pla - ok
07:42:27.0523 0x15d4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:42:27.0533 0x15d4  PlugPlay - ok
07:42:27.0561 0x15d4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
07:42:27.0565 0x15d4  PNRPAutoReg - ok
07:42:27.0574 0x15d4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
07:42:27.0583 0x15d4  PNRPsvc - ok
07:42:27.0601 0x15d4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:42:27.0613 0x15d4  PolicyAgent - ok
07:42:27.0629 0x15d4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
07:42:27.0634 0x15d4  Power - ok
07:42:27.0664 0x15d4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:42:27.0666 0x15d4  PptpMiniport - ok
07:42:27.0676 0x15d4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
07:42:27.0678 0x15d4  Processor - ok
07:42:27.0730 0x15d4  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
07:42:27.0740 0x15d4  ProfSvc - ok
07:42:27.0754 0x15d4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
07:42:27.0757 0x15d4  ProtectedStorage - ok
07:42:27.0792 0x15d4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:42:27.0794 0x15d4  Psched - ok
07:42:27.0863 0x15d4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
07:42:27.0900 0x15d4  ql2300 - ok
07:42:27.0919 0x15d4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
07:42:27.0921 0x15d4  ql40xx - ok
07:42:27.0934 0x15d4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
07:42:27.0948 0x15d4  QWAVE - ok
07:42:27.0960 0x15d4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:42:27.0962 0x15d4  QWAVEdrv - ok
07:42:27.0986 0x15d4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:42:27.0986 0x15d4  RasAcd - ok
07:42:28.0001 0x15d4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
07:42:28.0003 0x15d4  RasAgileVpn - ok
07:42:28.0016 0x15d4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
07:42:28.0028 0x15d4  RasAuto - ok
07:42:28.0060 0x15d4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:42:28.0063 0x15d4  Rasl2tp - ok
07:42:28.0080 0x15d4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
07:42:28.0091 0x15d4  RasMan - ok
07:42:28.0105 0x15d4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:42:28.0107 0x15d4  RasPppoe - ok
07:42:28.0140 0x15d4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:42:28.0142 0x15d4  RasSstp - ok
07:42:28.0185 0x15d4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:42:28.0192 0x15d4  rdbss - ok
07:42:28.0205 0x15d4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
07:42:28.0207 0x15d4  rdpbus - ok
07:42:28.0232 0x15d4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:42:28.0233 0x15d4  RDPCDD - ok
07:42:28.0244 0x15d4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:42:28.0245 0x15d4  RDPENCDD - ok
07:42:28.0271 0x15d4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
07:42:28.0272 0x15d4  RDPREFMP - ok
07:42:28.0315 0x15d4  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:42:28.0317 0x15d4  RdpVideoMiniport - ok
07:42:28.0372 0x15d4  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:42:28.0398 0x15d4  RDPWD - ok
07:42:28.0461 0x15d4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:42:28.0465 0x15d4  rdyboost - ok
07:42:28.0487 0x15d4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:42:28.0493 0x15d4  RemoteAccess - ok
07:42:28.0519 0x15d4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:42:28.0524 0x15d4  RemoteRegistry - ok
07:42:28.0539 0x15d4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:42:28.0543 0x15d4  RpcEptMapper - ok
07:42:28.0554 0x15d4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
07:42:28.0556 0x15d4  RpcLocator - ok
07:42:28.0578 0x15d4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
07:42:28.0589 0x15d4  RpcSs - ok
07:42:28.0602 0x15d4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:42:28.0604 0x15d4  rspndr - ok
07:42:28.0649 0x15d4  [ 39A719875F572241C585A629EE62EB14, EE42DB11710374A2A97ED5B58A9DA0AECC8AB0DF4DEEAC5970F33046255CE2F9 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
07:42:28.0663 0x15d4  RTL8167 - ok
07:42:28.0678 0x15d4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
07:42:28.0680 0x15d4  SamSs - ok
07:42:28.0712 0x15d4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:42:28.0714 0x15d4  sbp2port - ok
07:42:28.0731 0x15d4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:42:28.0738 0x15d4  SCardSvr - ok
07:42:28.0760 0x15d4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:42:28.0761 0x15d4  scfilter - ok
07:42:28.0823 0x15d4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
07:42:28.0870 0x15d4  Schedule - ok
07:42:28.0901 0x15d4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:42:28.0904 0x15d4  SCPolicySvc - ok
07:42:28.0939 0x15d4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:42:28.0948 0x15d4  SDRSVC - ok
07:42:28.0959 0x15d4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:42:28.0961 0x15d4  secdrv - ok
07:42:28.0971 0x15d4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
07:42:28.0976 0x15d4  seclogon - ok
07:42:29.0002 0x15d4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
07:42:29.0007 0x15d4  SENS - ok
07:42:29.0020 0x15d4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:42:29.0025 0x15d4  SensrSvc - ok
07:42:29.0029 0x15d4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
07:42:29.0031 0x15d4  Serenum - ok
07:42:29.0054 0x15d4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
07:42:29.0057 0x15d4  Serial - ok
07:42:29.0067 0x15d4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
07:42:29.0068 0x15d4  sermouse - ok
07:42:29.0104 0x15d4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
07:42:29.0112 0x15d4  SessionEnv - ok
07:42:29.0116 0x15d4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:42:29.0118 0x15d4  sffdisk - ok
07:42:29.0131 0x15d4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:42:29.0132 0x15d4  sffp_mmc - ok
07:42:29.0137 0x15d4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:42:29.0138 0x15d4  sffp_sd - ok
07:42:29.0145 0x15d4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
07:42:29.0146 0x15d4  sfloppy - ok
07:42:29.0185 0x15d4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:42:29.0197 0x15d4  SharedAccess - ok
07:42:29.0234 0x15d4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:42:29.0249 0x15d4  ShellHWDetection - ok
07:42:29.0269 0x15d4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:42:29.0271 0x15d4  SiSRaid2 - ok
07:42:29.0285 0x15d4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
07:42:29.0289 0x15d4  SiSRaid4 - ok
07:42:29.0307 0x15d4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:42:29.0311 0x15d4  Smb - ok
07:42:29.0326 0x15d4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:42:29.0332 0x15d4  SNMPTRAP - ok
07:42:29.0345 0x15d4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
07:42:29.0346 0x15d4  spldr - ok
07:42:29.0395 0x15d4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
07:42:29.0416 0x15d4  Spooler - ok
07:42:29.0530 0x15d4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
07:42:29.0584 0x15d4  sppsvc - ok
07:42:29.0615 0x15d4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
07:42:29.0619 0x15d4  sppuinotify - ok
07:42:29.0654 0x15d4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:42:29.0664 0x15d4  srv - ok
07:42:29.0682 0x15d4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:42:29.0691 0x15d4  srv2 - ok
07:42:29.0705 0x15d4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:42:29.0709 0x15d4  srvnet - ok
07:42:29.0725 0x15d4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:42:29.0731 0x15d4  SSDPSRV - ok
07:42:29.0744 0x15d4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:42:29.0749 0x15d4  SstpSvc - ok
07:42:29.0825 0x15d4  [ 81F177C1954453AF407604160BD149CB, D6B05F7E399690233C71C1E4B88F95D566BC6A14D145715A8A8C0FFD591147F0 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
07:42:29.0837 0x15d4  Stereo Service - ok
07:42:29.0858 0x15d4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
07:42:29.0860 0x15d4  stexstor - ok
07:42:29.0918 0x15d4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
07:42:29.0936 0x15d4  stisvc - ok
07:42:29.0953 0x15d4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
07:42:29.0953 0x15d4  swenum - ok
07:42:29.0981 0x15d4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
07:42:29.0994 0x15d4  swprv - ok
07:42:30.0052 0x15d4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
07:42:30.0105 0x15d4  SysMain - ok
07:42:30.0136 0x15d4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:42:30.0141 0x15d4  TabletInputService - ok
07:42:30.0162 0x15d4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:42:30.0175 0x15d4  TapiSrv - ok
07:42:30.0215 0x15d4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
07:42:30.0249 0x15d4  TBS - ok
07:42:30.0342 0x15d4  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:42:30.0372 0x15d4  Tcpip - ok
07:42:30.0456 0x15d4  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:42:30.0485 0x15d4  TCPIP6 - ok
07:42:30.0516 0x15d4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:42:30.0518 0x15d4  tcpipreg - ok
07:42:30.0527 0x15d4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:42:30.0528 0x15d4  TDPIPE - ok
07:42:30.0546 0x15d4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:42:30.0547 0x15d4  TDTCP - ok
07:42:30.0590 0x15d4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:42:30.0595 0x15d4  tdx - ok
07:42:30.0611 0x15d4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
07:42:30.0614 0x15d4  TermDD - ok
07:42:30.0642 0x15d4  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
07:42:30.0660 0x15d4  TermService - ok
07:42:30.0668 0x15d4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
07:42:30.0673 0x15d4  Themes - ok
07:42:30.0688 0x15d4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
07:42:30.0691 0x15d4  THREADORDER - ok
07:42:30.0703 0x15d4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
07:42:30.0709 0x15d4  TrkWks - ok
07:42:30.0759 0x15d4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:42:30.0766 0x15d4  TrustedInstaller - ok
07:42:30.0796 0x15d4  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:42:30.0798 0x15d4  tssecsrv - ok
07:42:30.0817 0x15d4  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:42:30.0820 0x15d4  TsUsbFlt - ok
07:42:30.0872 0x15d4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:42:30.0876 0x15d4  tunnel - ok
07:42:30.0889 0x15d4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
07:42:30.0892 0x15d4  uagp35 - ok
07:42:30.0934 0x15d4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:42:30.0946 0x15d4  udfs - ok
07:42:30.0958 0x15d4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:42:30.0963 0x15d4  UI0Detect - ok
07:42:30.0974 0x15d4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:42:30.0975 0x15d4  uliagpkx - ok
07:42:31.0000 0x15d4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
07:42:31.0002 0x15d4  umbus - ok
07:42:31.0015 0x15d4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
07:42:31.0016 0x15d4  UmPass - ok
07:42:31.0035 0x15d4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
07:42:31.0046 0x15d4  upnphost - ok
07:42:31.0065 0x15d4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
07:42:31.0067 0x15d4  usbccgp - ok
07:42:31.0091 0x15d4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:42:31.0094 0x15d4  usbcir - ok
07:42:31.0123 0x15d4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
07:42:31.0125 0x15d4  usbehci - ok
07:42:31.0168 0x15d4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:42:31.0179 0x15d4  usbhub - ok
07:42:31.0229 0x15d4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
07:42:31.0230 0x15d4  usbohci - ok
07:42:31.0245 0x15d4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
07:42:31.0247 0x15d4  usbprint - ok
07:42:31.0265 0x15d4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:42:31.0268 0x15d4  USBSTOR - ok
07:42:31.0298 0x15d4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
07:42:31.0300 0x15d4  usbuhci - ok
07:42:31.0339 0x15d4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
07:42:31.0359 0x15d4  UxSms - ok
07:42:31.0417 0x15d4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
07:42:31.0421 0x15d4  VaultSvc - ok
07:42:31.0434 0x15d4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:42:31.0436 0x15d4  vdrvroot - ok
07:42:31.0490 0x15d4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
07:42:31.0510 0x15d4  vds - ok
07:42:31.0537 0x15d4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:42:31.0538 0x15d4  vga - ok
07:42:31.0545 0x15d4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:42:31.0546 0x15d4  VgaSave - ok
07:42:31.0575 0x15d4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
07:42:31.0579 0x15d4  vhdmp - ok
07:42:31.0622 0x15d4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
07:42:31.0623 0x15d4  viaide - ok
07:42:31.0655 0x15d4  [ 549CD7035F5CF5CEE4DE11539C9715F4, 6FED4D5161420890A92C3B811B4CBD18A1A106D5F5E674166E538E65A1C68E04 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
07:42:31.0657 0x15d4  VMAuthdService - ok
07:42:31.0718 0x15d4  [ BE8E5E5D53ACF71D4E8E686B68C99B04, 4F30A360095FCB2627068FA6A65A951688058E8FDDF5CE895E2AE39500A413B1 ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
07:42:31.0722 0x15d4  vmci - ok
07:42:31.0763 0x15d4  [ CCB2A61113D093B9B5CCCF1D60D65E7A, 4459DD26ACF1B7675016B16BA02814E2A35FE862DEDA31AC7110CE2C2E3947AA ] vmkbd2          C:\Windows\system32\drivers\VMkbd.sys
07:42:31.0765 0x15d4  vmkbd2 - ok
07:42:31.0791 0x15d4  [ 18AA5F4A3B1204AD00045EE5AD39BCDB, 0211A8E94F169A2A52CD39CD580293907EBE104E52038DC36B988DE1CA7F2392 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
07:42:31.0793 0x15d4  VMnetAdapter - ok
07:42:31.0820 0x15d4  [ 04CD4347CD9E8C40F78AD51F7FF426D0, BCA3E593E118BCA30142B23CD1CBE6905442D31C3DEB4C71B06D721E601F7BD8 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
07:42:31.0823 0x15d4  VMnetBridge - ok
07:42:31.0845 0x15d4  VMnetDHCP - ok
07:42:31.0859 0x15d4  [ 668C12E04D5AB4981864B12494AF907F, 20D94E5E060EB04558B39B33A81C989D7F9DB52C7378FECF9D430F1DC385E4E0 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
07:42:31.0862 0x15d4  VMnetuserif - ok
07:42:31.0892 0x15d4  [ 344244FC6F299FBE6F09FB0FC7FDEC0C, 97323F17C95846F93C16E757B4C20D47660ED88DD390767BB81ACF6BA5C1566A ] VMparport       C:\Windows\system32\drivers\VMparport.sys
07:42:31.0894 0x15d4  VMparport - ok
07:42:31.0923 0x15d4  [ F347A28F63162FF82BDDAADC14935BA4, 44C11B483CCA161E7097ED74C819464FE99C1E6AA9B1AB6A637BACDA6EF48519 ] vmusb           C:\Windows\system32\DRIVERS\vmusb.sys
07:42:31.0926 0x15d4  vmusb - ok
07:42:31.0983 0x15d4  [ 093B967896BA9EF2ADFCD75E185B9DA9, 3D6F5FF56311D4B506D02F77620B80EDB54E6E560BDF53AC9F3CDBB037D0ACA0 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
07:42:32.0004 0x15d4  VMUSBArbService - ok
07:42:32.0009 0x15d4  VMware NAT Service - ok
07:42:32.0021 0x15d4  [ EBAC38A198308359FD89C10704265E5E, 7C234FE34D6A65D754F8B2EA0458365997CF97B88779B01551E5227910943224 ] vmx86           C:\Windows\system32\drivers\vmx86.sys
07:42:32.0023 0x15d4  vmx86 - ok
07:42:32.0029 0x15d4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:42:32.0031 0x15d4  volmgr - ok
07:42:32.0074 0x15d4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:42:32.0080 0x15d4  volmgrx - ok
07:42:32.0111 0x15d4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:42:32.0115 0x15d4  volsnap - ok
07:42:32.0147 0x15d4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
07:42:32.0150 0x15d4  vsmraid - ok
07:42:32.0160 0x15d4  [ CB4D2E3C5E8BFA3CF6AFFF6DDC6CC70D, 32A891045AF36FEAC62373894B98ABDCEA437978BDE027169C22EBC2C72D586E ] vsock           C:\Windows\system32\drivers\vsock.sys
07:42:32.0162 0x15d4  vsock - ok
07:42:32.0224 0x15d4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
07:42:32.0273 0x15d4  VSS - ok
07:42:32.0286 0x15d4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
07:42:32.0287 0x15d4  vwifibus - ok
07:42:32.0314 0x15d4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
07:42:32.0324 0x15d4  W32Time - ok
07:42:32.0336 0x15d4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
07:42:32.0337 0x15d4  WacomPen - ok
07:42:32.0349 0x15d4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
07:42:32.0350 0x15d4  WANARP - ok
07:42:32.0358 0x15d4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:42:32.0360 0x15d4  Wanarpv6 - ok
07:42:32.0422 0x15d4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
07:42:32.0456 0x15d4  WatAdminSvc - ok
07:42:32.0502 0x15d4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
07:42:32.0544 0x15d4  wbengine - ok
07:42:32.0561 0x15d4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:42:32.0568 0x15d4  WbioSrvc - ok
07:42:32.0588 0x15d4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:42:32.0598 0x15d4  wcncsvc - ok
07:42:32.0606 0x15d4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:42:32.0610 0x15d4  WcsPlugInService - ok
07:42:32.0616 0x15d4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
07:42:32.0617 0x15d4  Wd - ok
07:42:32.0660 0x15d4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:42:32.0672 0x15d4  Wdf01000 - ok
07:42:32.0685 0x15d4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:42:32.0690 0x15d4  WdiServiceHost - ok
07:42:32.0694 0x15d4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:42:32.0698 0x15d4  WdiSystemHost - ok
07:42:32.0723 0x15d4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
07:42:32.0731 0x15d4  WebClient - ok
07:42:32.0748 0x15d4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:42:32.0755 0x15d4  Wecsvc - ok
07:42:32.0765 0x15d4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:42:32.0770 0x15d4  wercplsupport - ok
07:42:32.0793 0x15d4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:42:32.0797 0x15d4  WerSvc - ok
07:42:32.0809 0x15d4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
07:42:32.0811 0x15d4  WfpLwf - ok
07:42:32.0826 0x15d4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:42:32.0828 0x15d4  WIMMount - ok
07:42:32.0845 0x15d4  WinDefend - ok
07:42:32.0861 0x15d4  WinHttpAutoProxySvc - ok
07:42:32.0909 0x15d4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:42:32.0920 0x15d4  Winmgmt - ok
07:42:33.0006 0x15d4  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
07:42:33.0063 0x15d4  WinRM - ok
07:42:33.0125 0x15d4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
07:42:33.0128 0x15d4  WinUsb - ok
07:42:33.0276 0x15d4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:42:33.0309 0x15d4  Wlansvc - ok
07:42:33.0324 0x15d4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
07:42:33.0325 0x15d4  WmiAcpi - ok
07:42:33.0353 0x15d4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:42:33.0358 0x15d4  wmiApSrv - ok
07:42:33.0361 0x15d4  WMPNetworkSvc - ok
07:42:33.0373 0x15d4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:42:33.0381 0x15d4  WPCSvc - ok
07:42:33.0425 0x15d4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:42:33.0431 0x15d4  WPDBusEnum - ok
07:42:33.0444 0x15d4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:42:33.0445 0x15d4  ws2ifsl - ok
07:42:33.0459 0x15d4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
07:42:33.0464 0x15d4  wscsvc - ok
07:42:33.0467 0x15d4  WSearch - ok
07:42:33.0559 0x15d4  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
07:42:33.0628 0x15d4  wuauserv - ok
07:42:33.0652 0x15d4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:42:33.0654 0x15d4  WudfPf - ok
07:42:33.0689 0x15d4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:42:33.0692 0x15d4  WUDFRd - ok
07:42:33.0706 0x15d4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:42:33.0712 0x15d4  wudfsvc - ok
07:42:33.0745 0x15d4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
07:42:33.0753 0x15d4  WwanSvc - ok
07:42:33.0770 0x15d4  ================ Scan global ===============================
07:42:33.0782 0x15d4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
07:42:33.0815 0x15d4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:42:33.0826 0x15d4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:42:33.0852 0x15d4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
07:42:33.0868 0x15d4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
07:42:33.0875 0x15d4  [ Global ] - ok
07:42:33.0876 0x15d4  ================ Scan MBR ==================================
07:42:33.0881 0x15d4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:42:34.0163 0x15d4  \Device\Harddisk0\DR0 - ok
07:42:34.0166 0x15d4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
07:42:34.0199 0x15d4  \Device\Harddisk1\DR1 - ok
07:42:34.0200 0x15d4  ================ Scan VBR ==================================
07:42:34.0204 0x15d4  [ 3F8B44AD7A282A0E54DF03679B18D564 ] \Device\Harddisk0\DR0\Partition1
07:42:34.0254 0x15d4  \Device\Harddisk0\DR0\Partition1 - ok
07:42:34.0256 0x15d4  [ 793D0D2CF9DBDC9D5D31BCF0A71758D4 ] \Device\Harddisk0\DR0\Partition2
07:42:34.0303 0x15d4  \Device\Harddisk0\DR0\Partition2 - ok
07:42:34.0307 0x15d4  [ E1825C85550F91D7007E6166378C31EA ] \Device\Harddisk0\DR0\Partition3
07:42:34.0341 0x15d4  \Device\Harddisk0\DR0\Partition3 - ok
07:42:34.0344 0x15d4  [ 552AEBB7636BF2B96923096BD763A413 ] \Device\Harddisk1\DR1\Partition1
07:42:34.0422 0x15d4  \Device\Harddisk1\DR1\Partition1 - ok
07:42:34.0423 0x15d4  Waiting for KSN requests completion. In queue: 331
07:42:35.0423 0x15d4  Waiting for KSN requests completion. In queue: 331
07:42:36.0423 0x15d4  Waiting for KSN requests completion. In queue: 331
07:42:37.0423 0x15d4  Waiting for KSN requests completion. In queue: 19
07:42:38.0423 0x15d4  Waiting for KSN requests completion. In queue: 19
07:42:39.0511 0x15d4  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2013.292 ), 0x41000 ( enabled : updated )
07:42:39.0516 0x15d4  FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 7.0.53315.4132 ), 0x61010 ( enabled )
07:42:42.0696 0x15d4  ============================================================
07:42:42.0696 0x15d4  Scan finished
07:42:42.0696 0x15d4  ============================================================
07:42:42.0702 0x0fa0  Detected object count: 0
07:42:42.0702 0x0fa0  Actual detected object count: 0
07:43:21.0948 0x1520  Deinitialize success
 
ESET
C:\FRST\Quarantine\C\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbe.xBAD VBS/Agent.NDH worm
C:\FRST\Quarantine\C\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbe.xBAD VBS/Agent.NDH worm
D:\progsetups\Download\kazaalitekpp210b3e.exe a variant of Generik.LMYDTZQ trojan
D:\progsetups\Outros\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi potentially unwanted application
D:\progsetups\Outros\VMware Workstation-5.5.1 keygen.exe a variant of Win32/Keygen.IH potentially unsafe application
D:\progsetups\Outros\winscp429setup.exe Win32/OpenCandy potentially unsafe application
D:\progsetups\System Health\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\progsetups\_Kit Básico\avira_free_antivirus_ptbr.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\progsetups\_Kit Básico\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\progsetups\_Kit Básico\spsetup118.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\___ C médio\Users\eu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ2U5ZGU\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\Download\uplayermediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application
F:\progsetups\Download\kazaalitekpp210b3e.exe a variant of Generik.LMYDTZQ trojan
F:\progsetups\Outros\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi potentially unwanted application
F:\progsetups\Outros\VMware Workstation-5.5.1 keygen.exe a variant of Win32/Keygen.IH potentially unsafe application
F:\progsetups\Outros\winscp429setup.exe Win32/OpenCandy potentially unsafe application
F:\progsetups\System Health\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
F:\progsetups\_Kit Básico\avira_free_antivirus_ptbr.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\progsetups\_Kit Básico\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
F:\progsetups\_Kit Básico\spsetup118.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
F:\___ C médio\Users\eu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ2U5ZGU\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
 
Link to post
Share on other sites

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.

Link to post
Share on other sites

Psychotic,
I apologise for using cracked software, and I must say I agree with every word in your previous post. Totaly. But please, allow me an explanation.

First of all, I'm not CURRENTLY using ANY cracked software. Not that I know (I'm not the only one using this computer though). I DID used it in the past, many years ago, and the installation file is really there, in my HD, but it's NOT installed. That's not and an excuse for having it, just and explanation about WHY it's there if agree with you. I have a paid Windows license, a paid Office license, and most of the software I use are free.

And yes, I'll remove the little cracked bastard as soon as I get home, you have my word on that.


But please. let's take a closer look in the last post results, ok? TDSS-Killer logs said nothing to me, but most of ESET logs are false positives. See below:

1) Those lines refer to virus that got inside my flashdrive from a public computer (in a library), I never installed it. Those are reports from FRST, probably consequence of FRST fix.
C:\FRST\Quarantine\C\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbe.xBAD VBS/Agent.NDH worm
C:\FRST\Quarantine\C\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbe.xBAD VBS/Agent.NDH worm

2) Those are free software, I've never cracked'em
D:\progsetups\Download\kazaalitekpp210b3e.exe a variant of Generik.LMYDTZQ trojan
D:\progsetups\Outros\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi potentially unwanted application

3) This is, indeed, the only one I recognise as cracked, and I'll delete it.
D:\progsetups\Outros\VMware Workstation-5.5.1 keygen.exe a variant of Win32/Keygen.IH potentially unsafe application

4) Those are free software, I've never cracked'em
D:\progsetups\Outros\winscp429setup.exe Win32/OpenCandy potentially unsafe application
D:\progsetups\System Health\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\progsetups\_Kit Básico\avira_free_antivirus_ptbr.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\progsetups\_Kit Básico\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\progsetups\_Kit Básico\spsetup118.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

5) This is from an old backup; and it's from IE Temporary Internet Files, anyway. There is no crack there.
D:\___ C médio\Users\eu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ2U5ZGU\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

6) "F" is my backup disk. I don't remember installing uplayermediaplayer-setup.exe and I see this file reported as malicious in the internet, but it surely isn't cracked. Anyway... I'll delete it too.
F:\Download\uplayermediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application

7) Those are just copies from the previous findings (as I said, "F" is my backup disk, so everything is there)
F:\progsetups\Download\kazaalitekpp210b3e.exe a variant of Generik.LMYDTZQ trojan
F:\progsetups\Outros\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi potentially unwanted application
F:\progsetups\Outros\VMware Workstation-5.5.1 keygen.exe a variant of Win32/Keygen.IH potentially unsafe application
F:\progsetups\Outros\winscp429setup.exe Win32/OpenCandy potentially unsafe application
F:\progsetups\System Health\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
F:\progsetups\_Kit Básico\avira_free_antivirus_ptbr.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\progsetups\_Kit Básico\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
F:\progsetups\_Kit Básico\spsetup118.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
F:\___ C médio\Users\eu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ2U5ZGU\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

So, in the end, all I've seen is one cracking software (that I'll remove) but that has not been in use for years (it reports to VMware Workstation-5.5.1... updated version of this file is 10.0!).
If you have seen any other cracking/cracked file in those reports, please tell me. I'm really not aware of anything else, and I'll be glad to get rid of it.

That said, I ask you to please keep helping me with this issue.

And thank you very much for your time and effort.

Link to post
Share on other sites

Hi there,

 

when we see any evidence for cracked software, we post the text above. It makes no difference if it is one ore more lines.

Thank your for your understanding - let´s proceed:

 

 

D:\progsetups\Outros\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi potentially unwanted application
D:\progsetups\Outros\VMware Workstation-5.5.1 keygen.exe a variant of Win32/Keygen.IH potentially unsafe application
D:\progsetups\Outros\winscp429setup.exe Win32/OpenCandy potentially unsafe application
D:\progsetups\System Health\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\progsetups\_Kit Básico\avira_free_antivirus_ptbr.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\progsetups\_Kit Básico\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\progsetups\_Kit Básico\spsetup118.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\___ C médio\Users\eu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ2U5ZGU\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\Download\uplayermediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application
F:\progsetups\Outros\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi potentially unwanted application
F:\progsetups\Outros\VMware Workstation-5.5.1 keygen.exe a variant of Win32/Keygen.IH potentially unsafe application
F:\progsetups\Outros\winscp429setup.exe Win32/OpenCandy potentially unsafe application
F:\progsetups\System Health\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
F:\progsetups\_Kit Básico\avira_free_antivirus_ptbr.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\progsetups\_Kit Básico\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
F:\progsetups\_Kit Básico\spsetup118.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
F:\___ C médio\Users\eu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ2U5ZGU\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

These files aren´t malware but contain security risks. I would delete them immediately - your choice.

 

 

 

D:\progsetups\Download\kazaalitekpp210b3e.exe a variant of Generik.LMYDTZQ trojan

F:\progsetups\Download\kazaalitekpp210b3e.exe a variant of Generik.LMYDTZQ trojan

These filese are definitely malicious - please delete them both.

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Here we go:

---

AdCleaner:

# AdwCleaner v3.023 - Relatório criado 11/04/2014 às 09:11:49
# Atualizado 01/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : eu - HOME
# Executando de : D:\Download\adwcleaner.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
Pasta Deletada : C:\ProgramData\boost_interprocess
Pasta Deletada : C:\Users\eu\AppData\Local\PackageAware
Arquivo Deletada : C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\.autoreg
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v28.0 (pt-BR)
 
[ Arquivo : C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\prefs.js ]
 
Linha deletada : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1395511029623");
 
-\\ Google Chrome v34.0.1847.116
 
[ Arquivo : C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1327 octets] - [11/04/2014 09:04:21]
AdwCleaner[R1].txt - [1265 octets] - [11/04/2014 09:06:55]
AdwCleaner[s0].txt - [1179 octets] - [11/04/2014 09:11:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1239 octets] ##########
 
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by eu on 12/04/2014 at  9:12:56,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\privdogservice
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\eu\AppData\Roaming\mozilla\firefox\profiles\mnr47gzx.default\minidumps [8 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/04/2014 at  9:35:47,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
SecurityCheck
 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
 Adobe Reader XI  
 Mozilla Firefox (28.0) 
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe 
 NVIDIA Corporation PhysX Common AvastSvc.exe -?- 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites

Your system is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.


    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.