boxit Posted April 8, 2014 ID:815298 Share Posted April 8, 2014 Hello people!I've plugged my flashdrive in a public computer and that's the gift I get: a USB virus/worm called tmp5A5F.tmp.vbe. So all files/folders turn into shortcuts to hidden files, pointing to the vbe malicious file.The problem is not the files in the flashdrive per se, but the fact that neither Malwarebytes nor Avast detected any suspiciuos file. And it is always coming again, no matter what I do to clean it. I would appreciate any help in cleaning this up! Here are my Farbar logs: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)Ran by eu (administrator) on HOME on 08-04-2014 08:44:41Running from D:\DownloadWindows 7 Home Premium Service Pack 1 (X64) OS Language: Portuguese BrazilianInternet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe(Microsoft Corporation) C:\Windows\System32\wscript.exe(Dropbox, Inc.) C:\Users\eu\AppData\Roaming\Dropbox\bin\Dropbox.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(AdTrustMedia) C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6962400 2012-12-28] (Realtek Semiconductor)HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-01] (AVAST Software)HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.)HKLM-x32\...\Run: [PrivDogService] - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe [525480 2013-12-13] (AdTrustMedia)Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)HKU\S-1-5-21-22898457-475237953-2159820137-1000\...\Run: [tmp5A5F] - wscript.exe //B "C:\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbe" <===== ATTENTIONHKU\S-1-5-21-22898457-475237953-2159820137-1000\...\MountPoints2: {c40faf4e-69a3-11e2-86da-005056c00008} - G:\NokiaPCIA_Autorun.exeStartup: C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\eu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEEA7CD5D4AFDCD01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BRBHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cabShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1479528 2013-10-16] (Caixa Economica Federal)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox:========FF ProfilePath: C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.defaultFF NetworkProxy: "backup.ftp", "chasqueproxy.ufrgs.br"FF NetworkProxy: "backup.ftp_port", 3128FF NetworkProxy: "backup.socks", "chasqueproxy.ufrgs.br"FF NetworkProxy: "backup.socks_port", 3128FF NetworkProxy: "backup.ssl", "chasqueproxy.ufrgs.br"FF NetworkProxy: "backup.ssl_port", 3128FF NetworkProxy: "ftp", "chasqueproxy.ufrgs.br"FF NetworkProxy: "ftp_port", 3128FF NetworkProxy: "http", "chasqueproxy.ufrgs.br"FF NetworkProxy: "http_port", 3128FF NetworkProxy: "share_proxy_settings", trueFF NetworkProxy: "socks", "chasqueproxy.ufrgs.br"FF NetworkProxy: "socks_port", 3128FF NetworkProxy: "ssl", "chasqueproxy.ufrgs.br"FF NetworkProxy: "ssl_port", 3128FF NetworkProxy: "type", 0FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: gastecnologia.com.br/sf/cef - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\npsf_CEF.dll (GAS Tecnologia)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-br.xmlFF Extension: Ant Video Downloader - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\anttoolbar@ant.com [2013-12-30]FF Extension: Flash Video Downloader - Full HD Download - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\artur.dubovoy@gmail.com [2014-03-22]FF Extension: PrivDog - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\PrivDog@AdTrustMedia.com.xpi [2014-04-06]FF Extension: Download YouTube Videos as MP4 - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-12-30]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-27]FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\cef\xpiFF Extension: GBBD Caixa Economica Federal - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2014-01-05] Chrome: =======CHR HomePage: about:blankCHR DefaultSearchKeyword: google.com.brCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No FileCHR Extension: (Google Docs) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-28]CHR Extension: (Google Drive) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-28]CHR Extension: (YouTube) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-28]CHR Extension: (PrivDog) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-04-06]CHR Extension: (Pesquisa do Google) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-28]CHR Extension: (Google Wallet) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2013-12-17]CHR Extension: (Gmail) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-28]CHR HKCU\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-12-17]CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-04-06] ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-03] (AVAST Software)R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2014-02-27] (Comodo Security Solutions, Inc.)R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6812400 2014-03-25] (COMODO)S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [452968 2013-10-16] (GAS Tecnologia)R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-03] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-20] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-20] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-03] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-03] (AVAST Software)R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-03] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-29] ()S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows ® Win 7 DDK provider)R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-03-25] (COMODO)R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-03-25] (COMODO)S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [47192 2012-12-04] (GAS Tecnologia)R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-03-25] (COMODO)R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [32848 2013-10-18] (VMware, Inc.)R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31824 2013-10-18] (VMware, Inc.)R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-08 08:41 - 2014-04-08 08:44 - 00000000 ____D () C:\FRST2014-04-06 08:14 - 2014-04-06 08:14 - 00000000 ____D () C:\Users\eu\AppData\Roaming\Comodo2014-04-06 08:13 - 2014-04-06 08:13 - 00000000 ____D () C:\Users\eu\AppData\Local\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Users\Todos os Usuários\Adtrustmedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\ProgramData\Adtrustmedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia2014-04-06 08:09 - 2014-04-06 12:16 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO2014-04-06 08:09 - 2014-04-06 08:12 - 00000000 ____D () C:\Users\Todos os Usuários\Comodo Downloader2014-04-06 08:09 - 2014-04-06 08:12 - 00000000 ____D () C:\ProgramData\Comodo Downloader2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\Users\Todos os Usuários\Shared Space2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\ProgramData\Shared Space2014-04-06 08:09 - 2014-03-25 16:22 - 00352984 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll2014-04-06 08:09 - 2014-03-25 16:22 - 00284888 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll2014-04-06 08:09 - 2014-03-25 16:22 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll2014-04-06 08:09 - 2014-03-25 16:22 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll2014-04-03 23:29 - 2014-04-08 08:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-04-03 23:29 - 2014-04-07 23:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-04-03 23:29 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-04-03 23:29 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-04-03 23:29 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-03-12 08:12 - 2014-03-01 03:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-03-12 08:12 - 2014-03-01 02:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-03-12 08:12 - 2014-03-01 02:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-03-12 08:12 - 2014-03-01 01:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-03-12 08:12 - 2014-03-01 01:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-03-12 08:12 - 2014-03-01 01:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-03-12 08:12 - 2014-03-01 01:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-03-12 08:12 - 2014-03-01 01:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-03-12 08:12 - 2014-03-01 01:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-03-12 08:12 - 2014-03-01 01:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-03-12 08:12 - 2014-03-01 01:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-03-12 08:12 - 2014-03-01 01:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-03-12 08:12 - 2014-03-01 01:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-03-12 08:12 - 2014-03-01 01:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-03-12 08:12 - 2014-03-01 01:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-03-12 08:12 - 2014-03-01 01:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-03-12 08:12 - 2014-03-01 01:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-03-12 08:12 - 2014-03-01 00:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-03-12 08:12 - 2014-03-01 00:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-03-12 08:12 - 2014-03-01 00:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-03-12 08:12 - 2014-03-01 00:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-03-12 08:12 - 2014-03-01 00:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-03-12 08:12 - 2014-03-01 00:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-03-12 08:12 - 2014-03-01 00:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-03-12 08:12 - 2014-03-01 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-03-12 08:12 - 2014-03-01 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-03-12 08:12 - 2014-03-01 00:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-03-12 08:12 - 2014-03-01 00:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-03-12 08:12 - 2014-03-01 00:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-03-12 08:12 - 2014-03-01 00:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-03-12 08:12 - 2014-03-01 00:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-03-12 08:12 - 2014-03-01 00:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-03-12 08:12 - 2014-03-01 00:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-03-12 08:12 - 2014-03-01 00:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-03-12 08:12 - 2014-02-28 23:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-03-12 08:12 - 2014-02-28 23:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-03-12 08:12 - 2014-02-28 23:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-03-12 08:12 - 2014-02-28 23:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-03-12 08:12 - 2014-02-28 23:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-03-12 08:12 - 2014-02-28 23:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-03-12 08:12 - 2014-02-06 22:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-03-12 08:12 - 2014-01-28 23:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll2014-03-12 08:12 - 2014-01-28 23:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll2014-03-12 08:12 - 2014-01-27 23:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll2014-03-12 08:10 - 2014-02-03 23:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-03-12 08:10 - 2014-02-03 23:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-03-12 08:10 - 2014-02-03 23:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-03-12 08:10 - 2014-02-03 23:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll ==================== One Month Modified Files and Folders ======= 2014-04-08 08:44 - 2014-04-08 08:41 - 00000000 ____D () C:\FRST2014-04-08 08:42 - 2009-07-14 01:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-04-08 08:42 - 2009-07-14 01:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-04-08 08:39 - 2013-01-28 20:43 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-04-08 08:23 - 2014-04-03 23:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-04-08 08:21 - 2013-01-26 09:07 - 01520385 _____ () C:\Windows\WindowsUpdate.log2014-04-08 08:20 - 2013-02-02 18:32 - 00000000 ____D () C:\Users\eu\AppData\Roaming\Dropbox2014-04-08 08:17 - 2013-09-15 06:34 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\SysWOW64\Drivers\gbpndisrd.sys2014-04-08 08:17 - 2013-09-15 06:34 - 00010266 _____ () C:\Windows\SysWOW64\Drivers\ndisrd.cat2014-04-08 08:17 - 2013-09-15 06:34 - 00001402 _____ () C:\Windows\SysWOW64\Drivers\gas.cer2014-04-08 08:17 - 2013-01-28 20:43 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-04-08 08:17 - 2013-01-27 22:13 - 00000000 ____D () C:\Users\Todos os Usuários\VMware2014-04-08 08:17 - 2013-01-27 22:13 - 00000000 ____D () C:\ProgramData\VMware2014-04-08 08:17 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-04-08 08:17 - 2009-07-14 01:51 - 00090828 _____ () C:\Windows\setupact.log2014-04-08 08:16 - 2013-01-27 21:45 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA2014-04-08 08:16 - 2013-01-27 21:45 - 00000000 ____D () C:\ProgramData\NVIDIA2014-04-08 08:07 - 2014-04-08 08:07 - 00000000 ____D () C:\tmp5A5F.tmp.vbe2014-04-08 08:05 - 2009-07-14 14:55 - 00708536 _____ () C:\Windows\system32\prfh0416.dat2014-04-08 08:05 - 2009-07-14 14:55 - 00148902 _____ () C:\Windows\system32\prfc0416.dat2014-04-08 08:05 - 2009-07-14 02:13 - 01644176 _____ () C:\Windows\system32\PerfStringBackup.INI2014-04-07 23:34 - 2014-04-07 23:34 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-04-07 23:34 - 2014-04-03 23:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-07 23:17 - 2013-01-28 07:48 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-04-07 08:45 - 2013-01-28 20:15 - 00000000 ____D () C:\Users\eu\AppData\Local\VMware2014-04-07 02:24 - 2013-01-28 20:15 - 00000000 ____D () C:\Users\eu\AppData\Roaming\VMware2014-04-06 12:16 - 2014-04-06 08:09 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO2014-04-06 08:14 - 2014-04-06 08:14 - 00000000 ____D () C:\Users\eu\AppData\Roaming\Comodo2014-04-06 08:13 - 2014-04-06 08:13 - 00000000 ____D () C:\Users\eu\AppData\Local\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Users\Todos os Usuários\Adtrustmedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\ProgramData\Adtrustmedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:09 - 00000000 ____D () C:\Users\Todos os Usuários\Comodo Downloader2014-04-06 08:12 - 2014-04-06 08:09 - 00000000 ____D () C:\ProgramData\Comodo Downloader2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\Users\Todos os Usuários\Shared Space2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\ProgramData\Shared Space2014-04-06 08:09 - 2013-01-27 21:54 - 00002276 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk2014-04-05 21:04 - 2009-07-14 02:32 - 00000000 ____D () C:\Windows\system32\FxsTmp2014-04-05 18:26 - 2013-01-27 22:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-04-05 08:58 - 2009-07-14 02:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-04-04 07:20 - 2013-01-27 21:46 - 00201142 _____ () C:\Windows\PFRO.log2014-04-03 23:39 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\IME2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-04-03 09:51 - 2014-04-03 23:29 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-04-03 09:51 - 2014-04-03 23:29 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-04-03 09:50 - 2014-04-03 23:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys014-03-31 09:43 - 2013-01-26 09:08 - 00000000 ___RD () C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-03-31 07:34 - 2013-01-28 20:43 - 00004056 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-03-31 07:34 - 2013-01-28 20:43 - 00003804 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-03-25 16:22 - 2014-04-06 08:09 - 00352984 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll2014-03-25 16:22 - 2014-04-06 08:09 - 00284888 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll2014-03-25 16:22 - 2014-04-06 08:09 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll2014-03-25 16:22 - 2014-04-06 08:09 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll2014-03-25 16:22 - 2012-10-05 00:32 - 00738472 _____ (COMODO) C:\Windows\system32\Drivers\cmdGuard.sys2014-03-25 16:22 - 2012-10-05 00:32 - 00453680 _____ (COMODO) C:\Windows\system32\guard64.dll2014-03-25 16:22 - 2012-10-05 00:32 - 00363504 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll2014-03-25 16:22 - 2012-10-05 00:32 - 00105552 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys2014-03-25 16:22 - 2012-10-05 00:32 - 00048360 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys2014-03-25 16:22 - 2012-10-05 00:32 - 00043216 _____ (COMODO) C:\Windows\system32\cmdcsr.dll2014-03-25 16:22 - 2012-10-05 00:32 - 00023168 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys2014-03-22 15:23 - 2013-12-28 00:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-03-17 23:43 - 2013-08-15 11:02 - 00000000 ____D () C:\Windows\system32\MRT2014-03-17 23:41 - 2013-01-28 19:16 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-03-12 21:57 - 2009-07-14 01:45 - 00414928 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-12 21:56 - 2014-01-01 20:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-03-12 21:56 - 2014-01-01 20:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-03-12 10:44 - 2013-02-15 22:01 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help2014-03-12 10:44 - 2013-02-15 22:01 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-03-11 20:17 - 2013-01-28 07:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-03-11 20:17 - 2013-01-28 07:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-03-11 20:17 - 2013-01-28 07:48 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater Some content of TEMP:====================C:\Users\eu\AppData\Local\Temp\googleupdatesetup.exeC:\Users\eu\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\eu\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\eu\AppData\Local\Temp\nvSCPAPI.dllC:\Users\eu\AppData\Local\Temp\nvStInst.exeC:\Users\eu\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 11:35 ==================== End Of Log ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014Ran by eu at 2014-04-08 08:45:00Running from D:\DownloadBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) HiddenAdobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe)Adobe Reader XI (11.0.06) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft)Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft)Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft)Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft)Atualizações da NVIDIA 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)Bullzip PDF Printer 9.7.0.1592 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.7.0.1592 - Bullzip)Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 31.1.0.0 - COMODO)COMODO Internet Security (HKLM\...\{E62381A7-B1C1-4121-8262-84D38C77786C}) (Version: 5.12.55693.2551 - COMODO Security Solutions Inc.)Desinstalar impressora EPSON TX230 Series (HKLM\...\EPSON TX230 Series) (Version: - SEIKO EPSON Corporation)Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)Epson Easy Photo Print 2 (HKLM-x32\...\{E65AE514-9C14-48DE-BAE5-64A4F9CB6FE5}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM-x32\...\EEPPPlugIn) (Version: - SEIKO EPSON Corporation)Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (x32 Version: 1.00.0000 - SEIKO EPSON Corporation) HiddenEpson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)Fences (HKLM-x32\...\Fences) (Version: - Stardock Corporation)Fences (Version: 1.0 - Stardock Corporation) HiddenGBBD Caixa Econômica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.5.1.1 - )GeekBuddy (HKLM-x32\...\{2E36CDA2-F82F-4A6D-B269-4BAB6CD9930E}) (Version: 4.11.91 - Comodo Security Solutions Inc)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenJava 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenMalwarebytes Anti-Malware versão 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (PTB) (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Excel MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Mozilla Firefox 26.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 pt-BR)) (Version: 26.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)MPC-HC 1.6.3.5818 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.3.5818 - MPC-HC Team)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)NVIDIA Driver de áudio HD 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)NVIDIA Driver de controle do 3D Vision 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)NVIDIA Driver de gráficos 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)NVIDIA Driver do 3D Vision 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) HiddenNVIDIA Software do sistema PhysX 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) HiddenNVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) HiddenPainel de controle da NVIDIA 314.22 (Version: 314.22 - NVIDIA Corporation) HiddenPANalytical X'Pert HighScore (HKLM-x32\...\{D81A0984-D494-4603-9BDE-C290B9DF02C8}) (Version: 2.0.1 - PANalytical B.V.)PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6813 - Realtek Semiconductor Corp.)Speccy (HKLM\...\Speccy) (Version: 1.18 - Piriform)tools-windows (x32 Version: 9.6.1.1379776 - VMware, Inc.) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{52F3455A-9ADB-41A6-BCE7-8D99F3770590}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden ==================== Restore Points ========================= 18-03-2014 02:41:30 Windows Update21-03-2014 10:22:43 Windows Update25-03-2014 10:29:31 Windows Update28-03-2014 22:48:22 Windows Update01-04-2014 21:23:42 Windows Update04-04-2014 22:56:05 Windows Update08-04-2014 11:01:38 Windows Update ==================== Hosts content: ========================== 2009-07-13 23:34 - 2013-12-17 19:35 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {124F6A4F-404E-4EAF-A157-604539B94266} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)Task: {23EED20D-8797-4A30-8A37-BB46417FB42F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-28] (Google Inc.)Task: {373AD6EF-C6E4-4695-8456-EE826772B7F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)Task: {4025F3BA-0EC5-49FA-93B1-851FE01EB26A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-03] (AVAST Software)Task: {D12EDA79-E0C1-4A0B-8574-2CEA45912165} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)Task: {D24AD88A-AC87-4BDE-8327-DAFF532F619C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-28] (Google Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-01-28 23:36 - 2013-03-15 01:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2014-01-28 11:35 - 2014-01-28 11:35 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe2014-04-06 07:57 - 2014-04-06 04:21 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040600\algo.dll2013-10-18 20:55 - 2013-10-18 20:55 - 25100288 _____ () C:\Users\eu\AppData\Roaming\Dropbox\bin\libcef.dll2014-02-27 12:33 - 2014-02-27 12:33 - 00976080 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtNetwork4.dll2014-02-27 12:33 - 2014-02-27 12:33 - 02254544 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtCore4.dll2013-11-20 22:46 - 2013-11-20 22:46 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-02-27 12:33 - 2014-02-27 12:33 - 08024784 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtGui4.dll2014-02-27 12:33 - 2014-02-27 12:33 - 01299664 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtScript4.dll2013-10-18 11:46 - 2013-10-18 11:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll2014-03-15 13:35 - 2014-03-14 21:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll2014-03-15 13:35 - 2014-03-14 21:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll2014-03-15 13:35 - 2014-03-14 21:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll2014-03-15 13:35 - 2014-03-14 21:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll2014-03-15 13:35 - 2014-03-14 21:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll2014-03-15 13:35 - 2014-03-14 21:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll2014-03-15 13:35 - 2014-03-14 21:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows\System32:9354C125_Cef.gbp ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 MouseDescription: Microsoft PS/2 MouseClass Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors:==================Error: (04/07/2014 11:54:13 PM) (Source: PerfNet) (User: )Description: Error: (04/07/2014 11:54:13 PM) (Source: PerfNet) (User: )Description: Error: (04/07/2014 11:54:13 PM) (Source: PerfNet) (User: )Description: Error: (04/02/2014 07:51:24 PM) (Source: Application Hang) (User: )Description: O programa explorer.exe versão 6.1.7601.17567 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 4cc Hora de Início: 01cf4ec3e37d96f4 Hora de Término: 34 Caminho do Aplicativo: C:\Windows\explorer.exe Id do Relatório: 4d31d85d-bab9-11e3-bde2-005056c00008 Error: (04/02/2014 07:35:45 PM) (Source: Application Hang) (User: )Description: O programa Explorer.EXE versão 6.1.7601.17567 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 6e4 Hora de Início: 01cf4eb83ac60baf Hora de Término: 22 Caminho do Aplicativo: C:\Windows\Explorer.EXE Id do Relatório: 1a9f4af7-bab7-11e3-bde2-005056c00008 Error: (04/01/2014 08:07:25 AM) (Source: Application Error) (User: )Description: Nome de aplicativo com falha: wscript.exe, versão: 5.8.7601.18283, carimbo de hora: 0x5258a6e6Nome do módulo de falhas: RPCRT4.dll, versão: 6.1.7601.18205, carimbo de hora: 0x51dba4dcCódigo de exceção: 0xc0020043Deslocamento com falha: 0x000000000008a5d3Identificação do processo com falha: 0xdbcHora de início do aplicativo com falha: 0xwscript.exe0Caminho do aplicativo com falha: wscript.exe1FCaminho do módulo de falhas: wscript.exe2Identificação do Relatório: wscript.exe3 Error: (03/28/2014 07:34:04 AM) (Source: Application Hang) (User: )Description: O programa Explorer.EXE versão 6.1.7601.17567 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 6dc Hora de Início: 01cf4a6f8a9f14ad Hora de Término: 31 Caminho do Aplicativo: C:\Windows\Explorer.EXE Id do Relatório: 73f232b9-b664-11e3-b6e3-005056c00008 Error: (02/26/2014 07:07:24 PM) (Source: Application Hang) (User: )Description: O programa IEXPLORE.EXE versão 11.0.9600.16518 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: ba0 Hora de Início: 01cf333f1d24cefd Hora de Término: 10 Caminho do Aplicativo: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Id do Relatório: Error: (02/12/2014 03:17:04 PM) (Source: vmauthd) (User: )Description: 2014-02-12T16:17:04.474-02:00| vmware-authd.exe| E105: StartServiceCtrlDispatcher error = 1063 Error: (02/07/2014 01:54:03 PM) (Source: Application Error) (User: )Description: Nome de aplicativo com falha: IEXPLORE.EXE, versão: 11.0.9600.16428, carimbo de hora: 0x525b664cNome do módulo de falhas: aswWebRepIE.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x52d6c48cCódigo de exceção: 0xc0000005Deslocamento com falha: 0x62bd8162Identificação do processo com falha: 0x444Hora de início do aplicativo com falha: 0xIEXPLORE.EXE0Caminho do aplicativo com falha: IEXPLORE.EXE1FCaminho do módulo de falhas: IEXPLORE.EXE2Identificação do Relatório: IEXPLORE.EXE3 System errors:=============Error: (04/08/2014 08:20:17 AM) (Source: Service Control Manager) (User: )Description: Não foi possível iniciar o serviço NVIDIA Update Service Daemon devido ao seguinte erro: %%1069 Error: (04/08/2014 08:20:17 AM) (Source: Service Control Manager) (User: )Description: O serviço nvUpdatusService não pôde fazer logon como .\UpdatusUser com a senha configurada atualmente devido ao seguinte erro: %%1330 Para verificar se o serviço está configurado corretamente, use o snap-in de Serviços do Console de Gerenciamento Microsoft. Error: (04/08/2014 08:17:53 AM) (Source: Service Control Manager) (User: )Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: CFRMD Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:18 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Microsoft Office Sessions:========================= Link to post Share on other sites More sharing options...
Psychotic Posted April 8, 2014 ID:815362 Share Posted April 8, 2014 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Fix with FRST (normal mode)WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Download the attached fixlist.txt and save it to the location where FRST is saved to.Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply. Full System Scan with Malwarebytes Antimalware If not existing, please download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to the following:Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.Click Finish.If the program is already installed:Run Malwarebytes AntimalwareOn the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the scan log which shows the Date and time of the scan just performed.Click 'Copy to Clipboard'Paste the contents of the clipboard into your reply. fixlist.txt Link to post Share on other sites More sharing options...
boxit Posted April 8, 2014 Author ID:815621 Share Posted April 8, 2014 Hi Marius!Thank you very much for your assitance! Here is Malwarebytes log. It didn't demand me to restart, so I had to ignore that step. ----- Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 08/04/2014Scan Time: 20:37:29Logfile: Administrator: Yes Version: 2.00.1.1004Malware Database: v2014.04.08.09Rootkit Database: v2014.03.27.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: eu Scan Type: Threat ScanResult: CompletedObjects Scanned: 280067Time Elapsed: 8 min, 48 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) --------- And here is the FRST fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014Ran by eu at 2014-04-08 20:22:58 Run:1Running from D:\DownloadBoot Mode: Normal============================================== Content of fixlist:*****************HKU\S-1-5-21-22898457-475237953-2159820137-1000\...\Run: [tmp5A5F] - wscript.exe //B "C:\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbe" <===== ATTENTIONStartup: C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbe ()AlternateDataStreams: C:\Windows\System32:9354C125_Cef.gbpBHO-x32: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)FF Extension: PrivDog - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\PrivDog@AdTrustMedia.com.xpi [2014-04-06]CHR Extension: (PrivDog) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-04-06]CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-04-06] C:\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbeC:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbeC:\Program Files (x86)\AdTrustMedia2014-04-06 08:13 - 2014-04-06 08:13 - 00000000 ____D () C:\Users\eu\AppData\Local\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Users\Todos os Usuários\Adtrustmedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\ProgramData\Adtrustmedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia REBOOT:***************** HKU\S-1-5-21-22898457-475237953-2159820137-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmp5A5F => Value deleted successfully.C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbe => Moved successfully.C:\Windows\System32 => ":9354C125_Cef.gbp" ADS removed successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key deleted successfully.C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\PrivDog@AdTrustMedia.com.xpi => Moved successfully.C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja => Moved successfully.HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cmaiofennmphjldldcpphcechfnnohja => Key deleted successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx => Moved successfully.Could not move "C:\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbe" => Scheduled to move on reboot."C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbe" => File/Directory not found. "C:\Program Files (x86)\AdTrustMedia" directory move: C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_dragon.crx => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\UninstallTrustedAds.exe => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\finalizesetup.exe => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\magpie.dll => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\mfc100u.dll => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\msvcp100.dll => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\msvcr100.dll => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\scriptservice.dll => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\background.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\backgroundHandlers.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\backgroundSession.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\chrome_wrapper.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\configLoader.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\content.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\contentHandlers.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\contentSession.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\infoLookup.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\localConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\messaging.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\options.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\popup.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\scriptInjector.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\scriptLoader.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\searchActions.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\searchEngineUtils.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\serpInjector.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\settings.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\verifycontentloaded.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\schemas\exclusionsConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\schemas\lookupRequest.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\schemas\lookupResponse.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\schemas\scriptInjectConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\schemas\SERPConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\schemas\serverConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\schemas\trustAdConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\models\exclusionsConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\models\lookupRequest.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\models\lookupResponse.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\models\preloadJS.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\models\SERPConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\models\serverConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\models\trustAdConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\backbone-schema.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\backbone-xml.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\backbone.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\backbone.localStorage.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\backgroundDispatch.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\contentDispatch.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\ddr-ecma5.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\environments.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\events.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\ie-basiclibs.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\ie-basiclibs_svc.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\jquery.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\json-schema-draft-01.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\json-schema-draft-02.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\json-schema-draft-03.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\json3.min.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\jsv.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\require.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\sax.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\stacktrace.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\sys.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\underscore.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\uri.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\xml2js-schema.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\js\frameworks\xml2js.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\action_bw.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\action_clr.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\action_none.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\arrow_right.gif => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\header_normal.gif => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\header_over.gif => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\icon.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\icon128.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\icon16.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\icon48.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\images\logo.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\html\background.html => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\html\background_chrome.html => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\html\chrome_wrapper.html => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\html\localStorage.html => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\config\advcon_2_0.json => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\config\exlst.json => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\config\icconfg_2_0_865_ie.json => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\config\messageDispatcher.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\config\serp\bing_ie.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\config\serp\google_ie.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\WebResources1.8.0.18\config\serp\serpinject_2_0_865_ie.json => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\finalizesetup.exe => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\magpie.dll => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\mfc100u.dll => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\msvcp100.dll => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\msvcr100.dll => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\scriptservice.dll => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\background.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\backgroundHandlers.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\backgroundSession.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\chrome_wrapper.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\cloudBasedRetargeting.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\configLoader.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\content.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\contentHandlers.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\contentSession.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\infoLookup.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\localConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\messaging.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\options.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\popup.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\scriptInjector.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\scriptLoader.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\searchActions.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\searchEngineUtils.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\serpInjector.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\settings.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\verifycontentloaded.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\schemas\exclusionsConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\schemas\lookupRequest.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\schemas\lookupResponse.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\schemas\scriptInjectConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\schemas\SERPConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\schemas\serverConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\schemas\trustAdConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\models\exclusionsConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\models\lookupRequest.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\models\lookupResponse.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\models\preloadJS.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\models\SERPConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\models\serverConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\models\trustAdConfig.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\backbone-schema.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\backbone-xml.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\backbone.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\backbone.localStorage.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\backgroundDispatch.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\contentDispatch.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\ddr-ecma5.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\environments.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\events.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\ie-basiclibs.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\jquery.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\json-schema-draft-01.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\json-schema-draft-02.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\json-schema-draft-03.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\json3.min.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\jsv.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\require.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\sax.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\stacktrace.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\sys.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\underscore.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\uri.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\xml2js-schema.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\js\frameworks\xml2js.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\action_bw.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\action_clr.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\action_none.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\arrow_right.gif => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\header_normal.gif => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\header_over.gif => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\icon.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\icon128.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\icon16.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\icon48.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\images\logo.png => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\html\background.html => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\html\background_chrome.html => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\html\chrome_wrapper.html => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\html\localStorage.html => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\config\advcon_2_0.json => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\config\exlst.json => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\config\icconfg_2_0_865_ie.json => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\config\messageDispatcher.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\config\serp\bing_ie.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\config\serp\google_ie.js => Moved successfully.C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\WebResources1.8.0.15\config\serp\serpinject_2_0_865_ie.json => Moved successfully.Could not move "C:\Program Files (x86)\AdTrustMedia" directory. => Scheduled to move on reboot. C:\Users\eu\AppData\Local\AdTrustMedia => Moved successfully.C:\Users\Todos os Usuários\Adtrustmedia => Moved successfully."C:\ProgramData\Adtrustmedia" => File/Directory not found.C:\Program Files\AdTrustMedia => Moved successfully.C:\Program Files (x86)\AdTrustMedia => Moved successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-08 20:24:31)<= C:\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbe => Is moved successfully.C:\Program Files (x86)\AdTrustMedia => Is moved successfully. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
boxit Posted April 8, 2014 Author ID:815624 Share Posted April 8, 2014 It seems to have worked perfectly... right? Link to post Share on other sites More sharing options...
Psychotic Posted April 9, 2014 ID:815755 Share Posted April 9, 2014 Scan with TDSS-KillerPlease read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.zip and extract to your desktopExecute TDSSKiller.exe by doubleclicking on it. Press Start ScanIf Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txtPlease attach this file to your next reply. Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
boxit Posted April 10, 2014 Author ID:816237 Share Posted April 10, 2014 Alright, there it goes... By the way, the "AdTrustMedia\PrivDog\" entries removed in the first step were part of the Comodo Firewall Kit. Are you sure they were malicious? TDSS-Killer: 07:41:49.0978 0x1208 TDSS rootkit removing tool 3.0.0.30 Apr 7 2014 15:39:1207:41:56.0452 0x1208 ============================================================07:41:56.0452 0x1208 Current date / time: 2014/04/09 07:41:56.045207:41:56.0452 0x1208 SystemInfo:07:41:56.0452 0x1208 07:41:56.0452 0x1208 OS Version: 6.1.7601 ServicePack: 1.007:41:56.0452 0x1208 Product type: Workstation07:41:56.0453 0x1208 ComputerName: HOME07:41:56.0453 0x1208 UserName: eu07:41:56.0453 0x1208 Windows directory: C:\Windows07:41:56.0453 0x1208 System windows directory: C:\Windows07:41:56.0453 0x1208 Running under WOW6407:41:56.0453 0x1208 Processor architecture: Intel x6407:41:56.0453 0x1208 Number of processors: 407:41:56.0453 0x1208 Page size: 0x100007:41:56.0453 0x1208 Boot type: Normal boot07:41:56.0453 0x1208 ============================================================07:42:00.0393 0x1208 KLMD registered as C:\Windows\system32\drivers\36056622.sys07:42:00.0506 0x1208 System UUID: {BA94DF31-47BE-ED8D-B811-2C83CBA3C2DD}07:42:01.0465 0x1208 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004007:42:01.0494 0x1208 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004007:42:01.0549 0x1208 ============================================================07:42:01.0549 0x1208 \Device\Harddisk0\DR0:07:42:01.0554 0x1208 MBR partitions:07:42:01.0554 0x1208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200007:42:01.0554 0x1208 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x18DFC00007:42:01.0554 0x1208 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x18E2E800, BlocksNum 0x5B8D780007:42:01.0554 0x1208 \Device\Harddisk1\DR1:07:42:01.0561 0x1208 MBR partitions:07:42:01.0561 0x1208 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7470580007:42:01.0561 0x1208 ============================================================07:42:01.0631 0x1208 C: <-> \Device\Harddisk0\DR0\Partition207:42:01.0833 0x1208 D: <-> \Device\Harddisk0\DR0\Partition307:42:01.0866 0x1208 F: <-> \Device\Harddisk1\DR1\Partition107:42:01.0866 0x1208 ============================================================07:42:01.0866 0x1208 Initialize success07:42:01.0866 0x1208 ============================================================07:42:12.0892 0x15d4 ============================================================07:42:12.0892 0x15d4 Scan started07:42:12.0892 0x15d4 Mode: Manual; 07:42:12.0892 0x15d4 ============================================================07:42:12.0892 0x15d4 KSN ping started07:42:15.0972 0x15d4 KSN ping finished: true07:42:16.0553 0x15d4 ================ Scan system memory ========================07:42:16.0553 0x15d4 System memory - ok07:42:16.0554 0x15d4 ================ Scan services =============================07:42:16.0682 0x15d4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys07:42:16.0689 0x15d4 1394ohci - ok07:42:16.0810 0x15d4 [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe07:42:16.0825 0x15d4 ABBYY.Licensing.FineReader.Sprint.9.0 - ok07:42:16.0858 0x15d4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys07:42:16.0864 0x15d4 ACPI - ok07:42:16.0875 0x15d4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys07:42:16.0876 0x15d4 AcpiPmi - ok07:42:16.0922 0x15d4 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe07:42:16.0924 0x15d4 AdobeARMservice - ok07:42:16.0994 0x15d4 [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe07:42:17.0000 0x15d4 AdobeFlashPlayerUpdateSvc - ok07:42:17.0041 0x15d4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys07:42:17.0052 0x15d4 adp94xx - ok07:42:17.0066 0x15d4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys07:42:17.0071 0x15d4 adpahci - ok07:42:17.0082 0x15d4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys07:42:17.0085 0x15d4 adpu320 - ok07:42:17.0098 0x15d4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll07:42:17.0101 0x15d4 AeLookupSvc - ok07:42:17.0143 0x15d4 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys07:42:17.0151 0x15d4 AFD - ok07:42:17.0163 0x15d4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys07:42:17.0164 0x15d4 agp440 - ok07:42:17.0174 0x15d4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe07:42:17.0177 0x15d4 ALG - ok07:42:17.0194 0x15d4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys07:42:17.0195 0x15d4 aliide - ok07:42:17.0221 0x15d4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys07:42:17.0221 0x15d4 amdide - ok07:42:17.0228 0x15d4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys07:42:17.0229 0x15d4 AmdK8 - ok07:42:17.0237 0x15d4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys07:42:17.0238 0x15d4 AmdPPM - ok07:42:17.0260 0x15d4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys07:42:17.0262 0x15d4 amdsata - ok07:42:17.0305 0x15d4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys07:42:17.0311 0x15d4 amdsbs - ok07:42:17.0336 0x15d4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys07:42:17.0337 0x15d4 amdxata - ok07:42:17.0396 0x15d4 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys07:42:17.0399 0x15d4 AppID - ok07:42:17.0407 0x15d4 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll07:42:17.0410 0x15d4 AppIDSvc - ok07:42:17.0440 0x15d4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll07:42:17.0444 0x15d4 Appinfo - ok07:42:17.0455 0x15d4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys07:42:17.0458 0x15d4 arc - ok07:42:17.0474 0x15d4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys07:42:17.0478 0x15d4 arcsas - ok07:42:17.0548 0x15d4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe07:42:17.0559 0x15d4 aspnet_state - ok07:42:17.0611 0x15d4 [ 0ACC3F49015E628590CA4372322EB46B, EB4E22EB4E840261168AF750E878E7A28CC080A89CEF77B5037C2897C40D1DE3 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys07:42:17.0614 0x15d4 aswMonFlt - ok07:42:17.0639 0x15d4 [ 679712B7A353EE665B9301592164A172, CA3C918106A355BAFD0833BB493DF2CCBC2D0F90CA7EBF5E27CC088C7170B0E0 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys07:42:17.0643 0x15d4 aswRdr - ok07:42:17.0704 0x15d4 [ C04F7B373881009D7994D9BF55D24AB4, 5DEEA804F4F9862024F40A204E88DBCFFBDD2DC87CA86145E3FB649CFCCDC624 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys07:42:17.0707 0x15d4 aswRvrt - ok07:42:17.0755 0x15d4 [ 43599E630DFC30AD4E6A2B4B269EB1C0, DA6C7FDC1F6A57117B17F697A94190CC0BB9E32B8CBB4F8C042AA461361CC74C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys07:42:17.0774 0x15d4 aswSnx - ok07:42:17.0806 0x15d4 [ F22DE5F5BA8ADA0A861441B624B51EB5, 58EF9FB3328B6B470F3652DBCE8ACEDAEE6839AC393889A02052298CA204689B ] aswSP C:\Windows\system32\drivers\aswSP.sys07:42:17.0813 0x15d4 aswSP - ok07:42:17.0850 0x15d4 [ FD3EA14ADF6216BDF4030DB2EFD43D96, 2D3009008AAE93285301B5844DC214D6B05ECB05D37AE08895D8E7187A0BB619 ] aswStm C:\Windows\system32\drivers\aswStm.sys07:42:17.0851 0x15d4 aswStm - ok07:42:17.0879 0x15d4 [ 90399625F341AB76BA4B85A5E860EB1F, 92DD461B14240222F451F971642844A4DAD9DF4FFEAA8F12D16EA117822BEEF3 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys07:42:17.0886 0x15d4 aswVmm - ok07:42:17.0898 0x15d4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys07:42:17.0899 0x15d4 AsyncMac - ok07:42:17.0934 0x15d4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys07:42:17.0936 0x15d4 atapi - ok07:42:17.0993 0x15d4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll07:42:18.0017 0x15d4 AudioEndpointBuilder - ok07:42:18.0032 0x15d4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll07:42:18.0043 0x15d4 AudioSrv - ok07:42:18.0107 0x15d4 [ CC42F104172B4A62793083D380867317, 0B09823419B328E29EB9FFBD033B3295590E414F31E7B37F11F62BD4B7EBAF06 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe07:42:18.0109 0x15d4 avast! Antivirus - ok07:42:18.0156 0x15d4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll07:42:18.0162 0x15d4 AxInstSV - ok07:42:18.0222 0x15d4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys07:42:18.0234 0x15d4 b06bdrv - ok07:42:18.0284 0x15d4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys07:42:18.0290 0x15d4 b57nd60a - ok07:42:18.0311 0x15d4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll07:42:18.0315 0x15d4 BDESVC - ok07:42:18.0323 0x15d4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys07:42:18.0324 0x15d4 Beep - ok07:42:18.0373 0x15d4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll07:42:18.0393 0x15d4 BFE - ok07:42:18.0420 0x15d4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll07:42:18.0438 0x15d4 BITS - ok07:42:18.0446 0x15d4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys07:42:18.0447 0x15d4 blbdrive - ok07:42:18.0478 0x15d4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys07:42:18.0480 0x15d4 bowser - ok07:42:18.0489 0x15d4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys07:42:18.0490 0x15d4 BrFiltLo - ok07:42:18.0492 0x15d4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys07:42:18.0493 0x15d4 BrFiltUp - ok07:42:18.0522 0x15d4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll07:42:18.0525 0x15d4 Browser - ok07:42:18.0533 0x15d4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys07:42:18.0538 0x15d4 Brserid - ok07:42:18.0548 0x15d4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys07:42:18.0549 0x15d4 BrSerWdm - ok07:42:18.0552 0x15d4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys07:42:18.0552 0x15d4 BrUsbMdm - ok07:42:18.0564 0x15d4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys07:42:18.0565 0x15d4 BrUsbSer - ok07:42:18.0571 0x15d4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys07:42:18.0573 0x15d4 BTHMODEM - ok07:42:18.0580 0x15d4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll07:42:18.0583 0x15d4 bthserv - ok07:42:18.0597 0x15d4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys07:42:18.0600 0x15d4 cdfs - ok07:42:18.0626 0x15d4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys07:42:18.0629 0x15d4 cdrom - ok07:42:18.0661 0x15d4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll07:42:18.0664 0x15d4 CertPropSvc - ok07:42:18.0695 0x15d4 CFRMD - ok07:42:18.0711 0x15d4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys07:42:18.0714 0x15d4 circlass - ok07:42:18.0752 0x15d4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys07:42:18.0764 0x15d4 CLFS - ok07:42:18.0831 0x15d4 [ 0D879DB3B6E84206AC10902526B6AE35, 10E29EE5AB61E7B91DBCF1CDC6576897103ECE2E85B4FA72B4D2BF4D0C3EC730 ] CLPSLauncher C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe07:42:18.0833 0x15d4 CLPSLauncher - ok07:42:18.0895 0x15d4 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe07:42:18.0899 0x15d4 clr_optimization_v2.0.50727_32 - ok07:42:18.0940 0x15d4 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe07:42:18.0944 0x15d4 clr_optimization_v2.0.50727_64 - ok07:42:19.0030 0x15d4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe07:42:19.0035 0x15d4 clr_optimization_v4.0.30319_32 - ok07:42:19.0079 0x15d4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe07:42:19.0084 0x15d4 clr_optimization_v4.0.30319_64 - ok07:42:19.0098 0x15d4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys07:42:19.0100 0x15d4 CmBatt - ok07:42:19.0324 0x15d4 [ 1C41DCC53A3F02912EA9BC06005FBD53, C871C4DEB74AA46D841C28F21D8C349CAA340F1672CB0CEB035BA8B2768E36A0 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe07:42:19.0424 0x15d4 cmdAgent - ok07:42:19.0470 0x15d4 [ 93D049245D74B1174AB1DE151F8D630A, 04F79E52C87B009604B9F63B02DBD8462FC3369DDFAF7DDE0267A6F539CB4632 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys07:42:19.0481 0x15d4 cmdGuard - ok07:42:19.0492 0x15d4 [ A5FA552398D98D8F7A38F3454AAA0FB6, 75CAAF0D3B07C2181419385AF4D08E90271F7162E1A5F0469DF984A713706F44 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys07:42:19.0493 0x15d4 cmdHlp - ok07:42:19.0525 0x15d4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys07:42:19.0526 0x15d4 cmdide - ok07:42:19.0618 0x15d4 [ E621EC50B1A85D875904CC0741F03D16, 644077BC4560DA3E8EEAD93170A0E1B7D67293338280A34315BED4A684D42EEB ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe07:42:19.0651 0x15d4 cmdvirth - ok07:42:19.0688 0x15d4 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys07:42:19.0695 0x15d4 CNG - ok07:42:19.0706 0x15d4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys07:42:19.0707 0x15d4 Compbatt - ok07:42:19.0750 0x15d4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys07:42:19.0751 0x15d4 CompositeBus - ok07:42:19.0765 0x15d4 COMSysApp - ok07:42:19.0771 0x15d4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys07:42:19.0772 0x15d4 crcdisk - ok07:42:19.0814 0x15d4 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll07:42:19.0822 0x15d4 CryptSvc - ok07:42:19.0869 0x15d4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll07:42:19.0891 0x15d4 DcomLaunch - ok07:42:19.0922 0x15d4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll07:42:19.0929 0x15d4 defragsvc - ok07:42:19.0957 0x15d4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys07:42:19.0960 0x15d4 DfsC - ok07:42:19.0996 0x15d4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll07:42:20.0007 0x15d4 Dhcp - ok07:42:20.0020 0x15d4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys07:42:20.0021 0x15d4 discache - ok07:42:20.0045 0x15d4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys07:42:20.0047 0x15d4 Disk - ok07:42:20.0089 0x15d4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll07:42:20.0096 0x15d4 Dnscache - ok07:42:20.0135 0x15d4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll07:42:20.0146 0x15d4 dot3svc - ok07:42:20.0175 0x15d4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll07:42:20.0179 0x15d4 DPS - ok07:42:20.0296 0x15d4 [ 49B2C034D77F9F73C80AC55E795CCB6E, EC3B3AF80FA86222E63ABA646C3452C7AD1B9462A1A18D059F5F7EC18C37D97C ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe07:42:20.0328 0x15d4 DragonUpdater - ok07:42:20.0360 0x15d4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys07:42:20.0360 0x15d4 drmkaud - ok07:42:20.0425 0x15d4 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys07:42:20.0445 0x15d4 DXGKrnl - ok07:42:20.0467 0x15d4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll07:42:20.0471 0x15d4 EapHost - ok07:42:20.0554 0x15d4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys07:42:20.0603 0x15d4 ebdrv - ok07:42:20.0644 0x15d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe07:42:20.0646 0x15d4 EFS - ok07:42:20.0697 0x15d4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe07:42:20.0719 0x15d4 ehRecvr - ok07:42:20.0744 0x15d4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe07:42:20.0747 0x15d4 ehSched - ok07:42:20.0767 0x15d4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys07:42:20.0775 0x15d4 elxstor - ok07:42:20.0838 0x15d4 [ 757305C7AD34222F4A46D86FE0BEE241, 94540DC1EA19821EACC796EF4FE247005B02E417B30E91383D1260E9D9A8B747 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe07:42:20.0846 0x15d4 EpsonCustomerParticipation - ok07:42:20.0876 0x15d4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys07:42:20.0877 0x15d4 ErrDev - ok07:42:20.0900 0x15d4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll07:42:20.0910 0x15d4 EventSystem - ok07:42:20.0928 0x15d4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys07:42:20.0932 0x15d4 exfat - ok07:42:20.0942 0x15d4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys07:42:20.0947 0x15d4 fastfat - ok07:42:20.0996 0x15d4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe07:42:21.0011 0x15d4 Fax - ok07:42:21.0023 0x15d4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys07:42:21.0024 0x15d4 fdc - ok07:42:21.0034 0x15d4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll07:42:21.0037 0x15d4 fdPHost - ok07:42:21.0047 0x15d4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll07:42:21.0050 0x15d4 FDResPub - ok07:42:21.0061 0x15d4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys07:42:21.0064 0x15d4 FileInfo - ok07:42:21.0071 0x15d4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys07:42:21.0073 0x15d4 Filetrace - ok07:42:21.0081 0x15d4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys07:42:21.0082 0x15d4 flpydisk - ok07:42:21.0104 0x15d4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys07:42:21.0111 0x15d4 FltMgr - ok07:42:21.0163 0x15d4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll07:42:21.0246 0x15d4 FontCache - ok07:42:21.0328 0x15d4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe07:42:21.0330 0x15d4 FontCache3.0.0.0 - ok07:42:21.0365 0x15d4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys07:42:21.0394 0x15d4 FsDepends - ok07:42:21.0444 0x15d4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys07:42:21.0445 0x15d4 Fs_Rec - ok07:42:21.0482 0x15d4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys07:42:21.0486 0x15d4 fvevol - ok07:42:21.0534 0x15d4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys07:42:21.0535 0x15d4 gagp30kx - ok07:42:21.0592 0x15d4 GbpKm - ok07:42:21.0635 0x15d4 [ DAAA237C34A506EF56D44A56EA039CC0, 9819B804818EC1E8EEC78CA5F00E985977962FF5CAA08F4CC814E1E0DCFC063B ] GbpSv C:\PROGRA~2\GbPlugin\GbpSv.exe07:42:21.0642 0x15d4 GbpSv - ok07:42:21.0739 0x15d4 [ 39B47A50DC3D5E898298468307765710, 06268FF65CF69E2B0822477C2D1DA44721B1ADBE4F06C0D3AC0B70C2A18D8DC6 ] GeekBuddyRSP C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe07:42:21.0779 0x15d4 GeekBuddyRSP - ok07:42:21.0827 0x15d4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll07:42:21.0844 0x15d4 gpsvc - ok07:42:21.0897 0x15d4 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe07:42:21.0899 0x15d4 gupdate - ok07:42:21.0905 0x15d4 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe07:42:21.0907 0x15d4 gupdatem - ok07:42:21.0946 0x15d4 [ 6E02DDFFA0E8C069A92A0888B0CB8415, 44816EA24121AD0C9EB8048BED9250D7992CD0C0ABA69C3269A633D48297B7A7 ] hcmon C:\Windows\system32\drivers\hcmon.sys07:42:21.0948 0x15d4 hcmon - ok07:42:21.0959 0x15d4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys07:42:21.0960 0x15d4 hcw85cir - ok07:42:22.0013 0x15d4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys07:42:22.0025 0x15d4 HdAudAddService - ok07:42:22.0060 0x15d4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys07:42:22.0062 0x15d4 HDAudBus - ok07:42:22.0081 0x15d4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys07:42:22.0082 0x15d4 HidBatt - ok07:42:22.0145 0x15d4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys07:42:22.0147 0x15d4 HidBth - ok07:42:22.0168 0x15d4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys07:42:22.0169 0x15d4 HidIr - ok07:42:22.0186 0x15d4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll07:42:22.0189 0x15d4 hidserv - ok07:42:22.0218 0x15d4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys07:42:22.0219 0x15d4 HidUsb - ok07:42:22.0248 0x15d4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll07:42:22.0254 0x15d4 hkmsvc - ok07:42:22.0287 0x15d4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll07:42:22.0320 0x15d4 HomeGroupListener - ok07:42:22.0343 0x15d4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll07:42:22.0354 0x15d4 HomeGroupProvider - ok07:42:22.0390 0x15d4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys07:42:22.0393 0x15d4 HpSAMD - ok07:42:22.0544 0x15d4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys07:42:22.0560 0x15d4 HTTP - ok07:42:22.0589 0x15d4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys07:42:22.0590 0x15d4 hwpolicy - ok07:42:22.0641 0x15d4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys07:42:22.0644 0x15d4 i8042prt - ok07:42:22.0668 0x15d4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys07:42:22.0674 0x15d4 iaStorV - ok07:42:22.0710 0x15d4 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe07:42:22.0723 0x15d4 idsvc - ok07:42:22.0747 0x15d4 IEEtwCollectorService - ok07:42:22.0760 0x15d4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys07:42:22.0763 0x15d4 iirsp - ok07:42:22.0822 0x15d4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll07:42:22.0840 0x15d4 IKEEXT - ok07:42:22.0882 0x15d4 [ F0DBF4E46E7F788D503FD1F0345D8843, F8E8E6B02CA36302F5860CEC7D7F1DE9828E0A5F045F34215F09CDCBEC4A12EE ] inspect C:\Windows\system32\DRIVERS\inspect.sys07:42:22.0884 0x15d4 inspect - ok07:42:23.0001 0x15d4 [ A3A59F353985B0D68EDDD1AC3E6D511E, 648F817B891AC9E79B511DC26F884C09BE7819D0D2DA21EF6B40A5175A7103C1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys07:42:23.0051 0x15d4 IntcAzAudAddService - ok07:42:23.0082 0x15d4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys07:42:23.0082 0x15d4 intelide - ok07:42:23.0095 0x15d4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys07:42:23.0096 0x15d4 intelppm - ok07:42:23.0114 0x15d4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll07:42:23.0118 0x15d4 IPBusEnum - ok07:42:23.0144 0x15d4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys07:42:23.0146 0x15d4 IpFilterDriver - ok07:42:23.0209 0x15d4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll07:42:23.0222 0x15d4 iphlpsvc - ok07:42:23.0251 0x15d4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys07:42:23.0252 0x15d4 IPMIDRV - ok07:42:23.0292 0x15d4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys07:42:23.0297 0x15d4 IPNAT - ok07:42:23.0308 0x15d4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys07:42:23.0310 0x15d4 IRENUM - ok07:42:23.0339 0x15d4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys07:42:23.0340 0x15d4 isapnp - ok07:42:23.0358 0x15d4 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys07:42:23.0365 0x15d4 iScsiPrt - ok07:42:23.0384 0x15d4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys07:42:23.0386 0x15d4 kbdclass - ok07:42:23.0397 0x15d4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys07:42:23.0399 0x15d4 kbdhid - ok07:42:23.0409 0x15d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe07:42:23.0412 0x15d4 KeyIso - ok07:42:23.0443 0x15d4 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys07:42:23.0446 0x15d4 KSecDD - ok07:42:23.0461 0x15d4 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys07:42:23.0465 0x15d4 KSecPkg - ok07:42:23.0479 0x15d4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys07:42:23.0480 0x15d4 ksthunk - ok07:42:23.0507 0x15d4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll07:42:23.0519 0x15d4 KtmRm - ok07:42:23.0548 0x15d4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll07:42:23.0554 0x15d4 LanmanServer - ok07:42:23.0582 0x15d4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll07:42:23.0588 0x15d4 LanmanWorkstation - ok07:42:23.0611 0x15d4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys07:42:23.0612 0x15d4 lltdio - ok07:42:23.0635 0x15d4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll07:42:23.0643 0x15d4 lltdsvc - ok07:42:23.0659 0x15d4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll07:42:23.0661 0x15d4 lmhosts - ok07:42:23.0688 0x15d4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys07:42:23.0690 0x15d4 LSI_FC - ok07:42:23.0701 0x15d4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys07:42:23.0703 0x15d4 LSI_SAS - ok07:42:23.0714 0x15d4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys07:42:23.0715 0x15d4 LSI_SAS2 - ok07:42:23.0723 0x15d4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys07:42:23.0725 0x15d4 LSI_SCSI - ok07:42:23.0739 0x15d4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys07:42:23.0742 0x15d4 luafv - ok07:42:23.0765 0x15d4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll07:42:23.0769 0x15d4 Mcx2Svc - ok07:42:23.0779 0x15d4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys07:42:23.0780 0x15d4 megasas - ok07:42:23.0798 0x15d4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys07:42:23.0802 0x15d4 MegaSR - ok07:42:23.0839 0x15d4 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys07:42:23.0842 0x15d4 MEIx64 - ok07:42:23.0963 0x15d4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll07:42:23.0983 0x15d4 MMCSS - ok07:42:24.0031 0x15d4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys07:42:24.0033 0x15d4 Modem - ok07:42:24.0125 0x15d4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys07:42:24.0127 0x15d4 monitor - ok07:42:24.0167 0x15d4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\drivers\mouclass.sys07:42:24.0170 0x15d4 mouclass - ok07:42:24.0229 0x15d4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys07:42:24.0231 0x15d4 mouhid - ok07:42:24.0281 0x15d4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys07:42:24.0285 0x15d4 mountmgr - ok07:42:24.0351 0x15d4 [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe07:42:24.0355 0x15d4 MozillaMaintenance - ok07:42:24.0396 0x15d4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys07:42:24.0402 0x15d4 mpio - ok07:42:24.0420 0x15d4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys07:42:24.0423 0x15d4 mpsdrv - ok07:42:24.0477 0x15d4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll07:42:24.0503 0x15d4 MpsSvc - ok07:42:24.0530 0x15d4 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys07:42:24.0533 0x15d4 MRxDAV - ok07:42:24.0564 0x15d4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys07:42:24.0568 0x15d4 mrxsmb - ok07:42:24.0578 0x15d4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys07:42:24.0585 0x15d4 mrxsmb10 - ok07:42:24.0596 0x15d4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys07:42:24.0599 0x15d4 mrxsmb20 - ok07:42:24.0634 0x15d4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys07:42:24.0635 0x15d4 msahci - ok07:42:24.0644 0x15d4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys07:42:24.0646 0x15d4 msdsm - ok07:42:24.0660 0x15d4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe07:42:24.0665 0x15d4 MSDTC - ok07:42:24.0680 0x15d4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys07:42:24.0681 0x15d4 Msfs - ok07:42:24.0699 0x15d4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys07:42:24.0699 0x15d4 mshidkmdf - ok07:42:24.0707 0x15d4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys07:42:24.0708 0x15d4 msisadrv - ok07:42:24.0735 0x15d4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll07:42:24.0743 0x15d4 MSiSCSI - ok07:42:24.0748 0x15d4 msiserver - ok07:42:24.0771 0x15d4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys07:42:24.0772 0x15d4 MSKSSRV - ok07:42:24.0791 0x15d4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys07:42:24.0792 0x15d4 MSPCLOCK - ok07:42:24.0796 0x15d4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys07:42:24.0797 0x15d4 MSPQM - ok07:42:24.0839 0x15d4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys07:42:24.0852 0x15d4 MsRPC - ok07:42:24.0881 0x15d4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys07:42:24.0882 0x15d4 mssmbios - ok07:42:24.0885 0x15d4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys07:42:24.0885 0x15d4 MSTEE - ok Link to post Share on other sites More sharing options...
boxit Posted April 10, 2014 Author ID:816241 Share Posted April 10, 2014 ... 07:42:24.0892 0x15d4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys07:42:24.0893 0x15d4 MTConfig - ok07:42:24.0901 0x15d4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys07:42:24.0903 0x15d4 Mup - ok07:42:24.0939 0x15d4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll07:42:24.0950 0x15d4 napagent - ok07:42:24.0977 0x15d4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys07:42:24.0982 0x15d4 NativeWifiP - ok07:42:25.0044 0x15d4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys07:42:25.0059 0x15d4 NDIS - ok07:42:25.0076 0x15d4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys07:42:25.0078 0x15d4 NdisCap - ok07:42:25.0087 0x15d4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys07:42:25.0088 0x15d4 NdisTapi - ok07:42:25.0121 0x15d4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys07:42:25.0122 0x15d4 Ndisuio - ok07:42:25.0147 0x15d4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys07:42:25.0150 0x15d4 NdisWan - ok07:42:25.0184 0x15d4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys07:42:25.0188 0x15d4 NDProxy - ok07:42:25.0215 0x15d4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys07:42:25.0219 0x15d4 NetBIOS - ok07:42:25.0242 0x15d4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys07:42:25.0249 0x15d4 NetBT - ok07:42:25.0257 0x15d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe07:42:25.0259 0x15d4 Netlogon - ok07:42:25.0303 0x15d4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll07:42:25.0313 0x15d4 Netman - ok07:42:25.0562 0x15d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:42:25.0567 0x15d4 NetMsmqActivator - ok07:42:25.0607 0x15d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:42:25.0611 0x15d4 NetPipeActivator - ok07:42:25.0635 0x15d4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll07:42:25.0646 0x15d4 netprofm - ok07:42:25.0651 0x15d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:42:25.0654 0x15d4 NetTcpActivator - ok07:42:25.0659 0x15d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:42:25.0662 0x15d4 NetTcpPortSharing - ok07:42:25.0686 0x15d4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys07:42:25.0687 0x15d4 nfrd960 - ok07:42:25.0705 0x15d4 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll07:42:25.0713 0x15d4 NlaSvc - ok07:42:25.0726 0x15d4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys07:42:25.0728 0x15d4 Npfs - ok07:42:25.0750 0x15d4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll07:42:25.0752 0x15d4 nsi - ok07:42:25.0765 0x15d4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys07:42:25.0765 0x15d4 nsiproxy - ok07:42:25.0838 0x15d4 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys07:42:25.0882 0x15d4 Ntfs - ok07:42:25.0890 0x15d4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys07:42:25.0891 0x15d4 Null - ok07:42:25.0932 0x15d4 [ B4F53BCA4C688FF47F04FA90098F896E, 6051CFC0CFE659A2C4CFC1029F19CF1B1B98A1A5E59C2B3A10D7B3407A7FA5C0 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys07:42:25.0935 0x15d4 NVHDA - ok07:42:26.0229 0x15d4 [ 4EE399576F76D38C04745DB739BBC8C7, 7D7FB6013D5D3EE1908F37188AA440EE6EF80A432204EB59AE190ACD14CD1FE0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys07:42:26.0394 0x15d4 nvlddmkm - ok07:42:26.0444 0x15d4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys07:42:26.0447 0x15d4 nvraid - ok07:42:26.0498 0x15d4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys07:42:26.0501 0x15d4 nvstor - ok07:42:26.0595 0x15d4 [ 7335C3D78A7746D76D37F6722CC4A466, 18BDD51AB0EB4084E1DA2F27B8D4FCF488ED9161C034BB3CDFF5BE33F84C1D37 ] nvsvc C:\Windows\system32\nvvsvc.exe07:42:26.0610 0x15d4 nvsvc - ok07:42:26.0728 0x15d4 [ B7C53DA1C73FF39F4A6248643EFD979A, 528C4984F09F66D4CBA5A9B7C78FBAA04E558309B0D66EB1C29AD2B30D9993F7 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe07:42:26.0747 0x15d4 nvUpdatusService - ok07:42:26.0758 0x15d4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys07:42:26.0760 0x15d4 nv_agp - ok07:42:26.0857 0x15d4 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE07:42:26.0869 0x15d4 odserv - ok07:42:26.0886 0x15d4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys07:42:26.0888 0x15d4 ohci1394 - ok07:42:26.0921 0x15d4 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE07:42:26.0925 0x15d4 ose - ok07:42:26.0950 0x15d4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll07:42:26.0960 0x15d4 p2pimsvc - ok07:42:26.0995 0x15d4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll07:42:27.0008 0x15d4 p2psvc - ok07:42:27.0039 0x15d4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys07:42:27.0041 0x15d4 Parport - ok07:42:27.0071 0x15d4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys07:42:27.0073 0x15d4 partmgr - ok07:42:27.0091 0x15d4 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll07:42:27.0102 0x15d4 PcaSvc - ok07:42:27.0116 0x15d4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys07:42:27.0120 0x15d4 pci - ok07:42:27.0131 0x15d4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys07:42:27.0132 0x15d4 pciide - ok07:42:27.0152 0x15d4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys07:42:27.0156 0x15d4 pcmcia - ok07:42:27.0170 0x15d4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys07:42:27.0171 0x15d4 pcw - ok07:42:27.0292 0x15d4 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys07:42:27.0306 0x15d4 PEAUTH - ok07:42:27.0358 0x15d4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe07:42:27.0363 0x15d4 PerfHost - ok07:42:27.0442 0x15d4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll07:42:27.0478 0x15d4 pla - ok07:42:27.0523 0x15d4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll07:42:27.0533 0x15d4 PlugPlay - ok07:42:27.0561 0x15d4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll07:42:27.0565 0x15d4 PNRPAutoReg - ok07:42:27.0574 0x15d4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll07:42:27.0583 0x15d4 PNRPsvc - ok07:42:27.0601 0x15d4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll07:42:27.0613 0x15d4 PolicyAgent - ok07:42:27.0629 0x15d4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll07:42:27.0634 0x15d4 Power - ok07:42:27.0664 0x15d4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys07:42:27.0666 0x15d4 PptpMiniport - ok07:42:27.0676 0x15d4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys07:42:27.0678 0x15d4 Processor - ok07:42:27.0730 0x15d4 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll07:42:27.0740 0x15d4 ProfSvc - ok07:42:27.0754 0x15d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe07:42:27.0757 0x15d4 ProtectedStorage - ok07:42:27.0792 0x15d4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys07:42:27.0794 0x15d4 Psched - ok07:42:27.0863 0x15d4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys07:42:27.0900 0x15d4 ql2300 - ok07:42:27.0919 0x15d4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys07:42:27.0921 0x15d4 ql40xx - ok07:42:27.0934 0x15d4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll07:42:27.0948 0x15d4 QWAVE - ok07:42:27.0960 0x15d4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys07:42:27.0962 0x15d4 QWAVEdrv - ok07:42:27.0986 0x15d4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys07:42:27.0986 0x15d4 RasAcd - ok07:42:28.0001 0x15d4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys07:42:28.0003 0x15d4 RasAgileVpn - ok07:42:28.0016 0x15d4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll07:42:28.0028 0x15d4 RasAuto - ok07:42:28.0060 0x15d4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys07:42:28.0063 0x15d4 Rasl2tp - ok07:42:28.0080 0x15d4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll07:42:28.0091 0x15d4 RasMan - ok07:42:28.0105 0x15d4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys07:42:28.0107 0x15d4 RasPppoe - ok07:42:28.0140 0x15d4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys07:42:28.0142 0x15d4 RasSstp - ok07:42:28.0185 0x15d4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys07:42:28.0192 0x15d4 rdbss - ok07:42:28.0205 0x15d4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys07:42:28.0207 0x15d4 rdpbus - ok07:42:28.0232 0x15d4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys07:42:28.0233 0x15d4 RDPCDD - ok07:42:28.0244 0x15d4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys07:42:28.0245 0x15d4 RDPENCDD - ok07:42:28.0271 0x15d4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys07:42:28.0272 0x15d4 RDPREFMP - ok07:42:28.0315 0x15d4 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys07:42:28.0317 0x15d4 RdpVideoMiniport - ok07:42:28.0372 0x15d4 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys07:42:28.0398 0x15d4 RDPWD - ok07:42:28.0461 0x15d4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys07:42:28.0465 0x15d4 rdyboost - ok07:42:28.0487 0x15d4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll07:42:28.0493 0x15d4 RemoteAccess - ok07:42:28.0519 0x15d4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll07:42:28.0524 0x15d4 RemoteRegistry - ok07:42:28.0539 0x15d4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll07:42:28.0543 0x15d4 RpcEptMapper - ok07:42:28.0554 0x15d4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe07:42:28.0556 0x15d4 RpcLocator - ok07:42:28.0578 0x15d4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll07:42:28.0589 0x15d4 RpcSs - ok07:42:28.0602 0x15d4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys07:42:28.0604 0x15d4 rspndr - ok07:42:28.0649 0x15d4 [ 39A719875F572241C585A629EE62EB14, EE42DB11710374A2A97ED5B58A9DA0AECC8AB0DF4DEEAC5970F33046255CE2F9 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys07:42:28.0663 0x15d4 RTL8167 - ok07:42:28.0678 0x15d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe07:42:28.0680 0x15d4 SamSs - ok07:42:28.0712 0x15d4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys07:42:28.0714 0x15d4 sbp2port - ok07:42:28.0731 0x15d4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll07:42:28.0738 0x15d4 SCardSvr - ok07:42:28.0760 0x15d4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys07:42:28.0761 0x15d4 scfilter - ok07:42:28.0823 0x15d4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll07:42:28.0870 0x15d4 Schedule - ok07:42:28.0901 0x15d4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll07:42:28.0904 0x15d4 SCPolicySvc - ok07:42:28.0939 0x15d4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll07:42:28.0948 0x15d4 SDRSVC - ok07:42:28.0959 0x15d4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys07:42:28.0961 0x15d4 secdrv - ok07:42:28.0971 0x15d4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll07:42:28.0976 0x15d4 seclogon - ok07:42:29.0002 0x15d4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll07:42:29.0007 0x15d4 SENS - ok07:42:29.0020 0x15d4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll07:42:29.0025 0x15d4 SensrSvc - ok07:42:29.0029 0x15d4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys07:42:29.0031 0x15d4 Serenum - ok07:42:29.0054 0x15d4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys07:42:29.0057 0x15d4 Serial - ok07:42:29.0067 0x15d4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys07:42:29.0068 0x15d4 sermouse - ok07:42:29.0104 0x15d4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll07:42:29.0112 0x15d4 SessionEnv - ok07:42:29.0116 0x15d4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys07:42:29.0118 0x15d4 sffdisk - ok07:42:29.0131 0x15d4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys07:42:29.0132 0x15d4 sffp_mmc - ok07:42:29.0137 0x15d4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys07:42:29.0138 0x15d4 sffp_sd - ok07:42:29.0145 0x15d4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys07:42:29.0146 0x15d4 sfloppy - ok07:42:29.0185 0x15d4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll07:42:29.0197 0x15d4 SharedAccess - ok07:42:29.0234 0x15d4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll07:42:29.0249 0x15d4 ShellHWDetection - ok07:42:29.0269 0x15d4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys07:42:29.0271 0x15d4 SiSRaid2 - ok07:42:29.0285 0x15d4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys07:42:29.0289 0x15d4 SiSRaid4 - ok07:42:29.0307 0x15d4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys07:42:29.0311 0x15d4 Smb - ok07:42:29.0326 0x15d4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe07:42:29.0332 0x15d4 SNMPTRAP - ok07:42:29.0345 0x15d4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys07:42:29.0346 0x15d4 spldr - ok07:42:29.0395 0x15d4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe07:42:29.0416 0x15d4 Spooler - ok07:42:29.0530 0x15d4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe07:42:29.0584 0x15d4 sppsvc - ok07:42:29.0615 0x15d4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll07:42:29.0619 0x15d4 sppuinotify - ok07:42:29.0654 0x15d4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys07:42:29.0664 0x15d4 srv - ok07:42:29.0682 0x15d4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys07:42:29.0691 0x15d4 srv2 - ok07:42:29.0705 0x15d4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys07:42:29.0709 0x15d4 srvnet - ok07:42:29.0725 0x15d4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll07:42:29.0731 0x15d4 SSDPSRV - ok07:42:29.0744 0x15d4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll07:42:29.0749 0x15d4 SstpSvc - ok07:42:29.0825 0x15d4 [ 81F177C1954453AF407604160BD149CB, D6B05F7E399690233C71C1E4B88F95D566BC6A14D145715A8A8C0FFD591147F0 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe07:42:29.0837 0x15d4 Stereo Service - ok07:42:29.0858 0x15d4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys07:42:29.0860 0x15d4 stexstor - ok07:42:29.0918 0x15d4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll07:42:29.0936 0x15d4 stisvc - ok07:42:29.0953 0x15d4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys07:42:29.0953 0x15d4 swenum - ok07:42:29.0981 0x15d4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll07:42:29.0994 0x15d4 swprv - ok07:42:30.0052 0x15d4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll07:42:30.0105 0x15d4 SysMain - ok07:42:30.0136 0x15d4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll07:42:30.0141 0x15d4 TabletInputService - ok07:42:30.0162 0x15d4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll07:42:30.0175 0x15d4 TapiSrv - ok07:42:30.0215 0x15d4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll07:42:30.0249 0x15d4 TBS - ok07:42:30.0342 0x15d4 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys07:42:30.0372 0x15d4 Tcpip - ok07:42:30.0456 0x15d4 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys07:42:30.0485 0x15d4 TCPIP6 - ok07:42:30.0516 0x15d4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys07:42:30.0518 0x15d4 tcpipreg - ok07:42:30.0527 0x15d4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys07:42:30.0528 0x15d4 TDPIPE - ok07:42:30.0546 0x15d4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys07:42:30.0547 0x15d4 TDTCP - ok07:42:30.0590 0x15d4 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys07:42:30.0595 0x15d4 tdx - ok07:42:30.0611 0x15d4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys07:42:30.0614 0x15d4 TermDD - ok07:42:30.0642 0x15d4 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll07:42:30.0660 0x15d4 TermService - ok07:42:30.0668 0x15d4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll07:42:30.0673 0x15d4 Themes - ok07:42:30.0688 0x15d4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll07:42:30.0691 0x15d4 THREADORDER - ok07:42:30.0703 0x15d4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll07:42:30.0709 0x15d4 TrkWks - ok07:42:30.0759 0x15d4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe07:42:30.0766 0x15d4 TrustedInstaller - ok07:42:30.0796 0x15d4 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys07:42:30.0798 0x15d4 tssecsrv - ok07:42:30.0817 0x15d4 [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys07:42:30.0820 0x15d4 TsUsbFlt - ok07:42:30.0872 0x15d4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys07:42:30.0876 0x15d4 tunnel - ok07:42:30.0889 0x15d4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys07:42:30.0892 0x15d4 uagp35 - ok07:42:30.0934 0x15d4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys07:42:30.0946 0x15d4 udfs - ok07:42:30.0958 0x15d4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe07:42:30.0963 0x15d4 UI0Detect - ok07:42:30.0974 0x15d4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys07:42:30.0975 0x15d4 uliagpkx - ok07:42:31.0000 0x15d4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys07:42:31.0002 0x15d4 umbus - ok07:42:31.0015 0x15d4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys07:42:31.0016 0x15d4 UmPass - ok07:42:31.0035 0x15d4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll07:42:31.0046 0x15d4 upnphost - ok07:42:31.0065 0x15d4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys07:42:31.0067 0x15d4 usbccgp - ok07:42:31.0091 0x15d4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys07:42:31.0094 0x15d4 usbcir - ok07:42:31.0123 0x15d4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys07:42:31.0125 0x15d4 usbehci - ok07:42:31.0168 0x15d4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys07:42:31.0179 0x15d4 usbhub - ok07:42:31.0229 0x15d4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys07:42:31.0230 0x15d4 usbohci - ok07:42:31.0245 0x15d4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys07:42:31.0247 0x15d4 usbprint - ok07:42:31.0265 0x15d4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS07:42:31.0268 0x15d4 USBSTOR - ok07:42:31.0298 0x15d4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys07:42:31.0300 0x15d4 usbuhci - ok07:42:31.0339 0x15d4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll07:42:31.0359 0x15d4 UxSms - ok07:42:31.0417 0x15d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe07:42:31.0421 0x15d4 VaultSvc - ok07:42:31.0434 0x15d4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys07:42:31.0436 0x15d4 vdrvroot - ok07:42:31.0490 0x15d4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe07:42:31.0510 0x15d4 vds - ok07:42:31.0537 0x15d4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys07:42:31.0538 0x15d4 vga - ok07:42:31.0545 0x15d4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys07:42:31.0546 0x15d4 VgaSave - ok07:42:31.0575 0x15d4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys07:42:31.0579 0x15d4 vhdmp - ok07:42:31.0622 0x15d4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys07:42:31.0623 0x15d4 viaide - ok07:42:31.0655 0x15d4 [ 549CD7035F5CF5CEE4DE11539C9715F4, 6FED4D5161420890A92C3B811B4CBD18A1A106D5F5E674166E538E65A1C68E04 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe07:42:31.0657 0x15d4 VMAuthdService - ok07:42:31.0718 0x15d4 [ BE8E5E5D53ACF71D4E8E686B68C99B04, 4F30A360095FCB2627068FA6A65A951688058E8FDDF5CE895E2AE39500A413B1 ] vmci C:\Windows\system32\DRIVERS\vmci.sys07:42:31.0722 0x15d4 vmci - ok07:42:31.0763 0x15d4 [ CCB2A61113D093B9B5CCCF1D60D65E7A, 4459DD26ACF1B7675016B16BA02814E2A35FE862DEDA31AC7110CE2C2E3947AA ] vmkbd2 C:\Windows\system32\drivers\VMkbd.sys07:42:31.0765 0x15d4 vmkbd2 - ok07:42:31.0791 0x15d4 [ 18AA5F4A3B1204AD00045EE5AD39BCDB, 0211A8E94F169A2A52CD39CD580293907EBE104E52038DC36B988DE1CA7F2392 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys07:42:31.0793 0x15d4 VMnetAdapter - ok07:42:31.0820 0x15d4 [ 04CD4347CD9E8C40F78AD51F7FF426D0, BCA3E593E118BCA30142B23CD1CBE6905442D31C3DEB4C71B06D721E601F7BD8 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys07:42:31.0823 0x15d4 VMnetBridge - ok07:42:31.0845 0x15d4 VMnetDHCP - ok07:42:31.0859 0x15d4 [ 668C12E04D5AB4981864B12494AF907F, 20D94E5E060EB04558B39B33A81C989D7F9DB52C7378FECF9D430F1DC385E4E0 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys07:42:31.0862 0x15d4 VMnetuserif - ok07:42:31.0892 0x15d4 [ 344244FC6F299FBE6F09FB0FC7FDEC0C, 97323F17C95846F93C16E757B4C20D47660ED88DD390767BB81ACF6BA5C1566A ] VMparport C:\Windows\system32\drivers\VMparport.sys07:42:31.0894 0x15d4 VMparport - ok07:42:31.0923 0x15d4 [ F347A28F63162FF82BDDAADC14935BA4, 44C11B483CCA161E7097ED74C819464FE99C1E6AA9B1AB6A637BACDA6EF48519 ] vmusb C:\Windows\system32\DRIVERS\vmusb.sys07:42:31.0926 0x15d4 vmusb - ok07:42:31.0983 0x15d4 [ 093B967896BA9EF2ADFCD75E185B9DA9, 3D6F5FF56311D4B506D02F77620B80EDB54E6E560BDF53AC9F3CDBB037D0ACA0 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe07:42:32.0004 0x15d4 VMUSBArbService - ok07:42:32.0009 0x15d4 VMware NAT Service - ok07:42:32.0021 0x15d4 [ EBAC38A198308359FD89C10704265E5E, 7C234FE34D6A65D754F8B2EA0458365997CF97B88779B01551E5227910943224 ] vmx86 C:\Windows\system32\drivers\vmx86.sys07:42:32.0023 0x15d4 vmx86 - ok07:42:32.0029 0x15d4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys07:42:32.0031 0x15d4 volmgr - ok07:42:32.0074 0x15d4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys07:42:32.0080 0x15d4 volmgrx - ok07:42:32.0111 0x15d4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys07:42:32.0115 0x15d4 volsnap - ok07:42:32.0147 0x15d4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys07:42:32.0150 0x15d4 vsmraid - ok07:42:32.0160 0x15d4 [ CB4D2E3C5E8BFA3CF6AFFF6DDC6CC70D, 32A891045AF36FEAC62373894B98ABDCEA437978BDE027169C22EBC2C72D586E ] vsock C:\Windows\system32\drivers\vsock.sys07:42:32.0162 0x15d4 vsock - ok07:42:32.0224 0x15d4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe07:42:32.0273 0x15d4 VSS - ok07:42:32.0286 0x15d4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys07:42:32.0287 0x15d4 vwifibus - ok07:42:32.0314 0x15d4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll07:42:32.0324 0x15d4 W32Time - ok07:42:32.0336 0x15d4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys07:42:32.0337 0x15d4 WacomPen - ok07:42:32.0349 0x15d4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys07:42:32.0350 0x15d4 WANARP - ok07:42:32.0358 0x15d4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys07:42:32.0360 0x15d4 Wanarpv6 - ok07:42:32.0422 0x15d4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe07:42:32.0456 0x15d4 WatAdminSvc - ok07:42:32.0502 0x15d4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe07:42:32.0544 0x15d4 wbengine - ok07:42:32.0561 0x15d4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll07:42:32.0568 0x15d4 WbioSrvc - ok07:42:32.0588 0x15d4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll07:42:32.0598 0x15d4 wcncsvc - ok07:42:32.0606 0x15d4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll07:42:32.0610 0x15d4 WcsPlugInService - ok07:42:32.0616 0x15d4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys07:42:32.0617 0x15d4 Wd - ok07:42:32.0660 0x15d4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys07:42:32.0672 0x15d4 Wdf01000 - ok07:42:32.0685 0x15d4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll07:42:32.0690 0x15d4 WdiServiceHost - ok07:42:32.0694 0x15d4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll07:42:32.0698 0x15d4 WdiSystemHost - ok07:42:32.0723 0x15d4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll07:42:32.0731 0x15d4 WebClient - ok07:42:32.0748 0x15d4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll07:42:32.0755 0x15d4 Wecsvc - ok07:42:32.0765 0x15d4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll07:42:32.0770 0x15d4 wercplsupport - ok07:42:32.0793 0x15d4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll07:42:32.0797 0x15d4 WerSvc - ok07:42:32.0809 0x15d4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys07:42:32.0811 0x15d4 WfpLwf - ok07:42:32.0826 0x15d4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys07:42:32.0828 0x15d4 WIMMount - ok07:42:32.0845 0x15d4 WinDefend - ok07:42:32.0861 0x15d4 WinHttpAutoProxySvc - ok07:42:32.0909 0x15d4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll07:42:32.0920 0x15d4 Winmgmt - ok07:42:33.0006 0x15d4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll07:42:33.0063 0x15d4 WinRM - ok07:42:33.0125 0x15d4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys07:42:33.0128 0x15d4 WinUsb - ok07:42:33.0276 0x15d4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll07:42:33.0309 0x15d4 Wlansvc - ok07:42:33.0324 0x15d4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys07:42:33.0325 0x15d4 WmiAcpi - ok07:42:33.0353 0x15d4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe07:42:33.0358 0x15d4 wmiApSrv - ok07:42:33.0361 0x15d4 WMPNetworkSvc - ok07:42:33.0373 0x15d4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll07:42:33.0381 0x15d4 WPCSvc - ok07:42:33.0425 0x15d4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll07:42:33.0431 0x15d4 WPDBusEnum - ok07:42:33.0444 0x15d4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys07:42:33.0445 0x15d4 ws2ifsl - ok07:42:33.0459 0x15d4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll07:42:33.0464 0x15d4 wscsvc - ok07:42:33.0467 0x15d4 WSearch - ok07:42:33.0559 0x15d4 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll07:42:33.0628 0x15d4 wuauserv - ok07:42:33.0652 0x15d4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys07:42:33.0654 0x15d4 WudfPf - ok07:42:33.0689 0x15d4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys07:42:33.0692 0x15d4 WUDFRd - ok07:42:33.0706 0x15d4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll07:42:33.0712 0x15d4 wudfsvc - ok07:42:33.0745 0x15d4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll07:42:33.0753 0x15d4 WwanSvc - ok07:42:33.0770 0x15d4 ================ Scan global ===============================07:42:33.0782 0x15d4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll07:42:33.0815 0x15d4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll07:42:33.0826 0x15d4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll07:42:33.0852 0x15d4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll07:42:33.0868 0x15d4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe07:42:33.0875 0x15d4 [ Global ] - ok07:42:33.0876 0x15d4 ================ Scan MBR ==================================07:42:33.0881 0x15d4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR007:42:34.0163 0x15d4 \Device\Harddisk0\DR0 - ok07:42:34.0166 0x15d4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR107:42:34.0199 0x15d4 \Device\Harddisk1\DR1 - ok07:42:34.0200 0x15d4 ================ Scan VBR ==================================07:42:34.0204 0x15d4 [ 3F8B44AD7A282A0E54DF03679B18D564 ] \Device\Harddisk0\DR0\Partition107:42:34.0254 0x15d4 \Device\Harddisk0\DR0\Partition1 - ok07:42:34.0256 0x15d4 [ 793D0D2CF9DBDC9D5D31BCF0A71758D4 ] \Device\Harddisk0\DR0\Partition207:42:34.0303 0x15d4 \Device\Harddisk0\DR0\Partition2 - ok07:42:34.0307 0x15d4 [ E1825C85550F91D7007E6166378C31EA ] \Device\Harddisk0\DR0\Partition307:42:34.0341 0x15d4 \Device\Harddisk0\DR0\Partition3 - ok07:42:34.0344 0x15d4 [ 552AEBB7636BF2B96923096BD763A413 ] \Device\Harddisk1\DR1\Partition107:42:34.0422 0x15d4 \Device\Harddisk1\DR1\Partition1 - ok07:42:34.0423 0x15d4 Waiting for KSN requests completion. In queue: 33107:42:35.0423 0x15d4 Waiting for KSN requests completion. In queue: 33107:42:36.0423 0x15d4 Waiting for KSN requests completion. In queue: 33107:42:37.0423 0x15d4 Waiting for KSN requests completion. In queue: 1907:42:38.0423 0x15d4 Waiting for KSN requests completion. In queue: 1907:42:39.0511 0x15d4 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2013.292 ), 0x41000 ( enabled : updated )07:42:39.0516 0x15d4 FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 7.0.53315.4132 ), 0x61010 ( enabled )07:42:42.0696 0x15d4 ============================================================07:42:42.0696 0x15d4 Scan finished07:42:42.0696 0x15d4 ============================================================07:42:42.0702 0x0fa0 Detected object count: 007:42:42.0702 0x0fa0 Actual detected object count: 007:43:21.0948 0x1520 Deinitialize success ESETC:\FRST\Quarantine\C\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbe.xBAD VBS/Agent.NDH wormC:\FRST\Quarantine\C\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbe.xBAD VBS/Agent.NDH wormD:\progsetups\Download\kazaalitekpp210b3e.exe a variant of Generik.LMYDTZQ trojanD:\progsetups\Outros\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi potentially unwanted applicationD:\progsetups\Outros\VMware Workstation-5.5.1 keygen.exe a variant of Win32/Keygen.IH potentially unsafe applicationD:\progsetups\Outros\winscp429setup.exe Win32/OpenCandy potentially unsafe applicationD:\progsetups\System Health\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationD:\progsetups\_Kit Básico\avira_free_antivirus_ptbr.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationD:\progsetups\_Kit Básico\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationD:\progsetups\_Kit Básico\spsetup118.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationD:\___ C médio\Users\eu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ2U5ZGU\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationF:\Download\uplayermediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted applicationF:\progsetups\Download\kazaalitekpp210b3e.exe a variant of Generik.LMYDTZQ trojanF:\progsetups\Outros\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi potentially unwanted applicationF:\progsetups\Outros\VMware Workstation-5.5.1 keygen.exe a variant of Win32/Keygen.IH potentially unsafe applicationF:\progsetups\Outros\winscp429setup.exe Win32/OpenCandy potentially unsafe applicationF:\progsetups\System Health\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationF:\progsetups\_Kit Básico\avira_free_antivirus_ptbr.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationF:\progsetups\_Kit Básico\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationF:\progsetups\_Kit Básico\spsetup118.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationF:\___ C médio\Users\eu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ2U5ZGU\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application Link to post Share on other sites More sharing options...
Psychotic Posted April 10, 2014 ID:816310 Share Posted April 10, 2014 Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machineHaving said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up. Link to post Share on other sites More sharing options...
boxit Posted April 10, 2014 Author ID:816384 Share Posted April 10, 2014 Psychotic,I apologise for using cracked software, and I must say I agree with every word in your previous post. Totaly. But please, allow me an explanation.First of all, I'm not CURRENTLY using ANY cracked software. Not that I know (I'm not the only one using this computer though). I DID used it in the past, many years ago, and the installation file is really there, in my HD, but it's NOT installed. That's not and an excuse for having it, just and explanation about WHY it's there if agree with you. I have a paid Windows license, a paid Office license, and most of the software I use are free.And yes, I'll remove the little cracked bastard as soon as I get home, you have my word on that.But please. let's take a closer look in the last post results, ok? TDSS-Killer logs said nothing to me, but most of ESET logs are false positives. See below:1) Those lines refer to virus that got inside my flashdrive from a public computer (in a library), I never installed it. Those are reports from FRST, probably consequence of FRST fix.C:\FRST\Quarantine\C\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbe.xBAD VBS/Agent.NDH wormC:\FRST\Quarantine\C\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbe.xBAD VBS/Agent.NDH worm2) Those are free software, I've never cracked'emD:\progsetups\Download\kazaalitekpp210b3e.exe a variant of Generik.LMYDTZQ trojanD:\progsetups\Outros\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi potentially unwanted application3) This is, indeed, the only one I recognise as cracked, and I'll delete it.D:\progsetups\Outros\VMware Workstation-5.5.1 keygen.exe a variant of Win32/Keygen.IH potentially unsafe application4) Those are free software, I've never cracked'emD:\progsetups\Outros\winscp429setup.exe Win32/OpenCandy potentially unsafe applicationD:\progsetups\System Health\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationD:\progsetups\_Kit Básico\avira_free_antivirus_ptbr.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationD:\progsetups\_Kit Básico\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationD:\progsetups\_Kit Básico\spsetup118.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application5) This is from an old backup; and it's from IE Temporary Internet Files, anyway. There is no crack there.D:\___ C médio\Users\eu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ2U5ZGU\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application6) "F" is my backup disk. I don't remember installing uplayermediaplayer-setup.exe and I see this file reported as malicious in the internet, but it surely isn't cracked. Anyway... I'll delete it too.F:\Download\uplayermediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application7) Those are just copies from the previous findings (as I said, "F" is my backup disk, so everything is there)F:\progsetups\Download\kazaalitekpp210b3e.exe a variant of Generik.LMYDTZQ trojanF:\progsetups\Outros\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi potentially unwanted applicationF:\progsetups\Outros\VMware Workstation-5.5.1 keygen.exe a variant of Win32/Keygen.IH potentially unsafe applicationF:\progsetups\Outros\winscp429setup.exe Win32/OpenCandy potentially unsafe applicationF:\progsetups\System Health\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationF:\progsetups\_Kit Básico\avira_free_antivirus_ptbr.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationF:\progsetups\_Kit Básico\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationF:\progsetups\_Kit Básico\spsetup118.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationF:\___ C médio\Users\eu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ2U5ZGU\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationSo, in the end, all I've seen is one cracking software (that I'll remove) but that has not been in use for years (it reports to VMware Workstation-5.5.1... updated version of this file is 10.0!).If you have seen any other cracking/cracked file in those reports, please tell me. I'm really not aware of anything else, and I'll be glad to get rid of it.That said, I ask you to please keep helping me with this issue.And thank you very much for your time and effort. Link to post Share on other sites More sharing options...
Psychotic Posted April 10, 2014 ID:816407 Share Posted April 10, 2014 Hi there, when we see any evidence for cracked software, we post the text above. It makes no difference if it is one ore more lines.Thank your for your understanding - let´s proceed: D:\progsetups\Outros\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi potentially unwanted applicationD:\progsetups\Outros\VMware Workstation-5.5.1 keygen.exe a variant of Win32/Keygen.IH potentially unsafe applicationD:\progsetups\Outros\winscp429setup.exe Win32/OpenCandy potentially unsafe applicationD:\progsetups\System Health\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationD:\progsetups\_Kit Básico\avira_free_antivirus_ptbr.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationD:\progsetups\_Kit Básico\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationD:\progsetups\_Kit Básico\spsetup118.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationD:\___ C médio\Users\eu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ2U5ZGU\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationF:\Download\uplayermediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted applicationF:\progsetups\Outros\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi potentially unwanted applicationF:\progsetups\Outros\VMware Workstation-5.5.1 keygen.exe a variant of Win32/Keygen.IH potentially unsafe applicationF:\progsetups\Outros\winscp429setup.exe Win32/OpenCandy potentially unsafe applicationF:\progsetups\System Health\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationF:\progsetups\_Kit Básico\avira_free_antivirus_ptbr.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationF:\progsetups\_Kit Básico\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationF:\progsetups\_Kit Básico\spsetup118.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationF:\___ C médio\Users\eu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ2U5ZGU\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationThese files aren´t malware but contain security risks. I would delete them immediately - your choice. D:\progsetups\Download\kazaalitekpp210b3e.exe a variant of Generik.LMYDTZQ trojanF:\progsetups\Download\kazaalitekpp210b3e.exe a variant of Generik.LMYDTZQ trojanThese filese are definitely malicious - please delete them both. Then we can do the cleanup - if you are facing any issues, report that immediately.Delete junk with adwCleanerPlease download AdwCleaner to your desktop.Run adwcleaner.exe Hit Scan and wait for the scan to finish. Confirm the message but don´t uncheck anything. Hit Clean When the run is finished, it will open up a text file Please post its contents within your next reply You´ll find the log file at C:\AdwCleaner[s1].txt alsoDelete junk with JRT Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.SecurityCheckReboot your system before starting!Please download SecurityCheck: LINK1 LINK2Save it to your desktop, start it and follow the instructions in the window. After the scan finished the (checkup.txt) will open. Copy its content to your thread. Link to post Share on other sites More sharing options...
boxit Posted April 12, 2014 Author ID:817388 Share Posted April 12, 2014 Here we go:---AdCleaner:# AdwCleaner v3.023 - Relatório criado 11/04/2014 às 09:11:49# Atualizado 01/04/2014 por Xplode# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)# Usuário : eu - HOME# Executando de : D:\Download\adwcleaner.exe# Opção : Limpar ***** [ Serviços ] ***** ***** [ Arquivos / Pastas ] ***** Pasta Deletada : C:\ProgramData\boost_interprocessPasta Deletada : C:\Users\eu\AppData\Local\PackageAwareArquivo Deletada : C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\.autoreg ***** [ Atalhos ] ***** ***** [ Registro ] ***** ***** [ Navegadores ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v28.0 (pt-BR) [ Arquivo : C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\prefs.js ] Linha deletada : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1395511029623"); -\\ Google Chrome v34.0.1847.116 [ Arquivo : C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1327 octets] - [11/04/2014 09:04:21]AdwCleaner[R1].txt - [1265 octets] - [11/04/2014 09:06:55]AdwCleaner[s0].txt - [1179 octets] - [11/04/2014 09:11:49] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1239 octets] ########## JRT~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 7 Home Premium x64Ran by eu on 12/04/2014 at 9:12:56,03~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\privdogservice ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\eu\AppData\Roaming\mozilla\firefox\profiles\mnr47gzx.default\minidumps [8 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 12/04/2014 at 9:35:47,49End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SecurityCheck Results of screen317's Security Check version 0.99.81 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 51 Adobe Flash Player 12.0.0.77 Adobe Reader XI Mozilla Firefox (28.0) Google Chrome 33.0.1750.154 Google Chrome 34.0.1847.116 ````````Process Check: objlist.exe by Laurent```````` Comodo Firewall cmdagent.exe NVIDIA Corporation PhysX Common AvastSvc.exe -?- AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Psychotic Posted April 13, 2014 ID:817761 Share Posted April 13, 2014 Your system is clean now! Uninstall our tools using delfixPlease follow these steps in order: In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed. In any case please download delfix to your desktop. Close all other programms and start delfix. Please check all the boxes and run the tool. delfix will now delete all found traces of our removal process [*] If there is still something left please delete it manualy. Recommendations: How to protect yourselfSystem UpdatesPlease ensure to have automatic updates activated in your control panel.For further information and a tutorial, see this Microsoft Support article. ProtectionWhat you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.To keep your browser free of advertising, you may install the Adblock Plus browser extension.It will filter unwanted advertising out of the website´s content. To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.In addition, before accessing a dangerous classified web site, a warning screen is displayed. [*]Up to date SoftwareKeep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:Secunia Personal Software Inspector - checks if your software has updates available. SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software. Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser. [*]BackupHardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]BehaviourThe commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware. Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything. When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system. Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Link to post Share on other sites More sharing options...
boxit Posted April 14, 2014 Author ID:818066 Share Posted April 14, 2014 Thank you very much!!And I have just installed AdBlock and WOT, to keep things running! Link to post Share on other sites More sharing options...
Psychotic Posted April 14, 2014 ID:818104 Share Posted April 14, 2014 You´re welcome! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 16, 2014 Root Admin ID:819476 Share Posted April 16, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts