Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several Antivirus don't work, strange .exe in User folder


  • Please log in to reply
29 replies to this topic

#1 Logan91

Logan91

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 26 May 2012 - 06:24 AM

Hi, first post here...

So I have had this problem for a few days. I had ESET Smart Security 5 64-bit and all of a sudden it stopped working and advised me to reinstall, I uninstalled and when I tried to install it again it would just start reverting the installation midway through, so I decided to download Avast, installed fine but none of the shields work.

This week I found an .exe called "69p20cfih3.exe" in my User folder (C:\Users\Usuario), it's 37,5KB big, created on May 16, 2012. I assume it's just a randomized name since Google turns out nothing. It's set to start with Windows in msconfig, and I can't disable it, I can't delete the .exe (I need administrative rights, even though I'm in a Administrator account. There's a key in regedit HKEY_Current_User/User/Software/Microsoft/Windows/CurrentVersion/Run with the file's name, deleting it works but after rebooting it's there again. Sometimes I can close the application in Task Manager, other times I can't. Malwarebytes doesn't detect it as virus, neither Kaspersky online scan, neither ESET online scan, I downloaded a rootkit scan tool from McAffee, it detects lots of stuff but they're just there again when I run it another time. Avast in safe mode works, interestingly if I copy 69p20cfih3.exe and change its extension to .txt I can read weird lines in the file like

k PropVariantChangeType PROPSYS.dll ËHeapAlloc ÍHeapCreate Ñ DeleteCriticalSection 9LeaveCriticalSection ìInterlockedExchange hGetACP ^SetFileAttributesA î EnterCriticalSection âInitializeCriticalSection ÏHeapFree ÎHeapDestroy GetLastError ØGetEnvironmentStrings GetModuleHandleA bGetStartupInfoA ÒGetDriveTypeA KERNEL32.dll

And when running a scan with ComboFix in safe mode it detects the .txt file as a virus, but not the .exe!

Other than that my normal PC using isn't affected at all, no PC usage hit noticeable and no slow internet, nothing, still I can't use my PC without an antivirus running, there could be worse viruses out there.

Sorry for the long post, tried to be as detailed as possible.

[Moderator edit: post moved to more appropriate forum. jgw]

Edited by jgweed, 26 May 2012 - 07:06 AM.


BC AdBot (Login to Remove)

 


#2 JColt

JColt

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 26 May 2012 - 10:29 AM

Try this http://answers.microsoft.com/en-us/windows/forum/windows_7-security/cannot-delete-69p20cfih3exe-possible-virustrojan/af523650-ffb8-4baf-8064-c543b0d72304

Change file name to your info.

example

C:\Users\Scott_Gage\69p20cfih3.exe to C:\Users\Usuario\69p20cfih3.exe

#3 Logan91

Logan91
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 26 May 2012 - 05:37 PM

I deleted it with CMD, and just in case I created a .txt named 69p... and changed its extension to .exe, setting it to Read Only. Deleted it from msconfig and the registry, after rebooting my file is still there and it doesn't boot with Windows. Still Avast doesn't work, I'll try reinstalling ESET

EDIT: Nope, I can't reinstall ESET, I'm still left with no antivirus running :/

Edited by Logan91, 26 May 2012 - 05:40 PM.


#4 JColt

JColt

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 26 May 2012 - 06:44 PM

Can you install Microsoft security essentials and run a full scan?

#5 Logan91

Logan91
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 27 May 2012 - 04:09 AM

After more than 1 hour of updating, MSE real-time protection doesn't work, scans do work, running a full scan now. But this probably will still leave me with no real-time antivirus protection.

Edited by Logan91, 27 May 2012 - 04:15 AM.


#6 JColt

JColt

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 27 May 2012 - 07:25 AM

Is realtime protection enabled in settings? Did eset get properly uninstalled?

(copied from Eset)

Click Start All Programs ESET Uninstall.

After completing the uninstallation, you will need to restart your computer.

After restarting, confirm that you can see hidden files and folders by clicking Start Control Panel Folder Options View and select the Show hidden files and folders option.

Click Start My Computer and navigate to and delete the following folders:

C:\Program Files\ESET
C:\Documents and Settings\All Users\Application Data\ESET
C:\Documents and Settings\%USER%\Application Data\ESET

Windows Vista and Windows 7 Users must delete the following folders:

C:\Program Files\ESET
C:\ProgramData\ESET

#7 Logan91

Logan91
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 27 May 2012 - 09:41 AM

Yeah I ran ESET's uninstaller tool which you have to run in safe mode, it said it was uninstalled and those folders are gone. OK MSE detected five threats (after almost 4 hours of running a full scan, even with a six-core CPU, but they're all from No-CD and keygen .EXEs for games, 99% sure they're false positives, still I quarentined them. MSE says "Real-time protection is turned off you should turn it on", I press TURN ON, and after some 30 secs it says "Security Essentials couldn't turn on real-time protection", and a message in spanish (my OS language) suggesting a time-out. If I click on details it says "Error code 0x800705b4" and yes the box in settings is checked "Turn on real-time protection"

I'm pretty convinced this is a rootkit. Maybe restoring the system to the day before that 69p... exe got created? I only installed some games and I assume music/stuff downloaded doesn't get deleted.

Edited by Logan91, 27 May 2012 - 09:46 AM.


#8 JColt

JColt

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 27 May 2012 - 06:23 PM

Correct, Your music and downloads will be fine.

#9 Logan91

Logan91
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 28 May 2012 - 08:54 AM

I'd actually prefer not to, so I have an invinsible rootkit/malware that disables ANY antivirus? Shouldn't I start posting logs and whatnot to see exactly what I have?

Edited by Logan91, 28 May 2012 - 08:58 AM.


#10 Logan91

Logan91
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 03 June 2012 - 09:07 PM

So any help here? Should I post in the "Not replied in 3 days" thread? :(

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 03 June 2012 - 09:18 PM

Hello// lets see if we can get in...
This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.

FixNCR.reg

insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Logan91

Logan91
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 05 June 2012 - 11:22 AM

Sorry for being late, thanks for the reply, I'll do all that later tonight!

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 05 June 2012 - 01:31 PM

I'll check back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Logan91

Logan91
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 13 June 2012 - 10:07 AM

Here's the MiniToolBox result, there's stuff in spanish I don't know how you'll understand. I'm doing the rest of the stuff now

MiniToolBox by Farbar Version: 09-06-2012
Ran by Usuario (administrator) on 13-06-2012 at 12:00:09
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Conexión de área local (Connected)


# ----------------------------------
# Configuración de IPv4
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# Fin de la configuración de IPv4



Configuraci¢n IP de Windows

Nombre de host. . . . . . . . . : Logan
Sufijo DNS principal . . . . . :
Tipo de nodo. . . . . . . . . . : h¡brido
Enrutamiento IP habilitado. . . : no
Proxy WINS habilitado . . . . . : no

Adaptador de Ethernet Conexi¢n de  rea local:

Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Direcci¢n f¡sica. . . . . . . . . . . . . : 54-04-A6-F1-E2-4A
DHCP habilitado . . . . . . . . . . . . . : s¡
Configuraci¢n autom tica habilitada . . . : s¡
V¡nculo: direcci¢n IPv6 local. . . : fe80::f8c7:f4b1:d82f:d54b%11(Preferido)
Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.100(Preferido)
M scara de subred . . . . . . . . . . . . : 255.255.255.0
Concesi¢n obtenida. . . . . . . . . . . . : mi‚rcoles, 13 de junio de 2012 02:19:16 a.m.
La concesi¢n expira . . . . . . . . . . . : s bado, 23 de junio de 2012 02:19:15 a.m.
Puerta de enlace predeterminada . . . . . : 192.168.1.1
Servidor DHCP . . . . . . . . . . . . . . : 192.168.1.1
IAID DHCPv6 . . . . . . . . . . . . . . . : 240387238
DUID de cliente DHCPv6. . . . . . . . . . : 00-01-00-01-17-03-9E-3A-54-04-A6-F1-E2-4A
Servidores DNS. . . . . . . . . . . . . . : 192.168.1.1
NetBIOS sobre TCP/IP. . . . . . . . . . . : habilitado

Adaptador de t£nel isatap.{DC794F30-8E02-40C7-9411-830F137786A6}:

Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft
Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuraci¢n autom tica habilitada . . . : s¡

Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuraci¢n autom tica habilitada . . . : s¡
Servidor: UnKnown
Address: 192.168.1.1

Nombre: google.com
Addresses: 2607:f8b0:4008:803::1003
173.194.37.2
173.194.37.4
173.194.37.5
173.194.37.6
173.194.37.3
173.194.37.14
173.194.37.9
173.194.37.0
173.194.37.1
173.194.37.7
173.194.37.8


Haciendo ping a google.com [173.194.37.4] con 32 bytes de datos:
Respuesta desde 173.194.37.4: bytes=32 tiempo=221ms TTL=50
Respuesta desde 173.194.37.4: bytes=32 tiempo=221ms TTL=50

Estad¡sticas de ping para 173.194.37.4:
Paquetes: enviados = 2, recibidos = 2, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
M¡nimo = 221ms, M ximo = 221ms, Media = 221ms
Servidor: UnKnown
Address: 192.168.1.1

Nombre: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Haciendo ping a yahoo.com [209.191.122.70] con 32 bytes de datos:
Respuesta desde 209.191.122.70: bytes=32 tiempo=229ms TTL=51
Respuesta desde 209.191.122.70: bytes=32 tiempo=239ms TTL=51

Estad¡sticas de ping para 209.191.122.70:
Paquetes: enviados = 2, recibidos = 2, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
M¡nimo = 229ms, M ximo = 239ms, Media = 234ms
Servidor: UnKnown
Address: 192.168.1.1

Nombre: bleepingcomputer.com
Address: 208.43.87.2


Haciendo ping a bleepingcomputer.com [208.43.87.2] con 32 bytes de datos:
Respuesta desde 208.43.87.2: Host de destino inaccesible.
Respuesta desde 208.43.87.2: Host de destino inaccesible.

Estad¡sticas de ping para 208.43.87.2:
Paquetes: enviados = 2, recibidos = 2, perdidos = 0
(0% perdidos),

Haciendo ping a 127.0.0.1 con 32 bytes de datos:
Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128
Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128

Estad¡sticas de ping para 127.0.0.1:
Paquetes: enviados = 2, recibidos = 2, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
M¡nimo = 0ms, M ximo = 0ms, Media = 0ms
===========================================================================
ILista de interfaces
11...54 04 a6 f1 e2 4a ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Adaptador ISATAP de Microsoft
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Tabla de enrutamiento
===========================================================================
Rutas activas:
Destino de red Máscara de red Puerta de enlace Interfaz Métrica
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 En vínculo 127.0.0.1 306
127.0.0.1 255.255.255.255 En vínculo 127.0.0.1 306
127.255.255.255 255.255.255.255 En vínculo 127.0.0.1 306
192.168.1.0 255.255.255.0 En vínculo 192.168.1.100 276
192.168.1.100 255.255.255.255 En vínculo 192.168.1.100 276
192.168.1.255 255.255.255.255 En vínculo 192.168.1.100 276
224.0.0.0 240.0.0.0 En vínculo 127.0.0.1 306
224.0.0.0 240.0.0.0 En vínculo 192.168.1.100 276
255.255.255.255 255.255.255.255 En vínculo 127.0.0.1 306
255.255.255.255 255.255.255.255 En vínculo 192.168.1.100 276
===========================================================================
Rutas persistentes:
Ninguno

IPv6 Tabla de enrutamiento
===========================================================================
Rutas activas:
Cuando destino de red métrica Puerta de enlace
1 306 ::1/128 En vínculo
11 276 fe80::/64 En vínculo
11 276 fe80::f8c7:f4b1:d82f:d54b/128
En vínculo
1 306 ff00::/8 En vínculo
11 276 ff00::/8 En vínculo
===========================================================================
Rutas persistentes:
Ninguno
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/13/2012 11:59:55 AM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/12/2012 02:20:17 PM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/12/2012 01:01:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2012 08:24:25 AM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/10/2012 02:51:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2012 05:02:18 AM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/08/2012 09:19:40 AM) (Source: Application Hang) (User: )
Description: El programa Audition.exe, versión 3.0.7283.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: bc0

Hora de inicio: 01cd4570b254b96e

Hora de finalización: 20

Ruta de acceso de la aplicación: C:\Program Files (x86)\Adobe\Adobe Audition 3.0\Audition.exe

Identificador de informe: 36464bfb-b164-11e1-af5c-5404a6f1e24a

Error: (06/08/2012 09:17:37 AM) (Source: Application Hang) (User: )
Description: El programa Audition.exe, versión 3.0.7283.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 660

Hora de inicio: 01cd45702937e3f0

Hora de finalización: 26

Ruta de acceso de la aplicación: C:\Program Files (x86)\Adobe\Adobe Audition 3.0\Audition.exe

Identificador de informe: e6181e55-b163-11e1-af5c-5404a6f1e24a

Error: (06/08/2012 09:13:46 AM) (Source: Application Hang) (User: )
Description: El programa Audition.exe, versión 3.0.7283.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 95c

Hora de inicio: 01cd456fe7cf6577

Hora de finalización: 15

Ruta de acceso de la aplicación: C:\Program Files (x86)\Adobe\Adobe Audition 3.0\Audition.exe

Identificador de informe: 63e9e6d5-b163-11e1-af5c-5404a6f1e24a

Error: (06/08/2012 06:33:09 AM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (06/13/2012 01:10:22 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1325.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\Servicio de red

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/13/2012 01:10:22 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1325.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\Servicio de red

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/13/2012 01:10:22 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1325.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\Servicio de red

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/13/2012 01:10:22 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1325.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\Servicio de red

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/13/2012 01:10:05 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1325.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\Servicio de red

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/13/2012 01:10:05 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1325.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\Servicio de red

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/13/2012 01:10:05 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1325.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\Servicio de red

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/13/2012 01:10:05 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1325.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\Servicio de red

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/13/2012 01:09:48 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1325.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/12/2012 01:10:24 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1325.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\Servicio de red

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (06/13/2012 11:59:55 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Usuario\Downloads\esetsmartinstaller_enu.exe

Error: (06/12/2012 02:20:17 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/12/2012 01:01:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2012 08:24:25 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/10/2012 02:51:51 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2012 05:02:18 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Usuario\Downloads\esetsmartinstaller_enu.exe

Error: (06/08/2012 09:19:40 AM) (Source: Application Hang)(User: )
Description: Audition.exe3.0.7283.0bc001cd4570b254b96e20C:\Program Files (x86)\Adobe\Adobe Audition 3.0\Audition.exe36464bfb-b164-11e1-af5c-5404a6f1e24a

Error: (06/08/2012 09:17:37 AM) (Source: Application Hang)(User: )
Description: Audition.exe3.0.7283.066001cd45702937e3f026C:\Program Files (x86)\Adobe\Adobe Audition 3.0\Audition.exee6181e55-b163-11e1-af5c-5404a6f1e24a

Error: (06/08/2012 09:13:46 AM) (Source: Application Hang)(User: )
Description: Audition.exe3.0.7283.095c01cd456fe7cf657715C:\Program Files (x86)\Adobe\Adobe Audition 3.0\Audition.exe63e9e6d5-b163-11e1-af5c-5404a6f1e24a

Error: (06/08/2012 06:33:09 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe


=========================== Installed Programs ============================

'Batman Arkham Asylum'
'Dead Space™ 2'
'Need for Speed Hot Pursuit' (v.1.0)
????:???? (Version: 1.0.0.0)
7-Zip 9.20
Adobe AIR (Version: 2.5.0.16600)
Adobe Audition 3.0 (Version: 3.0)
Adobe Audition 3.0 Vista Compatibility
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Flash Player 10 Plugin (Version: 10.1.102.64)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Alan Wake version 1.0 (Version: 1.0)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.898.1)
AMD Catalyst Install Manager (Version: 3.0.868.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0309.43.976)
AMD Media Foundation Decoders (Version: 1.0.70309.0018)
AMD VISION Engine Control Center (Version: 2012.0309.43.976)
Antares Autotune VST v5.09
ASIO4ALL
ATI AVIVO64 Codecs (Version: 11.6.0.10112)
Batman: Arkham Asylum (Version: 1.0.0.0)
Battlefield 2™
Battlefield 3 version 1.0 (Version: 1.0)
Bf2SP64 2.32
Binary Domain version 1.02 (Version: 1.02)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.36)
BlackBerry Device Software Updater (Version: 6.0.1.37)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0309.43.976)
Catalyst Control Center InstallProxy (Version: 2012.0309.43.976)
Catalyst Control Center Localization All (Version: 2012.0309.43.976)
ccc-utility64 (Version: 2012.0309.43.976)
CCC Help Chinese Standard (Version: 2012.0309.0042.976)
CCC Help Chinese Traditional (Version: 2012.0309.0042.976)
CCC Help Czech (Version: 2012.0309.0042.976)
CCC Help Danish (Version: 2012.0309.0042.976)
CCC Help Dutch (Version: 2012.0309.0042.976)
CCC Help English (Version: 2012.0309.0042.976)
CCC Help Finnish (Version: 2012.0309.0042.976)
CCC Help French (Version: 2012.0309.0042.976)
CCC Help German (Version: 2012.0309.0042.976)
CCC Help Greek (Version: 2012.0309.0042.976)
CCC Help Hungarian (Version: 2012.0309.0042.976)
CCC Help Italian (Version: 2012.0309.0042.976)
CCC Help Japanese (Version: 2012.0309.0042.976)
CCC Help Korean (Version: 2012.0309.0042.976)
CCC Help Norwegian (Version: 2012.0309.0042.976)
CCC Help Polish (Version: 2012.0309.0042.976)
CCC Help Portuguese (Version: 2012.0309.0042.976)
CCC Help Russian (Version: 2012.0309.0042.976)
CCC Help Spanish (Version: 2012.0309.0042.976)
CCC Help Swedish (Version: 2012.0309.0042.976)
CCC Help Thai (Version: 2012.0309.0042.976)
CCC Help Turkish (Version: 2012.0309.0042.976)
CDBurnerXP (Version: 4.4.0.3018)
Compresor WinRAR
CoreAVC Professional Edition (remove only)
Counter-Strike: Source
Cry Of Fear, âåðñèÿ Cry Of Fear 1.2 (Version: Cry Of Fear 1.2)
Dead Space™ (Version: 1.0.222.0)
Doom 3 (Version: 1.00.0000)
Driver San Francisco (Version: 1.1.0.0)
Driver San Francisco version 1.0 (Version: 1.0)
ESET Antivirus License Finder (MiNODLogin) (Version: 3.9.6.1)
ESET Online Scanner v3
EVEREST Ultimate Edition v4.60 (Version: 4.60)
F.E.A.R. Extraction Point (Version: 1.0)
FEAR (Version: 1.00.0000)
FEAR Perseus Mandate (Version: 1.00.0000)
ffdshow x64 v1.1.4399 [2012-03-22] (Version: 1.1.4399.0)
FL Studio 8
Foxit Reader
Fraps (remove only)
Game Booster 3 (Version: 3.4)
Gears of War
Gears of War (Version: 1.00.0000)
Google Update Helper (Version: 1.3.21.111)
Grand Theft Auto IV (Version: 1.0.0013.131)
Grand Theft Auto IV (Version: 1.00.0000)
Guitar Pro 5.2
Haali Media Splitter
HydraVision (Version: 4.2.184.0)
IL Download Manager
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 23 (Version: 6.0.230)
JDownloader 0.9 (Version: 0.9)
Last.fm 1.5.4.27091
Left 4 Dead 2
Line 6 Uninstaller (Version: )
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Max Payne 3 (Version: 1.0.0.0)
Max Payne 3 version 1.02 (Version: 1.02)
Media Player Classic - Home Cinema 1.6.0.4014 x64 (Version: 1.6.0.4014)
Metro 2033
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile ESN Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended ESN Language Pack (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 2.0.672.0)
Microsoft Office Access MUI (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.0.50401.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mirror's Edge
Mozilla Firefox 12.0 (x86 es-ES) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
Native Instruments Absynth 5 (Version: 5.0.0.829)
Native Instruments Service Center (Version: 2.2.0.367)
Need for Speed The Run version 1.0 (Version: 1.0)
NVIDIA PhysX (Version: 9.10.0223)
OpenAL
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (Version: 4.0.30319)
Paquete de idioma de Microsoft .NET Framework 4 Extended ESN (Version: 4.0.30319)
PoiZone
Portal 2
Pro Evolution Soccer 2012 (Version: 1.00.0000)
Quake Live Mozilla Plugin (Version: 1.0.491)
Realtek High Definition Audio Driver (Version: 6.0.1.6402)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (Version: v2.24 MSI Master Overclocking Arena 2009 edition)
Rockstar Games Social Club (Version: 1.0.9.5)
SharpKeys
Sniper Elite V2 version Repack por abrapalom (Version: Repack por abrapalom)
Sonnox Oxford Inflator Native VST v1.5.1
Sonnox Oxford Limiter Native VST v1.1.1
Sonnox Oxford R3 Dynamics Native VST v1.3.1
Sonnox Oxford R3 EQ Native VST v1.6.1
Sonnox Oxford Reverb Native VST v1.0
Spider-Man™ - Shattered Dimensions version 1.0 (Version: 1.0)
Superior Drummer Installer (Version: 2.2.1)
SWAT 4 (Version: 1.0.31763)
System Requirements Lab CYRI (Version: 4.5.1.0)
Toxic Biohazard
Trilogy
TweetDeck (Version: 0.38.2)
Ultra Video Joiner 5.6.0509
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Wondershare DVD Slideshow Builder Deluxe(Build 6.1.5.50) (Version: 6.1.5.50)

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 8174.12 MB
Available physical RAM: 6596.08 MB
Total Pagefile: 16346.43 MB
Available Pagefile: 14373.57 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.9 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:28.1 GB) NTFS
2 Drive d: () (Fixed) (Total:232.88 GB) (Free:58.58 GB) NTFS
4 Drive f: (Max Payne 3) (CDROM) (Total:10.21 GB) (Free:0 GB) UDF

========================= Users: ========================================

Cuentas de usuario de \\LOGAN

Administrador Invitado Usuario
Se ha completado el comando correctamente.


**** End of log ****


TDSSKiller report, btw when I started it up it said "No driver found"
12:30:21.0169 4504 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
12:30:22.0084 4504 ============================================================
12:30:22.0084 4504 Current date / time: 2012/06/13 12:30:22.0084
12:30:22.0084 4504 SystemInfo:
12:30:22.0085 4504
12:30:22.0085 4504 OS Version: 6.1.7601 ServicePack: 1.0
12:30:22.0085 4504 Product type: Workstation
12:30:22.0085 4504 ComputerName: LOGAN
12:30:22.0085 4504 UserName: Usuario
12:30:22.0085 4504 Windows directory: C:\Windows
12:30:22.0085 4504 System windows directory: C:\Windows
12:30:22.0085 4504 Running under WOW64
12:30:22.0085 4504 Processor architecture: Intel x64
12:30:22.0085 4504 Number of processors: 6
12:30:22.0085 4504 Page size: 0x1000
12:30:22.0085 4504 Boot type: Normal boot
12:30:22.0085 4504 ============================================================
12:30:31.0823 4504 !crdlk
12:30:31.0853 4504 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
12:30:31.0898 4504 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
12:30:31.0921 4504 ============================================================
12:30:31.0921 4504 \Device\Harddisk0\DR0:
12:30:31.0930 4504 MBR partitions:
12:30:31.0930 4504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:30:31.0930 4504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
12:30:31.0930 4504 \Device\Harddisk1\DR1:
12:30:31.0930 4504 MBR partitions:
12:30:31.0930 4504 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
12:30:31.0930 4504 ============================================================
12:30:31.0945 4504 C: <-> \Device\Harddisk0\DR0\Partition1
12:30:31.0967 4504 D: <-> \Device\Harddisk1\DR1\Partition0
12:30:31.0967 4504 ============================================================
12:30:31.0967 4504 Initialize success
12:30:31.0967 4504 ============================================================
12:30:53.0612 3212 ============================================================
12:30:53.0612 3212 Scan started
12:30:53.0612 3212 Mode: Manual; TDLFS;
12:30:53.0612 3212 ============================================================
12:30:54.0128 3212 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:30:54.0131 3212 1394ohci - ok
12:30:54.0163 3212 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:30:54.0166 3212 ACPI - ok
12:30:54.0183 3212 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:30:54.0184 3212 AcpiPmi - ok
12:30:54.0263 3212 Adobe LM Service (4ae327c9c375d985ff2a2aab92765218) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
12:30:54.0265 3212 Adobe LM Service - ok
12:30:54.0308 3212 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:30:54.0313 3212 adp94xx - ok
12:30:54.0371 3212 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:30:54.0375 3212 adpahci - ok
12:30:54.0410 3212 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:30:54.0412 3212 adpu320 - ok
12:30:54.0455 3212 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:30:54.0456 3212 AeLookupSvc - ok
12:30:54.0508 3212 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:30:54.0513 3212 AFD - ok
12:30:54.0543 3212 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:30:54.0544 3212 agp440 - ok
12:30:54.0570 3212 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:30:54.0572 3212 ALG - ok
12:30:54.0594 3212 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:30:54.0595 3212 aliide - ok
12:30:54.0636 3212 AMD External Events Utility (2aed9a422ea1574c7d7ef9359a417718) C:\Windows\system32\atiesrxx.exe
12:30:54.0638 3212 AMD External Events Utility - ok
12:30:54.0712 3212 AMD FUEL Service - ok
12:30:54.0733 3212 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:30:54.0733 3212 amdide - ok
12:30:54.0755 3212 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
12:30:54.0757 3212 amdiox64 - ok
12:30:54.0778 3212 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:30:54.0779 3212 AmdK8 - ok
12:30:55.0111 3212 amdkmdag (bfa5e854959d5546d8834ca61f4ad075) C:\Windows\system32\DRIVERS\atikmdag.sys
12:30:55.0241 3212 amdkmdag - ok
12:30:55.0340 3212 amdkmdap (92d664fffcd9e742fb25254f7f458d88) C:\Windows\system32\DRIVERS\atikmpag.sys
12:30:55.0343 3212 amdkmdap - ok
12:30:55.0384 3212 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:30:55.0384 3212 AmdPPM - ok
12:30:55.0430 3212 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:30:55.0432 3212 amdsata - ok
12:30:55.0463 3212 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:30:55.0465 3212 amdsbs - ok
12:30:55.0487 3212 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:30:55.0487 3212 amdxata - ok
12:30:55.0558 3212 AODDriver4.1 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
12:30:55.0559 3212 AODDriver4.1 - ok
12:30:55.0599 3212 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:30:55.0600 3212 AppID - ok
12:30:55.0637 3212 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:30:55.0638 3212 AppIDSvc - ok
12:30:55.0669 3212 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:30:55.0671 3212 Appinfo - ok
12:30:55.0716 3212 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:30:55.0717 3212 arc - ok
12:30:55.0739 3212 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:30:55.0741 3212 arcsas - ok
12:30:55.0874 3212 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:30:55.0875 3212 aspnet_state - ok
12:30:55.0916 3212 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:30:55.0917 3212 AsyncMac - ok
12:30:55.0960 3212 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:30:55.0960 3212 atapi - ok
12:30:56.0015 3212 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
12:30:56.0017 3212 AtiHDAudioService - ok
12:30:56.0074 3212 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:30:56.0081 3212 AudioEndpointBuilder - ok
12:30:56.0100 3212 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:30:56.0104 3212 AudioSrv - ok
12:30:56.0147 3212 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:30:56.0149 3212 AxInstSV - ok
12:30:56.0198 3212 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:30:56.0203 3212 b06bdrv - ok
12:30:56.0236 3212 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:30:56.0239 3212 b57nd60a - ok
12:30:56.0287 3212 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:30:56.0289 3212 BDESVC - ok
12:30:56.0313 3212 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:30:56.0314 3212 Beep - ok
12:30:56.0367 3212 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:30:56.0374 3212 BFE - ok
12:30:56.0433 3212 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:30:56.0443 3212 BITS - ok
12:30:56.0488 3212 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:30:56.0489 3212 blbdrive - ok
12:30:56.0530 3212 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:30:56.0531 3212 bowser - ok
12:30:56.0559 3212 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:30:56.0559 3212 BrFiltLo - ok
12:30:56.0572 3212 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:30:56.0572 3212 BrFiltUp - ok
12:30:56.0592 3212 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:30:56.0593 3212 BridgeMP - ok
12:30:56.0632 3212 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:30:56.0634 3212 Browser - ok
12:30:56.0661 3212 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:30:56.0665 3212 Brserid - ok
12:30:56.0679 3212 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:30:56.0681 3212 BrSerWdm - ok
12:30:56.0692 3212 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:30:56.0693 3212 BrUsbMdm - ok
12:30:56.0705 3212 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:30:56.0706 3212 BrUsbSer - ok
12:30:56.0740 3212 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:30:56.0742 3212 BTHMODEM - ok
12:30:56.0778 3212 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:30:56.0779 3212 bthserv - ok
12:30:56.0792 3212 Suspicious service (NoAccess): cac0b5e225218c43
12:30:56.0821 3212 cac0b5e225218c43 (7548c052774ad41a0ffd0ba5cb7ed208) C:\Windows\System32\Drivers\cac0b5e225218c43.sys
12:30:56.0821 3212 Suspicious file (NoAccess): C:\Windows\System32\Drivers\cac0b5e225218c43.sys. md5: 7548c052774ad41a0ffd0ba5cb7ed208
12:30:56.0843 3212 cac0b5e225218c43 ( LockedService.Multi.Generic ) - warning
12:30:56.0843 3212 cac0b5e225218c43 - detected LockedService.Multi.Generic (1)
12:30:56.0866 3212 catchme - ok
12:30:56.0907 3212 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:30:56.0908 3212 cdfs - ok
12:30:56.0940 3212 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:30:56.0942 3212 cdrom - ok
12:30:56.0977 3212 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:30:56.0978 3212 CertPropSvc - ok
12:30:57.0000 3212 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:30:57.0002 3212 circlass - ok
12:30:57.0038 3212 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:30:57.0042 3212 CLFS - ok
12:30:57.0129 3212 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:30:57.0130 3212 clr_optimization_v2.0.50727_32 - ok
12:30:57.0185 3212 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:30:57.0186 3212 clr_optimization_v2.0.50727_64 - ok
12:30:57.0301 3212 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:30:57.0304 3212 clr_optimization_v4.0.30319_32 - ok
12:30:57.0339 3212 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:30:57.0341 3212 clr_optimization_v4.0.30319_64 - ok
12:30:57.0377 3212 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:30:57.0377 3212 CmBatt - ok
12:30:57.0413 3212 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:30:57.0414 3212 cmdide - ok
12:30:57.0458 3212 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:30:57.0463 3212 CNG - ok
12:30:57.0486 3212 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:30:57.0487 3212 Compbatt - ok
12:30:57.0511 3212 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:30:57.0512 3212 CompositeBus - ok
12:30:57.0528 3212 COMSysApp - ok
12:30:57.0550 3212 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:30:57.0551 3212 crcdisk - ok
12:30:57.0602 3212 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:30:57.0604 3212 CryptSvc - ok
12:30:57.0660 3212 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:30:57.0666 3212 DcomLaunch - ok
12:30:57.0697 3212 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:30:57.0700 3212 defragsvc - ok
12:30:57.0722 3212 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:30:57.0723 3212 DfsC - ok
12:30:57.0773 3212 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:30:57.0777 3212 Dhcp - ok
12:30:57.0805 3212 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:30:57.0806 3212 discache - ok
12:30:57.0845 3212 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:30:57.0846 3212 Disk - ok
12:30:57.0905 3212 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:30:57.0908 3212 Dnscache - ok
12:30:57.0947 3212 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:30:57.0950 3212 dot3svc - ok
12:30:58.0012 3212 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:30:58.0014 3212 DPS - ok
12:30:58.0051 3212 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:30:58.0052 3212 drmkaud - ok
12:30:58.0109 3212 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:30:58.0118 3212 DXGKrnl - ok
12:30:58.0153 3212 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:30:58.0155 3212 EapHost - ok
12:30:58.0260 3212 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:30:58.0303 3212 ebdrv - ok
12:30:58.0393 3212 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:30:58.0394 3212 EFS - ok
12:30:58.0444 3212 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:30:58.0451 3212 ehRecvr - ok
12:30:58.0489 3212 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:30:58.0491 3212 ehSched - ok
12:30:58.0558 3212 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:30:58.0564 3212 elxstor - ok
12:30:58.0594 3212 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:30:58.0595 3212 ErrDev - ok
12:30:58.0672 3212 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:30:58.0677 3212 EventSystem - ok
12:30:58.0714 3212 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:30:58.0717 3212 exfat - ok
12:30:58.0750 3212 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:30:58.0753 3212 fastfat - ok
12:30:58.0803 3212 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:30:58.0810 3212 Fax - ok
12:30:58.0835 3212 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:30:58.0836 3212 fdc - ok
12:30:58.0862 3212 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:30:58.0863 3212 fdPHost - ok
12:30:58.0891 3212 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:30:58.0892 3212 FDResPub - ok
12:30:58.0927 3212 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:30:58.0928 3212 FileInfo - ok
12:30:58.0947 3212 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:30:58.0947 3212 Filetrace - ok
12:30:58.0962 3212 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:30:58.0963 3212 flpydisk - ok
12:30:58.0989 3212 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:30:58.0992 3212 FltMgr - ok
12:30:59.0081 3212 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:30:59.0106 3212 FontCache - ok
12:30:59.0166 3212 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:30:59.0167 3212 FontCache3.0.0.0 - ok
12:30:59.0209 3212 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:30:59.0210 3212 FsDepends - ok
12:30:59.0257 3212 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:30:59.0257 3212 Fs_Rec - ok
12:30:59.0286 3212 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:30:59.0288 3212 fvevol - ok
12:30:59.0308 3212 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:30:59.0309 3212 gagp30kx - ok
12:30:59.0380 3212 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:30:59.0388 3212 gpsvc - ok
12:30:59.0448 3212 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:30:59.0450 3212 gupdate - ok
12:30:59.0461 3212 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:30:59.0462 3212 gupdatem - ok
12:30:59.0487 3212 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:30:59.0488 3212 hcw85cir - ok
12:30:59.0535 3212 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:30:59.0539 3212 HdAudAddService - ok
12:30:59.0562 3212 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:30:59.0563 3212 HDAudBus - ok
12:30:59.0584 3212 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:30:59.0585 3212 HidBatt - ok
12:30:59.0599 3212 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:30:59.0601 3212 HidBth - ok
12:30:59.0617 3212 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:30:59.0618 3212 HidIr - ok
12:30:59.0651 3212 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:30:59.0652 3212 hidserv - ok
12:30:59.0680 3212 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:30:59.0680 3212 HidUsb - ok
12:30:59.0718 3212 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:30:59.0720 3212 hkmsvc - ok
12:30:59.0751 3212 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:30:59.0755 3212 HomeGroupListener - ok
12:30:59.0784 3212 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:30:59.0787 3212 HomeGroupProvider - ok
12:30:59.0832 3212 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:30:59.0833 3212 HpSAMD - ok
12:30:59.0882 3212 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:30:59.0890 3212 HTTP - ok
12:30:59.0932 3212 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:30:59.0933 3212 hwpolicy - ok
12:30:59.0955 3212 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:30:59.0956 3212 i8042prt - ok
12:31:00.0003 3212 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:31:00.0007 3212 iaStorV - ok
12:31:00.0116 3212 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:31:00.0126 3212 idsvc - ok
12:31:00.0168 3212 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:31:00.0169 3212 iirsp - ok
12:31:00.0234 3212 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:31:00.0243 3212 IKEEXT - ok
12:31:00.0391 3212 IntcAzAudAddService (eb5fa493a4b6ea290200ae39eba2fbc6) C:\Windows\system32\drivers\RTKVHD64.sys
12:31:00.0429 3212 IntcAzAudAddService - ok
12:31:00.0520 3212 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:31:00.0521 3212 intelide - ok
12:31:00.0552 3212 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
12:31:00.0553 3212 intelppm - ok
12:31:00.0605 3212 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:31:00.0607 3212 IPBusEnum - ok
12:31:00.0637 3212 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:31:00.0638 3212 IpFilterDriver - ok
12:31:00.0691 3212 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:31:00.0697 3212 iphlpsvc - ok
12:31:00.0715 3212 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:31:00.0716 3212 IPMIDRV - ok
12:31:00.0739 3212 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:31:00.0740 3212 IPNAT - ok
12:31:00.0757 3212 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:31:00.0757 3212 IRENUM - ok
12:31:00.0792 3212 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:31:00.0794 3212 isapnp - ok
12:31:00.0824 3212 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:31:00.0827 3212 iScsiPrt - ok
12:31:00.0852 3212 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:31:00.0854 3212 kbdclass - ok
12:31:00.0881 3212 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:31:00.0882 3212 kbdhid - ok
12:31:00.0916 3212 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:00.0917 3212 KeyIso - ok
12:31:00.0941 3212 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:31:00.0942 3212 KSecDD - ok
12:31:00.0965 3212 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:31:00.0967 3212 KSecPkg - ok
12:31:01.0002 3212 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:31:01.0004 3212 ksthunk - ok
12:31:01.0051 3212 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:31:01.0056 3212 KtmRm - ok
12:31:01.0127 3212 L6POD (1107dd2b04a2c73ccbb614c12c70b775) C:\Windows\system32\Drivers\L6POD64.sys
12:31:01.0135 3212 L6POD - ok
12:31:01.0182 3212 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:31:01.0186 3212 LanmanServer - ok
12:31:01.0228 3212 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:31:01.0231 3212 LanmanWorkstation - ok
12:31:01.0281 3212 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:31:01.0283 3212 lltdio - ok
12:31:01.0329 3212 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:31:01.0333 3212 lltdsvc - ok
12:31:01.0473 3212 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:31:01.0475 3212 lmhosts - ok
12:31:01.0525 3212 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:31:01.0527 3212 LSI_FC - ok
12:31:01.0552 3212 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:31:01.0554 3212 LSI_SAS - ok
12:31:01.0582 3212 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:31:01.0583 3212 LSI_SAS2 - ok
12:31:01.0610 3212 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:31:01.0612 3212 LSI_SCSI - ok
12:31:01.0654 3212 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:31:01.0655 3212 luafv - ok
12:31:01.0691 3212 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
12:31:01.0694 3212 mcdbus - ok
12:31:01.0739 3212 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:31:01.0741 3212 Mcx2Svc - ok
12:31:01.0767 3212 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:31:01.0768 3212 megasas - ok
12:31:01.0803 3212 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:31:01.0806 3212 MegaSR - ok
12:31:01.0913 3212 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:31:01.0915 3212 MMCSS - ok
12:31:01.0936 3212 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:31:01.0937 3212 Modem - ok
12:31:01.0967 3212 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:31:01.0968 3212 monitor - ok
12:31:01.0993 3212 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:31:01.0994 3212 mouclass - ok
12:31:02.0027 3212 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
12:31:02.0027 3212 mouhid - ok
12:31:02.0054 3212 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:31:02.0055 3212 mountmgr - ok
12:31:02.0135 3212 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:31:02.0137 3212 MozillaMaintenance - ok
12:31:02.0184 3212 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
12:31:02.0185 3212 MpFilter - ok
12:31:02.0221 3212 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:31:02.0223 3212 mpio - ok
12:31:02.0276 3212 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:31:02.0277 3212 mpsdrv - ok
12:31:02.0374 3212 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:31:02.0383 3212 MpsSvc - ok
12:31:02.0424 3212 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:31:02.0425 3212 MRxDAV - ok
12:31:02.0462 3212 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:31:02.0464 3212 mrxsmb - ok
12:31:02.0494 3212 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:31:02.0497 3212 mrxsmb10 - ok
12:31:02.0524 3212 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:31:02.0525 3212 mrxsmb20 - ok
12:31:02.0562 3212 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:31:02.0563 3212 msahci - ok
12:31:02.0596 3212 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:31:02.0598 3212 msdsm - ok
12:31:02.0636 3212 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:31:02.0638 3212 MSDTC - ok
12:31:02.0674 3212 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:31:02.0674 3212 Msfs - ok
12:31:02.0694 3212 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:31:02.0695 3212 mshidkmdf - ok
12:31:02.0730 3212 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:31:02.0731 3212 msisadrv - ok
12:31:02.0773 3212 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:31:02.0776 3212 MSiSCSI - ok
12:31:02.0791 3212 msiserver - ok
12:31:02.0816 3212 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:31:02.0817 3212 MSKSSRV - ok
12:31:02.0956 3212 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:31:02.0956 3212 MsMpSvc - ok
12:31:02.0991 3212 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:31:02.0992 3212 MSPCLOCK - ok
12:31:03.0006 3212 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:31:03.0006 3212 MSPQM - ok
12:31:03.0042 3212 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:31:03.0046 3212 MsRPC - ok
12:31:03.0068 3212 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:31:03.0069 3212 mssmbios - ok
12:31:03.0083 3212 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:31:03.0084 3212 MSTEE - ok
12:31:03.0097 3212 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:31:03.0098 3212 MTConfig - ok
12:31:03.0135 3212 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
12:31:03.0135 3212 MTsensor - ok
12:31:03.0166 3212 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:31:03.0167 3212 Mup - ok
12:31:03.0224 3212 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:31:03.0230 3212 napagent - ok
12:31:03.0272 3212 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:31:03.0275 3212 NativeWifiP - ok
12:31:03.0324 3212 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:31:03.0333 3212 NDIS - ok
12:31:03.0353 3212 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:31:03.0353 3212 NdisCap - ok
12:31:03.0372 3212 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:31:03.0372 3212 NdisTapi - ok
12:31:03.0391 3212 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:31:03.0392 3212 Ndisuio - ok
12:31:03.0419 3212 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:31:03.0422 3212 NdisWan - ok
12:31:03.0457 3212 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:31:03.0458 3212 NDProxy - ok
12:31:03.0479 3212 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:31:03.0479 3212 NetBIOS - ok
12:31:03.0517 3212 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:31:03.0520 3212 NetBT - ok
12:31:03.0554 3212 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:03.0555 3212 Netlogon - ok
12:31:03.0615 3212 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:31:03.0620 3212 Netman - ok
12:31:03.0767 3212 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:03.0769 3212 NetMsmqActivator - ok
12:31:03.0781 3212 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:03.0782 3212 NetPipeActivator - ok
12:31:03.0843 3212 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:31:03.0848 3212 netprofm - ok
12:31:03.0863 3212 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:03.0864 3212 NetTcpActivator - ok
12:31:03.0879 3212 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:03.0880 3212 NetTcpPortSharing - ok
12:31:03.0980 3212 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:31:03.0980 3212 nfrd960 - ok
12:31:04.0043 3212 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:31:04.0044 3212 NisDrv - ok
12:31:04.0132 3212 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
12:31:04.0135 3212 NisSrv - ok
12:31:04.0199 3212 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:31:04.0203 3212 NlaSvc - ok
12:31:04.0268 3212 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:31:04.0269 3212 Npfs - ok
12:31:04.0297 3212 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:31:04.0299 3212 nsi - ok
12:31:04.0322 3212 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:31:04.0323 3212 nsiproxy - ok
12:31:04.0424 3212 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:31:04.0450 3212 Ntfs - ok
12:31:04.0534 3212 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:31:04.0535 3212 Null - ok
12:31:04.0590 3212 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:31:04.0593 3212 nvraid - ok
12:31:04.0660 3212 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:31:04.0663 3212 nvstor - ok
12:31:04.0704 3212 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:31:04.0706 3212 nv_agp - ok
12:31:04.0722 3212 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:31:04.0723 3212 ohci1394 - ok
12:31:04.0791 3212 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:31:04.0794 3212 ose - ok
12:31:04.0989 3212 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:31:05.0051 3212 osppsvc - ok
12:31:05.0142 3212 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:31:05.0147 3212 p2pimsvc - ok
12:31:05.0185 3212 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:31:05.0190 3212 p2psvc - ok
12:31:05.0230 3212 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:31:05.0231 3212 Parport - ok
12:31:05.0258 3212 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:31:05.0259 3212 partmgr - ok
12:31:05.0292 3212 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:31:05.0295 3212 PcaSvc - ok
12:31:05.0380 3212 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:31:05.0388 3212 pci - ok
12:31:05.0413 3212 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:31:05.0414 3212 pciide - ok
12:31:05.0444 3212 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:31:05.0447 3212 pcmcia - ok
12:31:05.0476 3212 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:31:05.0477 3212 pcw - ok
12:31:05.0515 3212 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:31:05.0521 3212 PEAUTH - ok
12:31:05.0599 3212 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:31:05.0600 3212 PerfHost - ok
12:31:05.0694 3212 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:31:05.0714 3212 pla - ok
12:31:05.0773 3212 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:31:05.0778 3212 PlugPlay - ok
12:31:05.0805 3212 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:31:05.0807 3212 PNRPAutoReg - ok
12:31:05.0843 3212 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:31:05.0846 3212 PNRPsvc - ok
12:31:05.0898 3212 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:31:05.0904 3212 PolicyAgent - ok
12:31:05.0976 3212 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:31:05.0979 3212 Power - ok
12:31:06.0031 3212 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:31:06.0033 3212 PptpMiniport - ok
12:31:06.0055 3212 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:31:06.0056 3212 Processor - ok
12:31:06.0094 3212 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:31:06.0098 3212 ProfSvc - ok
12:31:06.0135 3212 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:06.0136 3212 ProtectedStorage - ok
12:31:06.0176 3212 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:31:06.0178 3212 Psched - ok
12:31:06.0250 3212 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:31:06.0278 3212 ql2300 - ok
12:31:06.0818 3212 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:31:06.0820 3212 ql40xx - ok
12:31:06.0869 3212 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:31:06.0873 3212 QWAVE - ok
12:31:06.0897 3212 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:31:06.0899 3212 QWAVEdrv - ok
12:31:06.0925 3212 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:31:06.0925 3212 RasAcd - ok
12:31:06.0959 3212 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:31:06.0960 3212 RasAgileVpn - ok
12:31:06.0994 3212 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:31:06.0997 3212 RasAuto - ok
12:31:07.0016 3212 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:31:07.0018 3212 Rasl2tp - ok
12:31:07.0068 3212 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:31:07.0073 3212 RasMan - ok
12:31:07.0114 3212 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:31:07.0115 3212 RasPppoe - ok
12:31:07.0180 3212 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:31:07.0181 3212 RasSstp - ok
12:31:07.0209 3212 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:31:07.0212 3212 rdbss - ok
12:31:07.0234 3212 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:31:07.0236 3212 rdpbus - ok
12:31:07.0268 3212 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:31:07.0269 3212 RDPCDD - ok
12:31:07.0305 3212 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:31:07.0306 3212 RDPENCDD - ok
12:31:07.0335 3212 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:31:07.0336 3212 RDPREFMP - ok
12:31:07.0387 3212 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:31:07.0390 3212 RDPWD - ok
12:31:07.0447 3212 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:31:07.0449 3212 rdyboost - ok
12:31:07.0488 3212 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:31:07.0490 3212 RemoteAccess - ok
12:31:07.0540 3212 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:31:07.0543 3212 RemoteRegistry - ok
12:31:07.0579 3212 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:31:07.0580 3212 RimUsb - ok
12:31:07.0609 3212 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
12:31:07.0610 3212 RimVSerPort - ok
12:31:07.0667 3212 RivaTuner64 (9b29bbd1427f71a854c2b400f3bbcf55) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
12:31:07.0667 3212 RivaTuner64 - ok
12:31:07.0701 3212 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
12:31:07.0702 3212 ROOTMODEM - ok
12:31:07.0753 3212 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:31:07.0755 3212 RpcEptMapper - ok
12:31:07.0774 3212 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:31:07.0776 3212 RpcLocator - ok
12:31:07.0816 3212 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:31:07.0820 3212 RpcSs - ok
12:31:07.0953 3212 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:31:07.0955 3212 rspndr - ok
12:31:08.0008 3212 RTL8167 (7f4f11527af5a7e4526cb6a146b3e40c) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:31:08.0015 3212 RTL8167 - ok
12:31:08.0049 3212 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:08.0050 3212 SamSs - ok
12:31:08.0081 3212 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:31:08.0082 3212 sbp2port - ok
12:31:08.0148 3212 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:31:08.0151 3212 SCardSvr - ok
12:31:08.0176 3212 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:31:08.0177 3212 scfilter - ok
12:31:08.0239 3212 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:31:08.0256 3212 Schedule - ok
12:31:08.0289 3212 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:31:08.0290 3212 SCPolicySvc - ok
12:31:08.0318 3212 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:31:08.0322 3212 SDRSVC - ok
12:31:08.0368 3212 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:31:08.0369 3212 secdrv - ok
12:31:08.0394 3212 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:31:08.0396 3212 seclogon - ok
12:31:08.0429 3212 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:31:08.0430 3212 SENS - ok
12:31:08.0471 3212 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:31:08.0473 3212 SensrSvc - ok
12:31:08.0504 3212 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:31:08.0505 3212 Serenum - ok
12:31:08.0530 3212 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:31:08.0531 3212 Serial - ok
12:31:08.0555 3212 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:31:08.0555 3212 sermouse - ok
12:31:08.0603 3212 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:31:08.0606 3212 SessionEnv - ok
12:31:08.0626 3212 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:31:08.0627 3212 sffdisk - ok
12:31:08.0637 3212 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:31:08.0638 3212 sffp_mmc - ok
12:31:08.0649 3212 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:31:08.0649 3212 sffp_sd - ok
12:31:08.0660 3212 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:31:08.0661 3212 sfloppy - ok
12:31:08.0714 3212 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:31:08.0719 3212 SharedAccess - ok
12:31:08.0764 3212 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:31:08.0769 3212 ShellHWDetection - ok
12:31:08.0795 3212 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:31:08.0796 3212 SiSRaid2 - ok
12:31:08.0862 3212 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:31:08.0863 3212 SiSRaid4 - ok
12:31:08.0900 3212 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:31:08.0902 3212 Smb - ok
12:31:08.0957 3212 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:31:08.0959 3212 SNMPTRAP - ok
12:31:08.0991 3212 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:31:08.0991 3212 spldr - ok
12:31:09.0033 3212 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:31:09.0040 3212 Spooler - ok
12:31:09.0159 3212 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:31:09.0209 3212 sppsvc - ok
12:31:09.0615 3212 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:31:09.0618 3212 sppuinotify - ok
12:31:09.0737 3212 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:31:09.0741 3212 srv - ok
12:31:09.0775 3212 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:31:09.0778 3212 srv2 - ok
12:31:09.0806 3212 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:31:09.0807 3212 srvnet - ok
12:31:09.0866 3212 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:31:09.0870 3212 SSDPSRV - ok
12:31:09.0933 3212 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:31:09.0935 3212 SstpSvc - ok
12:31:09.0967 3212 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:31:09.0968 3212 stexstor - ok
12:31:10.0019 3212 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:31:10.0026 3212 stisvc - ok
12:31:10.0046 3212 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:31:10.0047 3212 swenum - ok
12:31:10.0088 3212 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:31:10.0094 3212 swprv - ok
12:31:10.0166 3212 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:31:10.0189 3212 SysMain - ok
12:31:10.0598 3212 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:31:10.0601 3212 TabletInputService - ok
12:31:10.0713 3212 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:31:10.0717 3212 TapiSrv - ok
12:31:10.0753 3212 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:31:10.0755 3212 TBS - ok
12:31:10.0858 3212 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:31:10.0882 3212 Tcpip - ok
12:31:11.0329 3212 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:31:11.0339 3212 TCPIP6 - ok
12:31:11.0838 3212 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:31:11.0839 3212 tcpipreg - ok
12:31:11.0872 3212 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:31:11.0873 3212 TDPIPE - ok
12:31:11.0905 3212 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:31:11.0907 3212 TDTCP - ok
12:31:11.0934 3212 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:31:11.0936 3212 tdx - ok
12:31:11.0966 3212 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:31:11.0968 3212 TermDD - ok
12:31:12.0020 3212 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:31:12.0029 3212 TermService - ok
12:31:12.0070 3212 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:31:12.0072 3212 Themes - ok
12:31:12.0111 3212 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:31:12.0113 3212 THREADORDER - ok
12:31:12.0149 3212 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:31:12.0152 3212 TrkWks - ok
12:31:12.0210 3212 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:31:12.0212 3212 TrustedInstaller - ok
12:31:12.0243 3212 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:31:12.0244 3212 tssecsrv - ok
12:31:12.0293 3212 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:31:12.0294 3212 TsUsbFlt - ok
12:31:12.0318 3212 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:31:12.0319 3212 TsUsbGD - ok
12:31:12.0388 3212 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:31:12.0389 3212 tunnel - ok
12:31:12.0406 3212 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:31:12.0407 3212 uagp35 - ok
12:31:12.0437 3212 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:31:12.0440 3212 udfs - ok
12:31:12.0488 3212 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:31:12.0490 3212 UI0Detect - ok
12:31:12.0518 3212 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:31:12.0519 3212 uliagpkx - ok
12:31:12.0555 3212 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:31:12.0555 3212 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umbus.sys. md5: dc54a574663a895c8763af0fa1ff7561
12:31:12.0568 3212 umbus ( LockedFile.Multi.Generic ) - warning
12:31:12.0569 3212 umbus - detected LockedFile.Multi.Generic (1)
12:31:12.0582 3212 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:31:12.0583 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\umpass.sys. md5: b2e8e8cb557b156da5493bbddcc1474d
12:31:12.0587 3212 UmPass ( LockedFile.Multi.Generic ) - warning
12:31:12.0587 3212 UmPass - detected LockedFile.Multi.Generic (1)
12:31:12.0631 3212 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:31:12.0636 3212 upnphost - ok
12:31:12.0671 3212 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:31:12.0671 3212 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6f1a3157a1c89435352ceb543cdb359c
12:31:12.0676 3212 usbccgp ( LockedFile.Multi.Generic ) - warning
12:31:12.0676 3212 usbccgp - detected LockedFile.Multi.Generic (1)
12:31:12.0694 3212 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:31:12.0694 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: af0892a803fdda7492f595368e3b68e7
12:31:12.0701 3212 usbcir ( LockedFile.Multi.Generic ) - warning
12:31:12.0702 3212 usbcir - detected LockedFile.Multi.Generic (1)
12:31:12.0734 3212 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:31:12.0734 3212 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbehci.sys. md5: c025055fe7b87701eb042095df1a2d7b
12:31:12.0739 3212 usbehci ( LockedFile.Multi.Generic ) - warning
12:31:12.0739 3212 usbehci - detected LockedFile.Multi.Generic (1)
12:31:12.0767 3212 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:31:12.0767 3212 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287c6c9410b111b68b52ca298f7b8c24
12:31:12.0775 3212 usbhub ( LockedFile.Multi.Generic ) - warning
12:31:12.0775 3212 usbhub - detected LockedFile.Multi.Generic (1)
12:31:12.0796 3212 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
12:31:12.0796 3212 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbohci.sys. md5: 9840fc418b4cbd632d3d0a667a725c31
12:31:12.0800 3212 usbohci ( LockedFile.Multi.Generic ) - warning
12:31:12.0801 3212 usbohci - detected LockedFile.Multi.Generic (1)
12:31:12.0834 3212 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
12:31:12.0834 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbprint.sys. md5: 73188f58fb384e75c4063d29413cee3d
12:31:12.0839 3212 usbprint ( LockedFile.Multi.Generic ) - warning
12:31:12.0839 3212 usbprint - detected LockedFile.Multi.Generic (1)
12:31:12.0864 3212 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:31:12.0865 3212 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: fed648b01349a3c8395a5169db5fb7d6
12:31:12.0869 3212 USBSTOR ( LockedFile.Multi.Generic ) - warning
12:31:12.0869 3212 USBSTOR - detected LockedFile.Multi.Generic (1)
12:31:12.0893 3212 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:31:12.0893 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069a34518bcf9c1fd9e74b3f6db7cd
12:31:12.0898 3212 usbuhci ( LockedFile.Multi.Generic ) - warning
12:31:12.0898 3212 usbuhci - detected LockedFile.Multi.Generic (1)
12:31:12.0936 3212 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:31:12.0939 3212 UxSms - ok
12:31:12.0970 3212 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:12.0971 3212 VaultSvc - ok
12:31:13.0006 3212 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:31:13.0007 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: c5c876ccfc083ff3b128f933823e87bd
12:31:13.0011 3212 vdrvroot ( LockedFile.Multi.Generic ) - warning
12:31:13.0011 3212 vdrvroot - detected LockedFile.Multi.Generic (1)
12:31:13.0044 3212 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:31:13.0051 3212 vds - ok
12:31:13.0070 3212 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:31:13.0071 3212 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: da4da3f5e02943c2dc8c6ed875de68dd
12:31:13.0079 3212 vga ( LockedFile.Multi.Generic ) - warning
12:31:13.0079 3212 vga - detected LockedFile.Multi.Generic (1)
12:31:13.0108 3212 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:31:13.0108 3212 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53e92a310193cb3c03bea963de7d9cfc
12:31:13.0117 3212 VgaSave ( LockedFile.Multi.Generic ) - warning
12:31:13.0117 3212 VgaSave - detected LockedFile.Multi.Generic (1)
12:31:13.0166 3212 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:31:13.0167 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2ce2df28c83aeaf30084e1b1eb253cbb
12:31:13.0173 3212 vhdmp ( LockedFile.Multi.Generic ) - warning
12:31:13.0173 3212 vhdmp - detected LockedFile.Multi.Generic (1)
12:31:13.0206 3212 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:31:13.0206 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: e5689d93ffe4e5d66c0178761240dd54
12:31:13.0211 3212 viaide ( LockedFile.Multi.Generic ) - warning
12:31:13.0211 3212 viaide - detected LockedFile.Multi.Generic (1)
12:31:13.0251 3212 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:31:13.0252 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: d2aafd421940f640b407aefaaebd91b0
12:31:13.0256 3212 volmgr ( LockedFile.Multi.Generic ) - warning
12:31:13.0256 3212 volmgr - detected LockedFile.Multi.Generic (1)
12:31:13.0288 3212 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:31:13.0288 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: a255814907c89be58b79ef2f189b843b
12:31:13.0293 3212 volmgrx ( LockedFile.Multi.Generic ) - warning
12:31:13.0293 3212 volmgrx - detected LockedFile.Multi.Generic (1)
12:31:13.0316 3212 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:31:13.0317 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0d08d2f3b3ff84e433346669b5e0f639
12:31:13.0321 3212 volsnap ( LockedFile.Multi.Generic ) - warning
12:31:13.0321 3212 volsnap - detected LockedFile.Multi.Generic (1)
12:31:13.0353 3212 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:31:13.0353 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\vsmraid.sys. md5: 5e2016ea6ebaca03c04feac5f330d997
12:31:13.0360 3212 vsmraid ( LockedFile.Multi.Generic ) - warning
12:31:13.0360 3212 vsmraid - detected LockedFile.Multi.Generic (1)
12:31:13.0444 3212 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:31:13.0469 3212 VSS - ok
12:31:13.0889 3212 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:31:13.0890 3212 vwifibus - ok
12:31:13.0969 3212 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:31:13.0975 3212 W32Time - ok
12:31:14.0011 3212 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:31:14.0012 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\wacompen.sys. md5: 4e9440f4f152a7b944cb1663d3935a3e
12:31:14.0025 3212 WacomPen ( LockedFile.Multi.Generic ) - warning
12:31:14.0025 3212 WacomPen - detected LockedFile.Multi.Generic (1)
12:31:14.0060 3212 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:31:14.0061 3212 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356afd78a6ed4457169241ac3965230c
12:31:14.0068 3212 WANARP ( LockedFile.Multi.Generic ) - warning
12:31:14.0068 3212 WANARP - detected LockedFile.Multi.Generic (1)
12:31:14.0080 3212 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:31:14.0080 3212 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356afd78a6ed4457169241ac3965230c
12:31:14.0087 3212 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
12:31:14.0087 3212 Wanarpv6 - detected LockedFile.Multi.Generic (1)
12:31:14.0260 3212 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:31:14.0283 3212 WatAdminSvc - ok
12:31:14.0357 3212 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:31:14.0385 3212 wbengine - ok
12:31:14.0804 3212 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:31:14.0808 3212 WbioSrvc - ok
12:31:14.0928 3212 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:31:14.0934 3212 wcncsvc - ok
12:31:14.0962 3212 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:31:14.0964 3212 WcsPlugInService - ok
12:31:15.0013 3212 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:31:15.0013 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\wd.sys. md5: 72889e16ff12ba0f235467d6091b17dc
12:31:15.0030 3212 Wd ( LockedFile.Multi.Generic ) - warning
12:31:15.0030 3212 Wd - detected LockedFile.Multi.Generic (1)
12:31:15.0076 3212 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:31:15.0076 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441bd2d7b4f98134c3a4f9fa570fd250
12:31:15.0081 3212 Wdf01000 ( LockedFile.Multi.Generic ) - warning
12:31:15.0081 3212 Wdf01000 - detected LockedFile.Multi.Generic (1)
12:31:15.0105 3212 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:31:15.0108 3212 WdiServiceHost - ok
12:31:15.0126 3212 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:31:15.0128 3212 WdiSystemHost - ok
12:31:15.0170 3212 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:31:15.0174 3212 WebClient - ok
12:31:15.0208 3212 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:31:15.0212 3212 Wecsvc - ok
12:31:15.0245 3212 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:31:15.0248 3212 wercplsupport - ok
12:31:15.0278 3212 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:31:15.0280 3212 WerSvc - ok
12:31:15.0344 3212 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:31:15.0345 3212 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611b23304bf067451a9fdee01fbdd725
12:31:15.0360 3212 WfpLwf ( LockedFile.Multi.Generic ) - warning
12:31:15.0360 3212 WfpLwf - detected LockedFile.Multi.Generic (1)
12:31:15.0384 3212 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:31:15.0384 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ecaec3e4529a7153b3136ceb49f0ec
12:31:15.0390 3212 WIMMount ( LockedFile.Multi.Generic ) - warning
12:31:15.0390 3212 WIMMount - detected LockedFile.Multi.Generic (1)
12:31:15.0443 3212 WinDefend - ok
12:31:15.0490 3212 WinHttpAutoProxySvc - ok
12:31:15.0553 3212 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:31:15.0557 3212 Winmgmt - ok
12:31:15.0645 3212 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
12:31:15.0647 3212 WinRing0_1_2_0 - ok
12:31:15.0756 3212 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:31:15.0789 3212 WinRM - ok
12:31:16.0341 3212 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:31:16.0341 3212 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: fe88b288356e7b47b74b13372add906d
12:31:16.0377 3212 WinUsb ( LockedFile.Multi.Generic ) - warning
12:31:16.0377 3212 WinUsb - detected LockedFile.Multi.Generic (1)
12:31:16.0438 3212 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:31:16.0448 3212 Wlansvc - ok
12:31:16.0483 3212 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:31:16.0483 3212 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wmiacpi.sys. md5: f6ff8944478594d0e414d3f048f0d778
12:31:16.0488 3212 WmiAcpi ( LockedFile.Multi.Generic ) - warning
12:31:16.0488 3212 WmiAcpi - detected LockedFile.Multi.Generic (1)
12:31:16.0546 3212 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:31:16.0549 3212 wmiApSrv - ok
12:31:16.0601 3212 WMPNetworkSvc - ok
12:31:16.0687 3212 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:31:16.0690 3212 WPCSvc - ok
12:31:16.0721 3212 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:31:16.0724 3212 WPDBusEnum - ok
12:31:16.0754 3212 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:31:16.0754 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6bcc1d7d2fd2453957c5479a32364e52
12:31:16.0783 3212 ws2ifsl ( LockedFile.Multi.Generic ) - warning
12:31:16.0783 3212 ws2ifsl - detected LockedFile.Multi.Generic (1)
12:31:16.0826 3212 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:31:16.0829 3212 wscsvc - ok
12:31:16.0845 3212 WSearch - ok
12:31:16.0965 3212 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:31:16.0998 3212 wuauserv - ok
12:31:17.0436 3212 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:31:17.0436 3212 Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: d3381dc54c34d79b22cee0d65ba91b7c
12:31:17.0446 3212 WudfPf ( LockedFile.Multi.Generic ) - warning
12:31:17.0446 3212 WudfPf - detected LockedFile.Multi.Generic (1)
12:31:17.0479 3212 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:31:17.0479 3212 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: cf8d590be3373029d57af80914190682
12:31:17.0483 3212 WUDFRd ( LockedFile.Multi.Generic ) - warning
12:31:17.0483 3212 WUDFRd - detected LockedFile.Multi.Generic (1)
12:31:17.0545 3212 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:31:17.0548 3212 wudfsvc - ok
12:31:17.0615 3212 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:31:17.0619 3212 WwanSvc - ok
12:31:17.0699 3212 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:31:18.0047 3212 \Device\Harddisk0\DR0 - ok
12:31:18.0049 3212 MBR (0x1B8) (792f61657fece3d17a9122b4ee282847) \Device\Harddisk1\DR1
12:31:18.0260 3212 \Device\Harddisk1\DR1 - ok
12:31:18.0263 3212 Boot (0x1200) (0287a1b1a42d6e0bc58ed2dca1e31055) \Device\Harddisk0\DR0\Partition0
12:31:18.0264 3212 \Device\Harddisk0\DR0\Partition0 - ok
12:31:18.0288 3212 Boot (0x1200) (6cad748c809656a031fbe49a4fd31ff9) \Device\Harddisk0\DR0\Partition1
12:31:18.0289 3212 \Device\Harddisk0\DR0\Partition1 - ok
12:31:18.0291 3212 Boot (0x1200) (f6a8479695f77741506b1e20158362a5) \Device\Harddisk1\DR1\Partition0
12:31:18.0292 3212 \Device\Harddisk1\DR1\Partition0 - ok
12:31:18.0293 3212 ============================================================
12:31:18.0293 3212 Scan finished
12:31:18.0293 3212 ============================================================
12:31:18.0301 4964 Detected object count: 32
12:31:18.0301 4964 Actual detected object count: 32
12:31:39.0533 4964 cac0b5e225218c43 ( LockedService.Multi.Generic ) - skipped by user
12:31:39.0533 4964 cac0b5e225218c43 ( LockedService.Multi.Generic ) - User select action: Skip
12:31:39.0534 4964 umbus ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0534 4964 umbus ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0535 4964 UmPass ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0535 4964 UmPass ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0536 4964 usbccgp ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0536 4964 usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0537 4964 usbcir ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0537 4964 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0538 4964 usbehci ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0538 4964 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0540 4964 usbhub ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0540 4964 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0541 4964 usbohci ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0541 4964 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0542 4964 usbprint ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0542 4964 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0543 4964 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0543 4964 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0544 4964 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0544 4964 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0545 4964 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0545 4964 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0546 4964 vga ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0546 4964 vga ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0547 4964 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0547 4964 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0549 4964 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0549 4964 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0550 4964 viaide ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0550 4964 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0551 4964 volmgr ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0551 4964 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0552 4964 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0552 4964 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0553 4964 volsnap ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0553 4964 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0554 4964 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0554 4964 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0555 4964 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0555 4964 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0557 4964 WANARP ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0557 4964 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0558 4964 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0558 4964 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0559 4964 Wd ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0559 4964 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0560 4964 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0560 4964 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0561 4964 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0561 4964 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0562 4964 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0562 4964 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0563 4964 WinUsb ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0563 4964 WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0564 4964 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0564 4964 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0565 4964 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0565 4964 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0566 4964 WudfPf ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0566 4964 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
12:31:39.0568 4964 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
12:31:39.0568 4964 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip

MalwareBytes detected no infection, interestinly if I run the Chamaleon version, it says Unable to install driver, unable to install protection driver which may be caused by malware (???)
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Usuario :: LOGAN [administrator]

13/06/2012 12:51:17 p.m.
mbam-log-2012-06-13 (12-51-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202912
Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

After 3 hours ESET found 32 threats, but like I said they're all cracks for different games and such, it's like ESET doesn't want me doing "illegal stuff" or something
C:\Program Files (x86)\Black_Box\Max Payne 3\gsrld.dll a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined
C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined
C:\Program Files (x86)\Left 4 Dead 2\RUN_L4D2.exe Win32/GameHack.B application cleaned by deleting - quarantined
C:\Users\Usuario\Downloads\attsetup-[Guru3D.com].exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Usuario\Downloads\cdbxp_setup_4.4.0.3018.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Usuario\Downloads\lf-31001.rar.part multiple threats deleted - quarantined
C:\Users\Usuario\Downloads\Newgameplay tool 6.2.3 by Jenkey1002.rar a variant of Win32/Packed.BoxedApp.A application deleted - quarantined
C:\Users\Usuario\Downloads\Newgameplay tool 6.4.1 full (Multi-language) by Jenkey1002.rar a variant of Win32/Packed.BoxedApp.A application deleted - quarantined
C:\Users\Usuario\Downloads\PES2012 v1.06 - blurry disable by Jenkey1002.rar a variant of Win32/Packed.EnigmaVBox.A application deleted - quarantined
C:\Users\Usuario\Downloads\Pro.Evolution.Soccer.2012.Patch.v1.03-RELOADED.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
C:\Users\Usuario\Downloads\rld-pes12106.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
C:\Users\Usuario\Downloads\STRASNICTRIMODVSTIV12SO-DEL.part01.rar probably a variant of Win32/Agent.MONJVIM trojan deleted - quarantined
D:\24.06.2009 folder\2da particion\Descargas\HSS-1.17-install-anchorfree-76-conduit.zip a variant of Win32/HotSpotShield application deleted - quarantined
D:\Escritorio\Descargas\Eset.Special.Key.Finder.1.rar Win32/RiskWare.HackAV.DC application deleted - quarantined
D:\Escritorio\Descargas\Guitar Pr? v6.0.1 Retail crack + installation.rar a variant of Win32/HackTool.Patcher.T application deleted - quarantined
D:\Escritorio\Descargas\Peavey.Revalver.Mark.III.V.Fully.Working-Hexxer535.rar a variant of Win32/HackTool.Patcher.T application deleted - quarantined
D:\Escritorio\Descargas\Peavey_Electronics_ReValver_MK_III_Universal_Patch_by_TheXROOster.zip a variant of Win32/HackTool.Patcher.A application deleted - quarantined
D:\Escritorio\Descargas\prmiv110115v2co-hex_avaxhome.ru.rar a variant of Win32/HackTool.Patcher.T application deleted - quarantined
D:\Escritorio\JDownloader\disable_activation.cmd BAT/HostsChanger.A application cleaned by deleting - quarantined
D:\Escritorio\JDownloader\keygen.rar BAT/HostsChanger.A application deleted - quarantined
D:\Escritorio\JDownloader\Revalver.mkIIIVcrk_REPACK.V2.exe a variant of Win32/HackTool.Patcher.T application cleaned by deleting - quarantined
D:\Escritorio\folder\Peavey Electronics-ReValver Mk III -patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
D:\Escritorio\folder\Setups\Alcohol 120 v1.9.5.3015 + Patch.rar a variant of Win32/HackTool.Patcher.A application deleted - quarantined
D:\Escritorio\folder\Setups\BS.Player.Pro.v2.32.975.Multilingual.Incl.Keymaker-CORE.rar a variant of Win32/Keygen.AG application deleted - quarantined
D:\Escritorio\folder\Setups\BSPlayer 2.51 + KeyGen.rar a variant of Win32/Keygen.AG application deleted - quarantined
D:\Escritorio\folder\Setups\ConvertXtoDVD 3.1.2.34 + Keygen.rar a variant of Win32/Keygen.AS application deleted - quarantined
D:\Escritorio\folder\Setups\CrackDown_by_neocrimsom.rar Win32/Delf.QPY trojan deleted - quarantined
D:\Escritorio\folder\Setups\HideIP[1].Platinum.rar probably a variant of Win32/Agent.FHNLIHS trojan deleted - quarantined
D:\Escritorio\folder\Setups\Nodlogin.v9.4.32bit.FiNAL.zip Win32/RiskWare.HackAV.BL application deleted - quarantined
D:\Escritorio\folder\Setups\WinAVI_Video_Converter_8.rar probably a variant of Win32/Agent.TRAZJK trojan deleted - quarantined
D:\Escritorio\folder\Setups\Nero Burning Rom 6.3.1.25 -Español-Full\Keygen\Keygen.exe a variant of Win32/Keygen.CY application cleaned by deleting - quarantined


I restored rld.dll from the Max Payne 3 and Pro Evolution folders, they're false positives and I need them for the games to work. Also "Run_L4D.exe"

Edited by Logan91, 13 June 2012 - 02:25 PM.


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 13 June 2012 - 09:51 PM

The reason they are free is the cracks contain malware o load more malware and info stealers.

Go the original issues still exist?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users