Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan sirefef


  • Please log in to reply
33 replies to this topic

#1 Daniel Matos

Daniel Matos

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 14 June 2012 - 03:48 AM

Good morning,
Recently i got infected with some virus wich are: Sirefef.AM, Sirefef.AK, Sirefef.AG and Sirefef.
I use Windows 7 64 bit, everytime i boot the PC, Microsoft Security Essentials detects the virus, but once it removes them, i restart the PC. Then i boot the PC again, Microsoft Security Essentials tells me that the virus still there.
Also, my firewall is disabled, and i can't turn it on.

If you guys could help me with that, it would be awesome,
Thank you. :thumbup2:

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:41 AM

Posted 14 June 2012 - 07:37 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Post the log

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Daniel Matos

Daniel Matos
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 14 June 2012 - 07:59 AM

Thank you for your reply, i'll start it right now! :thumbup2:

#4 Daniel Matos

Daniel Matos
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 14 June 2012 - 08:28 AM

Could i use Microsoft Security Essentials to do the Full Scan? I've started it 4 hours ago, and it's almost in the end.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:41 AM

Posted 14 June 2012 - 08:53 AM

If you ask for assistance and someone from our staff provides specific instructions...you should follow those instructions. There is a reason we ask you to run specific tools, post logs and do things in a certain way or sequence. Not doing so can extend the time it takes to clean your computer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Daniel Matos

Daniel Matos
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 14 June 2012 - 09:07 AM

Okay, thank you. :)

#7 Daniel Matos

Daniel Matos
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 14 June 2012 - 03:04 PM

Okay, finally finished it, and here's the LOG.
A new virus appeared too, sirefef.AB.
Thank You. :)


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.14.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: DANIEL-PC [administrator]

Protection: Enabled

14-06-2012 13:54:13
mbam-log-2012-06-14 (13-54-13).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 394679
Time elapsed: 3 hour(s), 19 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Bad: (C:\Users\Daniel\AppData\Local\{9ea55875-f590-efc1-68d9-7c947fcd736a}\n.) Good: (%SystemRoot%\system32\shell32.dll) -> Quarantined and repaired successfully.
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{9ea55875-f590-efc1-68d9-7c947fcd736a}\n.) Good: (%systemroot%\system32\wbem\wbemess.dll) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Daniel\AppData\Local\{9ea55875-f590-efc1-68d9-7c947fcd736a}\n (Trojan.Agent.MRGGen) -> Delete on reboot.
C:\Users\Daniel\AppData\Roaming\KKL\extlib.dll (Riskware.CK) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Roaming\KKL\kkl.kkl (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Users\Daniel\Desktop\Stuff\Call of Duty 4 - Modern Warfare\#readme#\rzr-cod4-keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\Windows\Installer\{9ea55875-f590-efc1-68d9-7c947fcd736a}\n (Trojan.Agent.MRGGen) -> Delete on reboot.

(end)


-------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------


17:15:50.0303 3232 TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46
17:15:50.0537 3232 ============================================================
17:15:50.0537 3232 Current date / time: 2012/06/14 17:15:50.0537
17:15:50.0537 3232 SystemInfo:
17:15:50.0537 3232
17:15:50.0537 3232 OS Version: 6.1.7601 ServicePack: 1.0
17:15:50.0537 3232 Product type: Workstation
17:15:50.0537 3232 ComputerName: DANIEL-PC
17:15:50.0537 3232 UserName: Daniel
17:15:50.0537 3232 Windows directory: C:\Windows
17:15:50.0537 3232 System windows directory: C:\Windows
17:15:50.0537 3232 Processor architecture: Intel x86
17:15:50.0537 3232 Number of processors: 2
17:15:50.0537 3232 Page size: 0x1000
17:15:50.0537 3232 Boot type: Normal boot
17:15:50.0537 3232 ============================================================
17:15:52.0285 3232 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:15:52.0363 3232 ============================================================
17:15:52.0363 3232 \Device\Harddisk0\DR0:
17:15:52.0394 3232 MBR partitions:
17:15:52.0394 3232 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:15:52.0394 3232 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
17:15:52.0394 3232 ============================================================
17:15:52.0675 3232 C: <-> \Device\Harddisk0\DR0\Partition1
17:15:52.0690 3232 F: <-> \Device\Harddisk0\DR0\Partition0
17:15:52.0690 3232 ============================================================
17:15:52.0690 3232 Initialize success
17:15:52.0690 3232 ============================================================
17:16:01.0894 2328 ============================================================
17:16:01.0894 2328 Scan started
17:16:01.0894 2328 Mode: Manual; TDLFS;
17:16:01.0894 2328 ============================================================
17:16:03.0173 2328 1394hub - ok
17:16:03.0236 2328 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:16:03.0236 2328 1394ohci - ok
17:16:03.0283 2328 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:16:03.0298 2328 ACPI - ok
17:16:03.0329 2328 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:16:03.0329 2328 AcpiPmi - ok
17:16:03.0423 2328 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:16:03.0423 2328 AdobeARMservice - ok
17:16:03.0517 2328 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:16:03.0532 2328 AdobeFlashPlayerUpdateSvc - ok
17:16:03.0579 2328 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:16:03.0595 2328 adp94xx - ok
17:16:03.0610 2328 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:16:03.0610 2328 adpahci - ok
17:16:03.0626 2328 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:16:03.0626 2328 adpu320 - ok
17:16:03.0782 2328 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
17:16:03.0782 2328 AdvancedSystemCareService5 - ok
17:16:03.0829 2328 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
17:16:03.0829 2328 AeLookupSvc - ok
17:16:03.0891 2328 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:16:03.0907 2328 AFD - ok
17:16:03.0938 2328 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:16:03.0938 2328 agp440 - ok
17:16:03.0969 2328 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:16:03.0969 2328 aic78xx - ok
17:16:03.0985 2328 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
17:16:04.0000 2328 ALG - ok
17:16:04.0031 2328 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:16:04.0031 2328 aliide - ok
17:16:04.0063 2328 AMD External Events Utility (9c1d17a5f05023c1e3f03a1c28d69311) C:\Windows\system32\atiesrxx.exe
17:16:04.0078 2328 AMD External Events Utility - ok
17:16:04.0109 2328 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:16:04.0109 2328 amdagp - ok
17:16:04.0141 2328 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:16:04.0141 2328 amdide - ok
17:16:04.0187 2328 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:16:04.0187 2328 AmdK8 - ok
17:16:04.0593 2328 amdkmdag (0a0a72a044e3a5562bf623d5f4719170) C:\Windows\system32\DRIVERS\atikmdag.sys
17:16:04.0780 2328 amdkmdag - ok
17:16:04.0936 2328 amdkmdap (f7e66b3950ef62d119dd9cc59e6c7ab6) C:\Windows\system32\DRIVERS\atikmpag.sys
17:16:04.0936 2328 amdkmdap - ok
17:16:04.0967 2328 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:16:04.0967 2328 AmdPPM - ok
17:16:04.0999 2328 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:16:04.0999 2328 amdsata - ok
17:16:05.0030 2328 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:16:05.0030 2328 amdsbs - ok
17:16:05.0045 2328 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:16:05.0045 2328 amdxata - ok
17:16:05.0092 2328 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
17:16:05.0092 2328 androidusb - ok
17:16:05.0123 2328 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:16:05.0123 2328 AppID - ok
17:16:05.0155 2328 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
17:16:05.0155 2328 AppIDSvc - ok
17:16:05.0186 2328 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
17:16:05.0186 2328 Appinfo - ok
17:16:05.0233 2328 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
17:16:05.0233 2328 AppMgmt - ok
17:16:05.0279 2328 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:16:05.0279 2328 arc - ok
17:16:05.0279 2328 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:16:05.0279 2328 arcsas - ok
17:16:05.0404 2328 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:16:05.0404 2328 aspnet_state - ok
17:16:05.0420 2328 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:16:05.0420 2328 AsyncMac - ok
17:16:05.0451 2328 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:16:05.0451 2328 atapi - ok
17:16:05.0529 2328 athr (ac4adac154563ab41cc79b0257bc685a) C:\Windows\system32\DRIVERS\athr.sys
17:16:05.0545 2328 athr - ok
17:16:05.0716 2328 AtiHDAudioService (84faf3d287d56d210f84db7c1349d43b) C:\Windows\system32\drivers\AtihdW73.sys
17:16:05.0716 2328 AtiHDAudioService - ok
17:16:06.0106 2328 atikmdag (0a0a72a044e3a5562bf623d5f4719170) C:\Windows\system32\DRIVERS\atikmdag.sys
17:16:06.0169 2328 atikmdag - ok
17:16:06.0309 2328 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:16:06.0325 2328 AudioEndpointBuilder - ok
17:16:06.0340 2328 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:16:06.0340 2328 Audiosrv - ok
17:16:06.0387 2328 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
17:16:06.0387 2328 AxInstSV - ok
17:16:06.0465 2328 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:16:06.0481 2328 b06bdrv - ok
17:16:06.0496 2328 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:16:06.0512 2328 b57nd60x - ok
17:16:06.0543 2328 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
17:16:06.0543 2328 BDESVC - ok
17:16:06.0574 2328 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:16:06.0574 2328 Beep - ok
17:16:06.0621 2328 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
17:16:06.0637 2328 BITS - ok
17:16:06.0652 2328 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:16:06.0668 2328 blbdrive - ok
17:16:06.0699 2328 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:16:06.0699 2328 bowser - ok
17:16:06.0746 2328 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:16:06.0746 2328 BrFiltLo - ok
17:16:06.0761 2328 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:16:06.0761 2328 BrFiltUp - ok
17:16:06.0793 2328 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
17:16:06.0808 2328 Browser - ok
17:16:06.0824 2328 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:16:06.0824 2328 Brserid - ok
17:16:06.0855 2328 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:16:06.0855 2328 BrSerWdm - ok
17:16:06.0871 2328 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:16:06.0871 2328 BrUsbMdm - ok
17:16:06.0902 2328 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:16:06.0902 2328 BrUsbSer - ok
17:16:06.0933 2328 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:16:06.0933 2328 BTHMODEM - ok
17:16:06.0980 2328 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
17:16:06.0980 2328 bthserv - ok
17:16:07.0027 2328 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:16:07.0027 2328 cdfs - ok
17:16:07.0073 2328 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
17:16:07.0073 2328 cdrom - ok
17:16:07.0105 2328 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:16:07.0105 2328 CertPropSvc - ok
17:16:07.0120 2328 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:16:07.0136 2328 circlass - ok
17:16:07.0167 2328 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:16:07.0167 2328 CLFS - ok
17:16:07.0261 2328 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:16:07.0261 2328 clr_optimization_v2.0.50727_32 - ok
17:16:07.0339 2328 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:16:07.0339 2328 clr_optimization_v4.0.30319_32 - ok
17:16:07.0370 2328 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:16:07.0370 2328 CmBatt - ok
17:16:07.0401 2328 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:16:07.0401 2328 cmdide - ok
17:16:07.0448 2328 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
17:16:07.0463 2328 CNG - ok
17:16:07.0479 2328 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:16:07.0479 2328 Compbatt - ok
17:16:07.0526 2328 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:16:07.0526 2328 CompositeBus - ok
17:16:07.0526 2328 COMSysApp - ok
17:16:07.0588 2328 cpuz135 (26ce59f9fc8639fd7fed53ce3b785015) C:\Windows\system32\drivers\cpuz135_x32.sys
17:16:07.0588 2328 cpuz135 - ok
17:16:07.0635 2328 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:16:07.0635 2328 crcdisk - ok
17:16:07.0682 2328 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
17:16:07.0682 2328 CryptSvc - ok
17:16:07.0729 2328 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
17:16:07.0729 2328 CSC - ok
17:16:07.0760 2328 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
17:16:07.0775 2328 CscService - ok
17:16:07.0822 2328 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:16:07.0822 2328 DcomLaunch - ok
17:16:07.0853 2328 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
17:16:07.0869 2328 defragsvc - ok
17:16:07.0947 2328 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:16:07.0947 2328 DfsC - ok
17:16:07.0994 2328 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
17:16:07.0994 2328 Dhcp - ok
17:16:08.0041 2328 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:16:08.0041 2328 discache - ok
17:16:08.0056 2328 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:16:08.0056 2328 Disk - ok
17:16:08.0103 2328 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
17:16:08.0119 2328 Dnscache - ok
17:16:08.0181 2328 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
17:16:08.0197 2328 dot3svc - ok
17:16:08.0228 2328 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
17:16:08.0228 2328 DPS - ok
17:16:08.0259 2328 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:16:08.0259 2328 drmkaud - ok
17:16:08.0306 2328 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:16:08.0321 2328 dtsoftbus01 - ok
17:16:08.0384 2328 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:16:08.0399 2328 DXGKrnl - ok
17:16:08.0399 2328 EagleNT - ok
17:16:08.0415 2328 EagleXNt - ok
17:16:08.0462 2328 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
17:16:08.0462 2328 EapHost - ok
17:16:08.0618 2328 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:16:08.0665 2328 ebdrv - ok
17:16:08.0774 2328 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
17:16:08.0789 2328 EFS - ok
17:16:08.0867 2328 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
17:16:08.0883 2328 ehRecvr - ok
17:16:08.0914 2328 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
17:16:08.0914 2328 ehSched - ok
17:16:08.0992 2328 eknvxrvn (1a19a10b4203acc07d16a830ad59f7ea) C:\Windows\system32\drivers\eknvxrvn.sys
17:16:09.0008 2328 eknvxrvn - ok
17:16:09.0055 2328 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:16:09.0070 2328 elxstor - ok
17:16:09.0101 2328 eqytfluv (1a19a10b4203acc07d16a830ad59f7ea) C:\Windows\system32\drivers\eqytfluv.sys
17:16:09.0101 2328 eqytfluv - ok
17:16:09.0133 2328 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:16:09.0148 2328 ErrDev - ok
17:16:09.0164 2328 ESLvnic1 (3f3126a8f73e92f8eb369d54977d9e15) C:\Windows\system32\DRIVERS\ESLvnic.sys
17:16:09.0164 2328 ESLvnic1 - ok
17:16:09.0226 2328 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
17:16:09.0242 2328 EventSystem - ok
17:16:09.0273 2328 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:16:09.0273 2328 exfat - ok
17:16:09.0304 2328 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:16:09.0304 2328 fastfat - ok
17:16:09.0367 2328 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
17:16:09.0382 2328 Fax - ok
17:16:09.0398 2328 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:16:09.0398 2328 fdc - ok
17:16:09.0445 2328 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
17:16:09.0445 2328 fdPHost - ok
17:16:09.0460 2328 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
17:16:09.0460 2328 FDResPub - ok
17:16:09.0491 2328 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:16:09.0491 2328 FileInfo - ok
17:16:09.0523 2328 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:16:09.0523 2328 Filetrace - ok
17:16:09.0538 2328 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:16:09.0538 2328 flpydisk - ok
17:16:09.0569 2328 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:16:09.0569 2328 FltMgr - ok
17:16:09.0647 2328 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
17:16:09.0663 2328 FontCache - ok
17:16:09.0772 2328 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:16:09.0772 2328 FontCache3.0.0.0 - ok
17:16:09.0788 2328 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:16:09.0788 2328 FsDepends - ok
17:16:09.0819 2328 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
17:16:09.0819 2328 Fs_Rec - ok
17:16:09.0866 2328 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:16:09.0881 2328 fvevol - ok
17:16:09.0913 2328 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:16:09.0928 2328 gagp30kx - ok
17:16:09.0928 2328 GGSAFERDriver - ok
17:16:09.0959 2328 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
17:16:09.0959 2328 giveio - ok
17:16:10.0022 2328 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
17:16:10.0037 2328 gpsvc - ok
17:16:10.0162 2328 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:16:10.0162 2328 gupdate - ok
17:16:10.0162 2328 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:16:10.0162 2328 gupdatem - ok
17:16:10.0209 2328 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
17:16:10.0209 2328 hamachi - ok
17:16:10.0318 2328 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
17:16:10.0349 2328 Hamachi2Svc - ok
17:16:10.0490 2328 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:16:10.0490 2328 hcw85cir - ok
17:16:10.0537 2328 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
17:16:10.0537 2328 HdAudAddService - ok
17:16:10.0583 2328 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:16:10.0583 2328 HDAudBus - ok
17:16:10.0615 2328 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:16:10.0615 2328 HidBatt - ok
17:16:10.0630 2328 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:16:10.0646 2328 HidBth - ok
17:16:10.0661 2328 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:16:10.0677 2328 HidIr - ok
17:16:10.0708 2328 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
17:16:10.0708 2328 hidserv - ok
17:16:10.0739 2328 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
17:16:10.0739 2328 HidUsb - ok
17:16:10.0771 2328 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
17:16:10.0771 2328 hkmsvc - ok
17:16:10.0817 2328 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
17:16:10.0817 2328 HomeGroupListener - ok
17:16:10.0864 2328 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
17:16:10.0864 2328 HomeGroupProvider - ok
17:16:10.0895 2328 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:16:10.0895 2328 HpSAMD - ok
17:16:10.0958 2328 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:16:10.0973 2328 HTTP - ok
17:16:10.0989 2328 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:16:10.0989 2328 hwpolicy - ok
17:16:11.0036 2328 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
17:16:11.0036 2328 i8042prt - ok
17:16:11.0083 2328 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:16:11.0083 2328 iaStorV - ok
17:16:11.0207 2328 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:16:11.0223 2328 idsvc - ok
17:16:11.0332 2328 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:16:11.0332 2328 iirsp - ok
17:16:11.0395 2328 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
17:16:11.0410 2328 IKEEXT - ok
17:16:11.0582 2328 IntcAzAudAddService (2d6e527b8be62fb0223da0c2d9c75b45) C:\Windows\system32\drivers\RTKVHDA.sys
17:16:11.0629 2328 IntcAzAudAddService - ok
17:16:11.0800 2328 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:16:11.0800 2328 intelide - ok
17:16:11.0831 2328 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:16:11.0831 2328 intelppm - ok
17:16:11.0878 2328 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
17:16:11.0878 2328 IPBusEnum - ok
17:16:11.0894 2328 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:16:11.0894 2328 IpFilterDriver - ok
17:16:11.0941 2328 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:16:11.0941 2328 IPMIDRV - ok
17:16:11.0956 2328 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:16:11.0972 2328 IPNAT - ok
17:16:11.0987 2328 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:16:11.0987 2328 IRENUM - ok
17:16:12.0050 2328 is3srv (dccbdfd30bbeca6d74d9133981429b94) C:\Windows\system32\drivers\is3srv.sys
17:16:12.0050 2328 is3srv - ok
17:16:12.0081 2328 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:16:12.0081 2328 isapnp - ok
17:16:12.0112 2328 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:16:12.0128 2328 iScsiPrt - ok
17:16:12.0143 2328 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:16:12.0143 2328 kbdclass - ok
17:16:12.0206 2328 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
17:16:12.0206 2328 kbdhid - ok
17:16:12.0237 2328 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:16:12.0237 2328 KeyIso - ok
17:16:12.0268 2328 KMService (4635935fc972c582632bf45c26bfcb0e) C:\Windows\system32\srvany.exe
17:16:12.0284 2328 KMService - ok
17:16:12.0299 2328 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
17:16:12.0299 2328 KSecDD - ok
17:16:12.0315 2328 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
17:16:12.0331 2328 KSecPkg - ok
17:16:12.0362 2328 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
17:16:12.0377 2328 KtmRm - ok
17:16:12.0424 2328 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
17:16:12.0424 2328 LanmanServer - ok
17:16:12.0455 2328 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
17:16:12.0471 2328 LanmanWorkstation - ok
17:16:12.0502 2328 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:16:12.0502 2328 lltdio - ok
17:16:12.0549 2328 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
17:16:12.0549 2328 lltdsvc - ok
17:16:12.0580 2328 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
17:16:12.0596 2328 lmhosts - ok
17:16:12.0611 2328 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:16:12.0627 2328 LSI_FC - ok
17:16:12.0627 2328 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:16:12.0643 2328 LSI_SAS - ok
17:16:12.0658 2328 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:16:12.0658 2328 LSI_SAS2 - ok
17:16:12.0674 2328 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:16:12.0674 2328 LSI_SCSI - ok
17:16:12.0689 2328 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:16:12.0689 2328 luafv - ok
17:16:12.0752 2328 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
17:16:12.0752 2328 MBAMProtector - ok
17:16:12.0861 2328 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:16:12.0986 2328 MBAMService - ok
17:16:13.0017 2328 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
17:16:13.0017 2328 Mcx2Svc - ok
17:16:13.0048 2328 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:16:13.0048 2328 megasas - ok
17:16:13.0095 2328 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:16:13.0095 2328 MegaSR - ok
17:16:13.0173 2328 Microsoft SharePoint Workspace Audit Service - ok
17:16:13.0220 2328 Mkd2kfNt (6f4d79ea861137ef2f9078e265c2aa83) C:\Windows\system32\drivers\Mkd2kfNt.sys
17:16:13.0220 2328 Mkd2kfNt - ok
17:16:13.0235 2328 Mkd2Nadr (fe7925784f6801e983b41ec118ef62ac) C:\Windows\system32\drivers\Mkd2Nadr.sys
17:16:13.0235 2328 Mkd2Nadr - ok
17:16:13.0282 2328 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:16:13.0282 2328 MMCSS - ok
17:16:13.0298 2328 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:16:13.0298 2328 Modem - ok
17:16:13.0329 2328 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:16:13.0345 2328 monitor - ok
17:16:13.0376 2328 MotioninJoyXFilter (787a5f57812f8b9d76d82c80d077c5ca) C:\Windows\system32\DRIVERS\MijXfilt.sys
17:16:13.0376 2328 MotioninJoyXFilter - ok
17:16:13.0407 2328 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:16:13.0407 2328 mouclass - ok
17:16:13.0423 2328 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:16:13.0438 2328 mouhid - ok
17:16:13.0469 2328 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:16:13.0469 2328 mountmgr - ok
17:16:13.0516 2328 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
17:16:13.0516 2328 MpFilter - ok
17:16:13.0563 2328 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:16:13.0563 2328 mpio - ok
17:16:13.0719 2328 MpKsl3d9fcf23 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD5BA4D4-947E-43B2-A852-311E3770FD80}\MpKsl3d9fcf23.sys
17:16:13.0766 2328 Suspicious file (Forged): c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD5BA4D4-947E-43B2-A852-311E3770FD80}\MpKsl3d9fcf23.sys. Real md5: a69630d039c38018689190234f866d77, Fake md5: 4137ee420481d10734da3018d0325582
17:16:13.0766 2328 MpKsl3d9fcf23 ( ForgedFile.Multi.Generic ) - warning
17:16:13.0766 2328 MpKsl3d9fcf23 - detected ForgedFile.Multi.Generic (1)
17:16:13.0797 2328 MpKsldc6ff94c (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD5BA4D4-947E-43B2-A852-311E3770FD80}\MpKsldc6ff94c.sys
17:16:13.0797 2328 MpKsldc6ff94c - ok
17:16:13.0828 2328 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:16:13.0828 2328 mpsdrv - ok
17:16:13.0875 2328 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:16:13.0875 2328 MRxDAV - ok
17:16:13.0922 2328 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:16:13.0922 2328 mrxsmb - ok
17:16:13.0984 2328 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:16:13.0984 2328 mrxsmb10 - ok
17:16:14.0000 2328 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:16:14.0000 2328 mrxsmb20 - ok
17:16:14.0047 2328 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:16:14.0047 2328 msahci - ok
17:16:14.0078 2328 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:16:14.0093 2328 msdsm - ok
17:16:14.0140 2328 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
17:16:14.0140 2328 MSDTC - ok
17:16:14.0203 2328 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:16:14.0203 2328 Msfs - ok
17:16:14.0234 2328 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:16:14.0234 2328 mshidkmdf - ok
17:16:14.0296 2328 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:16:14.0296 2328 msisadrv - ok
17:16:14.0343 2328 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
17:16:14.0343 2328 MSiSCSI - ok
17:16:14.0359 2328 msiserver - ok
17:16:14.0405 2328 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:16:14.0405 2328 MSKSSRV - ok
17:16:14.0452 2328 msloop (ade6270c1003923e92a9bbba272133a9) C:\Windows\system32\DRIVERS\loop.sys
17:16:14.0452 2328 msloop - ok
17:16:14.0561 2328 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:16:14.0561 2328 MsMpSvc - ok
17:16:14.0593 2328 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:16:14.0593 2328 MSPCLOCK - ok
17:16:14.0624 2328 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:16:14.0624 2328 MSPQM - ok
17:16:14.0655 2328 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:16:14.0655 2328 MsRPC - ok
17:16:14.0702 2328 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:16:14.0702 2328 mssmbios - ok
17:16:14.0749 2328 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:16:14.0749 2328 MSTEE - ok
17:16:14.0780 2328 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:16:14.0780 2328 MTConfig - ok
17:16:14.0811 2328 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:16:14.0811 2328 Mup - ok
17:16:14.0873 2328 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
17:16:14.0889 2328 napagent - ok
17:16:14.0936 2328 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:16:14.0936 2328 NativeWifiP - ok
17:16:14.0998 2328 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:16:14.0998 2328 NDIS - ok
17:16:15.0029 2328 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:16:15.0029 2328 NdisCap - ok
17:16:15.0045 2328 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:16:15.0045 2328 NdisTapi - ok
17:16:15.0092 2328 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:16:15.0092 2328 Ndisuio - ok
17:16:15.0139 2328 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:16:15.0139 2328 NdisWan - ok
17:16:15.0185 2328 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:16:15.0185 2328 NDProxy - ok
17:16:15.0217 2328 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:16:15.0217 2328 NetBIOS - ok
17:16:15.0263 2328 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:16:15.0263 2328 NetBT - ok
17:16:15.0295 2328 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:16:15.0295 2328 Netlogon - ok
17:16:15.0341 2328 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
17:16:15.0357 2328 Netman - ok
17:16:15.0451 2328 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:16:15.0466 2328 NetMsmqActivator - ok
17:16:15.0466 2328 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:16:15.0466 2328 NetPipeActivator - ok
17:16:15.0513 2328 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
17:16:15.0513 2328 netprofm - ok
17:16:15.0529 2328 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:16:15.0529 2328 NetTcpActivator - ok
17:16:15.0544 2328 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:16:15.0544 2328 NetTcpPortSharing - ok
17:16:15.0575 2328 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:16:15.0591 2328 nfrd960 - ok
17:16:15.0653 2328 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:16:15.0653 2328 NisDrv - ok
17:16:15.0778 2328 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
17:16:15.0778 2328 NisSrv - ok
17:16:15.0825 2328 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
17:16:15.0825 2328 NlaSvc - ok
17:16:15.0856 2328 nocashio (03bba4dedefb48c510061529651b453a) C:\Windows\system32\drivers\nocashio.sys
17:16:15.0856 2328 nocashio - ok
17:16:15.0903 2328 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:16:15.0919 2328 Npfs - ok
17:16:15.0919 2328 npggsvc - ok
17:16:15.0965 2328 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
17:16:15.0965 2328 nsi - ok
17:16:15.0981 2328 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:16:15.0981 2328 nsiproxy - ok
17:16:16.0075 2328 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:16:16.0090 2328 Ntfs - ok
17:16:16.0231 2328 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:16:16.0231 2328 Null - ok
17:16:16.0262 2328 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:16:16.0262 2328 nvraid - ok
17:16:16.0309 2328 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:16:16.0309 2328 nvstor - ok
17:16:16.0340 2328 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:16:16.0340 2328 nv_agp - ok
17:16:16.0387 2328 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:16:16.0387 2328 ohci1394 - ok
17:16:16.0465 2328 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:16:16.0465 2328 ose - ok
17:16:16.0730 2328 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:16:16.0839 2328 osppsvc - ok
17:16:17.0245 2328 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:16:17.0245 2328 p2pimsvc - ok
17:16:17.0276 2328 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
17:16:17.0291 2328 p2psvc - ok
17:16:17.0354 2328 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:16:17.0354 2328 Parport - ok
17:16:17.0416 2328 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
17:16:17.0416 2328 partmgr - ok
17:16:17.0447 2328 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:16:17.0447 2328 Parvdm - ok
17:16:17.0479 2328 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
17:16:17.0494 2328 PcaSvc - ok
17:16:17.0541 2328 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:16:17.0541 2328 pci - ok
17:16:17.0572 2328 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:16:17.0572 2328 pciide - ok
17:16:17.0619 2328 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:16:17.0619 2328 pcmcia - ok
17:16:17.0650 2328 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:16:17.0650 2328 pcw - ok
17:16:17.0697 2328 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:16:17.0697 2328 PEAUTH - ok
17:16:17.0791 2328 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
17:16:17.0806 2328 PeerDistSvc - ok
17:16:17.0947 2328 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
17:16:17.0978 2328 pla - ok
17:16:18.0118 2328 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
17:16:18.0134 2328 PlugPlay - ok
17:16:18.0181 2328 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\Windows\system32\PnkBstrA.exe
17:16:18.0181 2328 PnkBstrA - ok
17:16:18.0227 2328 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
17:16:18.0227 2328 PNRPAutoReg - ok
17:16:18.0259 2328 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:16:18.0259 2328 PNRPsvc - ok
17:16:18.0321 2328 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
17:16:18.0321 2328 PolicyAgent - ok
17:16:18.0383 2328 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
17:16:18.0383 2328 Power - ok
17:16:18.0461 2328 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:16:18.0461 2328 PptpMiniport - ok
17:16:18.0477 2328 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:16:18.0477 2328 Processor - ok
17:16:18.0524 2328 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
17:16:18.0539 2328 ProfSvc - ok
17:16:18.0571 2328 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:16:18.0571 2328 ProtectedStorage - ok
17:16:18.0602 2328 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:16:18.0602 2328 Psched - ok
17:16:18.0695 2328 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:16:18.0711 2328 ql2300 - ok
17:16:18.0836 2328 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:16:18.0851 2328 ql40xx - ok
17:16:18.0883 2328 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
17:16:18.0898 2328 QWAVE - ok
17:16:18.0914 2328 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:16:18.0914 2328 QWAVEdrv - ok
17:16:18.0929 2328 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:16:18.0945 2328 RasAcd - ok
17:16:18.0992 2328 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:16:18.0992 2328 RasAgileVpn - ok
17:16:19.0007 2328 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
17:16:19.0023 2328 RasAuto - ok
17:16:19.0054 2328 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:16:19.0054 2328 Rasl2tp - ok
17:16:19.0101 2328 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
17:16:19.0101 2328 RasMan - ok
17:16:19.0132 2328 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:16:19.0132 2328 RasPppoe - ok
17:16:19.0179 2328 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:16:19.0179 2328 RasSstp - ok
17:16:19.0226 2328 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:16:19.0226 2328 rdbss - ok
17:16:19.0257 2328 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:16:19.0257 2328 rdpbus - ok
17:16:19.0304 2328 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:16:19.0304 2328 RDPCDD - ok
17:16:19.0366 2328 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
17:16:19.0366 2328 RDPDR - ok
17:16:19.0413 2328 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:16:19.0413 2328 RDPENCDD - ok
17:16:19.0444 2328 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:16:19.0444 2328 RDPREFMP - ok
17:16:19.0491 2328 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
17:16:19.0507 2328 RDPWD - ok
17:16:19.0553 2328 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:16:19.0553 2328 rdyboost - ok
17:16:19.0616 2328 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
17:16:19.0631 2328 RemoteAccess - ok
17:16:19.0678 2328 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
17:16:19.0678 2328 RemoteRegistry - ok
17:16:19.0709 2328 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
17:16:19.0709 2328 RpcEptMapper - ok
17:16:19.0756 2328 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
17:16:19.0756 2328 RpcLocator - ok
17:16:19.0819 2328 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:16:19.0819 2328 RpcSs - ok
17:16:19.0881 2328 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:16:19.0881 2328 rspndr - ok
17:16:19.0928 2328 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
17:16:19.0928 2328 RTL8167 - ok
17:16:19.0975 2328 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
17:16:19.0975 2328 s3cap - ok
17:16:20.0021 2328 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:16:20.0021 2328 SamSs - ok
17:16:20.0053 2328 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:16:20.0053 2328 sbp2port - ok
17:16:20.0146 2328 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
17:16:20.0146 2328 SBRE - ok
17:16:20.0193 2328 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
17:16:20.0209 2328 SCardSvr - ok
17:16:20.0255 2328 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:16:20.0255 2328 scfilter - ok
17:16:20.0318 2328 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
17:16:20.0333 2328 Schedule - ok
17:16:20.0380 2328 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:16:20.0380 2328 SCPolicySvc - ok
17:16:20.0427 2328 SCREAMINGBDRIVER (a689d522eedf89401e1da2fe883aa7ec) C:\Windows\system32\drivers\ScreamingBAudio.sys
17:16:20.0427 2328 SCREAMINGBDRIVER - ok
17:16:20.0458 2328 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
17:16:20.0458 2328 sdbus - ok
17:16:20.0489 2328 sddfilt (599e39d037bdc222eb139a23ef11292f) C:\Windows\system32\drivers\sddfilt.sys
17:16:20.0489 2328 sddfilt - ok
17:16:20.0536 2328 sddhelp (fca6a36625b6df22708e89aa6339f6b5) C:\Windows\system32\drivers\sddhelp.sys
17:16:20.0536 2328 sddhelp - ok
17:16:20.0630 2328 SddSUpdate (7531d5e5b895ff3e7a7ec6123fc8b17a) C:\Program Files\SddSUpdate\SddSUpdate.exe
17:16:20.0630 2328 SddSUpdate - ok
17:16:20.0677 2328 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
17:16:20.0677 2328 SDRSVC - ok
17:16:20.0723 2328 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:16:20.0723 2328 secdrv - ok
17:16:20.0755 2328 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
17:16:20.0770 2328 seclogon - ok
17:16:20.0786 2328 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
17:16:20.0786 2328 SENS - ok
17:16:20.0833 2328 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
17:16:20.0833 2328 SensrSvc - ok
17:16:20.0864 2328 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:16:20.0864 2328 Serenum - ok
17:16:20.0895 2328 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:16:20.0895 2328 Serial - ok
17:16:20.0942 2328 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:16:20.0942 2328 sermouse - ok
17:16:21.0004 2328 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
17:16:21.0020 2328 SessionEnv - ok
17:16:21.0051 2328 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:16:21.0051 2328 sffdisk - ok
17:16:21.0082 2328 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:16:21.0082 2328 sffp_mmc - ok
17:16:21.0098 2328 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
17:16:21.0098 2328 sffp_sd - ok
17:16:21.0145 2328 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:16:21.0145 2328 sfloppy - ok
17:16:21.0207 2328 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
17:16:21.0223 2328 ShellHWDetection - ok
17:16:21.0269 2328 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:16:21.0269 2328 sisagp - ok
17:16:21.0301 2328 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:16:21.0301 2328 SiSRaid2 - ok
17:16:21.0316 2328 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:16:21.0316 2328 SiSRaid4 - ok
17:16:21.0425 2328 SmartDefragDriver (bf302072dc8374cf4e118fd88aa817a2) C:\Windows\system32\Drivers\SmartDefragDriver.sys
17:16:21.0425 2328 SmartDefragDriver - ok
17:16:21.0457 2328 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:16:21.0457 2328 Smb - ok
17:16:21.0519 2328 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
17:16:21.0519 2328 SNMPTRAP - ok
17:16:21.0566 2328 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
17:16:21.0566 2328 speedfan - ok
17:16:21.0613 2328 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:16:21.0613 2328 spldr - ok
17:16:21.0659 2328 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
17:16:21.0675 2328 Spooler - ok
17:16:21.0847 2328 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
17:16:21.0893 2328 sppsvc - ok
17:16:22.0034 2328 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
17:16:22.0049 2328 sppuinotify - ok
17:16:22.0221 2328 SpyHunter 4 Service (05580ac1c1cd96d04ef74ebd18dc81c3) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
17:16:22.0361 2328 SpyHunter 4 Service - ok
17:16:22.0439 2328 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:16:22.0455 2328 srv - ok
17:16:22.0502 2328 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:16:22.0502 2328 srv2 - ok
17:16:22.0533 2328 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:16:22.0533 2328 srvnet - ok
17:16:22.0580 2328 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
17:16:22.0580 2328 ssadbus - ok
17:16:22.0611 2328 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
17:16:22.0611 2328 ssadmdfl - ok
17:16:22.0642 2328 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
17:16:22.0642 2328 ssadmdm - ok
17:16:22.0689 2328 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\Windows\system32\DRIVERS\ssadserd.sys
17:16:22.0689 2328 ssadserd - ok
17:16:22.0736 2328 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
17:16:22.0736 2328 SSDPSRV - ok
17:16:22.0783 2328 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
17:16:22.0783 2328 SstpSvc - ok
17:16:22.0829 2328 Steam Client Service - ok
17:16:22.0876 2328 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:16:22.0876 2328 stexstor - ok
17:16:22.0939 2328 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
17:16:22.0954 2328 StiSvc - ok
17:16:23.0001 2328 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
17:16:23.0001 2328 storflt - ok
17:16:23.0048 2328 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
17:16:23.0048 2328 StorSvc - ok
17:16:23.0095 2328 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
17:16:23.0095 2328 storvsc - ok
17:16:23.0141 2328 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:16:23.0141 2328 swenum - ok
17:16:23.0251 2328 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:16:23.0375 2328 SwitchBoard - ok
17:16:23.0422 2328 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
17:16:23.0438 2328 swprv - ok
17:16:23.0485 2328 SynTP (964524a9edcce945e82419abe9db94ee) C:\Windows\system32\DRIVERS\SynTP.sys
17:16:23.0485 2328 SynTP - ok
17:16:23.0578 2328 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
17:16:23.0594 2328 SysMain - ok
17:16:23.0672 2328 szkg5 (dccbdfd30bbeca6d74d9133981429b94) C:\Windows\system32\DRIVERS\szkg.sys
17:16:23.0672 2328 szkg5 - ok
17:16:23.0703 2328 szkgfs (d8e280f74e2995dd357cabc996952aec) C:\Windows\system32\drivers\szkgfs.sys
17:16:23.0703 2328 szkgfs - ok
17:16:23.0797 2328 szserver (8fdaf81240a4057162cad255f02a844e) C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
17:16:23.0797 2328 szserver - ok
17:16:23.0859 2328 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
17:16:23.0859 2328 TabletInputService - ok
17:16:23.0906 2328 tap0901 (c516b5cffb7c307fcb7df87d7d7fa200) C:\Windows\system32\DRIVERS\tap0901.sys
17:16:23.0906 2328 tap0901 - ok
17:16:23.0968 2328 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
17:16:23.0968 2328 TapiSrv - ok
17:16:24.0015 2328 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
17:16:24.0015 2328 TBS - ok
17:16:24.0124 2328 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
17:16:24.0124 2328 Tcpip - ok
17:16:24.0374 2328 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
17:16:24.0374 2328 TCPIP6 - ok
17:16:24.0561 2328 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:16:24.0561 2328 tcpipreg - ok
17:16:24.0623 2328 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:16:24.0623 2328 TDPIPE - ok
17:16:24.0670 2328 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
17:16:24.0670 2328 TDTCP - ok
17:16:24.0717 2328 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:16:24.0717 2328 tdx - ok
17:16:24.0904 2328 TeamViewer6 (8a9828975a857e477efef5a61ba45ac0) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
17:16:24.0935 2328 TeamViewer6 - ok
17:16:25.0169 2328 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
17:16:25.0216 2328 TeamViewer7 - ok
17:16:25.0357 2328 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:16:25.0357 2328 TermDD - ok
17:16:25.0403 2328 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
17:16:25.0419 2328 TermService - ok
17:16:25.0466 2328 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
17:16:25.0466 2328 Themes - ok
17:16:25.0513 2328 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:16:25.0513 2328 THREADORDER - ok
17:16:25.0559 2328 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys
17:16:25.0575 2328 tifm21 - ok
17:16:25.0591 2328 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
17:16:25.0591 2328 TrkWks - ok
17:16:25.0684 2328 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
17:16:25.0684 2328 TrustedInstaller - ok
17:16:25.0731 2328 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:16:25.0731 2328 tssecsrv - ok
17:16:25.0778 2328 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:16:25.0778 2328 TsUsbFlt - ok
17:16:25.0825 2328 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:16:25.0825 2328 tunnel - ok
17:16:25.0871 2328 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
17:16:25.0871 2328 TVALZ - ok
17:16:25.0918 2328 txviiizh (1a19a10b4203acc07d16a830ad59f7ea) C:\Windows\system32\drivers\txviiizh.sys
17:16:25.0918 2328 txviiizh - ok
17:16:25.0965 2328 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:16:25.0965 2328 uagp35 - ok
17:16:26.0012 2328 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:16:26.0012 2328 udfs - ok
17:16:26.0074 2328 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
17:16:26.0090 2328 UI0Detect - ok
17:16:26.0121 2328 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:16:26.0121 2328 uliagpkx - ok
17:16:26.0183 2328 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
17:16:26.0183 2328 umbus - ok
17:16:26.0215 2328 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:16:26.0230 2328 UmPass - ok
17:16:26.0277 2328 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
17:16:26.0277 2328 UmRdpService - ok
17:16:26.0324 2328 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
17:16:26.0339 2328 upnphost - ok
17:16:26.0386 2328 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:16:26.0386 2328 usbccgp - ok
17:16:26.0417 2328 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:16:26.0433 2328 usbcir - ok
17:16:26.0464 2328 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
17:16:26.0464 2328 usbehci - ok
17:16:26.0527 2328 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:16:26.0527 2328 usbhub - ok
17:16:26.0573 2328 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
17:16:26.0573 2328 usbohci - ok
17:16:26.0620 2328 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:16:26.0620 2328 usbprint - ok
17:16:26.0651 2328 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:16:26.0667 2328 USBSTOR - ok
17:16:26.0698 2328 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:16:26.0698 2328 usbuhci - ok
17:16:26.0761 2328 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
17:16:26.0761 2328 usbvideo - ok
17:16:26.0807 2328 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
17:16:26.0807 2328 UxSms - ok
17:16:26.0854 2328 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:16:26.0854 2328 VaultSvc - ok
17:16:26.0901 2328 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:16:26.0901 2328 vdrvroot - ok
17:16:26.0948 2328 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
17:16:26.0963 2328 vds - ok
17:16:27.0010 2328 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:16:27.0010 2328 vga - ok
17:16:27.0041 2328 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:16:27.0041 2328 VgaSave - ok
17:16:27.0088 2328 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:16:27.0088 2328 vhdmp - ok
17:16:27.0135 2328 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:16:27.0135 2328 viaagp - ok
17:16:27.0166 2328 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:16:27.0166 2328 ViaC7 - ok
17:16:27.0229 2328 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:16:27.0229 2328 viaide - ok
17:16:27.0275 2328 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
17:16:27.0275 2328 vmbus - ok
17:16:27.0322 2328 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
17:16:27.0322 2328 VMBusHID - ok
17:16:27.0369 2328 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:16:27.0369 2328 volmgr - ok
17:16:27.0431 2328 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:16:27.0431 2328 volmgrx - ok
17:16:27.0478 2328 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:16:27.0494 2328 volsnap - ok
17:16:27.0525 2328 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:16:27.0525 2328 vsmraid - ok
17:16:27.0619 2328 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
17:16:27.0634 2328 VSS - ok
17:16:27.0650 2328 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
17:16:27.0650 2328 vwifibus - ok
17:16:27.0681 2328 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
17:16:27.0681 2328 vwififlt - ok
17:16:27.0759 2328 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
17:16:27.0759 2328 W32Time - ok
17:16:27.0806 2328 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:16:27.0806 2328 WacomPen - ok
17:16:27.0853 2328 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:16:27.0853 2328 WANARP - ok
17:16:27.0868 2328 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:16:27.0868 2328 Wanarpv6 - ok
17:16:27.0884 2328 wanatw - ok
17:16:27.0977 2328 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
17:16:28.0009 2328 WatAdminSvc - ok
17:16:28.0211 2328 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
17:16:28.0227 2328 wbengine - ok
17:16:28.0274 2328 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
17:16:28.0274 2328 WbioSrvc - ok
17:16:28.0336 2328 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
17:16:28.0336 2328 wcncsvc - ok
17:16:28.0367 2328 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
17:16:28.0383 2328 WcsPlugInService - ok
17:16:28.0445 2328 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:16:28.0445 2328 Wd - ok
17:16:28.0508 2328 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:16:28.0508 2328 Wdf01000 - ok
17:16:28.0539 2328 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:16:28.0555 2328 WdiServiceHost - ok
17:16:28.0555 2328 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:16:28.0570 2328 WdiSystemHost - ok
17:16:28.0617 2328 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
17:16:28.0633 2328 WebClient - ok
17:16:28.0679 2328 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
17:16:28.0679 2328 Wecsvc - ok
17:16:28.0711 2328 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
17:16:28.0711 2328 wercplsupport - ok
17:16:28.0742 2328 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
17:16:28.0742 2328 WerSvc - ok
17:16:28.0773 2328 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:16:28.0773 2328 WfpLwf - ok
17:16:28.0804 2328 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:16:28.0804 2328 WIMMount - ok
17:16:28.0851 2328 WinHttpAutoProxySvc - ok
17:16:28.0945 2328 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
17:16:28.0945 2328 Winmgmt - ok
17:16:29.0038 2328 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
17:16:29.0054 2328 WinRM - ok
17:16:29.0147 2328 wjhpgnrg (1a19a10b4203acc07d16a830ad59f7ea) C:\Windows\system32\drivers\wjhpgnrg.sys
17:16:29.0147 2328 wjhpgnrg - ok
17:16:29.0241 2328 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
17:16:29.0257 2328 Wlansvc - ok
17:16:29.0428 2328 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:16:29.0444 2328 wlidsvc - ok
17:16:29.0600 2328 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:16:29.0600 2328 WmiAcpi - ok
17:16:29.0709 2328 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
17:16:29.0709 2328 wmiApSrv - ok
17:16:29.0865 2328 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:16:29.0881 2328 WMPNetworkSvc - ok
17:16:30.0005 2328 wod0205 (1ac313913f66d8dcfb78d2b6e1672952) C:\Windows\system32\DRIVERS\wod0205.sys
17:16:30.0005 2328 wod0205 - ok
17:16:30.0068 2328 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
17:16:30.0068 2328 WPCSvc - ok
17:16:30.0115 2328 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
17:16:30.0115 2328 WPDBusEnum - ok
17:16:30.0177 2328 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:16:30.0177 2328 ws2ifsl - ok
17:16:30.0208 2328 WSearch - ok
17:16:30.0349 2328 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
17:16:30.0380 2328 wuauserv - ok
17:16:30.0536 2328 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:16:30.0536 2328 WudfPf - ok
17:16:30.0567 2328 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:16:30.0567 2328 WUDFRd - ok
17:16:30.0614 2328 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
17:16:30.0614 2328 wudfsvc - ok
17:16:30.0661 2328 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
17:16:30.0676 2328 WwanSvc - ok
17:16:30.0692 2328 XDva375 - ok
17:16:30.0707 2328 XDva388 - ok
17:16:30.0723 2328 XDva391 - ok
17:16:30.0801 2328 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
17:16:30.0801 2328 xusb21 - ok
17:16:30.0848 2328 yzsbmxom (1a19a10b4203acc07d16a830ad59f7ea) C:\Windows\system32\drivers\yzsbmxom.sys
17:16:30.0848 2328 yzsbmxom - ok
17:16:30.0926 2328 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:16:32.0470 2328 \Device\Harddisk0\DR0 - ok
17:16:32.0501 2328 Boot (0x1200) (53bb1d858189a73b60f8c367849bfa30) \Device\Harddisk0\DR0\Partition0
17:16:32.0501 2328 \Device\Harddisk0\DR0\Partition0 - ok
17:16:32.0517 2328 Boot (0x1200) (b5f1a2cd55881610d0e6dd1ffd9de9cb) \Device\Harddisk0\DR0\Partition1
17:16:32.0517 2328 \Device\Harddisk0\DR0\Partition1 - ok
17:16:32.0517 2328 ============================================================
17:16:32.0517 2328 Scan finished
17:16:32.0517 2328 ============================================================
17:16:32.0533 3648 Detected object count: 1
17:16:32.0533 3648 Actual detected object count: 1
17:17:07.0903 3648 MpKsl3d9fcf23 ( ForgedFile.Multi.Generic ) - skipped by user
17:17:07.0903 3648 MpKsl3d9fcf23 ( ForgedFile.Multi.Generic ) - User select action: Skip

-------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-14 17:18:12
-----------------------------
17:18:12.510 OS Version: Windows 6.1.7601 Service Pack 1
17:18:12.510 Number of processors: 2 586 0xF0D
17:18:12.510 ComputerName: DANIEL-PC UserName: Daniel
17:18:13.877 Initialize success
17:18:23.284 AVAST engine defs: 12061400
17:18:34.672 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
17:18:34.672 Disk 0 Vendor: TOSHIBA_MK3252GSX LV010M Size: 305245MB BusType: 11
17:18:34.687 Disk 0 MBR read successfully
17:18:34.687 Disk 0 MBR scan
17:18:34.703 Disk 0 Windows 7 default MBR code
17:18:34.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:18:34.750 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
17:18:34.796 Disk 0 scanning sectors +625139712
17:18:34.906 Disk 0 scanning C:\Windows\system32\drivers
17:18:56.839 Service scanning
17:19:21.331 Service MpKsldc6ff94c c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD5BA4D4-947E-43B2-A852-311E3770FD80}\MpKsldc6ff94c.sys **LOCKED** 32
17:19:52.407 Modules scanning
17:20:09.015 Disk 0 trace - called modules:
17:20:09.034 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
17:20:09.034 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a3e290]
17:20:09.034 3 CLASSPNP.SYS[8bebc59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x86932908]
17:20:10.344 AVAST engine scan C:\Windows
17:20:15.570 AVAST engine scan C:\Windows\system32
17:28:20.350 AVAST engine scan C:\Windows\system32\drivers
17:29:26.153 AVAST engine scan C:\Users\Daniel
17:34:56.469 File: C:\Users\Daniel\AppData\Roaming\KKL\rt7.dll **INFECTED** Win32:Malware-gen
17:37:57.523 AVAST engine scan C:\ProgramData
17:42:04.923 Scan finished successfully
17:42:56.125 Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
17:42:56.137 The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"

-------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------

C:\Program Files\Milestone\SBKGen\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:41 AM

Posted 14 June 2012 - 03:28 PM

Restart the PC ,run malwarebytes scan once again and post the clean log

Download

system look

Launch it and copy this script and paste in the BOX

:folderfind 
{9ea55875-f590-efc1-68d9-7c947fcd736a}
:filefind
services.exe

Click on LOOK,post the generated log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Edited by narenxp, 14 June 2012 - 03:28 PM.


#9 Daniel Matos

Daniel Matos
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 15 June 2012 - 04:06 AM

Thank you for your quick reply. :)
Here are the logs.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.15.02

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Daniel :: DANIEL-PC [administrator]

Protection: Disabled

15-06-2012 08:48:16
mbam-log-2012-06-15 (08-48-16).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 393145
Time elapsed: 1 hour(s), 9 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------

CAN'T RUN SystemLook_x64.exe (error: The version of this file is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need an x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher)

---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------


MiniToolBox by Farbar Version: 09-06-2012
Ran by Daniel (administrator) on 15-06-2012 at 10:05:22
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
::1 localhost
78.47.251.150 easyanticheat.se 78.47.251.150 www.easyanticheat.se 78.47.251.150 easyanticheat.com 78.47.251.150 www.easyanticheat.com 78.47.251.150 easyanticheat.org 78.47.251.150 www.easyanticheat.org

127.0.0.1 localhost

========================= IP Configuration: ================================



# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="WeOnlyDo" forwarding=disabled advertise=disabled mtu=1200 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Daniel-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-24-2B-62-46-D5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d5b1:b0cd:862d:7114%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : sexta-feira, 15 de Junho de 2012 08:46:36
Lease Expires . . . . . . . . . . : sexta-feira, 15 de Junho de 2012 10:46:36
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218113067
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-8E-C7-B8-00-23-5A-04-46-AC
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-AB-B8-AB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::5ab:b8ab(Preferred)
Link-local IPv6 Address . . . . . : fe80::5c59:414f:a50:56f%18(Preferred)
IPv4 Address. . . . . . . . . . . : 5.171.184.171(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : sexta-feira, 15 de Junho de 2012 08:46:27
Lease Expires . . . . . . . . . . : s bado, 15 de Junho de 2013 08:48:34
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 427456959
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-8E-C7-B8-00-23-5A-04-46-AC
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.lan:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{763FC4F2-1B33-41E3-BCC5-97A5274833A8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{FAB922E1-7286-4900-9130-CBDAD4DB1039}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: zonhub.home
Address: 192.168.1.1

Name: google.com
Addresses: 2a00:1450:4003:800::1000
173.194.34.200
173.194.34.201
173.194.34.206
173.194.34.192
173.194.34.193
173.194.34.194
173.194.34.195
173.194.34.196
173.194.34.197
173.194.34.198
173.194.34.199


Pinging google.com [74.125.230.166] with 32 bytes of data:
Reply from 74.125.230.166: bytes=32 time=29ms TTL=56
Reply from 74.125.230.166: bytes=32 time=32ms TTL=56

Ping statistics for 74.125.230.166:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 29ms, Maximum = 32ms, Average = 30ms
Server: zonhub.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=186ms TTL=43
Reply from 98.139.183.24: bytes=32 time=130ms TTL=44

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 130ms, Maximum = 186ms, Average = 158ms
Server: zonhub.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 24 2b 62 46 d5 ......Atheros AR5007EG Wireless Network Adapter
18...7a 79 05 ab b8 ab ......Hamachi Network Interface
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.171.184.171 9256
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
5.0.0.0 255.0.0.0 On-link 5.171.184.171 9256
5.171.184.171 255.255.255.255 On-link 5.171.184.171 9256
5.255.255.255 255.255.255.255 On-link 5.171.184.171 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 281
192.168.1.2 255.255.255.255 On-link 192.168.1.2 281
192.168.1.255 255.255.255.255 On-link 192.168.1.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 5.171.184.171 9256
224.0.0.0 240.0.0.0 On-link 192.168.1.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 5.171.184.171 9256
255.255.255.255 255.255.255.255 On-link 192.168.1.2 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
18 276 2620:9b::/96 On-link
18 276 2620:9b::5ab:b8ab/128 On-link
18 276 fe80::/64 On-link
11 281 fe80::/64 On-link
18 276 fe80::5c59:414f:a50:56f/128
On-link
11 281 fe80::d5b1:b0cd:862d:7114/128
On-link
1 306 ff00::/8 On-link
18 276 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\system32\NLAapi.dll

Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
Catalog9 30 mswsock.dll [File Not found] ()
Catalog9 31 mswsock.dll [File Not found] ()
Catalog9 32 mswsock.dll [File Not found] ()
Catalog9 33 mswsock.dll [File Not found] ()
Catalog9 34 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/15/2012 09:55:17 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (06/15/2012 09:55:11 AM) (Source: MsiInstaller) (User: Daniel)Daniel
Description: Produto: Microsoft Office Professional Plus 2010 -- Erro 1920.O serviço 'Office Software Protection Platform' (osppsvc) falhou ao iniciar. Verifique se tem privilégios suficientes para iniciar serviços do sistema.

Error: (06/15/2012 09:51:34 AM) (Source: MsiInstaller) (User: Daniel)Daniel
Description: Produto: Microsoft Office Professional Plus 2010 -- Erro 1706.O programa de configuração não consegue localizar os ficheiros necessários. Verifique a ligação à rede ou a unidade de CD-ROM. Para outras soluções potenciais para este problema, consulte C:\Users\Daniel\AppData\Local\Temp\Setup000005d0\SETUP.CHM.

Error: (06/15/2012 09:50:07 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (06/15/2012 08:46:44 AM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (06/15/2012 08:40:38 AM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (06/15/2012 08:37:39 AM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (06/14/2012 08:08:30 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (06/14/2012 07:40:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 19.0.1084.56, time stamp: 0x4fd04f16
Faulting module name: chrome.dll, version: 19.0.1084.56, time stamp: 0x4fd04e9f
Exception code: 0x80000003
Fault offset: 0x0051c743
Faulting process id: 0x15c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (06/14/2012 05:48:46 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (06/15/2012 09:27:37 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1922.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/15/2012 09:27:36 AM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/15/2012 08:47:09 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/15/2012 08:46:45 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/15/2012 08:46:42 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
is3srv
MpFilter
spldr
Wanarpv6

Error: (06/15/2012 08:46:35 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (06/15/2012 08:46:35 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (06/15/2012 08:46:32 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/15/2012 08:44:57 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147467243

Error: (06/15/2012 08:40:21 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
is3srv


Microsoft Office Sessions:
=========================
Error: (06/15/2012 09:55:17 AM) (Source: System Restore)(User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (06/15/2012 09:55:11 AM) (Source: MsiInstaller)(User: Daniel)Daniel
Description: Produto: Microsoft Office Professional Plus 2010 -- Erro 1920.O serviço 'Office Software Protection Platform' (osppsvc) falhou ao iniciar. Verifique se tem privilégios suficientes para iniciar serviços do sistema.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/15/2012 09:51:34 AM) (Source: MsiInstaller)(User: Daniel)Daniel
Description: Produto: Microsoft Office Professional Plus 2010 -- Erro 1706.O programa de configuração não consegue localizar os ficheiros necessários. Verifique a ligação à rede ou a unidade de CD-ROM. Para outras soluções potenciais para este problema, consulte C:\Users\Daniel\AppData\Local\Temp\Setup000005d0\SETUP.CHM.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/15/2012 09:50:07 AM) (Source: System Restore)(User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (06/15/2012 08:46:44 AM) (Source: WinMgmt)(User: )
Description: 0x8007007e

Error: (06/15/2012 08:40:38 AM) (Source: WinMgmt)(User: )
Description: 0x8007007e

Error: (06/15/2012 08:37:39 AM) (Source: WinMgmt)(User: )
Description: 0x8007007e

Error: (06/14/2012 08:08:30 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (06/14/2012 07:40:18 PM) (Source: Application Error)(User: )
Description: chrome.exe19.0.1084.564fd04f16chrome.dll19.0.1084.564fd04e9f800000030051c74315c01cd4a013f20e7bbC:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Daniel\AppData\Local\Google\Chrome\Application\19.0.1084.56\chrome.dll630617c2-b650-11e1-8987-ed36583633be

Error: (06/14/2012 05:48:46 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005


=========================== Installed Programs ============================

7-Zip 9.20
Adobe AIR (Version: 3.1.0.4880)
Adobe Community Help (Version: 3.4.980)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Photoshop CS5.1 (Version: 12.1)
Adobe Reader X (10.1.3) - Português (Version: 10.1.3)
Advanced SystemCare 5 (Version: 5.2.0)
AhnLab Online Security
AMD APP SDK Runtime (Version: 2.5.775.2)
AMD AVIVO Codecs (Version: 11.7.0.11016)
AMD Catalyst Install Manager (Version: 8.0.873.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.61016.2208)
Angry Birds Space (Version: 1.0.0)
µTorrent (Version: 3.1.3)
Auslogics BoostSpeed (Version: 5.1)
Bandisoft MPEG-1 Decoder
Battlefield Play4Free
Blacklight Retribution (Version: 1.00.0000)
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (Version: 1.6)
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (Version: 1.7)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0418.2133.36668)
Catalyst Control Center Graphics Previews Common (Version: 2012.0418.2133.36668)
Catalyst Control Center Localization All (Version: 2012.0418.2133.36668)
Catalyst Control Center Profiles Desktop (Version: 2012.0418.2133.36668)
Catalyst Control Center Profiles Mobile (Version: 2012.0418.2133.36668)
ccc-utility (Version: 2012.0418.2133.36668)
CCC Help Chinese Standard (Version: 2012.0418.2132.36668)
CCC Help Chinese Traditional (Version: 2012.0418.2132.36668)
CCC Help Czech (Version: 2012.0418.2132.36668)
CCC Help Danish (Version: 2012.0418.2132.36668)
CCC Help Dutch (Version: 2012.0418.2132.36668)
CCC Help English (Version: 2012.0418.2132.36668)
CCC Help Finnish (Version: 2012.0418.2132.36668)
CCC Help French (Version: 2012.0418.2132.36668)
CCC Help German (Version: 2012.0418.2132.36668)
CCC Help Greek (Version: 2012.0418.2132.36668)
CCC Help Hungarian (Version: 2012.0418.2132.36668)
CCC Help Italian (Version: 2012.0418.2132.36668)
CCC Help Japanese (Version: 2012.0418.2132.36668)
CCC Help Korean (Version: 2012.0418.2132.36668)
CCC Help Norwegian (Version: 2012.0418.2132.36668)
CCC Help Polish (Version: 2012.0418.2132.36668)
CCC Help Portuguese (Version: 2012.0418.2132.36668)
CCC Help Russian (Version: 2012.0418.2132.36668)
CCC Help Spanish (Version: 2012.0418.2132.36668)
CCC Help Swedish (Version: 2012.0418.2132.36668)
CCC Help Thai (Version: 2012.0418.2132.36668)
CCC Help Turkish (Version: 2012.0418.2132.36668)
CCleaner (Version: 3.07)
ClPhpEd(remove only)
ConvertXtoDVD 4.1.19.365 (Version: 4.1.19.365)
Counter-Strike: Global Offensive Beta
Counter-Strike: Source
CPUID CPU-Z 1.60.1
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.40.2.0131)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dev-C++ 5 beta 9 release (4.9.9.2)
ESET Online Scanner v3
ffdshow [rev 3154] [2009-12-09] (Version: 1.0)
FIFA 11 (Version: 1.0.0.0)
FileZilla Client 3.5.3 (Version: 3.5.3)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Game Booster 3 (Version: 3.5)
Google Chrome (Version: 19.0.1084.56)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
HydraVision (Version: 4.2.216.0)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
JDownloader 0.9 (Version: 0.9)
LogMeIn Hamachi (Version: 2.1.0.166)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Antimalware Service PT-PT Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Portuguese (Portugal)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Portuguese (Portugal)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (Portuguese (Portugal)) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Portuguese (Portugal)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (Portuguese (Portugal)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Portuguese (Portugal)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (Portuguese (Portugal)) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Client PT-PT Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C# 2010 Express - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (ARP entry) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Redists) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Shared Components) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Visual Studio) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 Documentation (Version: 4.0.20823.0)
Microsoft XNA Game Studio Platform Tools (Version: 1.3.0.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
MotioninJoy Gamepad tool 0.7.0000 (Version: 0.7.0000)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Nexon Game Manager
OSCAR Editor (Version: 5.20.0000)
Pando Media Booster (Version: 2.6.0.1)
PDF Settings CS5 (Version: 10.0)
PowerXpressHybrid (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.6649)
RocketDock 1.3.5
SddSUpdate v1.0.0.1 (Version: 1.0.0.1)
Smart Defrag 2 (Version: 2.4)
Source SDK
SpeedFan (remove only)
SpyHunter (Version: 4.9.11.3987)
Steam (Version: 1.0.0.0)
STOPzilla (Version: 5.0.98.116)
Synaptics Pointing Device Driver (Version: 11.1.18.0)
System Requirements Lab CYRI (Version: 4.4.26.0)
TeamSpeak 3 Client
TeamViewer 6 (Version: 6.0.10722)
TeamViewer 7 (Version: 7.0.12979)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 1.23.0000)
TIPCI (Version: 1.23.0000)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Viewpoint Media Player
Vindictus EU
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Xvid Video Codec (Version: 1.3.2)

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3070.43 MB
Available physical RAM: 1934.64 MB
Total Pagefile: 6139.14 MB
Available Pagefile: 5087.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.77 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:129.08 GB) NTFS
4 Drive f: (Sistema Reservado) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

========================= Users: ========================================

User accounts for \\DANIEL-PC

Administrator Daniel Guest


**** End of log ****


Thank you one more time for the quick reply. :)

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:41 AM

Posted 15 June 2012 - 10:36 AM

Try this

Download

system look

Launch it and copy this script and paste in the BOX

:folderfind 
{9ea55875-f590-efc1-68d9-7c947fcd736a}
:filefind
services.exe

Click ok LOOK,post the generated log

#11 Daniel Matos

Daniel Matos
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 15 June 2012 - 10:57 AM

Here it is. :) Thanks.

SystemLook 30.07.11 by jpshortstuff
Log created at 16:52 on 15/06/2012 by Daniel
Administrator - Elevation successful

========== folderfind ==========

Searching for "{9ea55875-f590-efc1-68d9-7c947fcd736a}"
C:\Users\Daniel\AppData\Local\{9ea55875-f590-efc1-68d9-7c947fcd736a} d--hs-- [18:11 11/01/2012]
C:\Windows\Installer\{9ea55875-f590-efc1-68d9-7c947fcd736a} d--hs-- [18:11 11/01/2012]

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

-= EOF =-

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:41 AM

Posted 15 June 2012 - 11:46 AM

Update malwarebytes and run once again.Please post the log here

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\Daniel\AppData\Local
delete this folder-{9ea55875-f590-efc1-68d9-7c947fcd736a}
C:\Windows\Installer
delete this folder -{9ea55875-f590-efc1-68d9-7c947fcd736a}

Now ,launch system look again copy this script and paste in the BOX

:folderfind 
{9ea55875-f590-efc1-68d9-7c947fcd736a}

Click on LOOK,post the generated log


Click on startmenu and type

cmd

Right click on it and select run as administrator and run this command

netsh winsock reset

Press ENTER

Now launch mini toolbox and check mark

List winsock entries


Click on GO and post the generated log

Edited by narenxp, 15 June 2012 - 11:47 AM.


#13 Daniel Matos

Daniel Matos
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 15 June 2012 - 11:49 AM

I'll follow the instructions when i arrive home, i have no time now. :s
Thank you. :thumbsup:

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:41 AM

Posted 15 June 2012 - 11:51 AM

:thumbup2:

#15 Daniel Matos

Daniel Matos
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 15 June 2012 - 01:24 PM

Arrived home, gonna start it right now. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users