Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looks like Rootkits


  • This topic is locked This topic is locked
18 replies to this topic

#1 HDLO

HDLO

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 09 May 2014 - 11:42 PM

As instructed by boopme I created a new topic. The problem started as the exeplorer.exe from time to time using 20% of cpu even when idle, and now it seems that the computer have deeper infections. 

  Here are the Attach, DDS and RogueKiller logs:

 

DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041
Run by Henrique at 1:33:34 on 2014-05-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.4079.2194 [GMT -3:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Firewall Booster *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll
BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:124
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{127AA579-95AC-4E8B-BE1E-27993A7AB4CC} : DHCPNameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{127AA579-95AC-4E8B-BE1E-27993A7AB4CC}\8414D454F51413F533663673 : DHCPNameServer = 192.168.169.1 8.8.8.8
TCP: Interfaces\{40ED4897-6F85-4EF0-94DE-23A8AA7602EE} : DHCPNameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{456AE811-0B09-439A-A92F-A043C567AAFA} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{B72B6E61-9EAE-4DCE-8A06-A1F1D07AAA30} : DHCPNameServer = 189.40.224.80 189.40.198.80
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
x64-RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-25 55856]
R1 Bfilter;Baidu Antivirus Minifilter Driver;C:\Windows\System32\drivers\Bfilter.sys [2014-1-6 52032]
R1 Bfmon;Baidu FS Monitor Driver;C:\Windows\System32\drivers\Bfmon.sys [2014-1-6 34624]
R1 Bprotect;Baidu Protect;C:\Windows\System32\drivers\Bprotect.sys [2014-1-6 128448]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2012-10-17 194640]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-1-25 204288]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-1-25 267480]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-4-15 2227536]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-4-8 377616]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2012-1-29 11576]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-1-25 69392]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2012-10-17 339536]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-1-25 231440]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-25 539240]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-7-11 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-12 111616]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-12-1 121416]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-20 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-22 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-20 30208]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2014-4-2 758224]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-05-10 03:25:09 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2014-05-10 03:25:09 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2014-05-08 22:21:55 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-05-08 22:21:27 -------- d-----w- C:\AdwCleaner
2014-05-06 22:28:38 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-06 15:42:18 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-06 15:42:17 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-05 19:33:36 -------- d-----w- C:\ProgramData\SecTaskMan
2014-05-02 18:30:13 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-02 18:30:12 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-04-27 15:09:24 -------- d-----w- C:\Users\Henrique\AppData\Roaming\SUPERAntiSpyware.com
2014-04-27 00:19:29 -------- d-----w- C:\Users\Henrique\AppData\Roaming\TS3Client
2014-04-27 00:19:02 -------- d-----w- C:\Users\Henrique\AppData\Local\TeamSpeak 3 Client
2014-04-21 15:22:47 -------- d-----w- C:\Program Files (x86)\LeNinjaZ
2014-04-21 04:03:14 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2014-04-17 22:18:15 -------- d-----w- C:\Program Files (x86)\Face of Mankind
.
==================== Find3M  ====================
.
2014-04-29 03:23:47 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 03:23:47 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-24 03:27:53 281848 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-03-24 03:27:53 281848 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-03-22 16:36:05 281848 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-03-07 18:30:05 386680 ----a-w- C:\Windows\System32\drivers\sptd.sys
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-05 21:37:41 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-02-26 16:30:39 40720 ----a-w- C:\Windows\System32\Partizan.exe
2014-02-26 16:21:11 2 --shatr- C:\Windows\winstart.bat
.
============= FINISH:  1:34:33,80 ===============
_____________________________________________________________________________
RogueKiller log:
 
RogueKiller V8.8.15 _x64_ [Mar 27 2014] Por Adlice Software
 
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciado em : Modo Normal
Usuario : Henrique [Privilegios de Admnistrador]
Modo : Verificar -- Data : 05/10/2014 00:32:46
| ARK || FAK || MBR |
 
¤¤¤ Entradas ruins : 0 ¤¤¤
 
¤¤¤ Entradas do Registro : 0 ¤¤¤
 
¤¤¤ As tarefas agendadas : 0 ¤¤¤
 
¤¤¤ entradas de inicialização : 0 ¤¤¤
 
¤¤¤ Os navegadores da Web : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤
 
¤¤¤ Driver : [Não Carregado 0x0] ¤¤¤
[Address] EAT @explorer.exe (AsyncGetClassBits) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D70B0)
[Address] EAT @explorer.exe (AsyncInstallDistributionUnit) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D7210)
[Address] EAT @explorer.exe (BindAsyncMoniker) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C1F90)
[Address] EAT @explorer.exe (CDLGetLongPathNameA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D78D0)
[Address] EAT @explorer.exe (CDLGetLongPathNameW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D78E8)
[Address] EAT @explorer.exe (CORPolicyProvider) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C1674)
[Address] EAT @explorer.exe (CoGetClassObjectFromURL) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D73FC)
[Address] EAT @explorer.exe (CoInstall) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D7460)
[Address] EAT @explorer.exe (CoInternetCanonicalizeIUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD785660)
[Address] EAT @explorer.exe (CoInternetCombineIUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7880A0)
[Address] EAT @explorer.exe (CoInternetCombineUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7746A4)
[Address] EAT @explorer.exe (CoInternetCombineUrlEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7743C0)
[Address] EAT @explorer.exe (CoInternetCompareUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C5280)
[Address] EAT @explorer.exe (CoInternetCreateSecurityManager) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD741EE0)
[Address] EAT @explorer.exe (CoInternetCreateZoneManager) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD750810)
[Address] EAT @explorer.exe (CoInternetFeatureSettingsChanged) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD800284)
[Address] EAT @explorer.exe (CoInternetGetProtocolFlags) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C537C)
[Address] EAT @explorer.exe (CoInternetGetSecurityUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C53D0)
[Address] EAT @explorer.exe (CoInternetGetSecurityUrlEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD789CD0)
[Address] EAT @explorer.exe (CoInternetGetSession) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD742460)
[Address] EAT @explorer.exe (CoInternetIsFeatureEnabled) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD788DC0)
[Address] EAT @explorer.exe (CoInternetIsFeatureEnabledForIUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7851B8)
[Address] EAT @explorer.exe (CoInternetIsFeatureEnabledForUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD781820)
[Address] EAT @explorer.exe (CoInternetIsFeatureZoneElevationEnabled) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C586C)
[Address] EAT @explorer.exe (CoInternetParseIUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7756A8)
[Address] EAT @explorer.exe (CoInternetParseUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD751490)
[Address] EAT @explorer.exe (CoInternetQueryInfo) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD787C50)
[Address] EAT @explorer.exe (CoInternetSetFeatureEnabled) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C5AF4)
[Address] EAT @explorer.exe (CompareSecurityIds) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD75D1A4)
[Address] EAT @explorer.exe (CompatFlagsFromClsid) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD784044)
[Address] EAT @explorer.exe (CopyBindInfo) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D3020)
[Address] EAT @explorer.exe (CopyStgMedium) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD74BA0C)
[Address] EAT @explorer.exe (CreateAsyncBindCtx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7986C0)
[Address] EAT @explorer.exe (CreateAsyncBindCtxEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD783D14)
[Address] EAT @explorer.exe (CreateFormatEnumerator) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7668E0)
[Address] EAT @explorer.exe (CreateIUriBuilder) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD743660)
[Address] EAT @explorer.exe (CreateURLMoniker) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD79CCF4)
[Address] EAT @explorer.exe (CreateURLMonikerEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7478D0)
[Address] EAT @explorer.exe (CreateURLMonikerEx2) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7840F0)
[Address] EAT @explorer.exe (CreateUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7416F0)
[Address] EAT @explorer.exe (CreateUriFromMultiByteString) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C1EE4)
[Address] EAT @explorer.exe (CreateUriPriv) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C1EF8)
[Address] EAT @explorer.exe (CreateUriWithFragment) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C1F40)
[Address] EAT @explorer.exe (DllCanUnloadNow) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD741600)
[Address] EAT @explorer.exe (DllGetClassObject) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD78AB3C)
[Address] EAT @explorer.exe (DllInstall) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C2458)
[Address] EAT @explorer.exe (DllRegisterServer) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C2464)
[Address] EAT @explorer.exe (DllRegisterServerEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD79E070)
[Address] EAT @explorer.exe (DllUnregisterServer) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C2470)
[Address] EAT @explorer.exe (Extract) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D7F74)
[Address] EAT @explorer.exe (FaultInIEFeature) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D8FE8)
[Address] EAT @explorer.exe (FileBearsMarkOfTheWeb) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD776B60)
[Address] EAT @explorer.exe (FindMediaType) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C2E9C)
[Address] EAT @explorer.exe (FindMediaTypeClass) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD766080)
[Address] EAT @explorer.exe (FindMimeFromData) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7850BC)
[Address] EAT @explorer.exe (GetAddSitesFileUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD8002B0)
[Address] EAT @explorer.exe (GetClassFileOrMime) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD79B8EC)
[Address] EAT @explorer.exe (GetClassURL) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C2074)
[Address] EAT @explorer.exe (GetComponentIDFromCLSSPEC) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D92E8)
[Address] EAT @explorer.exe (GetIDNFlagsForUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD75C7F0)
[Address] EAT @explorer.exe (GetIUriPriv) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C1F60)
[Address] EAT @explorer.exe (GetIUriPriv2) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C1F50)
[Address] EAT @explorer.exe (GetLabelsFromNamedHost) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD808B54)
[Address] EAT @explorer.exe (GetMarkOfTheWeb) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F9390)
[Address] EAT @explorer.exe (GetPortFromUrlScheme) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C1E94)
[Address] EAT @explorer.exe (GetPropertyFromName) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C1EA4)
[Address] EAT @explorer.exe (GetPropertyName) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C1EB4)
[Address] EAT @explorer.exe (GetSoftwareUpdateInfo) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD79E070)
[Address] EAT @explorer.exe (GetUrlmonThreadNotificationHwnd) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD79DEB4)
[Address] EAT @explorer.exe (GetZoneFromAlternateDataStreamEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD746D90)
[Address] EAT @explorer.exe (HlinkGoBack) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F6E78)
[Address] EAT @explorer.exe (HlinkGoForward) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F6F24)
[Address] EAT @explorer.exe (HlinkNavigateMoniker) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F6FD0)
[Address] EAT @explorer.exe (HlinkNavigateString) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F7004)
[Address] EAT @explorer.exe (HlinkSimpleNavigateToMoniker) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F7038)
[Address] EAT @explorer.exe (HlinkSimpleNavigateToString) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F75E8)
[Address] EAT @explorer.exe (IECompatLogCSSFix) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D12FC)
[Address] EAT @explorer.exe (IEDllLoader) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C26F0)
[Address] EAT @explorer.exe (IEGetUserPrivateNamespaceName) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D3244)
[Address] EAT @explorer.exe (IEInstallScope) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D7554)
[Address] EAT @explorer.exe (IntlPercentEncodeNormalize) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C1F70)
[Address] EAT @explorer.exe (IsAsyncMoniker) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7821FC)
[Address] EAT @explorer.exe (IsDWORDProperty) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C1EC4)
[Address] EAT @explorer.exe (IsIntranetAvailable) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD800668)
[Address] EAT @explorer.exe (IsJITInProgress) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD75B328)
[Address] EAT @explorer.exe (IsLoggingEnabledA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F855C)
[Address] EAT @explorer.exe (IsLoggingEnabledW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F8688)
[Address] EAT @explorer.exe (IsStringProperty) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C1ED4)
[Address] EAT @explorer.exe (IsValidURL) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD777610)
[Address] EAT @explorer.exe (MkParseDisplayNameEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7992F0)
[Address] EAT @explorer.exe (ObtainUserAgentString) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7CDCE0)
[Address] EAT @explorer.exe (PrivateCoInstall) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D7560)
[Address] EAT @explorer.exe (QueryAssociations) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD75E9C0)
[Address] EAT @explorer.exe (QueryClsidAssociation) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D0A8C)
[Address] EAT @explorer.exe (RegisterBindStatusCallback) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD77F600)
[Address] EAT @explorer.exe (RegisterFormatEnumerator) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD781C6C)
[Address] EAT @explorer.exe (RegisterMediaTypeClass) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C20C0)
[Address] EAT @explorer.exe (RegisterMediaTypes) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C2210)
[Address] EAT @explorer.exe (RegisterWebPlatformPermanentSecurityManager) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD778C54)
[Address] EAT @explorer.exe (ReleaseBindInfo) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD747D40)
[Address] EAT @explorer.exe (RevokeBindStatusCallback) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD77FBF0)
[Address] EAT @explorer.exe (RevokeFormatEnumerator) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C22CC)
[Address] EAT @explorer.exe (SetAccessForIEAppContainer) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7D3258)
[Address] EAT @explorer.exe (SetSoftwareUpdateAdvertisementState) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD79E070)
[Address] EAT @explorer.exe (ShouldDisplayPunycodeForUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7CDE50)
[Address] EAT @explorer.exe (ShouldShowIntranetWarningSecband) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD783A3C)
[Address] EAT @explorer.exe (ShowTrustAlertDialog) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD800820)
[Address] EAT @explorer.exe (URLDownloadA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C5CC4)
[Address] EAT @explorer.exe (URLDownloadToCacheFileA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F7D9C)
[Address] EAT @explorer.exe (URLDownloadToCacheFileW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD76A0C4)
[Address] EAT @explorer.exe (URLDownloadToFileA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F7F10)
[Address] EAT @explorer.exe (URLDownloadToFileW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD76EFD0)
[Address] EAT @explorer.exe (URLDownloadW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C5D78)
[Address] EAT @explorer.exe (URLOpenBlockingStreamA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F8058)
[Address] EAT @explorer.exe (URLOpenBlockingStreamW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F8138)
[Address] EAT @explorer.exe (URLOpenPullStreamA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F821C)
[Address] EAT @explorer.exe (URLOpenPullStreamW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F82E0)
[Address] EAT @explorer.exe (URLOpenStreamA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F8408)
[Address] EAT @explorer.exe (URLOpenStreamW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F84D0)
[Address] EAT @explorer.exe (UnregisterWebPlatformPermanentSecurityManager) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD79C9B4)
[Address] EAT @explorer.exe (UrlMkBuildVersion) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7C2804)
[Address] EAT @explorer.exe (UrlMkGetSessionOption) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD753E60)
[Address] EAT @explorer.exe (UrlMkSetSessionOption) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD77D0E4)
[Address] EAT @explorer.exe (UrlmonCleanupCurrentThread) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD76A27C)
[Address] EAT @explorer.exe (WriteHitLogging) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F85D0)
[Address] EAT @explorer.exe (ZonesReInit) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD7F9C30)
 
¤¤¤ Hives externas: ¤¤¤
 
¤¤¤ Infecção :  ¤¤¤
 
¤¤¤ Arquivo de Hosts: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ Verificaçao do MBR: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500413AS ATA Device +++++
--- User ---
[MBR] db2c9d0870164f21d656f7268bcf95c6
[BSP] b4f88e2e8b3dc6d0447d60bd512fa6b3 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13466 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27660288 | Size: 463433 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++
Error reading User MBR! ([0x15] O dispositivo não está pronto. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Não há suporte para o pedido. )
 
Concluido : << RKreport[0]_S_05102014_003246.txt >>
RKreport[0]_S_03082014_154252.txt
 
 
 

Attached Files


Edited by HDLO, 10 May 2014 - 12:08 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 15 May 2014 - 08:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/533837 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HDLO

HDLO
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 15 May 2014 - 09:53 AM

Hello!

1. As I said, it's a problem of the explorer.exe being using 20% and my computer gets slow, lost internet connection even the moden is fine (i can acess internet with the other computer). I already had help in the forum as you can see in this post: http://www.bleepingcomputer.com/forums/t/533719/explorerexe-20-cpu-usage-when-idle-am-i-infected/#entry3364208 then boopme said to create a topic in Virus, Trojan, Spyware, and Malwere Removal Logs. 

 

2. Here is the New DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041
Run by Henrique at 11:45:19 on 2014-05-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.4079.1830 [GMT -3:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Firewall Booster *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\msiexec.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll
BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:124
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{127AA579-95AC-4E8B-BE1E-27993A7AB4CC} : DHCPNameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{127AA579-95AC-4E8B-BE1E-27993A7AB4CC}\8414D454F51413F533663673 : DHCPNameServer = 192.168.169.1 8.8.8.8
TCP: Interfaces\{40ED4897-6F85-4EF0-94DE-23A8AA7602EE} : DHCPNameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{456AE811-0B09-439A-A92F-A043C567AAFA} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{B72B6E61-9EAE-4DCE-8A06-A1F1D07AAA30} : DHCPNameServer = 189.40.224.80 189.40.198.80
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
x64-RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-25 55856]
R1 Bfilter;Baidu Antivirus Minifilter Driver;C:\Windows\System32\drivers\Bfilter.sys [2014-1-6 52032]
R1 Bfmon;Baidu FS Monitor Driver;C:\Windows\System32\drivers\Bfmon.sys [2014-1-6 34624]
R1 Bprotect;Baidu Protect;C:\Windows\System32\drivers\Bprotect.sys [2014-1-6 128448]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2012-10-17 194640]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-1-25 204288]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-1-25 267480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2012-1-29 11576]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-1-25 69392]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2012-10-17 339536]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-1-25 231440]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-25 539240]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-7-11 31232]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-12 111616]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-12-1 121416]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-20 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-22 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-20 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== Created Last 30 ================
.
2014-05-15 14:38:06 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2014-05-15 03:47:55 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-15 03:47:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-14 17:29:06 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-14 17:29:05 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-10 03:25:09 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2014-05-10 03:25:09 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2014-05-08 22:21:55 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-05-08 22:21:27 -------- d-----w- C:\AdwCleaner
2014-05-06 22:28:38 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-05 19:33:36 -------- d-----w- C:\ProgramData\SecTaskMan
2014-04-27 15:09:24 -------- d-----w- C:\Users\Henrique\AppData\Roaming\SUPERAntiSpyware.com
2014-04-27 00:19:29 -------- d-----w- C:\Users\Henrique\AppData\Roaming\TS3Client
2014-04-27 00:19:02 -------- d-----w- C:\Users\Henrique\AppData\Local\TeamSpeak 3 Client
2014-04-21 15:22:47 -------- d-----w- C:\Program Files (x86)\LeNinjaZ
2014-04-17 22:18:15 -------- d-----w- C:\Program Files (x86)\Face of Mankind
.
==================== Find3M  ====================
.
2014-05-14 01:30:54 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 01:30:54 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-15 05:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-24 03:27:53 281848 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-03-24 03:27:53 281848 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-03-22 16:36:05 281848 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-03-07 18:30:05 386680 ----a-w- C:\Windows\System32\drivers\sptd.sys
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-05 21:37:41 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-02-26 16:30:39 40720 ----a-w- C:\Windows\System32\Partizan.exe
2014-02-26 16:21:11 2 --shatr- C:\Windows\winstart.bat
.
============= FINISH: 11:47:15,05 ===============
 
3. Yes I still have the original Windows CD, but I need to search for it.

Edited by HDLO, 15 May 2014 - 10:17 AM.


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:28 AM

Posted 15 May 2014 - 12:02 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 HDLO

HDLO
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 16 May 2014 - 12:13 PM

Hello  Jeff! Thanks for the attention and sorry for the delay to answer! Some parts of the log may be in portuguese, so if you want/help i can translate to english.

 

Here is the TDSSKiller log:

 

13:56:51.0623 0x0fcc  TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10
13:56:55.0696 0x0fcc  ============================================================
13:56:55.0696 0x0fcc  Current date / time: 2014/05/16 13:56:55.0696
13:56:55.0696 0x0fcc  SystemInfo:
13:56:55.0696 0x0fcc  
13:56:55.0696 0x0fcc  OS Version: 6.1.7601 ServicePack: 1.0
13:56:55.0696 0x0fcc  Product type: Workstation
13:56:55.0696 0x0fcc  ComputerName: HENRIQUE-PC
13:56:55.0696 0x0fcc  UserName: Henrique
13:56:55.0696 0x0fcc  Windows directory: C:\Windows
13:56:55.0696 0x0fcc  System windows directory: C:\Windows
13:56:55.0696 0x0fcc  Running under WOW64
13:56:55.0696 0x0fcc  Processor architecture: Intel x64
13:56:55.0696 0x0fcc  Number of processors: 4
13:56:55.0696 0x0fcc  Page size: 0x1000
13:56:55.0696 0x0fcc  Boot type: Normal boot
13:56:55.0696 0x0fcc  ============================================================
13:57:01.0653 0x0fcc  KLMD registered as C:\Windows\system32\drivers\98978739.sys
13:57:02.0061 0x0fcc  System UUID: {3E96AD79-BED7-AE6C-2183-DC9474BA28B5}
13:57:03.0302 0x0fcc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:57:03.0338 0x0fcc  ============================================================
13:57:03.0338 0x0fcc  \Device\Harddisk0\DR0:
13:57:03.0354 0x0fcc  MBR partitions:
13:57:03.0354 0x0fcc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A4D000
13:57:03.0354 0x0fcc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A61000, BlocksNum 0x38924800
13:57:03.0354 0x0fcc  ============================================================
13:57:03.0512 0x0fcc  C: <-> \Device\Harddisk0\DR0\Partition2
13:57:03.0512 0x0fcc  ============================================================
13:57:03.0512 0x0fcc  Initialize success
13:57:03.0512 0x0fcc  ============================================================
13:57:08.0330 0x1140  ============================================================
13:57:08.0330 0x1140  Scan started
13:57:08.0330 0x1140  Mode: Manual; 
13:57:08.0330 0x1140  ============================================================
13:57:08.0330 0x1140  KSN ping started
13:57:45.0047 0x1140  KSN ping finished: true
13:57:48.0429 0x1140  ================ Scan system memory ========================
13:57:48.0429 0x1140  System memory - ok
13:57:48.0429 0x1140  ================ Scan services =============================
13:57:48.0896 0x1140  1394hub - ok
13:57:48.0961 0x1140  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:57:48.0969 0x1140  1394ohci - ok
13:57:49.0008 0x1140  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:57:49.0013 0x1140  ACPI - ok
13:57:49.0016 0x1140  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:57:49.0016 0x1140  AcpiPmi - ok
13:57:49.0121 0x1140  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:57:49.0124 0x1140  AdobeARMservice - ok
13:57:49.0333 0x1140  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:57:49.0378 0x1140  AdobeFlashPlayerUpdateSvc - ok
13:57:49.0421 0x1140  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:57:49.0436 0x1140  adp94xx - ok
13:57:49.0496 0x1140  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:57:49.0507 0x1140  adpahci - ok
13:57:49.0517 0x1140  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:57:49.0523 0x1140  adpu320 - ok
13:57:49.0539 0x1140  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:57:49.0541 0x1140  AeLookupSvc - ok
13:57:49.0601 0x1140  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
13:57:49.0615 0x1140  AFD - ok
13:57:49.0630 0x1140  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:57:49.0632 0x1140  agp440 - ok
13:57:49.0648 0x1140  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:57:49.0687 0x1140  ALG - ok
13:57:49.0736 0x1140  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:57:49.0737 0x1140  aliide - ok
13:57:49.0778 0x1140  [ 310F88A93C3B02E3D1F906FB57B9E01E, C12CF7005F681305FA4A945C77E0C6C6AD674037187030FA506EA85DB37CA68C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:57:49.0833 0x1140  AMD External Events Utility - ok
13:57:49.0879 0x1140  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:57:49.0881 0x1140  amdide - ok
13:57:49.0915 0x1140  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:57:49.0917 0x1140  AmdK8 - ok
13:57:50.0310 0x1140  [ 62DDF55680F8C53E4B8DDE4189ADA0B8, 0840DC0F30430C708896859ABEFEBB9802EE6544F0BEE7C16EFCBC991B49C43C ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:57:50.0478 0x1140  amdkmdag - ok
13:57:50.0508 0x1140  [ 51F027DFFEDFB8D763FABFFA06B56E6D, 85C6173B910E90C399A0AE3000C6527E390B72B8550618FA91D4E979793DB19C ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:57:50.0513 0x1140  amdkmdap - ok
13:57:50.0556 0x1140  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:57:50.0559 0x1140  AmdPPM - ok
13:57:50.0575 0x1140  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:57:50.0577 0x1140  amdsata - ok
13:57:50.0583 0x1140  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:57:50.0587 0x1140  amdsbs - ok
13:57:50.0596 0x1140  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:57:50.0597 0x1140  amdxata - ok
13:57:50.0727 0x1140  [ E8494519BCB9E3B1B72E5604993A76E3, 5599ACE200014F89A94AD34096EC008491A82A047742CD085C88153B67FEBF28 ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
13:57:50.0735 0x1140  Amsp - ok
13:57:50.0766 0x1140  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
13:57:50.0768 0x1140  AppID - ok
13:57:50.0792 0x1140  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:57:50.0821 0x1140  AppIDSvc - ok
13:57:50.0869 0x1140  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
13:57:50.0907 0x1140  Appinfo - ok
13:57:50.0991 0x1140  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:57:50.0994 0x1140  Apple Mobile Device - ok
13:57:51.0050 0x1140  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
13:57:51.0053 0x1140  arc - ok
13:57:51.0073 0x1140  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:57:51.0076 0x1140  arcsas - ok
13:57:51.0190 0x1140  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:57:51.0269 0x1140  aspnet_state - ok
13:57:51.0294 0x1140  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:57:51.0295 0x1140  AsyncMac - ok
13:57:51.0335 0x1140  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:57:51.0337 0x1140  atapi - ok
13:57:51.0434 0x1140  [ 195786ED7A26E1913A4F9799FDBC2C71, FF37757AC50301D29FFAF3EC3C853B11353B4FD21731B112E7FAA31AF7D0659D ] athr            C:\Windows\system32\DRIVERS\athrx.sys
13:57:51.0458 0x1140  athr - ok
13:57:51.0511 0x1140  [ DBB487D09F56C674430AC454FD8BCAB9, CF6413DD5D4876CE1F65E40115994423804AA5EA5CBDEB433DB751B445C17BB8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:57:51.0515 0x1140  AtiHDAudioService - ok
13:57:51.0586 0x1140  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:57:51.0627 0x1140  AudioEndpointBuilder - ok
13:57:51.0655 0x1140  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:57:51.0665 0x1140  AudioSrv - ok
13:57:51.0708 0x1140  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:57:51.0731 0x1140  AxInstSV - ok
13:57:51.0783 0x1140  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:57:51.0790 0x1140  b06bdrv - ok
13:57:51.0891 0x1140  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:57:51.0899 0x1140  b57nd60a - ok
13:57:51.0970 0x1140  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:57:52.0020 0x1140  BDESVC - ok
13:57:52.0039 0x1140  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:57:52.0057 0x1140  Beep - ok
13:57:52.0121 0x1140  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:57:52.0227 0x1140  BFE - ok
13:57:52.0277 0x1140  [ FC3CDE435C7F52F02AA191741BB159DA, F9FB520268823D4FDD4161E046A2A53E264F9739A6A80CF3C581E419C29202E9 ] Bfilter         C:\Windows\System32\drivers\Bfilter.sys
13:57:52.0278 0x1140  Bfilter - ok
13:57:52.0299 0x1140  [ 7CD8A8C19B39863BAFEA6C044DE2883D, 7763B194E356031FED580E9B0A5B014FEEAF83CD5D2F1BC572A46CCA10B1F3ED ] Bfmon           C:\Windows\System32\drivers\Bfmon.sys
13:57:52.0300 0x1140  Bfmon - ok
13:57:52.0352 0x1140  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
13:57:52.0366 0x1140  BITS - ok
13:57:52.0393 0x1140  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:57:52.0394 0x1140  blbdrive - ok
13:57:52.0447 0x1140  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:57:52.0506 0x1140  Bonjour Service - ok
13:57:52.0548 0x1140  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:57:52.0549 0x1140  bowser - ok
13:57:52.0583 0x1140  [ 9C8993161130FF238C70410CA3FE39E3, 0A2D62F1CFCB1D4260AA1C7D40436ED2E58D787A9366A9381E9B6A52ECFB97B1 ] Bprotect        C:\Windows\System32\drivers\Bprotect.sys
13:57:52.0586 0x1140  Bprotect - ok
13:57:52.0607 0x1140  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:57:52.0608 0x1140  BrFiltLo - ok
13:57:52.0639 0x1140  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:57:52.0640 0x1140  BrFiltUp - ok
13:57:52.0693 0x1140  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
13:57:52.0695 0x1140  BridgeMP - ok
13:57:52.0759 0x1140  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:57:52.0783 0x1140  Browser - ok
13:57:52.0803 0x1140  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:57:52.0808 0x1140  Brserid - ok
13:57:52.0811 0x1140  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:57:52.0812 0x1140  BrSerWdm - ok
13:57:52.0815 0x1140  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:57:52.0816 0x1140  BrUsbMdm - ok
13:57:52.0828 0x1140  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:57:52.0829 0x1140  BrUsbSer - ok
13:57:52.0854 0x1140  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:57:52.0856 0x1140  BTHMODEM - ok
13:57:52.0882 0x1140  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:57:52.0921 0x1140  bthserv - ok
13:57:52.0950 0x1140  catchme - ok
13:57:52.0966 0x1140  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:57:52.0968 0x1140  cdfs - ok
13:57:52.0995 0x1140  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:57:52.0997 0x1140  cdrom - ok
13:57:53.0032 0x1140  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:57:53.0054 0x1140  CertPropSvc - ok
13:57:53.0066 0x1140  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:57:53.0067 0x1140  circlass - ok
13:57:53.0094 0x1140  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
13:57:53.0100 0x1140  CLFS - ok
13:57:53.0165 0x1140  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:57:53.0190 0x1140  clr_optimization_v2.0.50727_32 - ok
13:57:53.0236 0x1140  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:57:53.0240 0x1140  clr_optimization_v2.0.50727_64 - ok
13:57:53.0361 0x1140  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:57:53.0464 0x1140  clr_optimization_v4.0.30319_32 - ok
13:57:53.0478 0x1140  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:57:53.0556 0x1140  clr_optimization_v4.0.30319_64 - ok
13:57:53.0582 0x1140  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
13:57:53.0583 0x1140  CmBatt - ok
13:57:53.0613 0x1140  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:57:53.0614 0x1140  cmdide - ok
13:57:53.0700 0x1140  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
13:57:53.0707 0x1140  CNG - ok
13:57:53.0882 0x1140  [ 5C855932E4DF00B1B6F5F6F57E82B6C5, 6E33BC6E079E883837DA7E625DDFC71A3757B9F15C97A46D405823E1FE45932C ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
13:57:53.0906 0x1140  CnxtHdAudService - ok
13:57:53.0948 0x1140  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:57:53.0949 0x1140  Compbatt - ok
13:57:53.0966 0x1140  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:57:53.0967 0x1140  CompositeBus - ok
13:57:53.0976 0x1140  COMSysApp - ok
13:57:53.0980 0x1140  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:57:53.0981 0x1140  crcdisk - ok
13:57:54.0035 0x1140  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:57:54.0062 0x1140  CryptSvc - ok
13:57:54.0105 0x1140  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:57:54.0114 0x1140  DcomLaunch - ok
13:57:54.0152 0x1140  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:57:54.0180 0x1140  defragsvc - ok
13:57:54.0195 0x1140  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:57:54.0196 0x1140  DfsC - ok
13:57:54.0228 0x1140  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:57:54.0256 0x1140  Dhcp - ok
13:57:54.0276 0x1140  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:57:54.0277 0x1140  discache - ok
13:57:54.0299 0x1140  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
13:57:54.0300 0x1140  Disk - ok
13:57:54.0388 0x1140  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:57:54.0419 0x1140  Dnscache - ok
13:57:54.0466 0x1140  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:57:54.0500 0x1140  dot3svc - ok
13:57:54.0536 0x1140  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:57:54.0564 0x1140  DPS - ok
13:57:54.0610 0x1140  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:57:54.0611 0x1140  drmkaud - ok
13:57:54.0670 0x1140  dump_wmimmc - ok
13:57:54.0743 0x1140  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:57:54.0758 0x1140  DXGKrnl - ok
13:57:54.0798 0x1140  EagleX64 - ok
13:57:54.0816 0x1140  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:57:54.0851 0x1140  EapHost - ok
13:57:54.0959 0x1140  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:57:55.0042 0x1140  ebdrv - ok
13:57:55.0096 0x1140  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
13:57:55.0115 0x1140  EFS - ok
13:57:55.0167 0x1140  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:57:55.0207 0x1140  ehRecvr - ok
13:57:55.0240 0x1140  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
13:57:55.0266 0x1140  ehSched - ok
13:57:55.0359 0x1140  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:57:55.0368 0x1140  elxstor - ok
13:57:55.0378 0x1140  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:57:55.0379 0x1140  ErrDev - ok
13:57:55.0450 0x1140  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:57:55.0456 0x1140  EventSystem - ok
13:57:55.0481 0x1140  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:57:55.0507 0x1140  exfat - ok
13:57:55.0565 0x1140  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:57:55.0592 0x1140  fastfat - ok
13:57:55.0630 0x1140  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:57:55.0641 0x1140  Fax - ok
13:57:55.0653 0x1140  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
13:57:55.0654 0x1140  fdc - ok
13:57:55.0667 0x1140  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:57:55.0668 0x1140  fdPHost - ok
13:57:55.0680 0x1140  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:57:55.0730 0x1140  FDResPub - ok
13:57:55.0748 0x1140  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:57:55.0750 0x1140  FileInfo - ok
13:57:55.0762 0x1140  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:57:55.0763 0x1140  Filetrace - ok
13:57:55.0778 0x1140  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:57:55.0779 0x1140  flpydisk - ok
13:57:55.0817 0x1140  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:57:55.0822 0x1140  FltMgr - ok
13:57:56.0042 0x1140  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
13:57:56.0103 0x1140  FontCache - ok
13:57:56.0158 0x1140  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:57:56.0160 0x1140  FontCache3.0.0.0 - ok
13:57:56.0182 0x1140  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:57:56.0183 0x1140  FsDepends - ok
13:57:56.0227 0x1140  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:57:56.0245 0x1140  Fs_Rec - ok
13:57:56.0297 0x1140  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:57:56.0301 0x1140  fvevol - ok
13:57:56.0329 0x1140  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:57:56.0330 0x1140  gagp30kx - ok
13:57:56.0409 0x1140  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:57:56.0410 0x1140  GEARAspiWDM - ok
13:57:56.0449 0x1140  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:57:56.0489 0x1140  gpsvc - ok
13:57:56.0590 0x1140  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:57:56.0645 0x1140  gupdate - ok
13:57:56.0709 0x1140  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:57:56.0711 0x1140  gupdatem - ok
13:57:56.0742 0x1140  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
13:57:56.0743 0x1140  hamachi - ok
13:57:56.0960 0x1140  [ 5D943A7CDD83F533D41A22E882677C6E, E9CD581EC985B3F765E5E890A02B2D8FE4E5345063969831278CB3876DFF1273 ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
13:57:57.0055 0x1140  Hamachi2Svc - ok
13:57:57.0146 0x1140  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:57:57.0148 0x1140  hcw85cir - ok
13:57:57.0181 0x1140  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:57:57.0185 0x1140  HDAudBus - ok
13:57:57.0192 0x1140  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:57:57.0193 0x1140  HidBatt - ok
13:57:57.0215 0x1140  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:57:57.0219 0x1140  HidBth - ok
13:57:57.0235 0x1140  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:57:57.0237 0x1140  HidIr - ok
13:57:57.0302 0x1140  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
13:57:57.0332 0x1140  hidserv - ok
13:57:57.0391 0x1140  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:57:57.0393 0x1140  HidUsb - ok
13:57:57.0467 0x1140  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:57:57.0514 0x1140  hkmsvc - ok
13:57:57.0605 0x1140  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:57:57.0613 0x1140  HomeGroupListener - ok
13:57:57.0659 0x1140  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:57:57.0685 0x1140  HomeGroupProvider - ok
13:57:57.0790 0x1140  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:57:57.0793 0x1140  HpSAMD - ok
13:57:57.0866 0x1140  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:57:57.0877 0x1140  HTTP - ok
13:57:57.0910 0x1140  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:57:57.0911 0x1140  hwpolicy - ok
13:57:57.0929 0x1140  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:57:57.0933 0x1140  i8042prt - ok
13:57:57.0976 0x1140  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:57:57.0987 0x1140  iaStorV - ok
13:57:58.0062 0x1140  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:57:58.0484 0x1140  IDriverT - ok
13:57:58.0561 0x1140  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:57:58.0607 0x1140  idsvc - ok
13:57:58.0664 0x1140  IEEtwCollectorService - ok
13:57:58.0674 0x1140  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:57:58.0676 0x1140  iirsp - ok
13:57:58.0738 0x1140  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:57:58.0785 0x1140  IKEEXT - ok
13:57:58.0831 0x1140  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:57:58.0833 0x1140  intelide - ok
13:57:58.0867 0x1140  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:57:58.0870 0x1140  intelppm - ok
13:57:58.0892 0x1140  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:57:58.0925 0x1140  IPBusEnum - ok
13:57:58.0941 0x1140  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:57:58.0943 0x1140  IpFilterDriver - ok
13:57:59.0001 0x1140  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:57:59.0014 0x1140  iphlpsvc - ok
13:57:59.0030 0x1140  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:57:59.0031 0x1140  IPMIDRV - ok
13:57:59.0036 0x1140  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:57:59.0038 0x1140  IPNAT - ok
13:57:59.0121 0x1140  [ 4EFFC8FF6D349E971E94B1C670C0C66A, E92DA19CE9725BB4CC34DF94873C6B441AE61679A8C615780E1A1E9404C8FA26 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:57:59.0133 0x1140  iPod Service - ok
13:57:59.0164 0x1140  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:57:59.0165 0x1140  IRENUM - ok
13:57:59.0169 0x1140  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:57:59.0171 0x1140  isapnp - ok
13:57:59.0244 0x1140  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:57:59.0253 0x1140  iScsiPrt - ok
13:57:59.0277 0x1140  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:57:59.0280 0x1140  kbdclass - ok
13:57:59.0301 0x1140  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:57:59.0303 0x1140  kbdhid - ok
13:57:59.0326 0x1140  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
13:57:59.0329 0x1140  KeyIso - ok
13:57:59.0371 0x1140  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:57:59.0375 0x1140  KSecDD - ok
13:57:59.0417 0x1140  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:57:59.0422 0x1140  KSecPkg - ok
13:57:59.0436 0x1140  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:57:59.0437 0x1140  ksthunk - ok
13:57:59.0494 0x1140  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:57:59.0535 0x1140  KtmRm - ok
13:57:59.0655 0x1140  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:57:59.0702 0x1140  LanmanServer - ok
13:57:59.0756 0x1140  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:57:59.0793 0x1140  LanmanWorkstation - ok
13:57:59.0826 0x1140  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:57:59.0828 0x1140  lltdio - ok
13:57:59.0848 0x1140  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:57:59.0890 0x1140  lltdsvc - ok
13:57:59.0918 0x1140  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:57:59.0935 0x1140  lmhosts - ok
13:57:59.0997 0x1140  [ D5F9C50082FA5F82C35922998B3DAD6E, 4957FB1888EC69E16E6D019F2D984EE810F8532FAB504B30D32518E4D3F01FDB ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
13:58:00.0006 0x1140  LMIGuardianSvc - ok
13:58:00.0044 0x1140  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:58:00.0048 0x1140  LSI_FC - ok
13:58:00.0053 0x1140  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:58:00.0056 0x1140  LSI_SAS - ok
13:58:00.0061 0x1140  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:58:00.0063 0x1140  LSI_SAS2 - ok
13:58:00.0069 0x1140  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:58:00.0072 0x1140  LSI_SCSI - ok
13:58:00.0133 0x1140  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:58:00.0137 0x1140  luafv - ok
13:58:00.0189 0x1140  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:58:00.0240 0x1140  Mcx2Svc - ok
13:58:00.0244 0x1140  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:58:00.0245 0x1140  megasas - ok
13:58:00.0253 0x1140  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:58:00.0257 0x1140  MegaSR - ok
13:58:00.0317 0x1140  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
13:58:00.0319 0x1140  MEIx64 - ok
13:58:00.0344 0x1140  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:58:00.0383 0x1140  MMCSS - ok
13:58:00.0406 0x1140  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:58:00.0407 0x1140  Modem - ok
13:58:00.0429 0x1140  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:58:00.0431 0x1140  monitor - ok
13:58:00.0489 0x1140  [ C030F9E822A057C1A7A9BB4EA3E8877E, 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
13:58:00.0494 0x1140  MotioninJoyXFilter - ok
13:58:00.0507 0x1140  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:58:00.0508 0x1140  mouclass - ok
13:58:00.0544 0x1140  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:58:00.0546 0x1140  mouhid - ok
13:58:00.0573 0x1140  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:58:00.0577 0x1140  mountmgr - ok
13:58:00.0622 0x1140  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:58:00.0627 0x1140  mpio - ok
13:58:00.0647 0x1140  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:58:00.0650 0x1140  mpsdrv - ok
13:58:00.0836 0x1140  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:58:00.0885 0x1140  MpsSvc - ok
13:58:00.0952 0x1140  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:58:00.0955 0x1140  MRxDAV - ok
13:58:00.0997 0x1140  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:58:01.0000 0x1140  mrxsmb - ok
13:58:01.0069 0x1140  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:58:01.0074 0x1140  mrxsmb10 - ok
13:58:01.0114 0x1140  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:58:01.0117 0x1140  mrxsmb20 - ok
13:58:01.0158 0x1140  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:58:01.0160 0x1140  msahci - ok
13:58:01.0192 0x1140  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:58:01.0195 0x1140  msdsm - ok
13:58:01.0230 0x1140  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:58:01.0268 0x1140  MSDTC - ok
13:58:01.0295 0x1140  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:58:01.0323 0x1140  Msfs - ok
13:58:01.0382 0x1140  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:58:01.0383 0x1140  mshidkmdf - ok
13:58:01.0407 0x1140  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:58:01.0409 0x1140  msisadrv - ok
13:58:01.0484 0x1140  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:58:01.0559 0x1140  MSiSCSI - ok
13:58:01.0564 0x1140  msiserver - ok
13:58:01.0582 0x1140  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:58:01.0583 0x1140  MSKSSRV - ok
13:58:01.0591 0x1140  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:58:01.0592 0x1140  MSPCLOCK - ok
13:58:01.0598 0x1140  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:58:01.0599 0x1140  MSPQM - ok
13:58:01.0687 0x1140  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:58:01.0749 0x1140  MsRPC - ok
13:58:01.0770 0x1140  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:58:01.0771 0x1140  mssmbios - ok
13:58:01.0843 0x1140  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:58:01.0844 0x1140  MSTEE - ok
13:58:01.0856 0x1140  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:58:01.0857 0x1140  MTConfig - ok
13:58:01.0887 0x1140  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:58:01.0890 0x1140  Mup - ok
13:58:01.0959 0x1140  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:58:01.0975 0x1140  napagent - ok
13:58:02.0089 0x1140  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:58:02.0097 0x1140  NativeWifiP - ok
13:58:02.0273 0x1140  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:58:02.0288 0x1140  NDIS - ok
13:58:02.0348 0x1140  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:58:02.0350 0x1140  NdisCap - ok
13:58:02.0415 0x1140  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:58:02.0416 0x1140  NdisTapi - ok
13:58:02.0466 0x1140  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:58:02.0468 0x1140  Ndisuio - ok
13:58:02.0495 0x1140  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:58:02.0500 0x1140  NdisWan - ok
13:58:02.0512 0x1140  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:58:02.0535 0x1140  NDProxy - ok
13:58:02.0625 0x1140  [ 6F4607E2333FE21E9E3FF8133A88B35B, F7B7B262D85D03552A8D0F3F91E795B31E3D09020DDA1E3D62A4A3209D916BB6 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
13:58:02.0626 0x1140  Netaapl - ok
13:58:02.0676 0x1140  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:58:02.0678 0x1140  NetBIOS - ok
13:58:02.0701 0x1140  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:58:02.0709 0x1140  NetBT - ok
13:58:02.0731 0x1140  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
13:58:02.0742 0x1140  Netlogon - ok
13:58:02.0791 0x1140  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:58:02.0893 0x1140  Netman - ok
13:58:02.0960 0x1140  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:58:03.0068 0x1140  NetMsmqActivator - ok
13:58:03.0085 0x1140  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:58:03.0088 0x1140  NetPipeActivator - ok
13:58:03.0196 0x1140  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:58:03.0233 0x1140  netprofm - ok
13:58:03.0244 0x1140  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:58:03.0246 0x1140  NetTcpActivator - ok
13:58:03.0255 0x1140  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:58:03.0257 0x1140  NetTcpPortSharing - ok
13:58:03.0306 0x1140  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:58:03.0307 0x1140  nfrd960 - ok
13:58:03.0405 0x1140  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:58:03.0455 0x1140  NlaSvc - ok
13:58:03.0500 0x1140  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:58:03.0523 0x1140  Npfs - ok
13:58:03.0545 0x1140  npggsvc - ok
13:58:03.0605 0x1140  npkcusb - ok
13:58:03.0620 0x1140  NPPTNT2 - ok
13:58:03.0655 0x1140  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:58:03.0677 0x1140  nsi - ok
13:58:03.0697 0x1140  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:58:03.0698 0x1140  nsiproxy - ok
13:58:03.0939 0x1140  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:58:04.0233 0x1140  Ntfs - ok
13:58:04.0258 0x1140  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:58:04.0287 0x1140  Null - ok
13:58:04.0347 0x1140  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:58:04.0349 0x1140  nvraid - ok
13:58:04.0418 0x1140  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:58:04.0421 0x1140  nvstor - ok
13:58:04.0479 0x1140  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:58:04.0482 0x1140  nv_agp - ok
13:58:04.0497 0x1140  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:58:04.0498 0x1140  ohci1394 - ok
13:58:04.0726 0x1140  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:58:04.0765 0x1140  ose - ok
13:58:05.0433 0x1140  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:58:07.0509 0x1140  osppsvc - ok
13:58:07.0552 0x1140  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:58:07.0560 0x1140  p2pimsvc - ok
13:58:07.0623 0x1140  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:58:07.0630 0x1140  p2psvc - ok
13:58:07.0655 0x1140  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
13:58:07.0657 0x1140  Parport - ok
13:58:07.0724 0x1140  Partizan - ok
13:58:07.0770 0x1140  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:58:07.0772 0x1140  partmgr - ok
13:58:07.0854 0x1140  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:58:07.0883 0x1140  PcaSvc - ok
13:58:07.0924 0x1140  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:58:07.0927 0x1140  pci - ok
13:58:07.0980 0x1140  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:58:07.0981 0x1140  pciide - ok
13:58:08.0050 0x1140  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:58:08.0054 0x1140  pcmcia - ok
13:58:08.0076 0x1140  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:58:08.0078 0x1140  pcw - ok
13:58:08.0163 0x1140  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:58:08.0173 0x1140  PEAUTH - ok
13:58:08.0519 0x1140  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:58:08.0586 0x1140  PerfHost - ok
13:58:08.0812 0x1140  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:58:09.0297 0x1140  pla - ok
13:58:09.0430 0x1140  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:58:09.0590 0x1140  PlugPlay - ok
13:58:09.0645 0x1140  PnkBstrA - ok
13:58:09.0701 0x1140  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:58:09.0897 0x1140  PNRPAutoReg - ok
13:58:09.0925 0x1140  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:58:09.0937 0x1140  PNRPsvc - ok
13:58:10.0014 0x1140  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:58:10.0085 0x1140  PolicyAgent - ok
13:58:10.0136 0x1140  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
13:58:10.0145 0x1140  Power - ok
13:58:10.0245 0x1140  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:58:10.0247 0x1140  PptpMiniport - ok
13:58:10.0277 0x1140  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
13:58:10.0279 0x1140  Processor - ok
13:58:10.0339 0x1140  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:58:10.0381 0x1140  ProfSvc - ok
13:58:10.0405 0x1140  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:58:10.0422 0x1140  ProtectedStorage - ok
13:58:10.0465 0x1140  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:58:10.0483 0x1140  Psched - ok
13:58:10.0571 0x1140  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
13:58:10.0574 0x1140  PxHlpa64 - ok
13:58:10.0831 0x1140  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:58:10.0853 0x1140  ql2300 - ok
13:58:10.0881 0x1140  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:58:10.0902 0x1140  ql40xx - ok
13:58:10.0975 0x1140  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:58:11.0049 0x1140  QWAVE - ok
13:58:11.0096 0x1140  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:58:11.0112 0x1140  QWAVEdrv - ok
13:58:11.0139 0x1140  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:58:11.0141 0x1140  RasAcd - ok
13:58:11.0212 0x1140  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:58:11.0216 0x1140  RasAgileVpn - ok
13:58:11.0268 0x1140  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:58:11.0314 0x1140  RasAuto - ok
13:58:11.0351 0x1140  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:58:11.0354 0x1140  Rasl2tp - ok
13:58:11.0453 0x1140  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:58:11.0511 0x1140  RasMan - ok
13:58:11.0546 0x1140  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:58:11.0550 0x1140  RasPppoe - ok
13:58:11.0614 0x1140  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:58:11.0627 0x1140  RasSstp - ok
13:58:11.0707 0x1140  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:58:11.0717 0x1140  rdbss - ok
13:58:11.0781 0x1140  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
13:58:11.0794 0x1140  rdpbus - ok
13:58:11.0816 0x1140  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:58:11.0818 0x1140  RDPCDD - ok
13:58:11.0879 0x1140  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:58:11.0880 0x1140  RDPENCDD - ok
13:58:11.0917 0x1140  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:58:11.0918 0x1140  RDPREFMP - ok
13:58:12.0032 0x1140  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:58:12.0034 0x1140  RdpVideoMiniport - ok
13:58:12.0085 0x1140  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:58:12.0152 0x1140  RDPWD - ok
13:58:12.0242 0x1140  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:58:12.0259 0x1140  rdyboost - ok
13:58:12.0325 0x1140  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:58:12.0365 0x1140  RemoteAccess - ok
13:58:12.0467 0x1140  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:58:12.0509 0x1140  RemoteRegistry - ok
13:58:12.0805 0x1140  [ 3C957189B31C34D3AD21967B12B6AED7, 878FE6EA03F60592D6D557B905A5119E2CC836C2A6A86ED2867C3C9B0F0FDBA2 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
13:58:12.0988 0x1140  RoxMediaDB12OEM - ok
13:58:13.0045 0x1140  [ 2B73088CC2CA757A172B425C9398E5BC, 3D296B4D6F66F7729CC48FE54456E6E6D8207DBA7E31D66653566C128E53163B ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
13:58:13.0088 0x1140  RoxWatch12 - ok
13:58:13.0145 0x1140  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:58:13.0229 0x1140  RpcEptMapper - ok
13:58:13.0283 0x1140  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:58:13.0309 0x1140  RpcLocator - ok
13:58:13.0383 0x1140  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
13:58:13.0401 0x1140  RpcSs - ok
13:58:13.0465 0x1140  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:58:13.0468 0x1140  rspndr - ok
13:58:13.0632 0x1140  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:58:13.0647 0x1140  RTL8167 - ok
13:58:13.0668 0x1140  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
13:58:13.0670 0x1140  SamSs - ok
13:58:13.0713 0x1140  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:58:13.0732 0x1140  sbp2port - ok
13:58:13.0784 0x1140  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:58:13.0836 0x1140  SCardSvr - ok
13:58:13.0898 0x1140  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:58:13.0900 0x1140  scfilter - ok
13:58:13.0971 0x1140  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:58:14.0093 0x1140  Schedule - ok
13:58:14.0153 0x1140  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:58:14.0157 0x1140  SCPolicySvc - ok
13:58:14.0241 0x1140  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:58:14.0249 0x1140  SDRSVC - ok
13:58:14.0338 0x1140  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] Secdrv          C:\Windows\system32\drivers\SECDRV.SYS
13:58:14.0340 0x1140  Secdrv - ok
13:58:14.0371 0x1140  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
13:58:14.0416 0x1140  seclogon - ok
13:58:14.0435 0x1140  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
13:58:14.0482 0x1140  SENS - ok
13:58:14.0514 0x1140  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:58:14.0564 0x1140  SensrSvc - ok
13:58:14.0673 0x1140  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:58:14.0683 0x1140  Serenum - ok
13:58:14.0747 0x1140  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
13:58:14.0762 0x1140  Serial - ok
13:58:14.0790 0x1140  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:58:14.0792 0x1140  sermouse - ok
13:58:14.0834 0x1140  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:58:14.0932 0x1140  SessionEnv - ok
13:58:14.0961 0x1140  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:58:14.0963 0x1140  sffdisk - ok
13:58:14.0998 0x1140  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:58:14.0999 0x1140  sffp_mmc - ok
13:58:15.0030 0x1140  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:58:15.0033 0x1140  sffp_sd - ok
13:58:15.0078 0x1140  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:58:15.0080 0x1140  sfloppy - ok
13:58:15.0133 0x1140  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:58:15.0242 0x1140  SharedAccess - ok
13:58:15.0295 0x1140  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:58:15.0392 0x1140  ShellHWDetection - ok
13:58:15.0433 0x1140  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:58:15.0435 0x1140  SiSRaid2 - ok
13:58:15.0466 0x1140  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:58:15.0478 0x1140  SiSRaid4 - ok
13:58:15.0695 0x1140  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:58:15.0701 0x1140  SkypeUpdate - ok
13:58:15.0754 0x1140  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:58:15.0758 0x1140  Smb - ok
13:58:15.0831 0x1140  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:58:15.0869 0x1140  SNMPTRAP - ok
13:58:15.0924 0x1140  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:58:15.0961 0x1140  spldr - ok
13:58:16.0054 0x1140  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
13:58:16.0160 0x1140  Spooler - ok
13:58:16.0612 0x1140  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:58:16.0702 0x1140  sppsvc - ok
13:58:16.0725 0x1140  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:58:16.0770 0x1140  sppuinotify - ok
13:58:16.0956 0x1140  [ 74D30C2EF66C2EB19F17ED5423AA8038, F79AB2B2B60620565FB2169255F95F4B37F6113F0AF776D1BAD02681EBE0DB54 ] sptd            C:\Windows\System32\Drivers\sptd.sys
13:58:16.0998 0x1140  sptd - ok
13:58:17.0088 0x1140  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:58:17.0122 0x1140  srv - ok
13:58:17.0161 0x1140  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:58:17.0199 0x1140  srv2 - ok
13:58:17.0241 0x1140  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:58:17.0257 0x1140  srvnet - ok
13:58:17.0321 0x1140  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:58:17.0376 0x1140  SSDPSRV - ok
13:58:17.0505 0x1140  [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
13:58:17.0507 0x1140  SSPORT - ok
13:58:17.0574 0x1140  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:58:17.0618 0x1140  SstpSvc - ok
13:58:17.0859 0x1140  [ 706080AD43599D4AB04F1676A3A62CC1, BD9A645163501E2234CAB2B99DB297A634526786D2CDC55FE1C18F5019623E34 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
13:58:17.0876 0x1140  Steam Client Service - ok
13:58:17.0930 0x1140  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:58:17.0932 0x1140  stexstor - ok
13:58:18.0097 0x1140  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:58:18.0165 0x1140  stisvc - ok
13:58:18.0237 0x1140  [ 7731F46EC0D687A931CBA063E8F90EF0, 5CF996A209756B901316C4406C7D3E52ECC9C15A1BDB0D4D9C77846AB29FD040 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:58:18.0336 0x1140  stllssvr - ok
13:58:18.0404 0x1140  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:58:18.0412 0x1140  swenum - ok
13:58:18.0566 0x1140  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:58:18.0672 0x1140  swprv - ok
13:58:18.0874 0x1140  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
13:58:19.0176 0x1140  SysMain - ok
13:58:19.0249 0x1140  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:58:19.0320 0x1140  TabletInputService - ok
13:58:19.0423 0x1140  [ B08740047145B9BCE15BF75CA0F9718A, 3E2A8A5A2A4DC4D0F05E22EA2C0EBD85AA5C7C6854E873D53538D1F54B8F7C63 ] tap0901t        C:\Windows\system32\DRIVERS\tap0901t.sys
13:58:19.0425 0x1140  tap0901t - ok
13:58:19.0538 0x1140  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:58:19.0593 0x1140  TapiSrv - ok
13:58:19.0627 0x1140  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:58:19.0644 0x1140  TBS - ok
13:58:19.0809 0x1140  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:58:19.0868 0x1140  Tcpip - ok
13:58:19.0992 0x1140  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:58:20.0020 0x1140  TCPIP6 - ok
13:58:20.0060 0x1140  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:58:20.0062 0x1140  tcpipreg - ok
13:58:20.0113 0x1140  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:58:20.0115 0x1140  TDPIPE - ok
13:58:20.0149 0x1140  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:58:20.0151 0x1140  TDTCP - ok
13:58:20.0171 0x1140  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:58:20.0176 0x1140  tdx - ok
13:58:20.0198 0x1140  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:58:20.0201 0x1140  TermDD - ok
13:58:20.0283 0x1140  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
13:58:20.0610 0x1140  TermService - ok
13:58:20.0644 0x1140  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:58:20.0698 0x1140  Themes - ok
13:58:20.0748 0x1140  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:58:20.0761 0x1140  THREADORDER - ok
13:58:20.0824 0x1140  [ 89DC033F4EE8F171826B1845C2136033, 62779CF449DE2C80D205CB3118F8D1DF7D1F3EB117D3EE3169DDB6FFAEA73F83 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
13:58:20.0827 0x1140  tmactmon - ok
13:58:20.0858 0x1140  [ 6AF3002BE88C56382CD87AA0884D7D30, 9192D5C97DAA33772319853374A569AE5B58F4700515B38FB9449E4F8DA82A3E ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
13:58:20.0864 0x1140  tmcomm - ok
13:58:20.0883 0x1140  [ 063B2C13F62F873E14C29A223C409AD8, 79BFED05FE71F980E6AE91C45D36A61712C31E54E0BBCC3564EA96373205CAF6 ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
13:58:20.0886 0x1140  tmevtmgr - ok
13:58:20.0968 0x1140  [ 5922B1F5741BBDBAF7F7B4CBD2B7C4A5, DC296753E3F4660F24E84744AD7E9D2E279D0CD49C71A6B721B6445F859C4DF7 ] tmlwf           C:\Windows\system32\DRIVERS\tmlwf.sys
13:58:20.0975 0x1140  tmlwf - ok
13:58:21.0037 0x1140  [ E5021A4A72204C15C52C546F9301BAEF, 0302F0BF65C68263799DBEE399BFDB93D1E7BABD9AA681F7FC39983845768D1A ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
13:58:21.0041 0x1140  tmtdi - ok
13:58:21.0100 0x1140  [ 0A2E3899CC72AD4CC85EA3D50A5331CC, DBA77E3A74C6DDD5A56A4E67A809ED60BEE4509F5F4E26DC497CFAE3E360CB51 ] tmwfp           C:\Windows\system32\DRIVERS\tmwfp.sys
13:58:21.0111 0x1140  tmwfp - ok
13:58:21.0183 0x1140  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:58:21.0245 0x1140  TrkWks - ok
13:58:21.0355 0x1140  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:58:21.0361 0x1140  TrustedInstaller - ok
13:58:21.0401 0x1140  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:58:21.0403 0x1140  tssecsrv - ok
13:58:21.0474 0x1140  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:58:21.0477 0x1140  TsUsbFlt - ok
13:58:21.0526 0x1140  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:58:21.0528 0x1140  TsUsbGD - ok
13:58:21.0641 0x1140  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:58:21.0645 0x1140  tunnel - ok
13:58:21.0845 0x1140  [ 9B67EEB5ECCA7E7A57942D967DD59089, 6CD1575BB52A936875DB6E2EA541C7630CF1B0BC4947A5B12356F7C493316324 ] TunngleService  C:\Program Files (x86)\Tunngle\TnglCtrl.exe
13:58:22.0152 0x1140  TunngleService - ok
13:58:22.0182 0x1140  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:58:22.0184 0x1140  uagp35 - ok
13:58:22.0272 0x1140  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:58:22.0282 0x1140  udfs - ok
13:58:22.0317 0x1140  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:58:22.0373 0x1140  UI0Detect - ok
13:58:22.0430 0x1140  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:58:22.0433 0x1140  uliagpkx - ok
13:58:22.0498 0x1140  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:58:22.0500 0x1140  umbus - ok
13:58:22.0523 0x1140  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:58:22.0524 0x1140  UmPass - ok
13:58:22.0648 0x1140  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:58:22.0678 0x1140  upnphost - ok
13:58:22.0721 0x1140  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
13:58:22.0722 0x1140  USBAAPL64 - ok
13:58:22.0983 0x1140  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:58:22.0987 0x1140  usbaudio - ok
13:58:23.0028 0x1140  [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
13:58:23.0032 0x1140  usbccgp - ok
13:58:23.0063 0x1140  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:58:23.0067 0x1140  usbcir - ok
13:58:23.0105 0x1140  [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:58:23.0108 0x1140  usbehci - ok
13:58:23.0225 0x1140  [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:58:23.0236 0x1140  usbhub - ok
13:58:23.0278 0x1140  [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:58:23.0280 0x1140  usbohci - ok
13:58:23.0363 0x1140  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:58:23.0365 0x1140  usbprint - ok
13:58:23.0402 0x1140  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:58:23.0406 0x1140  USBSTOR - ok
13:58:23.0434 0x1140  [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:58:23.0436 0x1140  usbuhci - ok
13:58:23.0552 0x1140  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:58:23.0559 0x1140  usbvideo - ok
13:58:23.0610 0x1140  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:58:23.0669 0x1140  UxSms - ok
13:58:23.0700 0x1140  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
13:58:23.0703 0x1140  VaultSvc - ok
13:58:23.0833 0x1140  [ 3C8E2C591345F38149C69FE8E5DF8C90, 9F4BB9BDA09CB2E99A6A888B288F322AE5C460B5D124CD714C6F00FF5029144B ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
13:58:23.0835 0x1140  VClone - ok
13:58:23.0896 0x1140  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:58:23.0898 0x1140  vdrvroot - ok
13:58:24.0083 0x1140  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:58:24.0256 0x1140  vds - ok
13:58:24.0346 0x1140  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:58:24.0348 0x1140  vga - ok
13:58:24.0364 0x1140  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:58:24.0366 0x1140  VgaSave - ok
13:58:24.0419 0x1140  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:58:24.0426 0x1140  vhdmp - ok
13:58:24.0504 0x1140  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:58:24.0505 0x1140  viaide - ok
13:58:24.0533 0x1140  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:58:24.0536 0x1140  volmgr - ok
13:58:24.0579 0x1140  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:58:24.0590 0x1140  volmgrx - ok
13:58:24.0670 0x1140  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:58:24.0675 0x1140  volsnap - ok
13:58:24.0699 0x1140  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:58:24.0702 0x1140  vsmraid - ok
13:58:24.0890 0x1140  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:58:25.0228 0x1140  VSS - ok
13:58:25.0289 0x1140  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:58:25.0290 0x1140  vwifibus - ok
13:58:25.0352 0x1140  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:58:25.0355 0x1140  vwififlt - ok
13:58:25.0438 0x1140  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:58:25.0499 0x1140  W32Time - ok
13:58:25.0522 0x1140  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:58:25.0523 0x1140  WacomPen - ok
13:58:25.0563 0x1140  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:58:25.0566 0x1140  WANARP - ok
13:58:25.0609 0x1140  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:58:25.0613 0x1140  Wanarpv6 - ok
13:58:25.0799 0x1140  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:58:25.0942 0x1140  WatAdminSvc - ok
13:58:26.0152 0x1140  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:58:26.0493 0x1140  wbengine - ok
13:58:26.0520 0x1140  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:58:26.0550 0x1140  WbioSrvc - ok
13:58:26.0649 0x1140  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:58:26.0799 0x1140  wcncsvc - ok
13:58:26.0824 0x1140  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:58:26.0843 0x1140  WcsPlugInService - ok
13:58:26.0893 0x1140  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
13:58:26.0911 0x1140  Wd - ok
13:58:27.0118 0x1140  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:58:27.0137 0x1140  Wdf01000 - ok
13:58:27.0159 0x1140  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:58:27.0185 0x1140  WdiServiceHost - ok
13:58:27.0197 0x1140  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:58:27.0200 0x1140  WdiSystemHost - ok
13:58:27.0277 0x1140  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
13:58:27.0334 0x1140  WebClient - ok
13:58:27.0407 0x1140  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:58:27.0457 0x1140  Wecsvc - ok
13:58:27.0480 0x1140  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:58:27.0483 0x1140  wercplsupport - ok
13:58:27.0526 0x1140  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:58:27.0595 0x1140  WerSvc - ok
13:58:27.0623 0x1140  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:58:27.0624 0x1140  WfpLwf - ok
13:58:27.0635 0x1140  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:58:27.0636 0x1140  WIMMount - ok
13:58:27.0715 0x1140  WinDefend - ok
13:58:27.0731 0x1140  WinHttpAutoProxySvc - ok
13:58:27.0894 0x1140  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:58:27.0940 0x1140  Winmgmt - ok
13:58:28.0259 0x1140  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:58:28.0511 0x1140  WinRM - ok
13:58:28.0628 0x1140  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:58:28.0630 0x1140  WinUsb - ok
13:58:28.0754 0x1140  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:58:28.0846 0x1140  Wlansvc - ok
13:58:28.0976 0x1140  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:58:29.0030 0x1140  wlcrasvc - ok
13:58:29.0385 0x1140  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:58:29.0679 0x1140  wlidsvc - ok
13:58:29.0735 0x1140  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:58:29.0737 0x1140  WmiAcpi - ok
13:58:29.0838 0x1140  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:58:29.0936 0x1140  wmiApSrv - ok
13:58:29.0995 0x1140  WMPNetworkSvc - ok
13:58:30.0070 0x1140  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:58:30.0118 0x1140  WPCSvc - ok
13:58:30.0162 0x1140  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:58:30.0244 0x1140  WPDBusEnum - ok
13:58:30.0294 0x1140  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:58:30.0296 0x1140  ws2ifsl - ok
13:58:30.0334 0x1140  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
13:58:30.0394 0x1140  wscsvc - ok
13:58:30.0396 0x1140  WSearch - ok
13:58:30.0643 0x1140  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:58:30.0679 0x1140  wuauserv - ok
13:58:30.0725 0x1140  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:58:30.0729 0x1140  WudfPf - ok
13:58:30.0827 0x1140  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:58:30.0834 0x1140  WUDFRd - ok
13:58:30.0865 0x1140  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:58:30.0928 0x1140  wudfsvc - ok
13:58:30.0994 0x1140  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:58:31.0083 0x1140  WwanSvc - ok
13:58:31.0395 0x1140  X6va009 - ok
13:58:31.0479 0x1140  [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
13:58:31.0482 0x1140  xusb21 - ok
13:58:31.0565 0x1140  ================ Scan global ===============================
13:58:31.0617 0x1140  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:58:31.0721 0x1140  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:58:31.0832 0x1140  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:58:31.0878 0x1140  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:58:31.0991 0x1140  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:58:32.0071 0x1140  [ Global ] - ok
13:58:32.0071 0x1140  ================ Scan MBR ==================================
13:58:32.0084 0x1140  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:58:33.0079 0x1140  \Device\Harddisk0\DR0 - ok
13:58:33.0079 0x1140  ================ Scan VBR ==================================
13:58:33.0096 0x1140  [ 3FE3506F11CF66DFC70CBBC948BCBC12 ] \Device\Harddisk0\DR0\Partition1
13:58:33.0113 0x1140  \Device\Harddisk0\DR0\Partition1 - ok
13:58:33.0134 0x1140  [ 1D47A8C54CABE31C013E4572D64B4F9B ] \Device\Harddisk0\DR0\Partition2
13:58:33.0140 0x1140  \Device\Harddisk0\DR0\Partition2 - ok
13:58:33.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:34.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:35.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:36.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:37.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:38.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:39.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:40.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:41.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:42.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:43.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:44.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:45.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:46.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:47.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:48.0141 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:49.0142 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:50.0142 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:51.0142 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:52.0142 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:53.0142 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:54.0142 0x1140  Waiting for KSN requests completion. In queue: 188
13:58:55.0418 0x1140  AV detected via SS2: Trend Micro Titanium Internet Security, C:\Program Files\Trend Micro\Titanium\wschandler.exe ( 3.1.0.1174 ), 0x41000 ( enabled : updated )
13:58:55.0420 0x1140  FW detected via SS2: Trend Micro Firewall Booster,  (  ), 0x40010 ( disabled )
13:58:55.0425 0x1140  Win FW state via NFP2: enabled
13:59:11.0890 0x1140  ============================================================
13:59:11.0890 0x1140  Scan finished
13:59:11.0890 0x1140  ============================================================
13:59:11.0899 0x16c8  Detected object count: 0
13:59:11.0899 0x16c8  Actual detected object count: 0
13:59:29.0296 0x114c  Deinitialize success
___________________________________________________________________________________________________________________
AdwCleaner log:
 
# AdwCleaner v3.208 - Relatório criado 16/05/2014 às 14:10:06
# Atualizado 11/05/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Henrique - HENRIQUE-PC
# Executando de : C:\Users\Henrique\Desktop\AdwCleaner (2).exe
# Opção : Examinar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Google Chrome v34.0.1847.137
 
[ Arquivo : C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2201 octets] - [08/05/2014 19:21:29]
AdwCleaner[R1].txt - [915 octets] - [09/05/2014 13:19:10]
AdwCleaner[R2].txt - [1035 octets] - [16/05/2014 14:06:55]
AdwCleaner[R3].txt - [1096 octets] - [16/05/2014 14:08:00]
AdwCleaner[R4].txt - [896 octets] - [16/05/2014 14:10:06]
AdwCleaner[S0].txt - [2227 octets] - [08/05/2014 19:23:25]
AdwCleaner[S1].txt - [972 octets] - [09/05/2014 13:22:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1074 octets] ##########
 

Edited by HDLO, 16 May 2014 - 12:16 PM.


#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:28 AM

Posted 17 May 2014 - 05:53 PM

Sorry for the delay....been having internet problems.
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 HDLO

HDLO
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 17 May 2014 - 10:24 PM

No problem! I really appreciate what you have been doing, take all the time you need.
 
Here is the ComboFix log:
 
ComboFix 14-05-16.01 - Henrique 18/05/2014   0:10.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.4079.3030 [GMT -3:00]
Executando de: c:\users\Henrique\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Firewall Booster *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\0bb0beb6-da93-477d-980d-15bb6e2df09c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\434373b7-17f4-4a5e-9e8f-2c1bb65cd9e5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\59be3af2-87f2-4d3a-b380-7509f3d47c40.dll
c:\programdata\PCDr\6426\AddOnDownloaded\64882123-3c6f-4e15-8579-c6d1ba56c9de.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8745715d-dc8a-4b32-b6a6-89cd3d0cc3c5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9c07cc30-4011-4e36-a63d-e59077a22429.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ad817bdc-639c-43e8-b06b-897bcb5b8f23.dll
c:\programdata\PCDr\6426\AddOnDownloaded\aeffdb78-a789-4b6a-b2c2-f85f9b4863e6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc1b45ef-7c18-4b8a-95cd-f77c43d4f7df.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d114d5a6-2ec4-4056-a365-d6281d97c6b6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d48ca7e0-0e31-445b-a98c-56b7318daa06.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e0db530c-27fc-4e55-af38-073796a09e9d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5847967-7dc8-4833-8ca6-09af078c1bcb.dll
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-04-18 to 2014-05-18  ))))))))))))))))))))))))))))
.
.
2014-05-18 03:18 . 2014-05-18 03:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-05-18 03:18 . 2014-05-18 03:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-15 14:38 . 2014-05-15 14:38 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-05-15 03:47 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 03:47 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 03:47 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 03:47 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 17:29 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 17:29 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-14 17:29 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-10 03:25 . 2012-04-04 21:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2014-05-10 03:25 . 2012-04-04 21:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2014-05-08 22:21 . 2010-08-30 11:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-08 22:21 . 2014-05-16 17:10 -------- d-----w- C:\AdwCleaner
2014-05-06 22:28 . 2014-05-15 14:34 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-05 19:33 . 2014-05-05 20:53 -------- d-----w- c:\programdata\SecTaskMan
2014-04-27 15:09 . 2014-04-27 15:09 -------- d-----w- c:\users\Henrique\AppData\Roaming\SUPERAntiSpyware.com
2014-04-27 00:19 . 2014-05-17 01:40 -------- d-----w- c:\users\Henrique\AppData\Roaming\TS3Client
2014-04-27 00:19 . 2014-04-27 00:19 -------- d-----w- c:\users\Henrique\AppData\Local\TeamSpeak 3 Client
2014-04-21 15:22 . 2014-04-21 22:16 -------- d-----w- c:\program files (x86)\LeNinjaZ
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 03:43 . 2012-01-28 22:30 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 01:30 . 2012-04-08 12:28 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 01:30 . 2012-01-25 18:35 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-15 05:34 . 2014-04-15 05:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-24 03:27 . 2013-10-14 14:31 281848 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-24 03:27 . 2012-02-04 21:59 281848 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-03-22 16:36 . 2012-02-04 21:38 281848 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-03-07 18:30 . 2014-03-07 18:30 386680 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-03-06 09:31 . 2014-04-12 05:05 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-12 05:05 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-12 05:05 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-12 05:05 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-12 05:05 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-12 05:05 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-12 05:05 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-12 05:05 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-12 05:05 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-12 05:05 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-12 05:05 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-12 05:05 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-12 05:05 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-12 05:05 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-12 05:05 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-12 05:05 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-12 05:05 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-12 05:05 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-12 05:05 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-12 05:05 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-12 05:05 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-12 05:05 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-12 05:05 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-12 05:05 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-12 05:05 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-12 05:05 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-12 05:05 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-12 05:05 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-12 05:05 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-12 05:05 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-12 05:05 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-12 05:05 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-12 05:05 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-05 21:37 . 2014-02-26 17:42 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-04 09:44 . 2014-04-09 20:22 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 20:22 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 20:22 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 20:22 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 20:22 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 20:22 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 20:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 20:22 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 20:22 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 20:22 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 20:22 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-02-26 16:30 . 2014-02-26 16:30 40720 ----a-w- c:\windows\system32\Partizan.exe
2014-02-26 16:21 . 2014-02-26 16:21 2 --shatr- c:\windows\winstart.bat
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-04-23 1825984]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-29 336384]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-23 618496]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\LevelUp! Games\RagnarokOnline\GameGuard\dump_wmimmc.sys;c:\program files (x86)\LevelUp! Games\RagnarokOnline\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys;c:\windows\SYSNATIVE\drivers\Bfilter.sys [x]
S1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys;c:\windows\SYSNATIVE\drivers\Bfmon.sys [x]
S1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys;c:\windows\SYSNATIVE\drivers\Bprotect.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-14 15:16 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 01:30]
.
2014-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07 22:07]
.
2014-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07 22:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-05-21 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-05-21 1119392]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.br/
mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: samsungsetup.com\www
.
- - - - ORFÃOS REMOVIDOS - - - -
.
AddRemove-Freecorder5.11 - c:\program files (x86)\Freecorder\uninstall.exe
AddRemove-War of the Triple Alliance - c:\program files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\War of the Triple Alliance\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\.Default\Software\DataMngr\Files\ChromeHomepage]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Files\Homepage]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Files\SelectedSearch]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Files\UrlbarSearch]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\List\Item1]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\List\Item2]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\List\Item3]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Toolbar]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr_Toolbar]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-2683632594-3974931073-2399377768-1001\Software\SecuROM\License information*]
"datasecu"=hex:e1,37,f5,e6,8d,50,fb,03,ff,fb,b4,ff,dc,de,d0,43,8b,cd,4d,09,55,
   f2,19,64,c5,83,22,f2,dc,fc,26,6b,14,22,40,63,57,70,71,32,4b,1f,de,b7,ba,69,\
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2014-05-18  00:20:16
ComboFix-quarantined-files.txt  2014-05-18 03:20
.
Pré-execução: 243.131.097.088 bytes disponíveis
Pós execução: 242.725.822.464 bytes disponíveis
.
- - End Of File - - 0D5463A103E9BD8A7C12D2007F99E6C8
5C616939100B85E558DA92B899A0FC36


#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:28 AM

Posted 18 May 2014 - 09:58 AM

Hi,
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    DDS::
    mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
     
    File::
    c:\windows\SysWOW64\Drivers\X6va009
     
    Driver::
    X6va009

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Post the new ComboFix log and let me know how your system is running.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 HDLO

HDLO
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 18 May 2014 - 10:40 AM

Hello! The system seems fine, the only strange thing that happened is that after I runned the ComboFix and it rebooted my PC, I couldn't activate my anti-virus. I rebooted again and it worked normaly. Here is the log:

 

ComboFix 14-05-16.01 - Henrique 18/05/2014  12:12:52.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.4079.2787 [GMT -3:00]
Executando de: c:\users\Henrique\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Henrique\Desktop\CFScript.txt
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Firewall Booster *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWOW64\Drivers\X6va009"
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA009
-------\Service_X6va009
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-04-18 to 2014-05-18  ))))))))))))))))))))))))))))
.
.
2014-05-18 15:21 . 2014-05-18 15:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-05-18 15:21 . 2014-05-18 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-15 14:38 . 2014-05-15 14:38 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-05-15 03:47 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 03:47 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 03:47 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 03:47 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 17:29 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 17:29 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-14 17:29 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-10 03:25 . 2012-04-04 21:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2014-05-10 03:25 . 2012-04-04 21:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2014-05-08 22:21 . 2010-08-30 11:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-08 22:21 . 2014-05-16 17:10 -------- d-----w- C:\AdwCleaner
2014-05-06 22:28 . 2014-05-15 14:34 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-05 19:33 . 2014-05-05 20:53 -------- d-----w- c:\programdata\SecTaskMan
2014-04-27 15:09 . 2014-04-27 15:09 -------- d-----w- c:\users\Henrique\AppData\Roaming\SUPERAntiSpyware.com
2014-04-27 00:19 . 2014-05-17 01:40 -------- d-----w- c:\users\Henrique\AppData\Roaming\TS3Client
2014-04-27 00:19 . 2014-04-27 00:19 -------- d-----w- c:\users\Henrique\AppData\Local\TeamSpeak 3 Client
2014-04-21 15:22 . 2014-04-21 22:16 -------- d-----w- c:\program files (x86)\LeNinjaZ
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 03:43 . 2012-01-28 22:30 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 01:30 . 2012-04-08 12:28 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 01:30 . 2012-01-25 18:35 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-15 05:34 . 2014-04-15 05:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-24 03:27 . 2013-10-14 14:31 281848 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-24 03:27 . 2012-02-04 21:59 281848 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-03-22 16:36 . 2012-02-04 21:38 281848 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-03-07 18:30 . 2014-03-07 18:30 386680 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-03-06 09:31 . 2014-04-12 05:05 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-12 05:05 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-12 05:05 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-12 05:05 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-12 05:05 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-12 05:05 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-12 05:05 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-12 05:05 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-12 05:05 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-12 05:05 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-12 05:05 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-12 05:05 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-12 05:05 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-12 05:05 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-12 05:05 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-12 05:05 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-12 05:05 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-12 05:05 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-12 05:05 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-12 05:05 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-12 05:05 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-12 05:05 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-12 05:05 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-12 05:05 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-12 05:05 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-12 05:05 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-12 05:05 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-12 05:05 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-12 05:05 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-12 05:05 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-12 05:05 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-12 05:05 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-12 05:05 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-05 21:37 . 2014-02-26 17:42 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-04 09:44 . 2014-04-09 20:22 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 20:22 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 20:22 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 20:22 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 20:22 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 20:22 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 20:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 20:22 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 20:22 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 20:22 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 20:22 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-02-26 16:30 . 2014-02-26 16:30 40720 ----a-w- c:\windows\system32\Partizan.exe
2014-02-26 16:21 . 2014-02-26 16:21 2 --shatr- c:\windows\winstart.bat
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-04-23 1825984]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-29 336384]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-23 618496]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\LevelUp! Games\RagnarokOnline\GameGuard\dump_wmimmc.sys;c:\program files (x86)\LevelUp! Games\RagnarokOnline\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys;c:\windows\SYSNATIVE\drivers\Bfilter.sys [x]
S1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys;c:\windows\SYSNATIVE\drivers\Bfmon.sys [x]
S1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys;c:\windows\SYSNATIVE\drivers\Bprotect.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-14 15:16 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 01:30]
.
2014-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07 22:07]
.
2014-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07 22:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-05-21 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-05-21 1119392]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.br/
mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 200.204.0.10 200.204.0.138
.
- - - - ORFÃOS REMOVIDOS - - - -
.
AddRemove-Freecorder5.11 - c:\program files (x86)\Freecorder\uninstall.exe
AddRemove-War of the Triple Alliance - c:\program files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\War of the Triple Alliance\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\.Default\Software\DataMngr\Files\ChromeHomepage]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Files\Homepage]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Files\SelectedSearch]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Files\UrlbarSearch]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\List\Item1]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\List\Item2]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\List\Item3]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Toolbar]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr_Toolbar]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-2683632594-3974931073-2399377768-1001\Software\SecuROM\License information*]
"datasecu"=hex:e1,37,f5,e6,8d,50,fb,03,ff,fb,b4,ff,dc,de,d0,43,8b,cd,4d,09,55,
   f2,19,64,c5,83,22,f2,dc,fc,26,6b,14,22,40,63,57,70,71,32,4b,1f,de,b7,ba,69,\
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-05-18  12:28:44 - Máquina reiniciou
ComboFix-quarantined-files.txt  2014-05-18 15:28
ComboFix2.txt  2014-05-18 03:20
.
Pré-execução: 242.761.113.600 bytes disponíveis
Pós execução: 242.494.922.752 bytes disponíveis
.
- - End Of File - - 5E19EA8539BA2D2584BEEAFFE9DDF9CF
5C616939100B85E558DA92B899A0FC36
_________________________________________________________
 
Thanks for your attention!


#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:28 AM

Posted 18 May 2014 - 12:54 PM

Hi,

 

Since the reboot the antivirus has been fine though correct?

 

When you ran DDS there should have been a log created named Attach.txt.  Could you post that please?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 HDLO

HDLO
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 18 May 2014 - 01:00 PM

Yes, the antivirus is fine now. In this log it says that I must attach it, so here is it. If you want I can just post without attach. 

Attached File  attach.txt   7.76KB   1 downloads


#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:28 AM

Posted 18 May 2014 - 01:05 PM

You did just fine thank you.
 
GUZVCQN.jpgMalwarebytes
 
Please open Malwarebytes, update it and then run a Hyper Scan.  Save the log that is created for your next reply.
----------
 

ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 HDLO

HDLO
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 18 May 2014 - 06:05 PM

Here is the Malwarebytes log. It finded 2 strange programs, the action sugested it was to "ignore once". I dind't knew what to do so I dind't press "aply actions".

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 18/05/2014
Scan Time: 15:28:35
Logfile: malwerebytes.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.05.18.07
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Henrique
 
Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 216356
Time Elapsed: 2 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.DataMngr.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, , [10cf3a18daa1e155dc84f6bd24dfcf31], 
PUP.Optional.DataMngr.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [aa35b2a0a6d58ea8e07f704311f2738d], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
______________________________________________
 
ESET Online Scanner din't find anything so no log was produced.


#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:28 AM

Posted 18 May 2014 - 06:20 PM

Sounds great!  Go ahead and run Malwarebytes again and remove those two entries that were found.  Once finished, let me know what remaining problems you are having.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 HDLO

HDLO
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 18 May 2014 - 06:44 PM

The two entries have been deleted. For now the computer seems to be fine, the problems that I said in the begining of the topic aren't happening anymore. As I said in the first post, the 20% CPU usage due to exeplorer.exe sometimes dissaper and come back, but I didn't saw it again. Thank you for attention and for your help!


Edited by HDLO, 18 May 2014 - 06:49 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users