Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:DNS Changer-VJ [Trj]


  • Please log in to reply
5 replies to this topic

#1 kumokuraudo

kumokuraudo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 28 May 2012 - 11:31 PM

Hi, I seem to have a nasty redirect virus (Win32:DNS Changer-VJ [Trj]). Not only does it redirect me, but it also slows down my pc and won't let me access my firewall.

AVAST keeps popping up with a message that it has blocked the virus and put it into the vault, but it really doesn't seem to do anything.

Anyways, I'd like to get help if possible please! :)

Edited by kumokuraudo, 28 May 2012 - 11:33 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 PM

Posted 28 May 2012 - 11:36 PM

Hello, please run these next. As it is late here I will look back tomorrow.
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.




Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 kumokuraudo

kumokuraudo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 29 May 2012 - 03:54 AM

Yes, I'm on a router.
One other machine is on the router and no the other machine is not being redirected.
Yes, I use Firefox.

MiniToolBox by Farbar Version: 14-01-2012
Ran by Owner (administrator) on 28-05-2012 at 23:58:53
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : satx.rr.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : satx.rr.com
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-21-97-6B-90-79
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::847:44fa:21bf:5b30%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, May 28, 2012 3:39:34 PM
Lease Expires . . . . . . . . . . : Tuesday, May 29, 2012 3:39:34 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234889623
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0C-BE-1B-E6-00-21-97-6B-90-79
DNS Servers . . . . . . . . . . . : 8.8.8.8
4.2.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.satx.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.227.40] with 32 bytes of data:
Reply from 74.125.227.40: bytes=32 time=30ms TTL=51
Reply from 74.125.227.40: bytes=32 time=34ms TTL=51

Ping statistics for 74.125.227.40:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 34ms, Average = 32ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=63ms TTL=49
Reply from 98.139.183.24: bytes=32 time=122ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 63ms, Maximum = 122ms, Average = 92ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
9...00 21 97 6b 90 79 ......NVIDIA nForce Networking Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 276
192.168.1.101 255.255.255.255 On-link 192.168.1.101 276
192.168.1.255 255.255.255.255 On-link 192.168.1.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
9 276 fe80::/64 On-link
9 276 fe80::847:44fa:21bf:5b30/128
On-link
1 306 ff00::/8 On-link
9 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/28/2012 11:22:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: pol.exe, version: 1.18.13.0, time stamp: 0x4e3bcddc
Faulting module name: distance.DLL, version: 0.0.0.0, time stamp: 0x484f4c06
Exception code: 0xc0000005
Fault offset: 0x0000c161
Faulting process id: 0x2130
Faulting application start time: 0xpol.exe0
Faulting application path: pol.exe1
Faulting module path: pol.exe2
Report Id: pol.exe3

Error: (05/28/2012 11:11:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/28/2012 10:20:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: pol.exe, version: 1.18.13.0, time stamp: 0x4e3bcddc
Faulting module name: distance.DLL, version: 0.0.0.0, time stamp: 0x484f4c06
Exception code: 0xc0000005
Fault offset: 0x0000c161
Faulting process id: 0x19d0
Faulting application start time: 0xpol.exe0
Faulting application path: pol.exe1
Faulting module path: pol.exe2
Report Id: pol.exe3

Error: (05/28/2012 10:05:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/28/2012 09:06:39 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/28/2012 08:02:30 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/28/2012 07:01:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/28/2012 06:08:36 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/28/2012 05:21:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"1".
Dependent Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2012 05:08:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (05/28/2012 03:52:46 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (05/28/2012 03:52:46 PM) (Source: DCOM) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (05/28/2012 03:40:03 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (05/28/2012 03:40:03 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (05/28/2012 03:39:46 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (05/28/2012 03:39:40 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (05/28/2012 03:39:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (05/28/2012 03:39:37 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (05/28/2012 03:39:37 PM) (Source: Service Control Manager) (User: )
Description: The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error:
%%2

Error: (05/28/2012 03:39:37 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (02/04/2012 06:59:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 1.8.2)
Acer Arcade Live Main Page (Version: 1.1.1819)
Acer Assist
Acer DV Magician (Version: 1.5.1730)
Acer DVDivine (Version: 3.2.1730)
Acer eDataSecurity Management (Version: 3.0.3065)
Acer Empowering Technology (Version: 3.0.3010)
Acer eSettings Management (Version: 3.0.3007)
Acer HomeMedia (Version: 1.5.0530)
Acer HomeMedia Connect (Version: 1.4.5330)
Acer HomeMedia Trial Creator (Version: 1.5.0530)
Acer Registration
Acer ScreenSaver (Version: 4.01.0718)
Acer SlideShow DVD (Version: 1.5.1730)
Acer VideoMagician (Version: 1.4.2203)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.235)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader 8.3.1 (Version: 8.3.1)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Agere Systems PCI-SV92EX Soft Modem
AIM 7
Aimersoft Video Converter Ultimate(Build 4.1.0.2)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.2.120)
ApRadar 3.1.1.7
ASIO4ALL (Version: 2.10)
avast! Internet Security (Version: 7.0.1426.0)
AVG 2011 (Version: 10.0.2425)
CameraHelperMsi (Version: 13.31.1038.0)
Chrono Trigger Texteditor V1.00
Codecv (Version: )
Creative System Information (Version: 1.10)
D3DX10 (Version: 15.4.2368.0902)
DirectVobSub 2.40.3300 x86 (Version: 2.40.3300)
DNSChanger Trojan Removal Tool (Version: 1.0)
Emsisoft Anti-Malware 5.1 (Version: 5.1)
EPSON NX110 Series Printer Uninstall
EPSON Scan
erLT (Version: 1.20.138.34)
ffdshow v1.2.4447 [2012-05-06] (Version: 1.2.4447.0)
FINAL FANTASY XI (Version: 1.03.0)
FINAL FANTASY XI Test Client (Version: 1.0.0)
FINAL FANTASY XI: Chains of Promathia (Version: 1.21.0)
FINAL FANTASY XI: Rise of the Zilart (Version: 1.12.0)
FINAL FANTASY XI: Treasures of Aht Urhgan (Version: 1.30.1)
FINAL FANTASY XI: Wings of the Goddess (Version: 1.40.1)
FL Studio 10
Fraps
Funmoods Web Search
Google Talk (remove only)
Google Talk Plugin (Version: 2.9.10.7526)
IL Download Manager
IMVU Avatar Chat Software
iTunes (Version: 10.1.1.4)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 15.4.3502.0922)
LibUSB-Win32-0.1.10.1 (Version: 0.1.10.1)
LightScribe 1.4.142.1 (Version: 1.4.142.1)
Logitech Vid HD (Version: 7.2 (7240))
Logitech Webcam Software (Version: 2.0)
LSI PCI-SV92EX Soft Modem (Version: 2.2.100)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Media Player Codec Pack 4.2.0 (Version: 4.2.0)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft LifeChat (Version: 1.40.224.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0818)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MorphVOX Junior (Version: 2.7.5)
MotioninJoy ds3 driver version 0.6.0003 (Version: 0.5.0001)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mumble 1.2.3 (Version: 1.2.3)
NTI Backup Now 5 (Version: 5.1.2.606)
NTI Backup Now Standard (Version: 5.1.2.606)
NTI JewelCase Maker Hot Fix (Version: 5.5.0.5202)
NTI Media Maker 8 (Version: 8.0.2.6329)
NTI Photo Maker Hot Fix (Version: 2.0.0.16)
NVIDIA 3D Vision Controller Driver 285.62 (Version: 285.62)
NVIDIA 3D Vision Driver 285.62 (Version: 285.62)
NVIDIA Control Panel 285.62 (Version: 285.62)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Graphics Driver 285.62 (Version: 285.62)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA PhysX (Version: 9.11.0621)
NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8562)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
Opera 11.64 (Version: 11.64.1403)
PakkISO 0.4 (Version: PakkISO 0.4 by zorted, installer by BitLooter)
PCSafeDoctor (Version: 2.0)
PCSX2 - Playstation 2 Emulator
PDF Settings CS6 (Version: 11.0)
PE585QAEncoder-64 (Version: 6.00.1918)
PG Music DirectX Plugins 1.3.3.1
PlayOnline Viewer & Tetra Master (Version: 1.18.00)
PowerTracks Pro Audio 9.0
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver
Registry Easy v5.6 (Version: 5.6)
Skype Click to Call (Version: 5.10.9560)
Skype™ 5.9 (Version: 5.9.115)
Sleep Moon Xpress (Version: 2.0.0)
Sound Blaster Tactic(3D) Alpha (Version: 1.0)
SpeedFan (remove only)
swMSM (Version: 12.0.0.1)
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client (Version: 3.0.5)
Viewpoint Media Player
Virtual MIDI Piano Keyboard (Version: 0.4.0)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 1.0.1 (Version: 1.0.1)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
XSplit (Version: 1.0.1204.1301)
Yahoo! Messenger
Yontoo 1.10.02 (Version: 1.10.02)
zbattle.net 1.09 SR-1 beta

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 4095.24 MB
Available physical RAM: 2188.14 MB
Total Pagefile: 8188.68 MB
Available Pagefile: 5480.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.85 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:289.58 GB) (Free:68.92 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:291.59 GB) (Free:2.14 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator Guest Owner
UpdatusUser


**** End of log ****





23:57:21.0836 9548 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
23:57:22.0348 9548 ============================================================
23:57:22.0348 9548 Current date / time: 2012/05/28 23:57:22.0348
23:57:22.0348 9548 SystemInfo:
23:57:22.0348 9548
23:57:22.0349 9548 OS Version: 6.1.7601 ServicePack: 1.0
23:57:22.0349 9548 Product type: Workstation
23:57:22.0349 9548 ComputerName: OWNER-PC
23:57:22.0349 9548 UserName: Owner
23:57:22.0349 9548 Windows directory: C:\Windows
23:57:22.0349 9548 System windows directory: C:\Windows
23:57:22.0349 9548 Running under WOW64
23:57:22.0349 9548 Processor architecture: Intel x64
23:57:22.0349 9548 Number of processors: 2
23:57:22.0349 9548 Page size: 0x1000
23:57:22.0349 9548 Boot type: Normal boot
23:57:22.0349 9548 ============================================================
23:57:22.0924 9548 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:57:22.0939 9548 ============================================================
23:57:22.0939 9548 \Device\Harddisk0\DR0:
23:57:22.0939 9548 MBR partitions:
23:57:22.0939 9548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x24329800
23:57:22.0939 9548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2612A02A, BlocksNum 0x2472CE97
23:57:22.0939 9548 ============================================================
23:57:22.0949 9548 C: <-> \Device\Harddisk0\DR0\Partition0
23:57:22.0972 9548 D: <-> \Device\Harddisk0\DR0\Partition1
23:57:22.0972 9548 ============================================================
23:57:22.0972 9548 Initialize success
23:57:22.0972 9548 ============================================================
00:02:27.0114 9516 ============================================================
00:02:27.0114 9516 Scan started
00:02:27.0114 9516 Mode: Manual; TDLFS;
00:02:27.0114 9516 ============================================================
00:02:29.0783 9516 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:02:29.0799 9516 1394ohci - ok
00:02:29.0878 9516 a2acc (922ab7cc2c12c38dc2c4074af893d5fb) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
00:02:29.0880 9516 a2acc - ok
00:02:30.0076 9516 a2AntiMalware (d7080c7ca741961c60a3aac1a1b69a84) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
00:02:30.0134 9516 a2AntiMalware - ok
00:02:30.0206 9516 a2injectiondriver (905cda5a8d86f733df8000909b4916ed) C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
00:02:30.0207 9516 a2injectiondriver - ok
00:02:30.0229 9516 a2util (e41d79682a209f72f4f578cfd4a53952) C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
00:02:30.0230 9516 a2util - ok
00:02:30.0328 9516 Acer HomeMedia Connect Service (517d30057c726c797764bfd70a55d82a) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
00:02:30.0332 9516 Acer HomeMedia Connect Service - ok
00:02:30.0455 9516 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:02:30.0468 9516 ACPI - ok
00:02:30.0506 9516 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:02:30.0508 9516 AcpiPmi - ok
00:02:30.0664 9516 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:02:30.0667 9516 AdobeFlashPlayerUpdateSvc - ok
00:02:30.0732 9516 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:02:30.0747 9516 adp94xx - ok
00:02:30.0795 9516 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:02:30.0816 9516 adpahci - ok
00:02:30.0846 9516 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:02:30.0856 9516 adpu320 - ok
00:02:30.0898 9516 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:02:30.0900 9516 AeLookupSvc - ok
00:02:30.0955 9516 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:02:30.0961 9516 AFD - ok
00:02:31.0034 9516 AgereModemAudio (48008d4ea73c1058f36d323a644410d4) C:\Program Files\LSI SoftModem\agr64svc.exe
00:02:31.0036 9516 AgereModemAudio - ok
00:02:31.0114 9516 AGERESoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
00:02:31.0137 9516 AGERESoftModem - ok
00:02:31.0174 9516 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:02:31.0176 9516 agp440 - ok
00:02:31.0214 9516 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:02:31.0220 9516 ALG - ok
00:02:31.0240 9516 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:02:31.0243 9516 aliide - ok
00:02:31.0257 9516 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:02:31.0258 9516 amdide - ok
00:02:31.0297 9516 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:02:31.0299 9516 AmdK8 - ok
00:02:31.0333 9516 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:02:31.0335 9516 AmdPPM - ok
00:02:31.0371 9516 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:02:31.0383 9516 amdsata - ok
00:02:31.0413 9516 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:02:31.0423 9516 amdsbs - ok
00:02:31.0444 9516 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:02:31.0447 9516 amdxata - ok
00:02:31.0499 9516 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:02:31.0501 9516 AppID - ok
00:02:31.0530 9516 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:02:31.0531 9516 AppIDSvc - ok
00:02:31.0569 9516 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:02:31.0571 9516 Appinfo - ok
00:02:31.0589 9516 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:02:31.0594 9516 arc - ok
00:02:31.0620 9516 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:02:31.0625 9516 arcsas - ok
00:02:31.0645 9516 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
00:02:31.0646 9516 aswFsBlk - ok
00:02:31.0685 9516 aswFW (ffe56ac75a257141561daf42c3f7d16b) C:\Windows\system32\drivers\aswFW.sys
00:02:31.0696 9516 aswFW - ok
00:02:31.0754 9516 aswKbd (316271cc32fdfffcdb30677684906d5e) C:\Windows\system32\drivers\aswKbd.sys
00:02:31.0755 9516 aswKbd - ok
00:02:31.0803 9516 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
00:02:31.0805 9516 aswMonFlt - ok
00:02:31.0831 9516 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
00:02:31.0833 9516 aswNdis - ok
00:02:31.0896 9516 aswNdis2 (36dbcb80e0af1dc228f495faf00a4bc8) C:\Windows\system32\drivers\aswNdis2.sys
00:02:31.0899 9516 aswNdis2 - ok
00:02:31.0920 9516 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
00:02:31.0925 9516 aswRdr - ok
00:02:32.0086 9516 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
00:02:32.0098 9516 aswSnx - ok
00:02:32.0144 9516 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
00:02:32.0148 9516 aswSP - ok
00:02:32.0166 9516 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
00:02:32.0167 9516 aswTdi - ok
00:02:32.0202 9516 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:02:32.0203 9516 AsyncMac - ok
00:02:32.0229 9516 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:02:32.0231 9516 atapi - ok
00:02:32.0318 9516 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:02:32.0332 9516 AudioEndpointBuilder - ok
00:02:32.0344 9516 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:02:32.0348 9516 AudioSrv - ok
00:02:32.0417 9516 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
00:02:32.0419 9516 avast! Antivirus - ok
00:02:32.0463 9516 avast! Firewall (7d465549dfb0eca6601e9609c72cd20a) C:\Program Files\AVAST Software\Avast\afwServ.exe
00:02:32.0465 9516 avast! Firewall - ok
00:02:32.0587 9516 AVG Security Toolbar Service - ok
00:02:32.0659 9516 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:02:32.0663 9516 AxInstSV - ok
00:02:32.0738 9516 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:02:32.0747 9516 b06bdrv - ok
00:02:32.0798 9516 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:02:32.0804 9516 b57nd60a - ok
00:02:32.0876 9516 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:02:32.0887 9516 BDESVC - ok
00:02:32.0921 9516 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:02:32.0923 9516 Beep - ok
00:02:33.0002 9516 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:02:33.0028 9516 BITS - ok
00:02:33.0071 9516 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:02:33.0073 9516 blbdrive - ok
00:02:33.0109 9516 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:02:33.0114 9516 bowser - ok
00:02:33.0152 9516 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:02:33.0154 9516 BrFiltLo - ok
00:02:33.0166 9516 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:02:33.0168 9516 BrFiltUp - ok
00:02:33.0205 9516 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:02:33.0217 9516 Browser - ok
00:02:33.0279 9516 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:02:33.0284 9516 Brserid - ok
00:02:33.0322 9516 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:02:33.0324 9516 BrSerWdm - ok
00:02:33.0340 9516 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:02:33.0342 9516 BrUsbMdm - ok
00:02:33.0356 9516 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:02:33.0357 9516 BrUsbSer - ok
00:02:33.0380 9516 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:02:33.0382 9516 BTHMODEM - ok
00:02:33.0453 9516 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:02:33.0459 9516 bthserv - ok
00:02:33.0540 9516 BUNAgentSvc (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
00:02:33.0542 9516 BUNAgentSvc - ok
00:02:33.0565 9516 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:02:33.0570 9516 cdfs - ok
00:02:33.0618 9516 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:02:33.0625 9516 cdrom - ok
00:02:33.0667 9516 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:02:33.0669 9516 CertPropSvc - ok
00:02:33.0691 9516 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:02:33.0693 9516 circlass - ok
00:02:33.0736 9516 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:02:33.0748 9516 CLFS - ok
00:02:33.0814 9516 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:02:33.0819 9516 clr_optimization_v2.0.50727_32 - ok
00:02:33.0886 9516 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:02:33.0890 9516 clr_optimization_v2.0.50727_64 - ok
00:02:33.0956 9516 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:02:33.0968 9516 clr_optimization_v4.0.30319_32 - ok
00:02:34.0010 9516 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:02:34.0022 9516 clr_optimization_v4.0.30319_64 - ok
00:02:34.0046 9516 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:02:34.0047 9516 CmBatt - ok
00:02:34.0095 9516 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:02:34.0097 9516 cmdide - ok
00:02:34.0343 9516 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:02:34.0353 9516 CNG - ok
00:02:34.0427 9516 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:02:34.0430 9516 Compbatt - ok
00:02:34.0494 9516 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:02:34.0496 9516 CompositeBus - ok
00:02:34.0539 9516 COMSysApp - ok
00:02:34.0591 9516 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:02:34.0593 9516 crcdisk - ok
00:02:34.0788 9516 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
00:02:34.0791 9516 Creative ALchemy AL6 Licensing Service - ok
00:02:34.0861 9516 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
00:02:34.0868 9516 Creative Audio Engine Licensing Service - ok
00:02:34.0929 9516 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:02:34.0954 9516 CryptSvc - ok
00:02:35.0023 9516 CTAudSvcService (1b8194450eb013cb6e79ce5503d1b0b5) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
00:02:35.0047 9516 CTAudSvcService - ok
00:02:35.0144 9516 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:02:35.0156 9516 DcomLaunch - ok
00:02:35.0211 9516 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:02:35.0217 9516 defragsvc - ok
00:02:35.0277 9516 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:02:35.0280 9516 DfsC - ok
00:02:35.0341 9516 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:02:35.0356 9516 Dhcp - ok
00:02:35.0390 9516 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:02:35.0392 9516 discache - ok
00:02:35.0416 9516 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:02:35.0418 9516 Disk - ok
00:02:35.0458 9516 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:02:35.0469 9516 Dnscache - ok
00:02:35.0511 9516 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:02:35.0518 9516 dot3svc - ok
00:02:35.0557 9516 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:02:35.0561 9516 DPS - ok
00:02:35.0595 9516 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:02:35.0597 9516 drmkaud - ok
00:02:35.0680 9516 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:02:35.0701 9516 DXGKrnl - ok
00:02:35.0739 9516 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:02:35.0753 9516 EapHost - ok
00:02:35.0946 9516 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:02:35.0985 9516 ebdrv - ok
00:02:36.0094 9516 eDataSecurity Service (b1f2503e23425b386df0f3413b2596f3) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
00:02:36.0100 9516 eDataSecurity Service - ok
00:02:36.0200 9516 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:02:36.0204 9516 EFS - ok
00:02:36.0282 9516 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:02:36.0290 9516 ehRecvr - ok
00:02:36.0329 9516 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:02:36.0342 9516 ehSched - ok
00:02:36.0407 9516 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:02:36.0420 9516 elxstor - ok
00:02:36.0446 9516 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:02:36.0447 9516 ErrDev - ok
00:02:36.0551 9516 ETService (c0fe39b8f686b7c70a666e716cc12b49) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
00:02:36.0557 9516 ETService - ok
00:02:36.0610 9516 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:02:36.0621 9516 EventSystem - ok
00:02:36.0650 9516 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:02:36.0660 9516 exfat - ok
00:02:36.0687 9516 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:02:36.0695 9516 fastfat - ok
00:02:36.0763 9516 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:02:36.0776 9516 Fax - ok
00:02:36.0794 9516 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:02:36.0795 9516 fdc - ok
00:02:36.0807 9516 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:02:36.0809 9516 fdPHost - ok
00:02:36.0831 9516 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:02:36.0834 9516 FDResPub - ok
00:02:36.0874 9516 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:02:36.0899 9516 FileInfo - ok
00:02:36.0948 9516 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:02:36.0951 9516 Filetrace - ok
00:02:36.0982 9516 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:02:36.0984 9516 flpydisk - ok
00:02:37.0191 9516 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:02:37.0196 9516 FltMgr - ok
00:02:37.0495 9516 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:02:37.0519 9516 FontCache - ok
00:02:37.0610 9516 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:02:37.0613 9516 FontCache3.0.0.0 - ok
00:02:37.0674 9516 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:02:37.0676 9516 FsDepends - ok
00:02:37.0720 9516 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
00:02:37.0722 9516 fssfltr - ok
00:02:37.0902 9516 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:02:37.0938 9516 fsssvc - ok
00:02:38.0074 9516 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:02:38.0075 9516 Fs_Rec - ok
00:02:38.0117 9516 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:02:38.0120 9516 fvevol - ok
00:02:38.0142 9516 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:02:38.0144 9516 gagp30kx - ok
00:02:38.0186 9516 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:02:38.0187 9516 GEARAspiWDM - ok
00:02:38.0255 9516 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:02:38.0271 9516 gpsvc - ok
00:02:38.0289 9516 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:02:38.0291 9516 hcw85cir - ok
00:02:38.0337 9516 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:02:38.0341 9516 HDAudBus - ok
00:02:38.0360 9516 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:02:38.0362 9516 HidBatt - ok
00:02:38.0383 9516 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:02:38.0387 9516 HidBth - ok
00:02:38.0407 9516 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:02:38.0409 9516 HidIr - ok
00:02:38.0438 9516 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:02:38.0441 9516 hidserv - ok
00:02:38.0462 9516 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:02:38.0464 9516 HidUsb - ok
00:02:38.0498 9516 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:02:38.0502 9516 hkmsvc - ok
00:02:38.0541 9516 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:02:38.0550 9516 HomeGroupListener - ok
00:02:38.0587 9516 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:02:38.0593 9516 HomeGroupProvider - ok
00:02:38.0609 9516 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:02:38.0611 9516 HpSAMD - ok
00:02:38.0683 9516 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:02:38.0692 9516 HTTP - ok
00:02:38.0729 9516 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:02:38.0730 9516 hwpolicy - ok
00:02:38.0757 9516 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:02:38.0761 9516 i8042prt - ok
00:02:38.0806 9516 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:02:38.0815 9516 iaStorV - ok
00:02:38.0945 9516 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:02:38.0964 9516 idsvc - ok
00:02:39.0005 9516 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:02:39.0008 9516 iirsp - ok
00:02:39.0088 9516 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:02:39.0114 9516 IKEEXT - ok
00:02:39.0187 9516 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
00:02:39.0187 9516 int15 - ok
00:02:39.0349 9516 IntcAzAudAddService (023eb98945069178c21b324b880ad787) C:\Windows\system32\drivers\RTKVHD64.sys
00:02:39.0371 9516 IntcAzAudAddService - ok
00:02:39.0483 9516 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:02:39.0485 9516 intelide - ok
00:02:39.0561 9516 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:02:39.0564 9516 intelppm - ok
00:02:39.0671 9516 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:02:39.0678 9516 IPBusEnum - ok
00:02:39.0771 9516 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:02:39.0775 9516 IpFilterDriver - ok
00:02:39.0857 9516 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:02:39.0860 9516 IPMIDRV - ok
00:02:39.0930 9516 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:02:39.0933 9516 IPNAT - ok
00:02:40.0238 9516 iPod Service (9b812a3484d89eb934982d67fb7d9313) C:\Program Files\iPod\bin\iPodService.exe
00:02:40.0254 9516 iPod Service - ok
00:02:40.0291 9516 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:02:40.0293 9516 IRENUM - ok
00:02:40.0320 9516 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:02:40.0322 9516 isapnp - ok
00:02:40.0363 9516 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:02:40.0384 9516 iScsiPrt - ok
00:02:40.0405 9516 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:02:40.0408 9516 kbdclass - ok
00:02:40.0439 9516 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:02:40.0442 9516 kbdhid - ok
00:02:40.0476 9516 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:02:40.0479 9516 KeyIso - ok
00:02:40.0500 9516 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:02:40.0506 9516 KSecDD - ok
00:02:40.0529 9516 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:02:40.0540 9516 KSecPkg - ok
00:02:40.0556 9516 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:02:40.0557 9516 ksthunk - ok
00:02:40.0608 9516 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:02:40.0621 9516 KtmRm - ok
00:02:40.0661 9516 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:02:40.0675 9516 LanmanServer - ok
00:02:40.0716 9516 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:02:40.0728 9516 LanmanWorkstation - ok
00:02:40.0747 9516 libusb0 - ok
00:02:40.0756 9516 libusbd - ok
00:02:40.0833 9516 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:02:40.0839 9516 LightScribeService - ok
00:02:40.0870 9516 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:02:40.0875 9516 lltdio - ok
00:02:40.0921 9516 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:02:40.0936 9516 lltdsvc - ok
00:02:40.0951 9516 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:02:40.0958 9516 lmhosts - ok
00:02:40.0985 9516 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:02:40.0997 9516 LSI_FC - ok
00:02:41.0016 9516 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:02:41.0025 9516 LSI_SAS - ok
00:02:41.0045 9516 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:02:41.0051 9516 LSI_SAS2 - ok
00:02:41.0071 9516 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:02:41.0084 9516 LSI_SCSI - ok
00:02:41.0107 9516 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:02:41.0115 9516 luafv - ok
00:02:41.0166 9516 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
00:02:41.0170 9516 LVRS64 - ok
00:02:41.0444 9516 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
00:02:41.0496 9516 LVUVC64 - ok
00:02:41.0602 9516 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
00:02:41.0603 9516 MBAMProtector - ok
00:02:41.0689 9516 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:02:41.0699 9516 MBAMService - ok
00:02:41.0734 9516 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:02:41.0747 9516 Mcx2Svc - ok
00:02:41.0776 9516 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:02:41.0778 9516 megasas - ok
00:02:41.0813 9516 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:02:41.0819 9516 MegaSR - ok
00:02:41.0853 9516 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:02:41.0859 9516 MMCSS - ok
00:02:41.0868 9516 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:02:41.0870 9516 Modem - ok
00:02:41.0901 9516 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:02:41.0903 9516 monitor - ok
00:02:41.0938 9516 MotioninJoyXFilter (fc44ad48746ffa5fd640ef1260ab5ec2) C:\Windows\system32\DRIVERS\MijXfilt.sys
00:02:41.0940 9516 MotioninJoyXFilter - ok
00:02:41.0973 9516 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:02:41.0975 9516 mouclass - ok
00:02:41.0994 9516 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:02:41.0996 9516 mouhid - ok
00:02:42.0042 9516 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:02:42.0044 9516 mountmgr - ok
00:02:42.0099 9516 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:02:42.0111 9516 MozillaMaintenance - ok
00:02:42.0149 9516 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:02:42.0159 9516 mpio - ok
00:02:42.0177 9516 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:02:42.0183 9516 mpsdrv - ok
00:02:42.0244 9516 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:02:42.0267 9516 MRxDAV - ok
00:02:42.0381 9516 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:02:42.0386 9516 mrxsmb - ok
00:02:42.0464 9516 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:02:42.0469 9516 mrxsmb10 - ok
00:02:42.0491 9516 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:02:42.0503 9516 mrxsmb20 - ok
00:02:42.0534 9516 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:02:42.0536 9516 msahci - ok
00:02:42.0556 9516 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:02:42.0567 9516 msdsm - ok
00:02:42.0606 9516 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:02:42.0617 9516 MSDTC - ok
00:02:42.0654 9516 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:02:42.0656 9516 Msfs - ok
00:02:42.0670 9516 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:02:42.0672 9516 mshidkmdf - ok
00:02:42.0703 9516 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:02:42.0705 9516 msisadrv - ok
00:02:42.0746 9516 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:02:42.0757 9516 MSiSCSI - ok
00:02:42.0764 9516 msiserver - ok
00:02:42.0786 9516 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:02:42.0788 9516 MSKSSRV - ok
00:02:42.0806 9516 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:02:42.0808 9516 MSPCLOCK - ok
00:02:42.0820 9516 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:02:42.0823 9516 MSPQM - ok
00:02:42.0866 9516 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:02:42.0878 9516 MsRPC - ok
00:02:42.0897 9516 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:02:42.0899 9516 mssmbios - ok
00:02:42.0922 9516 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:02:42.0924 9516 MSTEE - ok
00:02:42.0941 9516 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:02:42.0943 9516 MTConfig - ok
00:02:42.0961 9516 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:02:42.0963 9516 Mup - ok
00:02:43.0011 9516 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:02:43.0028 9516 napagent - ok
00:02:43.0063 9516 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:02:43.0076 9516 NativeWifiP - ok
00:02:43.0147 9516 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:02:43.0167 9516 NDIS - ok
00:02:43.0193 9516 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:02:43.0196 9516 NdisCap - ok
00:02:43.0215 9516 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:02:43.0217 9516 NdisTapi - ok
00:02:43.0257 9516 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:02:43.0261 9516 Ndisuio - ok
00:02:43.0298 9516 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:02:43.0309 9516 NdisWan - ok
00:02:43.0360 9516 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:02:43.0363 9516 NDProxy - ok
00:02:43.0379 9516 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:02:43.0383 9516 NetBIOS - ok
00:02:43.0431 9516 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:02:43.0435 9516 NetBT - ok
00:02:43.0468 9516 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:02:43.0470 9516 Netlogon - ok
00:02:43.0521 9516 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:02:43.0541 9516 Netman - ok
00:02:43.0585 9516 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:02:43.0590 9516 netprofm - ok
00:02:43.0686 9516 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:02:43.0691 9516 NetTcpPortSharing - ok
00:02:43.0717 9516 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:02:43.0719 9516 nfrd960 - ok
00:02:43.0767 9516 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:02:43.0781 9516 NlaSvc - ok
00:02:43.0794 9516 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:02:43.0797 9516 Npfs - ok
00:02:43.0805 9516 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:02:43.0810 9516 nsi - ok
00:02:43.0825 9516 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:02:43.0826 9516 nsiproxy - ok
00:02:43.0939 9516 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:02:43.0965 9516 Ntfs - ok
00:02:44.0051 9516 NTIBackupSvc (a2b6583a5652a385dff5e4f49ad48761) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
00:02:44.0055 9516 NTIBackupSvc - ok
00:02:44.0156 9516 NTIDrvr (7d397449aaf52b0e7c79b64f6ad4473e) C:\Windows\system32\Drivers\NTIDrvr.sys
00:02:44.0160 9516 NTIDrvr - ok
00:02:44.0190 9516 NTISchedulerSvc (40b87fe8a1a9a5ac9e5a91d96f212bcd) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
00:02:44.0201 9516 NTISchedulerSvc - ok
00:02:44.0214 9516 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:02:44.0217 9516 Null - ok
00:02:44.0279 9516 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
00:02:44.0290 9516 NVENETFD - ok
00:02:44.0314 9516 NVHDA (6e022d5f44cd8b029cf799807bb31269) C:\Windows\system32\drivers\nvhda64v.sys
00:02:44.0315 9516 NVHDA - ok
00:02:45.0135 9516 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:02:45.0321 9516 nvlddmkm - ok
00:02:45.0435 9516 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:02:45.0445 9516 nvraid - ok
00:02:45.0471 9516 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:02:45.0482 9516 nvstor - ok
00:02:45.0519 9516 nvstor64 (581286807b5832503fd700a3217b589f) C:\Windows\system32\DRIVERS\nvstor64.sys
00:02:45.0521 9516 nvstor64 - ok
00:02:45.0635 9516 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
00:02:45.0668 9516 nvsvc - ok
00:02:45.0882 9516 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
00:02:45.0918 9516 nvUpdatusService - ok
00:02:46.0018 9516 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:02:46.0030 9516 nv_agp - ok
00:02:46.0114 9516 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:02:46.0123 9516 odserv - ok
00:02:46.0156 9516 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:02:46.0160 9516 ohci1394 - ok
00:02:46.0196 9516 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:02:46.0205 9516 ose - ok
00:02:46.0250 9516 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:02:46.0259 9516 p2pimsvc - ok
00:02:46.0304 9516 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:02:46.0314 9516 p2psvc - ok
00:02:46.0373 9516 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
00:02:46.0385 9516 PAC207 - ok
00:02:46.0417 9516 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:02:46.0429 9516 Parport - ok
00:02:46.0466 9516 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:02:46.0469 9516 partmgr - ok
00:02:46.0487 9516 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:02:46.0497 9516 PcaSvc - ok
00:02:46.0524 9516 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:02:46.0533 9516 pci - ok
00:02:46.0569 9516 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:02:46.0570 9516 pciide - ok
00:02:46.0596 9516 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:02:46.0599 9516 pcmcia - ok
00:02:46.0626 9516 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:02:46.0628 9516 pcw - ok
00:02:46.0862 9516 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:02:46.0896 9516 PEAUTH - ok
00:02:47.0149 9516 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:02:47.0165 9516 PerfHost - ok
00:02:47.0328 9516 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:02:47.0360 9516 pla - ok
00:02:47.0425 9516 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:02:47.0444 9516 PlugPlay - ok
00:02:47.0467 9516 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:02:47.0483 9516 PNRPAutoReg - ok
00:02:47.0508 9516 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:02:47.0515 9516 PNRPsvc - ok
00:02:47.0555 9516 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:02:47.0563 9516 PolicyAgent - ok
00:02:47.0607 9516 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:02:47.0614 9516 Power - ok
00:02:47.0651 9516 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:02:47.0664 9516 PptpMiniport - ok
00:02:47.0696 9516 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:02:47.0698 9516 Processor - ok
00:02:47.0726 9516 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:02:47.0735 9516 ProfSvc - ok
00:02:47.0768 9516 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:02:47.0771 9516 ProtectedStorage - ok
00:02:47.0814 9516 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:02:47.0816 9516 Psched - ok
00:02:47.0846 9516 PSDFilter (2cfd31d41cde75328acaeee2d4f4b836) C:\Windows\system32\DRIVERS\psdfilter.sys
00:02:47.0847 9516 PSDFilter - ok
00:02:47.0858 9516 PSDNServ (51a585f999672d8bb07f22ae12b40846) C:\Windows\system32\DRIVERS\PSDNServ.sys
00:02:47.0859 9516 PSDNServ - ok
00:02:47.0875 9516 psdvdisk (db50d3f5c31b1a848b04f7f2a6ff2709) C:\Windows\system32\DRIVERS\PSDVdisk.sys
00:02:47.0877 9516 psdvdisk - ok
00:02:47.0974 9516 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:02:47.0999 9516 ql2300 - ok
00:02:48.0094 9516 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:02:48.0106 9516 ql40xx - ok
00:02:48.0148 9516 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:02:48.0156 9516 QWAVE - ok
00:02:48.0171 9516 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:02:48.0174 9516 QWAVEdrv - ok
00:02:48.0189 9516 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:02:48.0192 9516 RasAcd - ok
00:02:48.0231 9516 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:02:48.0233 9516 RasAgileVpn - ok
00:02:48.0263 9516 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:02:48.0275 9516 RasAuto - ok
00:02:48.0320 9516 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:02:48.0323 9516 Rasl2tp - ok
00:02:48.0366 9516 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:02:48.0378 9516 RasMan - ok
00:02:48.0395 9516 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:02:48.0398 9516 RasPppoe - ok
00:02:48.0428 9516 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:02:48.0433 9516 RasSstp - ok
00:02:48.0481 9516 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:02:48.0495 9516 rdbss - ok
00:02:48.0509 9516 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:02:48.0511 9516 rdpbus - ok
00:02:48.0526 9516 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:02:48.0528 9516 RDPCDD - ok
00:02:48.0553 9516 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:02:48.0554 9516 RDPENCDD - ok
00:02:48.0567 9516 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:02:48.0571 9516 RDPREFMP - ok
00:02:48.0610 9516 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
00:02:48.0619 9516 RDPWD - ok
00:02:48.0655 9516 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:02:48.0663 9516 rdyboost - ok
00:02:48.0694 9516 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:02:48.0707 9516 RemoteAccess - ok
00:02:48.0749 9516 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:02:48.0759 9516 RemoteRegistry - ok
00:02:48.0837 9516 RichVideo (a035a7bf5132682f53f1e7b955690ce7) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
00:02:48.0845 9516 RichVideo - ok
00:02:48.0866 9516 RkHit - ok
00:02:48.0882 9516 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:02:48.0896 9516 RpcEptMapper - ok
00:02:48.0923 9516 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:02:48.0926 9516 RpcLocator - ok
00:02:48.0974 9516 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:02:48.0983 9516 RpcSs - ok
00:02:49.0001 9516 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:02:49.0006 9516 rspndr - ok
00:02:49.0035 9516 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:02:49.0038 9516 SamSs - ok
00:02:49.0070 9516 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:02:49.0083 9516 sbp2port - ok
00:02:49.0105 9516 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:02:49.0115 9516 SCardSvr - ok
00:02:49.0147 9516 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:02:49.0149 9516 scfilter - ok
00:02:49.0218 9516 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:02:49.0243 9516 Schedule - ok
00:02:49.0277 9516 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:02:49.0279 9516 SCPolicySvc - ok
00:02:49.0315 9516 ScreamBAudioSvc (490b0b68bb938d5c628ec4a67277be75) C:\Windows\system32\drivers\ScreamingBAudio64.sys
00:02:49.0316 9516 ScreamBAudioSvc - ok
00:02:49.0368 9516 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:02:49.0384 9516 SDRSVC - ok
00:02:49.0419 9516 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:02:49.0423 9516 secdrv - ok
00:02:49.0451 9516 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:02:49.0458 9516 seclogon - ok
00:02:49.0486 9516 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:02:49.0500 9516 SENS - ok
00:02:49.0520 9516 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:02:49.0527 9516 SensrSvc - ok
00:02:49.0557 9516 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:02:49.0559 9516 Serenum - ok
00:02:49.0579 9516 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:02:49.0584 9516 Serial - ok
00:02:49.0630 9516 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:02:49.0631 9516 sermouse - ok
00:02:49.0681 9516 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:02:49.0689 9516 SessionEnv - ok
00:02:49.0724 9516 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:02:49.0726 9516 sffdisk - ok
00:02:49.0740 9516 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:02:49.0742 9516 sffp_mmc - ok
00:02:49.0755 9516 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:02:49.0757 9516 sffp_sd - ok
00:02:49.0766 9516 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:02:49.0768 9516 sfloppy - ok
00:02:49.0824 9516 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:02:49.0836 9516 ShellHWDetection - ok
00:02:49.0860 9516 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:02:49.0863 9516 SiSRaid2 - ok
00:02:49.0881 9516 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:02:49.0884 9516 SiSRaid4 - ok
00:02:49.0987 9516 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
00:02:49.0998 9516 SkypeUpdate - ok
00:02:50.0033 9516 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:02:50.0038 9516 Smb - ok
00:02:50.0087 9516 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:02:50.0096 9516 SNMPTRAP - ok
00:02:50.0188 9516 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
00:02:50.0192 9516 speedfan - ok
00:02:50.0206 9516 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:02:50.0208 9516 spldr - ok
00:02:50.0267 9516 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:02:50.0279 9516 Spooler - ok
00:02:50.0498 9516 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:02:50.0545 9516 sppsvc - ok
00:02:50.0635 9516 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:02:50.0647 9516 sppuinotify - ok
00:02:50.0710 9516 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:02:50.0720 9516 srv - ok
00:02:50.0755 9516 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:02:50.0768 9516 srv2 - ok
00:02:50.0794 9516 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:02:50.0805 9516 srvnet - ok
00:02:50.0829 9516 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:02:50.0839 9516 SSDPSRV - ok
00:02:50.0860 9516 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:02:50.0874 9516 SstpSvc - ok
00:02:51.0001 9516 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:02:51.0012 9516 Stereo Service - ok
00:02:51.0047 9516 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:02:51.0049 9516 stexstor - ok
00:02:51.0118 9516 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:02:51.0139 9516 stisvc - ok
00:02:51.0178 9516 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:02:51.0180 9516 swenum - ok
00:02:51.0301 9516 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:02:51.0315 9516 SwitchBoard - ok
00:02:51.0355 9516 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:02:51.0370 9516 swprv - ok
00:02:51.0481 9516 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:02:51.0507 9516 SysMain - ok
00:02:51.0616 9516 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:02:51.0629 9516 TabletInputService - ok
00:02:51.0677 9516 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:02:51.0694 9516 TapiSrv - ok
00:02:51.0708 9516 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:02:51.0714 9516 TBS - ok
00:02:51.0846 9516 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:02:51.0875 9516 Tcpip - ok
00:02:52.0024 9516 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:02:52.0041 9516 TCPIP6 - ok
00:02:52.0109 9516 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:02:52.0111 9516 tcpipreg - ok
00:02:52.0145 9516 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:02:52.0147 9516 TDPIPE - ok
00:02:52.0176 9516 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:02:52.0178 9516 TDTCP - ok
00:02:52.0204 9516 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:02:52.0217 9516 tdx - ok
00:02:52.0248 9516 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:02:52.0250 9516 TermDD - ok
00:02:52.0305 9516 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:02:52.0317 9516 TermService - ok
00:02:52.0351 9516 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:02:52.0367 9516 Themes - ok
00:02:52.0404 9516 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:02:52.0407 9516 THREADORDER - ok
00:02:52.0429 9516 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:02:52.0442 9516 TrkWks - ok
00:02:52.0507 9516 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:02:52.0524 9516 TrustedInstaller - ok
00:02:52.0564 9516 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:02:52.0566 9516 tssecsrv - ok
00:02:52.0615 9516 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:02:52.0617 9516 TsUsbFlt - ok
00:02:52.0657 9516 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:02:52.0668 9516 tunnel - ok
00:02:52.0695 9516 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:02:52.0698 9516 uagp35 - ok
00:02:52.0714 9516 UBHelper (00c8ce31657624a125fdb90efd554371) C:\Windows\system32\drivers\UBHelper.sys
00:02:52.0716 9516 UBHelper - ok
00:02:52.0746 9516 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:02:52.0751 9516 udfs - ok
00:02:52.0773 9516 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:02:52.0778 9516 UI0Detect - ok
00:02:52.0800 9516 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:02:52.0807 9516 uliagpkx - ok
00:02:52.0838 9516 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:02:52.0842 9516 umbus - ok
00:02:52.0856 9516 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:02:52.0858 9516 UmPass - ok
00:02:52.0969 9516 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
00:02:52.0978 9516 UMVPFSrv - ok
00:02:53.0013 9516 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:02:53.0022 9516 upnphost - ok
00:02:53.0067 9516 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:02:53.0080 9516 usbaudio - ok
00:02:53.0105 9516 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:02:53.0116 9516 usbccgp - ok
00:02:53.0155 9516 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:02:53.0166 9516 usbcir - ok
00:02:53.0186 9516 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:02:53.0189 9516 usbehci - ok
00:02:53.0234 9516 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:02:53.0247 9516 usbhub - ok
00:02:53.0260 9516 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
00:02:53.0263 9516 usbohci - ok
00:02:53.0315 9516 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:02:53.0317 9516 usbprint - ok
00:02:53.0342 9516 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:02:53.0344 9516 usbscan - ok
00:02:53.0375 9516 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
00:02:53.0380 9516 USBSTOR - ok
00:02:53.0409 9516 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
00:02:53.0416 9516 usbuhci - ok
00:02:53.0441 9516 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:02:53.0448 9516 UxSms - ok
00:02:53.0476 9516 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:02:53.0479 9516 VaultSvc - ok
00:02:53.0531 9516 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:02:53.0534 9516 vdrvroot - ok
00:02:53.0589 9516 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:02:53.0604 9516 vds - ok
00:02:53.0626 9516 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:02:53.0629 9516 vga - ok
00:02:53.0645 9516 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:02:53.0647 9516 VgaSave - ok
00:02:53.0693 9516 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:02:53.0700 9516 vhdmp - ok
00:02:53.0722 9516 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:02:53.0725 9516 viaide - ok
00:02:53.0797 9516 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
00:02:53.0798 9516 Viewpoint Manager Service - ok
00:02:53.0818 9516 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:02:53.0822 9516 volmgr - ok
00:02:53.0876 9516 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:02:53.0881 9516 volmgrx - ok
00:02:53.0910 9516 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:02:53.0924 9516 volsnap - ok
00:02:53.0956 9516 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:02:53.0966 9516 vsmraid - ok
00:02:54.0076 9516 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:02:54.0100 9516 VSS - ok
00:02:54.0195 9516 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:02:54.0197 9516 vwifibus - ok
00:02:54.0245 9516 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:02:54.0255 9516 W32Time - ok
00:02:54.0282 9516 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:02:54.0285 9516 WacomPen - ok
00:02:54.0313 9516 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:02:54.0317 9516 WANARP - ok
00:02:54.0326 9516 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:02:54.0329 9516 Wanarpv6 - ok
00:02:54.0435 9516 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:02:54.0463 9516 WatAdminSvc - ok
00:02:54.0575 9516 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:02:54.0608 9516 wbengine - ok
00:02:54.0679 9516 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:02:54.0697 9516 WbioSrvc - ok
00:02:54.0747 9516 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:02:54.0759 9516 wcncsvc - ok
00:02:54.0774 9516 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:02:54.0780 9516 WcsPlugInService - ok
00:02:54.0820 9516 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:02:54.0821 9516 Wd - ok
00:02:54.0870 9516 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:02:54.0880 9516 Wdf01000 - ok
00:02:54.0899 9516 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:02:54.0922 9516 WdiServiceHost - ok
00:02:54.0926 9516 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:02:54.0934 9516 WdiSystemHost - ok
00:02:54.0979 9516 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:02:54.0995 9516 WebClient - ok
00:02:55.0015 9516 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:02:55.0033 9516 Wecsvc - ok
00:02:55.0048 9516 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:02:55.0062 9516 wercplsupport - ok
00:02:55.0083 9516 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:02:55.0088 9516 WerSvc - ok
00:02:55.0110 9516 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:02:55.0114 9516 WfpLwf - ok
00:02:55.0125 9516 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:02:55.0127 9516 WIMMount - ok
00:02:55.0145 9516 WinHttpAutoProxySvc - ok
00:02:55.0215 9516 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:02:55.0221 9516 Winmgmt - ok
00:02:55.0357 9516 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:02:55.0405 9516 WinRM - ok
00:02:55.0535 9516 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:02:55.0561 9516 Wlansvc - ok
00:02:55.0612 9516 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:02:55.0614 9516 wlcrasvc - ok
00:02:55.0791 9516 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:02:55.0821 9516 wlidsvc - ok
00:02:55.0925 9516 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
00:02:55.0927 9516 WmBEnum - ok
00:02:55.0958 9516 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
00:02:55.0959 9516 WmFilter - ok
00:02:55.0996 9516 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:02:55.0998 9516 WmiAcpi - ok
00:02:56.0070 9516 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:02:56.0073 9516 wmiApSrv - ok
00:02:56.0130 9516 WMPNetworkSvc - ok
00:02:56.0159 9516 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
00:02:56.0160 9516 WmVirHid - ok
00:02:56.0183 9516 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
00:02:56.0185 9516 WmXlCore - ok
00:02:56.0219 9516 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:02:56.0236 9516 WPCSvc - ok
00:02:56.0271 9516 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:02:56.0283 9516 WPDBusEnum - ok
00:02:56.0315 9516 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:02:56.0317 9516 ws2ifsl - ok
00:02:56.0356 9516 WSearch - ok
00:02:56.0507 9516 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
00:02:56.0540 9516 wuauserv - ok
00:02:56.0658 9516 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:02:56.0669 9516 WudfPf - ok
00:02:56.0701 9516 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:02:56.0714 9516 WUDFRd - ok
00:02:56.0745 9516 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:02:56.0759 9516 wudfsvc - ok
00:02:56.0799 9516 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:02:56.0815 9516 WwanSvc - ok
00:02:56.0849 9516 XENfiltv (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\XENfiltv.sys
00:02:56.0850 9516 XENfiltv - ok
00:02:56.0890 9516 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
00:02:56.0896 9516 xusb21 - ok
00:02:56.0914 9516 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:02:57.0196 9516 \Device\Harddisk0\DR0 - ok
00:02:57.0226 9516 Boot (0x1200) (7ebd3342bfaa671863da5a14cabea5f9) \Device\Harddisk0\DR0\Partition0
00:02:57.0228 9516 \Device\Harddisk0\DR0\Partition0 - ok
00:02:57.0249 9516 Boot (0x1200) (c9ffd61dd1c6b3b06fa1a87d028ce969) \Device\Harddisk0\DR0\Partition1
00:02:57.0251 9516 \Device\Harddisk0\DR0\Partition1 - ok
00:02:57.0251 9516 ============================================================
00:02:57.0251 9516 Scan finished
00:02:57.0251 9516 ============================================================
00:02:57.0277 8724 Detected object count: 0
00:02:57.0277 8724 Actual detected object count: 0




Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.29.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

Protection: Disabled

5/29/2012 12:26:11 AM
mbam-log-2012-05-29 (00-26-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233469
Time elapsed: 8 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{8bc3cfcb-9d4b-ead1-382d-3c7480312a93}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 PM

Posted 29 May 2012 - 12:42 PM

Tell me howit is after these.

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.


>>>>>

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


>>>>
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 kumokuraudo

kumokuraudo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 30 May 2012 - 10:07 PM

When I loaded up the DOS window and typed out the command it gave me the following message:
The following helper DLL cannot be loaded: WSHELPER.DLL
The following command was not found: winsock reset

I'm still getting redirected.

ESET Online Scanner

C:\Program Files (x86)\DNSChanger Trojan Removal Tool\DNSChangerTrojanRemovalTool.exe probably a variant of Win32/SecurityStronghold application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\VistaCodecs\{9C3B6A53-2E1D-4FC5-9162-C89523BFCDDD}\Vista Codec Package.msi multiple threats deleted - quarantined
C:\Users\Owner\Documents\Installed Programs\PerfectUninstaller_Setup.exe a variant of Win32/PerfectUninstaller application deleted - quarantined
C:\Users\Owner\Documents\Installed Programs\RegistryEasy.exe a variant of Win32/Adware.RegistryEasy application deleted - quarantined
C:\Users\Owner\Documents\Installed Programs\SpywareCease_Setup.exe a variant of Win32/Adware.SpywareCease application deleted - quarantined
C:\Users\Owner\Downloads\DNSChangerTrojanRemovalTool.exe probably a variant of Win32/SecurityStronghold application deleted - quarantined
C:\Users\Owner\Downloads\flstudio_10.0.9.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Owner\Downloads\media.player.codec.pack.v4.2.0.setup.exe probably a variant of Win32/Toolbar.Widgi application deleted - quarantined
C:\Users\Owner\Downloads\PCSafeDoctor_Setup.exe multiple threats deleted - quarantined
C:\Users\Owner\Downloads\RegistryEasy(2).exe a variant of Win32/Adware.RegistryEasy application deleted - quarantined
C:\Users\Owner\Downloads\RegistryEasy.exe a variant of Win32/Adware.RegistryEasy application deleted - quarantined
C:\Users\Owner\Downloads\Spydig_Setup.exe multiple threats deleted - quarantined
C:\Users\Owner\Downloads\Adobe Photoshop CS6 13.0 Final Multilanguage (patch-PainteR) [ChingLiu]\patch - PainteR\adobe.photoshop.cs6-patch.exe a variant of Win32/HackTool.Patcher.T application cleaned by deleting - quarantined
C:\Windows\Installer\{8bc3cfcb-9d4b-ead1-382d-3c7480312a93}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{8bc3cfcb-9d4b-ead1-382d-3c7480312a93}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{8bc3cfcb-9d4b-ead1-382d-3c7480312a93}\U\80000064.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
D:\OWNER-PC\Backup Set 2012-05-18 165552\Backup Files 2012-05-18 165552\Backup files 1.zip multiple threats deleted - quarantined
D:\OWNER-PC\Backup Set 2012-05-18 165552\Backup Files 2012-05-20 190004\Backup files 1.zip HTML/ScrInject.B.Gen virus deleted - quarantined
D:\OWNER-PC\Backup Set 2012-05-18 165552\Backup Files 2012-05-20 190004\Backup files 34.zip multiple threats deleted - quarantined
D:\OWNER-PC\Backup Set 2012-05-18 165552\Backup Files 2012-05-20 190004\Backup files 35.zip multiple threats deleted - quarantined
D:\OWNER-PC\Backup Set 2012-05-18 165552\Backup Files 2012-05-20 190004\Backup files 36.zip a variant of Win32/HackTool.Patcher.T application deleted - quarantined
D:\OWNER-PC\Backup Set 2012-05-18 165552\Backup Files 2012-05-20 190004\Backup files 77.zip Win32/OpenCandy application deleted - quarantined
D:\OWNER-PC\Backup Set 2012-05-27 190004\Backup Files 2012-05-27 190004\Backup files 1.zip multiple threats deleted - quarantined
D:\OWNER-PC\Backup Set 2012-05-27 190004\Backup Files 2012-05-27 190004\Backup files 43.zip probably a variant of Win32/SecurityStronghold application deleted - quarantined
D:\OWNER-PC\Backup Set 2012-05-27 190004\Backup Files 2012-05-27 190004\Backup files 44.zip multiple threats deleted - quarantined
D:\OWNER-PC\Backup Set 2012-05-27 190004\Backup Files 2012-05-27 190004\Backup files 45.zip multiple threats deleted - quarantined
D:\OWNER-PC\Backup Set 2012-05-27 190004\Backup Files 2012-05-27 190004\Backup files 46.zip a variant of Win32/HackTool.Patcher.T application deleted - quarantined
D:\OWNER-PC\Backup Set 2012-05-27 190004\Backup Files 2012-05-27 190004\Backup files 87.zip Win32/OpenCandy application deleted - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-30 21:59:00
-----------------------------
21:59:00.677 OS Version: Windows x64 6.1.7601 Service Pack 1
21:59:00.677 Number of processors: 2 586 0xF0D
21:59:00.678 ComputerName: OWNER-PC UserName: Owner
21:59:04.147 Initialize success
21:59:19.933 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
21:59:19.937 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
21:59:19.953 Disk 0 MBR read successfully
21:59:19.956 Disk 0 MBR scan
21:59:19.960 Disk 0 Windows 7 default MBR code
21:59:19.968 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
21:59:19.980 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 296531 MB offset 31459328
21:59:19.995 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 298585 MB offset 638754858
21:59:20.018 Disk 0 scanning C:\Windows\system32\drivers
21:59:26.418 Service scanning
21:59:40.212 Modules scanning
21:59:40.223 Disk 0 trace - called modules:
21:59:40.236 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
21:59:40.240 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004930060]
21:59:40.250 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8003cf3d20]
21:59:40.258 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa80046a3590]
21:59:40.266 Scan finished successfully
22:00:25.672 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
22:00:25.709 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 PM

Posted 31 May 2012 - 09:16 AM

OK, it looks like a ZAccess rootkit and we need a deeper look to get it out.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users