Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JS:Agent-VC


  • Please log in to reply
11 replies to this topic

#1 gkdockery

gkdockery

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 15 June 2012 - 02:13 PM

My Avast scan this morning showed that I had picked up the JS:Agent-VC trojan. I put it in the virus chest and now would like to know how to completely get rid of it. Also, since I am running Avast with all of the shields enabled, and SUPERAntiSpyware Professional, how did this thing infect my computer? I keep all of my virus program definitions up-to-date.
Anyway, I would love to know what your advice for me concerning removal of this and how to improve my protection. I also have Malwarebytes and Microsoft Windows Defender installed and TDSS Killer. My system is running Windows 7 Home Premium. I use Iron Browser and keep Windows updated. Any advice would be appreciated.
Thanks in advance for your help

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 16 June 2012 - 06:22 AM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

Step 1

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step 3

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.


Step 4

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 gkdockery

gkdockery
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 16 June 2012 - 09:59 AM

I downloaded the Security Check and clicked on it. It came up and said it was collecting information and then it disappeared. This same thing happened when I tried it again.
Here is the rest of the logs you requested. Thanks so much for your help. I did forget to mention that I have dial-up so it will take me longer to perform the tasks you ask but I appreciate your patience and help.



MiniToolBox by Farbar Version: 09-06-2012
Ran by Kitten (administrator) on 16-06-2012 at 09:25:09
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection (Connecting)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Kitten-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

PPP adapter TotalUSA.net:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TotalUSA.net
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 72.251.104.229(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
Physical Address. . . . . . . . . : 00-26-2D-41-CF-5C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f144:bb2a:698e:b2cf%10(Deprecated)
Autoconfiguration IPv4 Address. . : 169.254.178.207(Tentative)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{5E8DED03-07D2-4825-81E8-AD7949D5C1D8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4C3EDF11-AEE8-4971-982E-410B4F96467C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:2cbe:32e0:b704:971a(Preferred)
Link-local IPv6 Address . . . . . : fe80::2cbe:32e0:b704:971a%11(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #14
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:48fb:68e5::48fb:68e5(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: google.com
Addresses: 2607:f8b0:4009:800::1003
74.125.225.36
74.125.225.38
74.125.225.33
74.125.225.37
74.125.225.34
74.125.225.39
74.125.225.32
74.125.225.35
74.125.225.40
74.125.225.41
74.125.225.46


Pinging google.com [74.125.225.36] with 32 bytes of data:
Reply from 74.125.225.36: bytes=32 time=1910ms TTL=56
Reply from 74.125.225.36: bytes=32 time=340ms TTL=56

Ping statistics for 74.125.225.36:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 340ms, Maximum = 1910ms, Average = 1125ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 209.191.122.70
98.139.183.24
72.30.38.140


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=374ms TTL=55
Reply from 209.191.122.70: bytes=32 time=2288ms TTL=55

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 374ms, Maximum = 2288ms, Average = 1331ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
21...........................TotalUSA.net
10...00 26 2d 41 cf 5c ......NVIDIA nForce 10/100/1000 Mbps Ethernet
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #14
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 On-link 72.251.104.229 51
72.251.104.229 255.255.255.255 On-link 72.251.104.229 306
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 72.251.104.229 51
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 72.251.104.229 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 1150 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:5ef5:79fb:2cbe:32e0:b704:971a/128
On-link
12 1050 2002::/16 On-link
12 306 2002:48fb:68e5::48fb:68e5/128
On-link
11 306 fe80::/64 On-link
11 306 fe80::2cbe:32e0:b704:971a/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/16/2012 08:57:59 AM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver0x80070002

Error: (06/16/2012 06:05:45 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
ErrorCode: 14007(0x36b7).

Error: (06/16/2012 06:02:02 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/15/2012 07:42:14 PM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver0x80070002

Error: (06/15/2012 07:06:15 PM) (Source: RasClient) (User: )
Description: CoId={409EE05F-D57F-4AFC-8DD2-AB44665DACFF}: The user Kitten-PC\Kitten dialed a connection named TotalUSA.net which has failed. The error code returned on failure is 680.

Error: (06/15/2012 07:05:30 PM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver0x80070002

Error: (06/15/2012 05:06:04 PM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver0x80070002

Error: (06/15/2012 04:58:13 PM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver0x80070002

Error: (06/15/2012 01:22:10 PM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver0x80070002

Error: (06/15/2012 11:49:02 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.


System errors:
=============
Error: (06/10/2012 07:20:46 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (06/09/2012 05:41:59 AM) (Source: Microsoft-Windows-Bits-Client) (User: SYSTEM)
Description: A new BITS job could not be created. The current job count for the user Kitten-PC\Kitten (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (06/08/2012 06:04:00 AM) (Source: Microsoft-Windows-Bits-Client) (User: SYSTEM)
Description: A new BITS job could not be created. The current job count for the user Kitten-PC\Kitten (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (06/07/2012 08:42:33 PM) (Source: Microsoft-Windows-Bits-Client) (User: SYSTEM)
Description: A new BITS job could not be created. The current job count for the user Kitten-PC\Kitten (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (06/07/2012 08:42:25 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (06/07/2012 06:04:59 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:11:25 PM on ?6/?6/?2012 was unexpected.

Error: (06/03/2012 05:42:44 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:05:09 PM on ?6/?2/?2012 was unexpected.

Error: (06/01/2012 09:16:54 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (06/01/2012 09:16:48 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (06/01/2012 09:16:42 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.


Microsoft Office Sessions:
=========================
Error: (06/16/2012 08:57:59 AM) (Source: WPDMTPDriver)(User: )
Description: MTP WPD Driver0x80070002

Error: (06/16/2012 06:05:45 AM) (Source: CVHSVC)(User: )
Description: Error: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
ErrorCode: 14007(0x36b7).

Error: (06/16/2012 06:02:02 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/15/2012 07:42:14 PM) (Source: WPDMTPDriver)(User: )
Description: MTP WPD Driver0x80070002

Error: (06/15/2012 07:06:15 PM) (Source: RasClient)(User: )
Description: {409EE05F-D57F-4AFC-8DD2-AB44665DACFF}Kitten-PC\KittenTotalUSA.net680

Error: (06/15/2012 07:05:30 PM) (Source: WPDMTPDriver)(User: )
Description: MTP WPD Driver0x80070002

Error: (06/15/2012 05:06:04 PM) (Source: WPDMTPDriver)(User: )
Description: MTP WPD Driver0x80070002

Error: (06/15/2012 04:58:13 PM) (Source: WPDMTPDriver)(User: )
Description: MTP WPD Driver0x80070002

Error: (06/15/2012 01:22:10 PM) (Source: WPDMTPDriver)(User: )
Description: MTP WPD Driver0x80070002

Error: (06/15/2012 11:49:02 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.


=========================== Installed Programs ============================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.0.1.152)
Adobe Reader 9.2 MUI (Version: 9.2.0)
Advertising Center (Version: 0.0.0.2)
ArcSoft MediaImpression (Version: 1.5.9.442)
avast! Free Antivirus (Version: 7.0.1426.0)
Bejeweled 2 Deluxe (Version: 2.2.0.82)
Blackhawk Striker 2 (Version: 2.2.0.82)
Bob the Builder Can-Do-Zoo (Version: 2.2.0.82)
Build-a-lot 2 (Version: 2.2.0.82)
Canon Easy-PhotoPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon My Printer
Canon Solution Menu EX
CardRd81 (Version: 4.00.0000.0004)
CCHelp (Version: 4.00.0000.0001)
CCleaner (Version: 3.16)
CCScore (Version: 4.00.0001.0001)
Coupon Printer for Windows (Version: 5.0.0.1)
CR2 (Version: 4.00.0000.0003)
CyberLink PowerDVD 9 (Version: 9.0.2826.50)
D3DX10 (Version: 15.4.2368.0902)
eBay Worldwide (Version: 2.1.0901)
eMachines Game Console
eMachines Games (Version: 1.0.0.80)
eMachines Recovery Management (Version: 4.05.3007)
eMachines Registration (Version: 1.02.3006)
eMachines ScreenSaver (Version: 1.1.0812)
eMachines Updater (Version: 1.02.3001)
Escape Rosecliff Island (Version: 2.2.0.82)
ESSAdpt (Version: 4.00.0001.0001)
ESSANUP (Version: 4.00.0001.0001)
ESSBrwr (Version: 4.00.0000.0001)
ESSCAM (Version: 4.00.0001.0001)
ESSCDBK (Version: 4.00.0001.0001)
ESScore (Version: 4.00.0001.0001)
ESSCT (Version: 4.00.0000.0001)
ESSgui (Version: 4.00.0000.0004)
ESShelp (Version: 4.00.0000.0003)
ESSini (Version: 4.00.0001.0001)
ESSPCD (Version: 4.00.0000.0001)
ESSPDock (Version: 4.00.0002.0001)
ESSSONIC (Version: 4.00.0000.0003)
ESSTUTOR (Version: 4.00.0000.0003)
ESSvpaht (Version: 4.00.0000.0003)
ESSvpot (Version: 4.00.0000.0001)
Faerie Solitaire (Version: 2.2.0.82)
FATE - The Traitor Soul (Version: 2.2.0.82)
Google Update Helper (Version: 1.3.21.111)
HiJackThis (Version: 1.0.0)
HLPCCTR (Version: 4.00.0000.0003)
HLPIndex (Version: 4.00.0000.0003)
HLPPDOCK (Version: 4.00.0000.0002)
HLPRFO (Version: 4.00.0000.0004)
Homework Helpers
Hotkey Utility (Version: 2.05.3009)
Identity Card (Version: 1.00.3003)
ImagXpress (Version: 7.0.74.0)
IncrediMail (Version: 6.2.9.5120)
IncrediMail 2.0 (Version: 6.2.9.5120)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Jewel Quest Solitaire 3 (Version: 2.2.0.82)
Junk Mail filter update (Version: 15.4.3502.0922)
Kodak EasyShare software
KSU (Version: 632.62.0002.0001)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Web Publishing Wizard 1.52
Monopoly (Version: 2.2.0.82)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - Lost in Los Angeles (Version: 2.2.0.82)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.6.2.101)
Nero InfoTool (Version: 6.4.12.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.37.100)
Nero StartSmart Help (Version: 9.4.27.100)
Nero StartSmart OEM (Version: 9.15.0.100)
NeroExpress (Version: 9.4.33.100)
neroxml (Version: 1.0.0)
Notifier (Version: 4.00.0000.0001)
NVIDIA Display Control Panel (Version: 1.10)
NVIDIA Drivers (Version: 1.10.57.35)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7316)
OTtBP (Version: 4.00.0000.0003)
OTtBPSDK (Version: 4.00.0000.0000)
PCDLNCH (Version: 4.00.0001.0001)
Penguins! (Version: 2.2.0.82)
Photo Notifier and Animation Creator (Version: 1.0.0.1009)
Picasa 3 (Version: 3.6)
Plants vs. Zombies (Version: 2.2.0.82)
Polar Bowler (Version: 2.2.0.82)
Polar Golfer (Version: 2.2.0.82)
PrintMaster 12
QuickTime
Realtek High Definition Audio Driver (Version: 6.0.1.6045)
Roxio Express Labeler (Version: 2.1.0)
Roxio Update Manager (Version: 3.0.0)
Scrabble Plus (Version: 2.2.0.82)
SFR (Version: 3.03.0000.0001)
SFR2 (Version: 3.03.0000.0002)
Sonic Activation Module (Version: 1.0)
SRWare Iron 14.0.850.0
SUPERAntiSpyware (Version: 4.48.1000)
The Price is Right (Version: 2.2.0.82)
The Print Shop 23.1 (Version: 23.1.11)
TotalUSA.net Internet
Ulead Photo Express 4.0 SE
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VCAMCEN (Version: 4.00.0001.0002)
Virtual Families (Version: 2.2.0.82)
Virtual Villagers - A New Home (Version: 2.2.0.82)
VPRINTOL (Version: 4.00.0000.0001)
Welcome Center (Version: 1.00.3013)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Yahtzee (Version: 2.2.0.82)
Zuma Deluxe (Version: 2.2.0.82)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 3839.37 MB
Available physical RAM: 2782.38 MB
Total Pagefile: 7676.93 MB
Available Pagefile: 5943.21 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.46 MB

========================= Partitions: =====================================

1 Drive c: (eMachines) (Fixed) (Total:580.07 GB) (Free:513.48 GB) NTFS

========================= Users: ========================================

User accounts for \\KITTEN-PC

Administrator ASPNET Guest
Kitten

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

20-05-2012 12:07:36 Windows Update
23-05-2012 19:33:15 Windows Update
29-05-2012 11:29:38 Windows Update
01-06-2012 10:54:57 Windows Backup
05-06-2012 01:06:49 Windows Update
08-06-2012 13:05:29 Windows Update
12-06-2012 15:41:51 Windows Update
15-06-2012 02:30:36 Windows Update
15-06-2012 16:20:05 Windows Update
16-06-2012 02:25:48 Windows Update

**** End of log ****

Farbar Service Scanner Version: 09-06-2012
Ran by Kitten (administrator) on 16-06-2012 at 09:29:03
Running from "C:\Users\Kitten\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

09:55:04.0619 2808 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
09:55:06.0622 2808 ============================================================
09:55:06.0622 2808 Current date / time: 2012/06/16 09:55:06.0622
09:55:06.0622 2808 SystemInfo:
09:55:06.0622 2808
09:55:06.0622 2808 OS Version: 6.1.7601 ServicePack: 1.0
09:55:06.0622 2808 Product type: Workstation
09:55:06.0623 2808 ComputerName: KITTEN-PC
09:55:06.0623 2808 UserName: Kitten
09:55:06.0623 2808 Windows directory: C:\Windows
09:55:06.0623 2808 System windows directory: C:\Windows
09:55:06.0623 2808 Running under WOW64
09:55:06.0623 2808 Processor architecture: Intel x64
09:55:06.0623 2808 Number of processors: 2
09:55:06.0623 2808 Page size: 0x1000
09:55:06.0623 2808 Boot type: Normal boot
09:55:06.0623 2808 ============================================================
09:55:07.0973 2808 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:55:08.0009 2808 ============================================================
09:55:08.0009 2808 \Device\Harddisk0\DR0:
09:55:08.0009 2808 MBR partitions:
09:55:08.0009 2808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
09:55:08.0009 2808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x488252B0
09:55:08.0009 2808 ============================================================
09:55:08.0027 2808 C: <-> \Device\Harddisk0\DR0\Partition1
09:55:08.0027 2808 ============================================================
09:55:08.0027 2808 Initialize success
09:55:08.0027 2808 ============================================================
09:56:32.0535 3344 ============================================================
09:56:32.0535 3344 Scan started
09:56:32.0535 3344 Mode: Manual; SigCheck; TDLFS;
09:56:32.0535 3344 ============================================================
09:56:33.0294 3344 !SASCORE (a0709b82fa3b5afad1467e565b8b3ba0) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:56:33.0446 3344 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
09:56:33.0446 3344 !SASCORE - detected UnsignedFile.Multi.Generic (1)
09:56:34.0013 3344 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:56:34.0067 3344 1394ohci - ok
09:56:34.0231 3344 ACDaemon (769db4f484957cc98153b3c1b5d1162f) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:56:34.0311 3344 ACDaemon - ok
09:56:34.0484 3344 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:56:34.0539 3344 ACPI - ok
09:56:34.0588 3344 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:56:34.0633 3344 AcpiPmi - ok
09:56:34.0796 3344 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:56:34.0859 3344 adp94xx - ok
09:56:34.0951 3344 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:56:34.0999 3344 adpahci - ok
09:56:35.0033 3344 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:56:35.0073 3344 adpu320 - ok
09:56:35.0097 3344 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:56:35.0217 3344 AeLookupSvc - ok
09:56:35.0511 3344 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:56:35.0572 3344 AFD - ok
09:56:36.0043 3344 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
09:56:36.0118 3344 AgereSoftModem - ok
09:56:36.0188 3344 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:56:36.0226 3344 agp440 - ok
09:56:36.0296 3344 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:56:36.0341 3344 ALG - ok
09:56:36.0395 3344 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:56:36.0435 3344 aliide - ok
09:56:36.0479 3344 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:56:36.0512 3344 amdide - ok
09:56:36.0612 3344 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:56:36.0651 3344 AmdK8 - ok
09:56:36.0698 3344 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:56:36.0735 3344 AmdPPM - ok
09:56:36.0782 3344 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:56:36.0820 3344 amdsata - ok
09:56:36.0953 3344 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:56:36.0993 3344 amdsbs - ok
09:56:37.0023 3344 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:56:37.0067 3344 amdxata - ok
09:56:37.0125 3344 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:56:37.0223 3344 AppID - ok
09:56:37.0244 3344 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:56:37.0395 3344 AppIDSvc - ok
09:56:37.0483 3344 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:56:37.0537 3344 Appinfo - ok
09:56:37.0619 3344 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:56:37.0652 3344 arc - ok
09:56:37.0719 3344 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:56:37.0758 3344 arcsas - ok
09:56:37.0841 3344 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
09:56:37.0878 3344 aswFsBlk - ok
09:56:37.0994 3344 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
09:56:38.0029 3344 aswMonFlt - ok
09:56:38.0150 3344 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
09:56:38.0183 3344 aswRdr - ok
09:56:38.0566 3344 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
09:56:38.0644 3344 aswSnx - ok
09:56:38.0797 3344 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
09:56:38.0851 3344 aswSP - ok
09:56:38.0979 3344 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
09:56:39.0013 3344 aswTdi - ok
09:56:39.0062 3344 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:56:39.0171 3344 AsyncMac - ok
09:56:39.0217 3344 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:56:39.0273 3344 atapi - ok
09:56:39.0391 3344 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:56:39.0513 3344 AudioEndpointBuilder - ok
09:56:39.0534 3344 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:56:39.0656 3344 AudioSrv - ok
09:56:39.0771 3344 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:56:39.0806 3344 avast! Antivirus - ok
09:56:39.0968 3344 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:56:40.0020 3344 AxInstSV - ok
09:56:40.0241 3344 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:56:40.0293 3344 b06bdrv - ok
09:56:40.0436 3344 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:56:40.0481 3344 b57nd60a - ok
09:56:40.0578 3344 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:56:40.0646 3344 BDESVC - ok
09:56:40.0676 3344 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:56:40.0833 3344 Beep - ok
09:56:40.0923 3344 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:56:40.0986 3344 BFE - ok
09:56:41.0070 3344 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
09:56:41.0148 3344 BITS - ok
09:56:41.0197 3344 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:56:41.0218 3344 blbdrive - ok
09:56:41.0250 3344 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:56:41.0307 3344 bowser - ok
09:56:41.0322 3344 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:56:41.0348 3344 BrFiltLo - ok
09:56:41.0367 3344 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:56:41.0390 3344 BrFiltUp - ok
09:56:41.0437 3344 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:56:41.0498 3344 Browser - ok
09:56:41.0530 3344 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:56:41.0552 3344 Brserid - ok
09:56:41.0569 3344 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:56:41.0593 3344 BrSerWdm - ok
09:56:41.0600 3344 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:56:41.0626 3344 BrUsbMdm - ok
09:56:41.0638 3344 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:56:41.0656 3344 BrUsbSer - ok
09:56:41.0669 3344 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:56:41.0708 3344 BTHMODEM - ok
09:56:41.0749 3344 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:56:41.0798 3344 bthserv - ok
09:56:41.0826 3344 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:56:41.0881 3344 cdfs - ok
09:56:41.0926 3344 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:56:41.0952 3344 cdrom - ok
09:56:41.0985 3344 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:56:42.0031 3344 CertPropSvc - ok
09:56:42.0043 3344 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:56:42.0071 3344 circlass - ok
09:56:42.0105 3344 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:56:42.0133 3344 CLFS - ok
09:56:42.0181 3344 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:56:42.0213 3344 clr_optimization_v2.0.50727_32 - ok
09:56:42.0255 3344 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:56:42.0271 3344 clr_optimization_v2.0.50727_64 - ok
09:56:42.0342 3344 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:56:42.0360 3344 clr_optimization_v4.0.30319_32 - ok
09:56:42.0391 3344 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:56:42.0408 3344 clr_optimization_v4.0.30319_64 - ok
09:56:42.0419 3344 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:56:42.0447 3344 CmBatt - ok
09:56:42.0459 3344 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:56:42.0477 3344 cmdide - ok
09:56:42.0540 3344 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:56:42.0584 3344 CNG - ok
09:56:42.0596 3344 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:56:42.0616 3344 Compbatt - ok
09:56:42.0649 3344 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:56:42.0677 3344 CompositeBus - ok
09:56:42.0688 3344 COMSysApp - ok
09:56:42.0708 3344 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:56:42.0727 3344 crcdisk - ok
09:56:42.0769 3344 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
09:56:42.0823 3344 CryptSvc - ok
09:56:42.0988 3344 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
09:56:43.0020 3344 cvhsvc - ok
09:56:43.0070 3344 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:56:43.0131 3344 DcomLaunch - ok
09:56:43.0190 3344 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:56:43.0262 3344 defragsvc - ok
09:56:43.0310 3344 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:56:43.0358 3344 DfsC - ok
09:56:43.0400 3344 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:56:43.0466 3344 Dhcp - ok
09:56:43.0487 3344 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:56:43.0549 3344 discache - ok
09:56:43.0582 3344 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:56:43.0600 3344 Disk - ok
09:56:43.0631 3344 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:56:43.0659 3344 Dnscache - ok
09:56:43.0690 3344 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:56:43.0744 3344 dot3svc - ok
09:56:43.0765 3344 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:56:43.0826 3344 DPS - ok
09:56:43.0870 3344 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:56:43.0900 3344 drmkaud - ok
09:56:43.0993 3344 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:56:44.0042 3344 DXGKrnl - ok
09:56:44.0072 3344 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:56:44.0127 3344 EapHost - ok
09:56:44.0343 3344 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:56:44.0408 3344 ebdrv - ok
09:56:44.0587 3344 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:56:44.0606 3344 EFS - ok
09:56:44.0753 3344 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:56:44.0864 3344 ehRecvr - ok
09:56:44.0889 3344 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:56:44.0955 3344 ehSched - ok
09:56:45.0054 3344 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:56:45.0126 3344 elxstor - ok
09:56:45.0167 3344 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:56:45.0214 3344 ErrDev - ok
09:56:45.0271 3344 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:56:45.0370 3344 EventSystem - ok
09:56:45.0399 3344 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:56:45.0459 3344 exfat - ok
09:56:45.0501 3344 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:56:45.0558 3344 fastfat - ok
09:56:45.0695 3344 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:56:45.0730 3344 Fax - ok
09:56:45.0752 3344 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:56:45.0772 3344 fdc - ok
09:56:45.0800 3344 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:56:45.0858 3344 fdPHost - ok
09:56:45.0900 3344 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:56:45.0957 3344 FDResPub - ok
09:56:46.0038 3344 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:56:46.0075 3344 FileInfo - ok
09:56:46.0097 3344 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:56:46.0204 3344 Filetrace - ok
09:56:46.0230 3344 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:56:46.0270 3344 flpydisk - ok
09:56:46.0371 3344 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:56:46.0427 3344 FltMgr - ok
09:56:46.0648 3344 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:56:46.0725 3344 FontCache - ok
09:56:46.0767 3344 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:56:46.0800 3344 FontCache3.0.0.0 - ok
09:56:46.0920 3344 ForceWare Intelligent Application Manager (IAM) (52b58a46beefb238c580b69fd051cb5b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
09:56:46.0952 3344 ForceWare Intelligent Application Manager (IAM) - ok
09:56:47.0163 3344 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:56:47.0183 3344 FsDepends - ok
09:56:47.0211 3344 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
09:56:47.0236 3344 Fs_Rec - ok
09:56:47.0316 3344 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:56:47.0432 3344 fvevol - ok
09:56:47.0500 3344 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:56:47.0535 3344 gagp30kx - ok
09:56:47.0705 3344 GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
09:56:47.0740 3344 GameConsoleService - ok
09:56:47.0867 3344 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:56:48.0005 3344 gpsvc - ok
09:56:48.0242 3344 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
09:56:48.0334 3344 Greg_Service - ok
09:56:48.0476 3344 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:56:48.0507 3344 gupdate - ok
09:56:48.0557 3344 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:56:48.0593 3344 gupdatem - ok
09:56:48.0665 3344 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:56:48.0722 3344 gusvc - ok
09:56:48.0998 3344 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:56:49.0038 3344 hcw85cir - ok
09:56:49.0172 3344 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:56:49.0252 3344 HdAudAddService - ok
09:56:49.0288 3344 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:56:49.0412 3344 HDAudBus - ok
09:56:49.0429 3344 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:56:49.0472 3344 HidBatt - ok
09:56:49.0497 3344 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:56:49.0524 3344 HidBth - ok
09:56:49.0547 3344 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:56:49.0572 3344 HidIr - ok
09:56:49.0603 3344 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
09:56:49.0661 3344 hidserv - ok
09:56:49.0706 3344 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
09:56:49.0730 3344 HidUsb - ok
09:56:49.0905 3344 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:56:50.0014 3344 hkmsvc - ok
09:56:50.0055 3344 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:56:50.0106 3344 HomeGroupListener - ok
09:56:50.0174 3344 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:56:50.0223 3344 HomeGroupProvider - ok
09:56:50.0261 3344 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:56:50.0296 3344 HpSAMD - ok
09:56:50.0428 3344 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:56:50.0495 3344 HTTP - ok
09:56:50.0515 3344 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:56:50.0536 3344 hwpolicy - ok
09:56:50.0585 3344 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:56:50.0620 3344 i8042prt - ok
09:56:50.0703 3344 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:56:50.0732 3344 iaStorV - ok
09:56:50.0882 3344 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:56:50.0889 3344 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:56:50.0889 3344 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:56:51.0043 3344 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:56:51.0101 3344 idsvc - ok
09:56:51.0233 3344 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:56:51.0272 3344 iirsp - ok
09:56:51.0318 3344 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
09:56:51.0396 3344 IJPLMSVC - ok
09:56:51.0509 3344 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:56:51.0655 3344 IKEEXT - ok
09:56:51.0942 3344 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
09:56:52.0017 3344 IntcAzAudAddService - ok
09:56:52.0134 3344 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:56:52.0162 3344 intelide - ok
09:56:52.0203 3344 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:56:52.0225 3344 intelppm - ok
09:56:52.0260 3344 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:56:52.0355 3344 IPBusEnum - ok
09:56:52.0411 3344 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:56:52.0479 3344 IpFilterDriver - ok
09:56:52.0623 3344 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:56:52.0699 3344 iphlpsvc - ok
09:56:52.0720 3344 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:56:52.0742 3344 IPMIDRV - ok
09:56:52.0761 3344 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:56:52.0829 3344 IPNAT - ok
09:56:52.0852 3344 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:56:52.0877 3344 IRENUM - ok
09:56:52.0891 3344 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:56:52.0909 3344 isapnp - ok
09:56:52.0945 3344 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:56:52.0965 3344 iScsiPrt - ok
09:56:52.0981 3344 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:56:52.0997 3344 kbdclass - ok
09:56:53.0025 3344 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:56:53.0049 3344 kbdhid - ok
09:56:53.0078 3344 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:56:53.0107 3344 KeyIso - ok
09:56:53.0138 3344 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:56:53.0155 3344 KSecDD - ok
09:56:53.0227 3344 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:56:53.0246 3344 KSecPkg - ok
09:56:53.0271 3344 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:56:53.0324 3344 ksthunk - ok
09:56:53.0372 3344 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:56:53.0424 3344 KtmRm - ok
09:56:53.0481 3344 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
09:56:53.0541 3344 LanmanServer - ok
09:56:53.0573 3344 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:56:53.0623 3344 LanmanWorkstation - ok
09:56:53.0658 3344 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:56:53.0711 3344 lltdio - ok
09:56:53.0743 3344 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:56:53.0803 3344 lltdsvc - ok
09:56:53.0817 3344 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:56:53.0866 3344 lmhosts - ok
09:56:53.0903 3344 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:56:53.0921 3344 LSI_FC - ok
09:56:53.0947 3344 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:56:53.0965 3344 LSI_SAS - ok
09:56:53.0985 3344 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:56:54.0004 3344 LSI_SAS2 - ok
09:56:54.0050 3344 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:56:54.0068 3344 LSI_SCSI - ok
09:56:54.0109 3344 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:56:54.0166 3344 luafv - ok
09:56:54.0246 3344 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:56:54.0270 3344 Mcx2Svc - ok
09:56:54.0292 3344 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:56:54.0315 3344 megasas - ok
09:56:54.0347 3344 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:56:54.0367 3344 MegaSR - ok
09:56:54.0405 3344 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:56:54.0463 3344 MMCSS - ok
09:56:54.0490 3344 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:56:54.0537 3344 Modem - ok
09:56:54.0570 3344 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:56:54.0590 3344 monitor - ok
09:56:54.0632 3344 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
09:56:54.0653 3344 mouclass - ok
09:56:54.0687 3344 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:56:54.0705 3344 mouhid - ok
09:56:54.0733 3344 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:56:54.0751 3344 mountmgr - ok
09:56:54.0795 3344 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:56:54.0814 3344 mpio - ok
09:56:54.0846 3344 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:56:54.0891 3344 mpsdrv - ok
09:56:55.0078 3344 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
09:56:55.0206 3344 MpsSvc - ok
09:56:55.0270 3344 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:56:55.0335 3344 MRxDAV - ok
09:56:55.0387 3344 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:56:55.0449 3344 mrxsmb - ok
09:56:55.0499 3344 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:56:55.0569 3344 mrxsmb10 - ok
09:56:55.0606 3344 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:56:55.0639 3344 mrxsmb20 - ok
09:56:55.0692 3344 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:56:55.0713 3344 msahci - ok
09:56:55.0772 3344 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:56:55.0794 3344 msdsm - ok
09:56:55.0833 3344 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:56:55.0932 3344 MSDTC - ok
09:56:55.0979 3344 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:56:56.0106 3344 Msfs - ok
09:56:56.0127 3344 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:56:56.0225 3344 mshidkmdf - ok
09:56:56.0252 3344 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:56:56.0286 3344 msisadrv - ok
09:56:56.0357 3344 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:56:56.0449 3344 MSiSCSI - ok
09:56:56.0455 3344 msiserver - ok
09:56:56.0505 3344 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:56:56.0560 3344 MSKSSRV - ok
09:56:56.0593 3344 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:56:56.0647 3344 MSPCLOCK - ok
09:56:56.0692 3344 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:56:56.0745 3344 MSPQM - ok
09:56:57.0003 3344 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:56:57.0052 3344 MsRPC - ok
09:56:57.0102 3344 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:56:57.0138 3344 mssmbios - ok
09:56:57.0176 3344 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:56:57.0281 3344 MSTEE - ok
09:56:57.0302 3344 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:56:57.0345 3344 MTConfig - ok
09:56:57.0397 3344 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:56:57.0442 3344 Mup - ok
09:56:57.0722 3344 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:56:57.0844 3344 napagent - ok
09:56:57.0968 3344 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:56:58.0028 3344 NativeWifiP - ok
09:56:58.0296 3344 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:56:58.0338 3344 NDIS - ok
09:56:58.0386 3344 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:56:58.0442 3344 NdisCap - ok
09:56:58.0473 3344 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:56:58.0528 3344 NdisTapi - ok
09:56:58.0567 3344 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:56:58.0640 3344 Ndisuio - ok
09:56:58.0681 3344 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:56:58.0739 3344 NdisWan - ok
09:56:58.0771 3344 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:56:58.0825 3344 NDProxy - ok
09:56:59.0014 3344 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
09:56:59.0051 3344 Nero BackItUp Scheduler 4.0 - ok
09:56:59.0091 3344 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:56:59.0170 3344 NetBIOS - ok
09:56:59.0209 3344 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:56:59.0259 3344 NetBT - ok
09:56:59.0286 3344 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:56:59.0305 3344 Netlogon - ok
09:56:59.0377 3344 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:56:59.0447 3344 Netman - ok
09:56:59.0513 3344 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:56:59.0568 3344 netprofm - ok
09:56:59.0656 3344 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:56:59.0671 3344 NetTcpPortSharing - ok
09:56:59.0709 3344 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:56:59.0726 3344 nfrd960 - ok
09:56:59.0773 3344 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:56:59.0827 3344 NlaSvc - ok
09:56:59.0858 3344 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:56:59.0909 3344 Npfs - ok
09:56:59.0933 3344 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:56:59.0983 3344 nsi - ok
09:57:00.0028 3344 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:57:00.0074 3344 nsiproxy - ok
09:57:00.0279 3344 nSvcIp (20e179a7fe78b37a02d30c4d34c870e7) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
09:57:00.0320 3344 nSvcIp - ok
09:57:00.0555 3344 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:57:00.0727 3344 Ntfs - ok
09:57:00.0874 3344 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:57:00.0930 3344 Null - ok
09:57:00.0976 3344 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
09:57:01.0005 3344 NVENETFD - ok
09:57:02.0892 3344 nvlddmkm (4628fa8f0cc0d509bc14a223e99d36f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:57:03.0213 3344 nvlddmkm - ok
09:57:03.0420 3344 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
09:57:03.0466 3344 NVNET - ok
09:57:03.0537 3344 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:57:03.0582 3344 nvraid - ok
09:57:03.0618 3344 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:57:03.0666 3344 nvstor - ok
09:57:03.0711 3344 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
09:57:03.0762 3344 nvstor64 - ok
09:57:03.0826 3344 nvsvc (703f996312202d84663f7c8584acaf55) C:\Windows\system32\nvvsvc.exe
09:57:03.0869 3344 nvsvc - ok
09:57:03.0901 3344 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:57:03.0939 3344 nv_agp - ok
09:57:03.0956 3344 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:57:03.0998 3344 ohci1394 - ok
09:57:04.0068 3344 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:57:04.0087 3344 ose - ok
09:57:04.0738 3344 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:57:04.0902 3344 osppsvc - ok
09:57:05.0008 3344 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:57:05.0037 3344 p2pimsvc - ok
09:57:05.0074 3344 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:57:05.0132 3344 p2psvc - ok
09:57:05.0164 3344 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:57:05.0187 3344 Parport - ok
09:57:05.0254 3344 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
09:57:05.0274 3344 partmgr - ok
09:57:05.0390 3344 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:57:05.0453 3344 PcaSvc - ok
09:57:05.0500 3344 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:57:05.0522 3344 pci - ok
09:57:05.0542 3344 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:57:05.0561 3344 pciide - ok
09:57:05.0612 3344 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:57:05.0635 3344 pcmcia - ok
09:57:05.0654 3344 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:57:05.0679 3344 pcw - ok
09:57:05.0748 3344 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:57:05.0827 3344 PEAUTH - ok
09:57:05.0874 3344 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:57:05.0901 3344 PerfHost - ok
09:57:06.0019 3344 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:57:06.0104 3344 pla - ok
09:57:06.0153 3344 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:57:06.0182 3344 PlugPlay - ok
09:57:06.0206 3344 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:57:06.0227 3344 PNRPAutoReg - ok
09:57:06.0258 3344 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:57:06.0288 3344 PNRPsvc - ok
09:57:06.0341 3344 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:57:06.0395 3344 PolicyAgent - ok
09:57:06.0434 3344 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:57:06.0491 3344 Power - ok
09:57:06.0536 3344 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:57:06.0584 3344 PptpMiniport - ok
09:57:06.0609 3344 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:57:06.0632 3344 Processor - ok
09:57:06.0667 3344 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
09:57:06.0691 3344 ProfSvc - ok
09:57:06.0727 3344 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:57:06.0746 3344 ProtectedStorage - ok
09:57:06.0813 3344 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:57:06.0860 3344 Psched - ok
09:57:06.0917 3344 PxHlpa64 (24dd667d22dbd29618947c804e23aa03) C:\Windows\system32\Drivers\PxHlpa64.sys
09:57:06.0933 3344 PxHlpa64 - ok
09:57:07.0073 3344 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:57:07.0119 3344 ql2300 - ok
09:57:07.0250 3344 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:57:07.0268 3344 ql40xx - ok
09:57:07.0329 3344 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:57:07.0359 3344 QWAVE - ok
09:57:07.0380 3344 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:57:07.0425 3344 QWAVEdrv - ok
09:57:07.0435 3344 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:57:07.0512 3344 RasAcd - ok
09:57:07.0565 3344 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:57:07.0613 3344 RasAgileVpn - ok
09:57:07.0642 3344 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:57:07.0698 3344 RasAuto - ok
09:57:07.0727 3344 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:57:07.0778 3344 Rasl2tp - ok
09:57:07.0854 3344 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:57:07.0913 3344 RasMan - ok
09:57:07.0962 3344 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:57:08.0009 3344 RasPppoe - ok
09:57:08.0039 3344 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:57:08.0085 3344 RasSstp - ok
09:57:08.0125 3344 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:57:08.0174 3344 rdbss - ok
09:57:08.0203 3344 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:57:08.0226 3344 rdpbus - ok
09:57:08.0237 3344 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:57:08.0282 3344 RDPCDD - ok
09:57:08.0317 3344 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:57:08.0371 3344 RDPENCDD - ok
09:57:08.0380 3344 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:57:08.0436 3344 RDPREFMP - ok
09:57:08.0475 3344 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
09:57:08.0499 3344 RDPWD - ok
09:57:08.0539 3344 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:57:08.0566 3344 rdyboost - ok
09:57:08.0597 3344 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:57:08.0664 3344 RemoteAccess - ok
09:57:08.0702 3344 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:57:08.0774 3344 RemoteRegistry - ok
09:57:08.0790 3344 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:57:08.0846 3344 RpcEptMapper - ok
09:57:08.0875 3344 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:57:08.0895 3344 RpcLocator - ok
09:57:09.0032 3344 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:57:09.0153 3344 RpcSs - ok
09:57:09.0209 3344 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:57:09.0320 3344 rspndr - ok
09:57:09.0366 3344 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:57:09.0405 3344 SamSs - ok
09:57:09.0481 3344 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:57:09.0539 3344 SASDIFSV - ok
09:57:09.0559 3344 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:57:09.0601 3344 SASKUTIL - ok
09:57:09.0640 3344 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:57:09.0661 3344 sbp2port - ok
09:57:09.0704 3344 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:57:09.0766 3344 SCardSvr - ok
09:57:09.0791 3344 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:57:09.0846 3344 scfilter - ok
09:57:10.0004 3344 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:57:10.0079 3344 Schedule - ok
09:57:10.0160 3344 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:57:10.0217 3344 SCPolicySvc - ok
09:57:10.0278 3344 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:57:10.0307 3344 SDRSVC - ok
09:57:10.0357 3344 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:57:10.0427 3344 secdrv - ok
09:57:10.0455 3344 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:57:10.0516 3344 seclogon - ok
09:57:10.0552 3344 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
09:57:10.0611 3344 SENS - ok
09:57:10.0636 3344 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:57:10.0660 3344 SensrSvc - ok
09:57:10.0680 3344 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:57:10.0701 3344 Serenum - ok
09:57:10.0785 3344 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:57:10.0809 3344 Serial - ok
09:57:10.0836 3344 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:57:10.0883 3344 sermouse - ok
09:57:10.0967 3344 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:57:11.0116 3344 SessionEnv - ok
09:57:11.0158 3344 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:57:11.0233 3344 sffdisk - ok
09:57:11.0251 3344 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:57:11.0299 3344 sffp_mmc - ok
09:57:11.0337 3344 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:57:11.0395 3344 sffp_sd - ok
09:57:11.0421 3344 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:57:11.0469 3344 sfloppy - ok
09:57:11.0693 3344 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
09:57:11.0759 3344 Sftfs - ok
09:57:11.0876 3344 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
09:57:11.0934 3344 sftlist - ok
09:57:11.0973 3344 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
09:57:12.0013 3344 Sftplay - ok
09:57:12.0040 3344 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
09:57:12.0071 3344 Sftredir - ok
09:57:12.0096 3344 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
09:57:12.0135 3344 Sftvol - ok
09:57:12.0185 3344 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
09:57:12.0226 3344 sftvsa - ok
09:57:12.0323 3344 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:57:12.0389 3344 SharedAccess - ok
09:57:12.0427 3344 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:57:12.0494 3344 ShellHWDetection - ok
09:57:12.0562 3344 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:57:12.0582 3344 SiSRaid2 - ok
09:57:12.0615 3344 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:57:12.0636 3344 SiSRaid4 - ok
09:57:12.0680 3344 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:57:12.0744 3344 Smb - ok
09:57:12.0795 3344 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:57:12.0820 3344 SNMPTRAP - ok
09:57:12.0847 3344 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:57:12.0866 3344 spldr - ok
09:57:12.0968 3344 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:57:13.0048 3344 Spooler - ok
09:57:13.0571 3344 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:57:13.0819 3344 sppsvc - ok
09:57:13.0982 3344 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:57:14.0095 3344 sppuinotify - ok
09:57:14.0221 3344 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:57:14.0273 3344 srv - ok
09:57:14.0336 3344 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:57:14.0385 3344 srv2 - ok
09:57:14.0439 3344 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:57:14.0508 3344 srvnet - ok
09:57:14.0550 3344 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:57:14.0650 3344 SSDPSRV - ok
09:57:14.0670 3344 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:57:14.0729 3344 SstpSvc - ok
09:57:14.0764 3344 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:57:14.0784 3344 stexstor - ok
09:57:14.0923 3344 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:57:14.0970 3344 stisvc - ok
09:57:15.0126 3344 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
09:57:15.0140 3344 stllssvr ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0140 3344 stllssvr - detected UnsignedFile.Multi.Generic (1)
09:57:15.0179 3344 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:57:15.0218 3344 swenum - ok
09:57:15.0358 3344 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:57:15.0527 3344 swprv - ok
09:57:15.0789 3344 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:57:15.0856 3344 SysMain - ok
09:57:16.0018 3344 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:57:16.0051 3344 TabletInputService - ok
09:57:16.0279 3344 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:57:16.0399 3344 TapiSrv - ok
09:57:16.0441 3344 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:57:16.0554 3344 TBS - ok
09:57:16.0828 3344 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
09:57:16.0947 3344 Tcpip - ok
09:57:17.0554 3344 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
09:57:17.0653 3344 TCPIP6 - ok
09:57:18.0038 3344 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:57:18.0141 3344 tcpipreg - ok
09:57:18.0206 3344 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:57:18.0245 3344 TDPIPE - ok
09:57:18.0279 3344 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:57:18.0317 3344 TDTCP - ok
09:57:18.0354 3344 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:57:18.0447 3344 tdx - ok
09:57:18.0471 3344 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:57:18.0495 3344 TermDD - ok
09:57:18.0547 3344 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:57:18.0619 3344 TermService - ok
09:57:18.0663 3344 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:57:18.0694 3344 Themes - ok
09:57:18.0737 3344 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:57:18.0793 3344 THREADORDER - ok
09:57:18.0810 3344 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:57:18.0880 3344 TrkWks - ok
09:57:18.0975 3344 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:57:19.0030 3344 TrustedInstaller - ok
09:57:19.0052 3344 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:57:19.0103 3344 tssecsrv - ok
09:57:19.0141 3344 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:57:19.0167 3344 TsUsbFlt - ok
09:57:19.0211 3344 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:57:19.0271 3344 tunnel - ok
09:57:19.0310 3344 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:57:19.0330 3344 uagp35 - ok
09:57:19.0361 3344 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:57:19.0418 3344 udfs - ok
09:57:19.0457 3344 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:57:19.0492 3344 UI0Detect - ok
09:57:19.0530 3344 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:57:19.0550 3344 uliagpkx - ok
09:57:19.0590 3344 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:57:19.0610 3344 umbus - ok
09:57:19.0625 3344 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:57:19.0655 3344 UmPass - ok
09:57:19.0780 3344 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
09:57:19.0798 3344 Updater Service - ok
09:57:19.0872 3344 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:57:20.0004 3344 upnphost - ok
09:57:20.0029 3344 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:57:20.0070 3344 usbccgp - ok
09:57:20.0131 3344 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:57:20.0186 3344 usbcir - ok
09:57:20.0223 3344 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:57:20.0265 3344 usbehci - ok
09:57:20.0364 3344 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:57:20.0437 3344 usbhub - ok
09:57:20.0465 3344 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
09:57:20.0517 3344 usbohci - ok
09:57:20.0550 3344 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:57:20.0592 3344 usbprint - ok
09:57:20.0645 3344 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:57:20.0670 3344 usbscan - ok
09:57:20.0742 3344 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys
09:57:20.0764 3344 usbser - ok
09:57:20.0798 3344 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:57:20.0820 3344 USBSTOR - ok
09:57:20.0834 3344 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:57:20.0872 3344 usbuhci - ok
09:57:20.0994 3344 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
09:57:21.0050 3344 usbvideo - ok
09:57:21.0087 3344 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:57:21.0199 3344 UxSms - ok
09:57:21.0239 3344 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:57:21.0285 3344 VaultSvc - ok
09:57:21.0321 3344 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:57:21.0371 3344 vdrvroot - ok
09:57:21.0497 3344 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:57:21.0640 3344 vds - ok
09:57:21.0684 3344 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:57:21.0731 3344 vga - ok
09:57:21.0770 3344 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:57:21.0853 3344 VgaSave - ok
09:57:21.0884 3344 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:57:21.0908 3344 vhdmp - ok
09:57:21.0942 3344 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:57:21.0962 3344 viaide - ok
09:57:21.0998 3344 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:57:22.0017 3344 volmgr - ok
09:57:22.0130 3344 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:57:22.0158 3344 volmgrx - ok
09:57:22.0189 3344 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:57:22.0214 3344 volsnap - ok
09:57:22.0275 3344 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:57:22.0321 3344 vsmraid - ok
09:57:22.0541 3344 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:57:22.0686 3344 VSS - ok
09:57:22.0842 3344 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
09:57:22.0901 3344 vwifibus - ok
09:57:23.0000 3344 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:57:23.0148 3344 W32Time - ok
09:57:23.0176 3344 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:57:23.0215 3344 WacomPen - ok
09:57:23.0270 3344 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:57:23.0326 3344 WANARP - ok
09:57:23.0346 3344 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:57:23.0400 3344 Wanarpv6 - ok
09:57:23.0595 3344 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:57:23.0642 3344 WatAdminSvc - ok
09:57:23.0917 3344 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:57:24.0008 3344 wbengine - ok
09:57:24.0219 3344 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:57:24.0301 3344 WbioSrvc - ok
09:57:24.0357 3344 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:57:24.0429 3344 wcncsvc - ok
09:57:24.0442 3344 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:57:24.0467 3344 WcsPlugInService - ok
09:57:24.0516 3344 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:57:24.0537 3344 Wd - ok
09:57:24.0676 3344 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:57:24.0754 3344 Wdf01000 - ok
09:57:24.0817 3344 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:57:24.0898 3344 WdiServiceHost - ok
09:57:24.0915 3344 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:57:24.0984 3344 WdiSystemHost - ok
09:57:25.0044 3344 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:57:25.0116 3344 WebClient - ok
09:57:25.0206 3344 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:57:25.0332 3344 Wecsvc - ok
09:57:25.0417 3344 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:57:25.0558 3344 wercplsupport - ok
09:57:25.0599 3344 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:57:25.0689 3344 WerSvc - ok
09:57:25.0808 3344 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:57:25.0866 3344 WfpLwf - ok
09:57:25.0879 3344 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:57:25.0901 3344 WIMMount - ok
09:57:25.0938 3344 WinDefend - ok
09:57:25.0949 3344 WinHttpAutoProxySvc - ok
09:57:26.0094 3344 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:57:26.0153 3344 Winmgmt - ok
09:57:26.0735 3344 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:57:26.0913 3344 WinRM - ok
09:57:27.0361 3344 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:57:27.0409 3344 WinUsb - ok
09:57:27.0593 3344 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:57:27.0706 3344 Wlansvc - ok
09:57:28.0171 3344 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:57:28.0322 3344 wlidsvc - ok
09:57:28.0551 3344 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:57:28.0601 3344 WmiAcpi - ok
09:57:28.0674 3344 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:57:28.0725 3344 wmiApSrv - ok
09:57:28.0759 3344 WMPNetworkSvc - ok
09:57:28.0928 3344 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
09:57:28.0974 3344 WMZuneComm - ok
09:57:28.0997 3344 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:57:29.0047 3344 WPCSvc - ok
09:57:29.0091 3344 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:57:29.0148 3344 WPDBusEnum - ok
09:57:29.0172 3344 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:57:29.0279 3344 ws2ifsl - ok
09:57:29.0316 3344 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
09:57:29.0397 3344 wscsvc - ok
09:57:29.0412 3344 WSearch - ok
09:57:29.0870 3344 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
09:57:30.0055 3344 wuauserv - ok
09:57:30.0309 3344 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:57:30.0421 3344 WudfPf - ok
09:57:30.0464 3344 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:57:30.0564 3344 WUDFRd - ok
09:57:30.0615 3344 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:57:30.0726 3344 wudfsvc - ok
09:57:30.0773 3344 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:57:30.0849 3344 WwanSvc - ok
09:57:32.0335 3344 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
09:57:32.0578 3344 ZuneNetworkSvc - ok
09:57:32.0766 3344 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
09:57:32.0795 3344 ZuneWlanCfgSvc - ok
09:57:32.0820 3344 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:57:34.0001 3344 \Device\Harddisk0\DR0 - ok
09:57:34.0025 3344 Boot (0x1200) (fb10996ac6908e0ab8a46d5e5582c87b) \Device\Harddisk0\DR0\Partition0
09:57:34.0028 3344 \Device\Harddisk0\DR0\Partition0 - ok
09:57:34.0043 3344 Boot (0x1200) (7e281098ee60c7943b572d7cbc2daa64) \Device\Harddisk0\DR0\Partition1
09:57:34.0057 3344 \Device\Harddisk0\DR0\Partition1 - ok
09:57:34.0059 3344 ============================================================
09:57:34.0060 3344 Scan finished
09:57:34.0060 3344 ============================================================
09:57:34.0083 4888 Detected object count: 3
09:57:34.0083 4888 Actual detected object count: 3
09:57:43.0013 4888 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
09:57:43.0014 4888 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:57:43.0021 4888 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:57:43.0021 4888 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:57:43.0027 4888 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
09:57:43.0027 4888 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 16 June 2012 - 10:17 AM

Hi

Please do the following next:

Step 1

Please download Rkill by Grinler and save it to your desktop.
Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.

If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


Step 2

  • Launch Malwarebytes' Anti-Malware (MBAM)
  • Click on the tab update, then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Then on the Scanner tab select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

NOTE: If asked to restart the computer, please do so. You may need to run rkill again - if so please also post the log for this run of rkill

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Step 3

How is your computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 gkdockery

gkdockery
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 16 June 2012 - 11:54 AM

I am still downloading a new update for Malwarebytes....taking awhile, sorry. I will post as soon as I have it.
Here is RKill log


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/16/2012 at 11:48:21.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 06/16/2012 at 11:48:27.

#6 gkdockery

gkdockery
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 16 June 2012 - 02:11 PM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.06.16.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kitten :: KITTEN-PC [administrator]

6/16/2012 1:03:26 PM
mbam-log-2012-06-16 (13-03-26).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 372526
Time elapsed: 1 hour(s), 7 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/16/2012 at 13:14:36.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Program Files\AVAST Software\Avast\defs\12061600\Sf.bin


Rkill completed on 06/16/2012 at 13:15:06.

#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 16 June 2012 - 03:41 PM

Hi

Step 1

Clear the Java cache

Clearing the Java Plug-in cache forces the browser to load the latest versions of web pages and programs.

To clear the Java Plug-in cache:

  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel. The Java Control Panel appears.
  • Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  • Click Delete Files. The Delete Temporary Files dialog box appears.
  • Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click OK on Temporary Files Settings window.
    Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.


Step 2


Right click on Security check on your desktop, and click Run as Administrator
Post the log that appears in your next reply.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 gkdockery

gkdockery
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 16 June 2012 - 04:12 PM

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.60.1.1000
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.0.1.152 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 16 June 2012 - 05:07 PM

How is your computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 gkdockery

gkdockery
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 16 June 2012 - 08:22 PM

It seems to be doing great. Is my system still infected?

#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 16 June 2012 - 08:48 PM

Hi

Ok great.

Lets do another scan to look for anything the others may not have picked up:

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 01 July 2012 - 08:08 AM

Hi

Are you still with me?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users