Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/ZAccess found


  • This topic is locked This topic is locked
9 replies to this topic

#1 Daishi

Daishi

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 05 July 2012 - 11:20 AM

total defense anti virus found this the other day, it keeps giving me pop up ads. i ran malwarebytes but that found nothing. im running windows 7.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:07 AM

Posted 05 July 2012 - 01:17 PM

Hello Daishi, Lets try a couple more and see how it is.
Are you on a router? Are other machines on it,if so are they redirecting?
What browser is this affecting?

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


>>>

Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Daishi

Daishi
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 05 July 2012 - 05:16 PM

MiniToolBox by Farbar Version: 25-06-2012
Ran by jeff (administrator) on 05-07-2012 at 17:52:10
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR9002WB-1NG Wireless Network Adapter = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Daishi
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 14-DA-E9-40-F2-1E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9002WB-1NG Wireless Network Adapter
Physical Address. . . . . . . . . : 74-2F-68-79-82-F5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2d78:16a3:3ad2:11f8%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, June 29, 2012 7:13:23 PM
Lease Expires . . . . . . . . . . : Friday, July 06, 2012 7:13:31 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 242495336
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-CA-6D-59-74-2F-68-79-82-F5
DNS Servers . . . . . . . . . . . : 10.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{D1E4B032-CE13-4772-B9EE-1ADCFB9A15F1}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.228.102] with 32 bytes of data:
Reply from 74.125.228.102: bytes=32 time=18ms TTL=51
Reply from 74.125.228.102: bytes=32 time=19ms TTL=51

Ping statistics for 74.125.228.102:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 19ms, Average = 18ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=55ms TTL=46
Reply from 209.191.122.70: bytes=32 time=55ms TTL=46

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 55ms, Maximum = 55ms, Average = 55ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 4ms, Average = 3ms
===========================================================================
Interface List
12...14 da e9 40 f2 1e ......Realtek PCIe GBE Family Controller
11...74 2f 68 79 82 f5 ......Atheros AR9002WB-1NG Wireless Network Adapter
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.2 25
10.0.0.0 255.255.255.0 On-link 10.0.0.2 281
10.0.0.2 255.255.255.255 On-link 10.0.0.2 281
10.0.0.255 255.255.255.255 On-link 10.0.0.2 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::2d78:16a3:3ad2:11f8/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\VetRedir.dll [95568] (Computer Associates International, Inc.)
Catalog9 02 C:\Windows\SysWOW64\VetRedir.dll [95568] (Computer Associates International, Inc.)
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 C:\Windows\SysWOW64\VetRedir.dll [95568] (Computer Associates International, Inc.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\VetRedir64.dll [103760] (Computer Associates International, Inc.)
x64-Catalog9 02 C:\Windows\System32\VetRedir64.dll [103760] (Computer Associates International, Inc.)
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog9 12 mswsock.dll [File Not found] ()
x64-Catalog9 13 mswsock.dll [File Not found] ()
x64-Catalog9 14 C:\Windows\System32\VetRedir64.dll [103760] (Computer Associates International, Inc.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/05/2012 05:49:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x4febb13c
Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ff1ec29
Exception code: 0xc0000005
Fault offset: 0x6d10e279
Faulting process id: 0xe480
Faulting application start time: 0xhl2.exe0
Faulting application path: hl2.exe1
Faulting module path: hl2.exe2
Report Id: hl2.exe3

Error: (07/04/2012 10:06:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 13.0.1.4548, time stamp: 0x4fda5ff0
Faulting module name: mozalloc.dll, version: 13.0.1.4548, time stamp: 0x4fda4c02
Exception code: 0x80000003
Fault offset: 0x000019be
Faulting process id: 0x6364
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/04/2012 10:01:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x4febb13c
Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ff1ec29
Exception code: 0xc0000005
Fault offset: 0x6352e279
Faulting process id: 0x7528
Faulting application start time: 0xhl2.exe0
Faulting application path: hl2.exe1
Faulting module path: hl2.exe2
Report Id: hl2.exe3

Error: (07/04/2012 05:38:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x4febb13c
Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ff1ec29
Exception code: 0xc0000005
Fault offset: 0x6352e279
Faulting process id: 0x6ff8
Faulting application start time: 0xhl2.exe0
Faulting application path: hl2.exe1
Faulting module path: hl2.exe2
Report Id: hl2.exe3

Error: (07/04/2012 03:07:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x4febb13c
Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ff1ec29
Exception code: 0xc0000005
Fault offset: 0x637ce279
Faulting process id: 0x5284
Faulting application start time: 0xhl2.exe0
Faulting application path: hl2.exe1
Faulting module path: hl2.exe2
Report Id: hl2.exe3

Error: (07/04/2012 02:31:24 AM) (Source: Application Error) (User: )
Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x4febb13c
Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ff1ec29
Exception code: 0xc0000005
Fault offset: 0x637ce279
Faulting process id: 0x6244
Faulting application start time: 0xhl2.exe0
Faulting application path: hl2.exe1
Faulting module path: hl2.exe2
Report Id: hl2.exe3

Error: (07/04/2012 01:58:02 AM) (Source: Application Error) (User: )
Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x4febb13c
Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ff1ec29
Exception code: 0xc0000005
Fault offset: 0x637ce279
Faulting process id: 0x6ec0
Faulting application start time: 0xhl2.exe0
Faulting application path: hl2.exe1
Faulting module path: hl2.exe2
Report Id: hl2.exe3

Error: (07/03/2012 11:45:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x4febb13c
Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ff1ec29
Exception code: 0xc0000005
Fault offset: 0x637ce279
Faulting process id: 0x6ce8
Faulting application start time: 0xhl2.exe0
Faulting application path: hl2.exe1
Faulting module path: hl2.exe2
Report Id: hl2.exe3

Error: (07/03/2012 04:41:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x4febb13c
Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ff1ec29
Exception code: 0xc0000005
Fault offset: 0x637ce279
Faulting process id: 0x5e9c
Faulting application start time: 0xhl2.exe0
Faulting application path: hl2.exe1
Faulting module path: hl2.exe2
Report Id: hl2.exe3

Error: (07/03/2012 01:53:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_3_300_262.exe, version: 11.3.300.262, time stamp: 0x4fe20fae
Faulting module name: NPSWF32_11_3_300_262.dll, version: 11.3.300.262, time stamp: 0x4fe21212
Exception code: 0xc0000005
Fault offset: 0x00490fb1
Faulting process id: 0x52a4
Faulting application start time: 0xFlashPlayerPlugin_11_3_300_262.exe0
Faulting application path: FlashPlayerPlugin_11_3_300_262.exe1
Faulting module path: FlashPlayerPlugin_11_3_300_262.exe2
Report Id: FlashPlayerPlugin_11_3_300_262.exe3


System errors:
=============
Error: (07/04/2012 07:45:12 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (07/02/2012 03:56:04 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/29/2012 05:55:36 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/28/2012 10:40:34 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/26/2012 07:06:18 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (06/20/2012 06:23:08 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/19/2012 02:54:20 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/19/2012 02:49:57 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (06/19/2012 02:49:57 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (06/17/2012 08:41:02 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Microsoft Office Sessions:
=========================
Error: (07/05/2012 05:49:58 PM) (Source: Application Error)(User: )
Description: hl2.exe0.0.0.04febb13cfilesystem_steam.dll_unloaded0.0.0.04ff1ec29c00000056d10e279e48001cd5af7a84c4d56c:\program files (x86)\steam\steamapps\drunkenzergling\team fortress 2\hl2.exefilesystem_steam.dll5cf3cd1c-c6eb-11e1-bcfa-742f6879bbd2

Error: (07/04/2012 10:06:32 PM) (Source: Application Error)(User: )
Description: plugin-container.exe13.0.1.45484fda5ff0mozalloc.dll13.0.1.45484fda4c0280000003000019be636401cd5a52bb182baeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll09b12374-c646-11e1-bcfa-742f6879bbd2

Error: (07/04/2012 10:01:51 PM) (Source: Application Error)(User: )
Description: hl2.exe0.0.0.04febb13cfilesystem_steam.dll_unloaded0.0.0.04ff1ec29c00000056352e279752801cd5a50b25de6a3c:\program files (x86)\steam\steamapps\drunkenzergling\team fortress 2\hl2.exefilesystem_steam.dll62bc82b4-c645-11e1-bcfa-742f6879bbd2

Error: (07/04/2012 05:38:02 PM) (Source: Application Error)(User: )
Description: hl2.exe0.0.0.04febb13cfilesystem_steam.dll_unloaded0.0.0.04ff1ec29c00000056352e2796ff801cd5a2aa41eb92dc:\program files (x86)\steam\steamapps\drunkenzergling\team fortress 2\hl2.exefilesystem_steam.dll87ea46ac-c620-11e1-bcfa-742f6879bbd2

Error: (07/04/2012 03:07:09 PM) (Source: Application Error)(User: )
Description: hl2.exe0.0.0.04febb13cfilesystem_steam.dll_unloaded0.0.0.04ff1ec29c0000005637ce279528401cd59b674573053c:\program files (x86)\steam\steamapps\drunkenzergling\team fortress 2\hl2.exefilesystem_steam.dll73697a2e-c60b-11e1-bcfa-742f6879bbd2

Error: (07/04/2012 02:31:24 AM) (Source: Application Error)(User: )
Description: hl2.exe0.0.0.04febb13cfilesystem_steam.dll_unloaded0.0.0.04ff1ec29c0000005637ce279624401cd59adfe04326ac:\program files (x86)\steam\steamapps\drunkenzergling\team fortress 2\hl2.exefilesystem_steam.dlle02e2488-c5a1-11e1-bcfa-742f6879bbd2

Error: (07/04/2012 01:58:02 AM) (Source: Application Error)(User: )
Description: hl2.exe0.0.0.04febb13cfilesystem_steam.dll_unloaded0.0.0.04ff1ec29c0000005637ce2796ec001cd59a7c4b6edc2c:\program files (x86)\steam\steamapps\drunkenzergling\team fortress 2\hl2.exefilesystem_steam.dll36e3e32c-c59d-11e1-bcfa-742f6879bbd2

Error: (07/03/2012 11:45:24 PM) (Source: Application Error)(User: )
Description: hl2.exe0.0.0.04febb13cfilesystem_steam.dll_unloaded0.0.0.04ff1ec29c0000005637ce2796ce801cd59940052f01ac:\program files (x86)\steam\steamapps\drunkenzergling\team fortress 2\hl2.exefilesystem_steam.dllaf90eff6-c58a-11e1-bcfa-742f6879bbd2

Error: (07/03/2012 04:41:00 PM) (Source: Application Error)(User: )
Description: hl2.exe0.0.0.04febb13cfilesystem_steam.dll_unloaded0.0.0.04ff1ec29c0000005637ce2795e9c01cd5959c6b46a26c:\program files (x86)\steam\steamapps\drunkenzergling\team fortress 2\hl2.exefilesystem_steam.dll654676d9-c54f-11e1-bcfa-742f6879bbd2

Error: (07/03/2012 01:53:56 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_3_300_262.exe11.3.300.2624fe20faeNPSWF32_11_3_300_262.dll11.3.300.2624fe21212c000000500490fb152a401cd58d4ff8520e2C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll0ea25b8d-c538-11e1-bcfa-742f6879bbd2


=========================== Installed Programs ============================

??????? Windows Live Mesh ActiveX ??(????) (Version: 15.4.5722.2)
??????? Windows Live Mesh ActiveX ??? (Version: 15.4.5722.2)
ABBYY FineReader 9.0 Sprint (Version: 9.00.595.5857)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ASUS AI Recovery (Version: 1.0.23)
ASUS FaceLogon (Version: 1.0.0013)
ASUS Live Update (Version: 3.1.2)
ASUS Power4Gear Hybrid (Version: 1.2.0)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0040)
ASUS USB Charger Plus (Version: 2.0.8)
ASUS Virtual Camera (Version: 1.0.25)
ASUS WebStorage (Version: 3.0.84.161)
AsusScr_G74 Series_ENG (Version: 1.0.0001)
AsusVibe2.0 (Version: 2.0.10.168)
Atheros Client Installation Program (Version: 7.0)
ATK Package (Version: 1.0.0015)
Avadon: The Black Fortress
BitComet 1.31 64-bit (Version: 1.31)
Bonjour (Version: 3.0.0.10)
Borderlands
Botanicula
Braid
CA Anti-Virus Plus (Version: 3.0.0.428)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)
Control ActiveX de Windows Live Mesh para conexiones remotas (Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (Version: 15.4.5722.2)
CyberLink LabelPrint (Version: 2.5.1908)
CyberLink Power2Go (Version: 6.1.3602c)
D3DX10 (Version: 15.4.2368.0902)
Desura (Version: 100.53)
Diablo II
DirectX 9 Runtime (Version: 1.00.0000)
Dungeons of Dredmor
erLT (Version: 1.20.0137)
ExpressGateCloud (Version: 2.6.27.160)
Faerie Solitaire
FileZilla Client 3.5.3 (Version: 3.5.3)
Finger Sensing Pad Driver (Version: 9.1.3.5)
Fresco Logic USB3.0 Host Controller (Version: 3.5.30.0)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
GameFast.exe (Version: 1.0.0.1)
Google Chrome (Version: 20.0.1132.47)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.111)
Hacker Evolution Duality
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1118)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 32 (Version: 6.0.320)
Junk Mail filter update (Version: 15.4.3502.0922)
Killing Floor
Left 4 Dead
Left 4 Dead 2
Lexmark S410 Series Uninstaller
Logitech SetPoint 5.20 (Version: 5.20)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MotoHelper 2.1.32 Driver 5.4.0 (Version: 2.1.32)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nuance PDF Reader (Version: 6.00.0041)
NVIDIA 3D Vision Driver 268.37 (Version: 268.37)
NVIDIA Control Panel 268.37 (Version: 268.37)
NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.265.41.0)
NVIDIA PhysX v8.10.29 (Version: 8.10.29)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6837)
Realtek Ethernet Controller Driver (Version: 7.44.421.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6564)
Realtek USB 2.0 Reader Driver (Version: 6.1.7600.10001)
Rotation Desktop for G Series.exe (Version: 1.0.0.9)
Roxio AACS Certificate (Version: 1.0.0)
Roxio CinePlayer (Version: 5.8)
Roxio CinePlayer (Version: 5.8.58232.1)
Sandboxie 3.70 (64-bit) (Version: 3.70)
SEGA Genesis & Mega Drive Classics
Shoot Many Robots
Sid Meier's Civilization V
Sins of a Solar Empire: Trinity
SpeedFan (remove only)
Steam (Version: 1.0.0.0)
Steel Storm: Burning Retribution
Swords and Soldiers HD
syncables desktop SE (Version: 5.5.746.11492)
Team Fortress 2
The Binding Of Isaac
THX TruStudio (Version: 1.03.01)
Toki Tori
Total Defense Anti-Virus Plus (Version: 8.0.0.87)
Trend Micro Titanium Internet Security (Version: 3.0)
Trend Micro Titanium Internet Security (Version: 3.00)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
User's Guides (Version: 1.20.0000)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Video Booth (Version: 2.3.9.6)
VLC media player 2.0.1 (Version: 2.0.1)
Warhammer 40,000: Dawn of War – Dark Crusade
Warhammer 40,000: Dawn of War – Soulstorm
Warhammer 40,000: Dawn of War – Winter Assault
Windosill
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinFlash (Version: 2.32.0)
WinRAR 4.11 (32-bit) (Version: 4.11.0)
Wireless Console 3 (Version: 3.0.27)
Worms Reloaded

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 12265.16 MB
Available physical RAM: 8479.15 MB
Total Pagefile: 24528.51 MB
Available Pagefile: 20667.56 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.92 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:22.41 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:213.96 GB) NTFS
3 Drive e: (Lexmark S410 Ser) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\DAISHI

Administrator Guest jeff


**** End of log ****


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.05.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jeff :: DAISHI [administrator]

Protection: Disabled

7/5/2012 6:01:46 PM
mbam-log-2012-07-05 (18-01-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213685
Time elapsed: 7 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)


18:11:36.0417 57368 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
18:11:37.0197 57368 ============================================================
18:11:37.0197 57368 Current date / time: 2012/07/05 18:11:37.0197
18:11:37.0197 57368 SystemInfo:
18:11:37.0197 57368
18:11:37.0197 57368 OS Version: 6.1.7601 ServicePack: 1.0
18:11:37.0197 57368 Product type: Workstation
18:11:37.0197 57368 ComputerName: DAISHI
18:11:37.0197 57368 UserName: jeff
18:11:37.0197 57368 Windows directory: C:\Windows
18:11:37.0197 57368 System windows directory: C:\Windows
18:11:37.0197 57368 Running under WOW64
18:11:37.0197 57368 Processor architecture: Intel x64
18:11:37.0197 57368 Number of processors: 8
18:11:37.0197 57368 Page size: 0x1000
18:11:37.0197 57368 Boot type: Normal boot
18:11:37.0197 57368 ============================================================
18:11:37.0711 57368 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:11:37.0727 57368 ============================================================
18:11:37.0727 57368 \Device\Harddisk0\DR0:
18:11:37.0727 57368 MBR partitions:
18:11:37.0727 57368 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
18:11:37.0743 57368 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
18:11:37.0743 57368 ============================================================
18:11:37.0774 57368 C: <-> \Device\Harddisk0\DR0\Partition0
18:11:37.0821 57368 D: <-> \Device\Harddisk0\DR0\Partition1
18:11:37.0821 57368 ============================================================
18:11:37.0821 57368 Initialize success
18:11:37.0821 57368 ============================================================
18:12:09.0255 58040 ============================================================
18:12:09.0255 58040 Scan started
18:12:09.0255 58040 Mode: Manual; TDLFS;
18:12:09.0255 58040 ============================================================
18:12:10.0440 58040 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:12:10.0440 58040 1394ohci - ok
18:12:10.0549 58040 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
18:12:10.0565 58040 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
18:12:10.0596 58040 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:12:10.0596 58040 ACPI - ok
18:12:10.0596 58040 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:12:10.0612 58040 AcpiPmi - ok
18:12:10.0659 58040 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:12:10.0659 58040 adp94xx - ok
18:12:10.0705 58040 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:12:10.0705 58040 adpahci - ok
18:12:10.0721 58040 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:12:10.0721 58040 adpu320 - ok
18:12:10.0752 58040 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:12:10.0752 58040 AeLookupSvc - ok
18:12:10.0815 58040 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:12:10.0830 58040 AFD - ok
18:12:10.0846 58040 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:12:10.0846 58040 agp440 - ok
18:12:10.0877 58040 AiCharger (16f6f6b7903b913ab41ab848c8bb5658) C:\Windows\system32\DRIVERS\AiCharger.sys
18:12:10.0877 58040 AiCharger - ok
18:12:10.0893 58040 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:12:10.0893 58040 ALG - ok
18:12:10.0908 58040 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:12:10.0924 58040 aliide - ok
18:12:10.0924 58040 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:12:10.0924 58040 amdide - ok
18:12:10.0939 58040 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:12:10.0939 58040 AmdK8 - ok
18:12:10.0939 58040 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:12:10.0939 58040 AmdPPM - ok
18:12:10.0971 58040 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:12:10.0971 58040 amdsata - ok
18:12:10.0986 58040 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:12:11.0002 58040 amdsbs - ok
18:12:11.0017 58040 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:12:11.0017 58040 amdxata - ok
18:12:11.0095 58040 Amsp (e8494519bcb9e3b1b72e5604993a76e3) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
18:12:11.0095 58040 Amsp - ok
18:12:11.0127 58040 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:12:11.0127 58040 AppID - ok
18:12:11.0142 58040 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:12:11.0158 58040 AppIDSvc - ok
18:12:11.0158 58040 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:12:11.0173 58040 Appinfo - ok
18:12:11.0267 58040 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:12:11.0267 58040 Apple Mobile Device - ok
18:12:11.0283 58040 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:12:11.0283 58040 arc - ok
18:12:11.0298 58040 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:12:11.0298 58040 arcsas - ok
18:12:11.0361 58040 ASLDRService (a3626c6d3f2dc95497f3f61842d7fd89) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
18:12:11.0361 58040 ASLDRService - ok
18:12:11.0376 58040 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
18:12:11.0376 58040 ASMMAP64 - ok
18:12:11.0423 58040 AsusUacSvc (b6ef28ecee73b624d56df30ad562ae8d) C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
18:12:11.0423 58040 AsusUacSvc - ok
18:12:11.0439 58040 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:12:11.0439 58040 AsyncMac - ok
18:12:11.0470 58040 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:12:11.0470 58040 atapi - ok
18:12:11.0485 58040 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
18:12:11.0485 58040 AthBTPort - ok
18:12:11.0532 58040 Atheros Bt&Wlan Coex Agent (4c4a576818ea028257c624ae36ff7a03) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
18:12:11.0532 58040 Atheros Bt&Wlan Coex Agent - ok
18:12:11.0548 58040 AtherosSvc (21753130331188c4b474e1d3b396e629) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
18:12:11.0548 58040 AtherosSvc - ok
18:12:11.0641 58040 athr (b4174564ad5834a1680610572477878c) C:\Windows\system32\DRIVERS\athrx.sys
18:12:11.0657 58040 athr - ok
18:12:11.0719 58040 ATKGFNEXSrv (dbc598e47e7a382e60e2a4745d41fef9) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
18:12:11.0719 58040 ATKGFNEXSrv - ok
18:12:11.0766 58040 ATKWMIACPIIO_ (41ceaffcf3550785e59e3ec9bee8d97a) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
18:12:11.0782 58040 ATKWMIACPIIO_ - ok
18:12:11.0875 58040 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:12:11.0875 58040 AudioEndpointBuilder - ok
18:12:11.0875 58040 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:12:11.0891 58040 AudioSrv - ok
18:12:11.0922 58040 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:12:11.0922 58040 AxInstSV - ok
18:12:11.0969 58040 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:12:11.0969 58040 b06bdrv - ok
18:12:12.0016 58040 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:12:12.0016 58040 b57nd60a - ok
18:12:12.0031 58040 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:12:12.0031 58040 BDESVC - ok
18:12:12.0047 58040 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:12:12.0047 58040 Beep - ok
18:12:12.0094 58040 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:12:12.0125 58040 BFE - ok
18:12:12.0172 58040 BITCOMET_HELPER_SERVICE - ok
18:12:12.0219 58040 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:12:12.0234 58040 BITS - ok
18:12:12.0281 58040 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:12:12.0281 58040 blbdrive - ok
18:12:12.0359 58040 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:12:12.0359 58040 Bonjour Service - ok
18:12:12.0390 58040 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:12:12.0390 58040 bowser - ok
18:12:12.0406 58040 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:12:12.0406 58040 BrFiltLo - ok
18:12:12.0406 58040 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:12:12.0406 58040 BrFiltUp - ok
18:12:12.0437 58040 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:12:12.0437 58040 Browser - ok
18:12:12.0468 58040 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:12:12.0468 58040 Brserid - ok
18:12:12.0484 58040 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:12:12.0484 58040 BrSerWdm - ok
18:12:12.0484 58040 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:12:12.0484 58040 BrUsbMdm - ok
18:12:12.0484 58040 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:12:12.0499 58040 BrUsbSer - ok
18:12:12.0546 58040 bsitf (14922ea7cb40e6dc993ba8433d91f468) C:\Program Files (x86)\ASUS\WinFlash\bsitf64.sys
18:12:12.0562 58040 bsitf - ok
18:12:12.0593 58040 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
18:12:12.0609 58040 BTATH_A2DP - ok
18:12:12.0624 58040 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
18:12:12.0624 58040 BTATH_BUS - ok
18:12:12.0640 58040 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
18:12:12.0640 58040 BTATH_HCRP - ok
18:12:12.0655 58040 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
18:12:12.0655 58040 BTATH_LWFLT - ok
18:12:12.0671 58040 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
18:12:12.0687 58040 BTATH_RCP - ok
18:12:12.0718 58040 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
18:12:12.0718 58040 BTCFilterService - ok
18:12:12.0749 58040 BtFilter (aa0f5afcf077c5246589b32eceeae566) C:\Windows\system32\DRIVERS\btfilter.sys
18:12:12.0765 58040 BtFilter - ok
18:12:12.0796 58040 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:12:12.0796 58040 BthEnum - ok
18:12:12.0827 58040 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:12:12.0827 58040 BTHMODEM - ok
18:12:12.0843 58040 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:12:12.0843 58040 BthPan - ok
18:12:12.0874 58040 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:12:12.0889 58040 BTHPORT - ok
18:12:12.0921 58040 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:12:12.0921 58040 bthserv - ok
18:12:12.0936 58040 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:12:12.0936 58040 BTHUSB - ok
18:12:13.0030 58040 CAAMSvc (51e0078586bf3ac6813cedacfb220fef) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
18:12:13.0030 58040 CAAMSvc - ok
18:12:13.0061 58040 CaCCProvSP (6ece8a5033d3788feaf2bb37aedbce9b) C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
18:12:13.0061 58040 CaCCProvSP - ok
18:12:13.0108 58040 CAISafe (e0f7e8b3ec79db2a191b42fcc06f17e6) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
18:12:13.0108 58040 CAISafe - ok
18:12:13.0123 58040 ccSchedulerSVC (0194d2dbbd8a19b6b4bcd3fc21dec978) C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
18:12:13.0139 58040 ccSchedulerSVC - ok
18:12:13.0217 58040 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:12:13.0217 58040 cdfs - ok
18:12:13.0248 58040 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:12:13.0248 58040 cdrom - ok
18:12:13.0295 58040 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:12:13.0295 58040 CertPropSvc - ok
18:12:13.0311 58040 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:12:13.0311 58040 circlass - ok
18:12:13.0357 58040 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:12:13.0373 58040 CLFS - ok
18:12:13.0420 58040 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:12:13.0420 58040 clr_optimization_v2.0.50727_32 - ok
18:12:13.0467 58040 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:12:13.0467 58040 clr_optimization_v2.0.50727_64 - ok
18:12:13.0513 58040 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:12:13.0529 58040 clr_optimization_v4.0.30319_32 - ok
18:12:13.0545 58040 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:12:13.0560 58040 clr_optimization_v4.0.30319_64 - ok
18:12:13.0591 58040 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:12:13.0591 58040 CmBatt - ok
18:12:13.0607 58040 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:12:13.0607 58040 cmdide - ok
18:12:13.0654 58040 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:12:13.0654 58040 CNG - ok
18:12:13.0685 58040 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:12:13.0685 58040 Compbatt - ok
18:12:13.0701 58040 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:12:13.0701 58040 CompositeBus - ok
18:12:13.0716 58040 COMSysApp - ok
18:12:13.0732 58040 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:12:13.0732 58040 crcdisk - ok
18:12:13.0810 58040 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
18:12:13.0810 58040 Creative ALchemy AL6 Licensing Service - ok
18:12:13.0825 58040 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
18:12:13.0825 58040 Creative Audio Engine Licensing Service - ok
18:12:13.0872 58040 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:12:13.0872 58040 CryptSvc - ok
18:12:13.0903 58040 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:12:13.0903 58040 DcomLaunch - ok
18:12:13.0935 58040 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:12:13.0950 58040 defragsvc - ok
18:12:13.0997 58040 Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
18:12:13.0997 58040 Desura Install Service - ok
18:12:14.0044 58040 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:12:14.0044 58040 DfsC - ok
18:12:14.0075 58040 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:12:14.0091 58040 Dhcp - ok
18:12:14.0106 58040 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:12:14.0106 58040 discache - ok
18:12:14.0122 58040 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:12:14.0137 58040 Disk - ok
18:12:14.0153 58040 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:12:14.0169 58040 Dnscache - ok
18:12:14.0169 58040 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:12:14.0184 58040 dot3svc - ok
18:12:14.0200 58040 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:12:14.0200 58040 DPS - ok
18:12:14.0215 58040 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:12:14.0215 58040 drmkaud - ok
18:12:14.0262 58040 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:12:14.0262 58040 DXGKrnl - ok
18:12:14.0278 58040 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:12:14.0278 58040 EapHost - ok
18:12:14.0371 58040 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:12:14.0387 58040 ebdrv - ok
18:12:14.0543 58040 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:12:14.0543 58040 EFS - ok
18:12:14.0605 58040 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:12:14.0605 58040 ehRecvr - ok
18:12:14.0621 58040 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:12:14.0637 58040 ehSched - ok
18:12:14.0668 58040 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:12:14.0683 58040 elxstor - ok
18:12:14.0683 58040 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:12:14.0683 58040 ErrDev - ok
18:12:14.0730 58040 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:12:14.0730 58040 EventSystem - ok
18:12:14.0746 58040 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:12:14.0761 58040 exfat - ok
18:12:14.0777 58040 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:12:14.0777 58040 fastfat - ok
18:12:14.0808 58040 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:12:14.0824 58040 Fax - ok
18:12:14.0839 58040 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:12:14.0839 58040 fdc - ok
18:12:14.0855 58040 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:12:14.0855 58040 fdPHost - ok
18:12:14.0871 58040 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:12:14.0871 58040 FDResPub - ok
18:12:14.0886 58040 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:12:14.0886 58040 FileInfo - ok
18:12:14.0886 58040 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:12:14.0902 58040 Filetrace - ok
18:12:14.0902 58040 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:12:14.0902 58040 flpydisk - ok
18:12:14.0933 58040 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:12:14.0933 58040 FltMgr - ok
18:12:14.0980 58040 FLxHCIc (bfda4d45d7c3e278d46f5bb0e5348c56) C:\Windows\system32\DRIVERS\FLxHCIc.sys
18:12:14.0980 58040 FLxHCIc - ok
18:12:14.0995 58040 FLxHCIh (7dab83e54f868806d919384ac3def762) C:\Windows\system32\DRIVERS\FLxHCIh.sys
18:12:14.0995 58040 FLxHCIh - ok
18:12:15.0058 58040 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:12:15.0089 58040 FontCache - ok
18:12:15.0151 58040 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:12:15.0151 58040 FontCache3.0.0.0 - ok
18:12:15.0183 58040 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:12:15.0183 58040 FsDepends - ok
18:12:15.0198 58040 fspad_win764 (3dfa8d4e50d608f8f732014614c84dd2) C:\Windows\system32\DRIVERS\fspad_win764.sys
18:12:15.0198 58040 fspad_win764 - ok
18:12:15.0245 58040 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
18:12:15.0245 58040 fssfltr - ok
18:12:15.0370 58040 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:12:15.0385 58040 fsssvc - ok
18:12:15.0479 58040 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:12:15.0479 58040 Fs_Rec - ok
18:12:15.0526 58040 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:12:15.0526 58040 fvevol - ok
18:12:15.0541 58040 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:12:15.0541 58040 gagp30kx - ok
18:12:15.0588 58040 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:12:15.0588 58040 GEARAspiWDM - ok
18:12:15.0635 58040 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:12:15.0651 58040 gpsvc - ok
18:12:15.0744 58040 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:12:15.0744 58040 gupdate - ok
18:12:15.0760 58040 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:12:15.0760 58040 gupdatem - ok
18:12:15.0807 58040 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:12:15.0807 58040 gusvc - ok
18:12:15.0838 58040 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:12:15.0838 58040 hcw85cir - ok
18:12:15.0885 58040 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:12:15.0885 58040 HdAudAddService - ok
18:12:15.0931 58040 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:12:15.0931 58040 HDAudBus - ok
18:12:15.0947 58040 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:12:15.0947 58040 HidBatt - ok
18:12:15.0947 58040 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:12:15.0963 58040 HidBth - ok
18:12:15.0963 58040 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:12:15.0978 58040 HidIr - ok
18:12:15.0994 58040 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:12:15.0994 58040 hidserv - ok
18:12:16.0009 58040 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:12:16.0009 58040 HidUsb - ok
18:12:16.0025 58040 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:12:16.0025 58040 hkmsvc - ok
18:12:16.0072 58040 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:12:16.0072 58040 HomeGroupListener - ok
18:12:16.0103 58040 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:12:16.0103 58040 HomeGroupProvider - ok
18:12:16.0119 58040 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:12:16.0119 58040 HpSAMD - ok
18:12:16.0165 58040 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:12:16.0181 58040 HTTP - ok
18:12:16.0197 58040 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:12:16.0197 58040 hwpolicy - ok
18:12:16.0228 58040 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:12:16.0228 58040 i8042prt - ok
18:12:16.0259 58040 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
18:12:16.0259 58040 iaStor - ok
18:12:16.0306 58040 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:12:16.0306 58040 iaStorV - ok
18:12:16.0384 58040 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:12:16.0399 58040 idsvc - ok
18:12:16.0415 58040 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:12:16.0431 58040 iirsp - ok
18:12:16.0477 58040 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:12:16.0493 58040 IKEEXT - ok
18:12:16.0665 58040 IntcAzAudAddService (602788bf364d43e5878aa1b4f85c232b) C:\Windows\system32\drivers\RTKVHD64.sys
18:12:16.0696 58040 IntcAzAudAddService - ok
18:12:16.0789 58040 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:12:16.0789 58040 intelide - ok
18:12:16.0805 58040 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:12:16.0821 58040 intelppm - ok
18:12:16.0852 58040 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:12:16.0852 58040 IPBusEnum - ok
18:12:16.0867 58040 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:12:16.0867 58040 IpFilterDriver - ok
18:12:16.0883 58040 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:12:16.0883 58040 IPMIDRV - ok
18:12:16.0899 58040 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:12:16.0914 58040 IPNAT - ok
18:12:16.0992 58040 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
18:12:16.0992 58040 iPod Service - ok
18:12:17.0023 58040 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:12:17.0023 58040 IRENUM - ok
18:12:17.0023 58040 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:12:17.0039 58040 isapnp - ok
18:12:17.0055 58040 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:12:17.0055 58040 iScsiPrt - ok
18:12:17.0070 58040 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:12:17.0070 58040 kbdclass - ok
18:12:17.0086 58040 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:12:17.0101 58040 kbdhid - ok
18:12:17.0133 58040 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
18:12:17.0133 58040 kbfiltr - ok
18:12:17.0226 58040 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:12:17.0242 58040 KeyIso - ok
18:12:17.0257 58040 KmxAgent (77481d3753f6dcb0a499c3a01460dc00) C:\Windows\system32\DRIVERS\kmxagent.sys
18:12:17.0257 58040 KmxAgent - ok
18:12:17.0273 58040 KmxAMRT (c30a499e4a05fa7c1b2b1325953f12d4) C:\Windows\system32\DRIVERS\KmxAMRT.sys
18:12:17.0289 58040 KmxAMRT - ok
18:12:17.0304 58040 KmxCfg (2fa4cb9dca3ed83583659670f3b40916) C:\Windows\system32\DRIVERS\kmxcfg.sys
18:12:17.0304 58040 KmxCfg - ok
18:12:17.0320 58040 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:12:17.0320 58040 KSecDD - ok
18:12:17.0335 58040 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:12:17.0351 58040 KSecPkg - ok
18:12:17.0367 58040 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:12:17.0382 58040 ksthunk - ok
18:12:17.0398 58040 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:12:17.0413 58040 KtmRm - ok
18:12:17.0445 58040 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
18:12:17.0445 58040 L1C - ok
18:12:17.0476 58040 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:12:17.0476 58040 LanmanServer - ok
18:12:17.0491 58040 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:12:17.0507 58040 LanmanWorkstation - ok
18:12:17.0523 58040 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:12:17.0523 58040 LHidFilt - ok
18:12:17.0554 58040 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:12:17.0554 58040 lltdio - ok
18:12:17.0585 58040 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:12:17.0585 58040 lltdsvc - ok
18:12:17.0601 58040 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:12:17.0616 58040 lmhosts - ok
18:12:17.0616 58040 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:12:17.0632 58040 LMouFilt - ok
18:12:17.0694 58040 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:12:17.0694 58040 LMS - ok
18:12:17.0741 58040 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:12:17.0741 58040 LSI_FC - ok
18:12:17.0757 58040 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:12:17.0757 58040 LSI_SAS - ok
18:12:17.0772 58040 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:12:17.0772 58040 LSI_SAS2 - ok
18:12:17.0772 58040 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:12:17.0788 58040 LSI_SCSI - ok
18:12:17.0803 58040 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:12:17.0803 58040 luafv - ok
18:12:17.0835 58040 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
18:12:17.0835 58040 MBAMProtector - ok
18:12:17.0866 58040 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:12:17.0881 58040 MBAMService - ok
18:12:17.0897 58040 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
18:12:17.0897 58040 MBfilt - ok
18:12:17.0928 58040 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:12:17.0928 58040 Mcx2Svc - ok
18:12:17.0944 58040 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:12:17.0944 58040 megasas - ok
18:12:17.0991 58040 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:12:17.0991 58040 MegaSR - ok
18:12:18.0022 58040 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
18:12:18.0022 58040 MEIx64 - ok
18:12:18.0037 58040 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:12:18.0053 58040 MMCSS - ok
18:12:18.0069 58040 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:12:18.0069 58040 Modem - ok
18:12:18.0100 58040 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:12:18.0100 58040 monitor - ok
18:12:18.0131 58040 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
18:12:18.0131 58040 motandroidusb - ok
18:12:18.0178 58040 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
18:12:18.0178 58040 motccgp - ok
18:12:18.0193 58040 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
18:12:18.0193 58040 motccgpfl - ok
18:12:18.0209 58040 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
18:12:18.0225 58040 motmodem - ok
18:12:18.0271 58040 MotoHelper (9dfd34e6841c460b5d992a1c5327ae69) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
18:12:18.0271 58040 MotoHelper - ok
18:12:18.0287 58040 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
18:12:18.0303 58040 MotoSwitchService - ok
18:12:18.0318 58040 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
18:12:18.0318 58040 Motousbnet - ok
18:12:18.0381 58040 motport (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motport.sys
18:12:18.0396 58040 motport - ok
18:12:18.0396 58040 motusbdevice (d075b1d964a314d240f5498773ee89df) C:\Windows\system32\DRIVERS\motusbdevice.sys
18:12:18.0396 58040 motusbdevice - ok
18:12:18.0443 58040 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:12:18.0443 58040 mouclass - ok
18:12:18.0474 58040 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:12:18.0474 58040 mouhid - ok
18:12:18.0505 58040 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:12:18.0505 58040 mountmgr - ok
18:12:18.0552 58040 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:12:18.0552 58040 MozillaMaintenance - ok
18:12:18.0568 58040 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:12:18.0583 58040 mpio - ok
18:12:18.0599 58040 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:12:18.0615 58040 mpsdrv - ok
18:12:18.0615 58040 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:12:18.0630 58040 MRxDAV - ok
18:12:18.0661 58040 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:12:18.0661 58040 mrxsmb - ok
18:12:18.0693 58040 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:12:18.0693 58040 mrxsmb10 - ok
18:12:18.0708 58040 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:12:18.0724 58040 mrxsmb20 - ok
18:12:18.0739 58040 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:12:18.0739 58040 msahci - ok
18:12:18.0755 58040 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:12:18.0755 58040 msdsm - ok
18:12:18.0786 58040 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:12:18.0786 58040 MSDTC - ok
18:12:18.0802 58040 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:12:18.0802 58040 Msfs - ok
18:12:18.0817 58040 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:12:18.0833 58040 mshidkmdf - ok
18:12:18.0833 58040 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:12:18.0849 58040 msisadrv - ok
18:12:18.0880 58040 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:12:18.0880 58040 MSiSCSI - ok
18:12:18.0880 58040 msiserver - ok
18:12:18.0895 58040 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:12:18.0895 58040 MSKSSRV - ok
18:12:18.0911 58040 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:12:18.0911 58040 MSPCLOCK - ok
18:12:18.0927 58040 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:12:18.0927 58040 MSPQM - ok
18:12:18.0958 58040 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:12:18.0958 58040 MsRPC - ok
18:12:18.0973 58040 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:12:18.0973 58040 mssmbios - ok
18:12:18.0989 58040 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:12:18.0989 58040 MSTEE - ok
18:12:18.0989 58040 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:12:19.0005 58040 MTConfig - ok
18:12:19.0005 58040 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:12:19.0020 58040 Mup - ok
18:12:19.0051 58040 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:12:19.0067 58040 napagent - ok
18:12:19.0098 58040 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:12:19.0098 58040 NativeWifiP - ok
18:12:19.0161 58040 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
18:12:19.0176 58040 NDIS - ok
18:12:19.0192 58040 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:12:19.0207 58040 NdisCap - ok
18:12:19.0223 58040 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:12:19.0239 58040 NdisTapi - ok
18:12:19.0254 58040 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:12:19.0254 58040 Ndisuio - ok
18:12:19.0270 58040 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:12:19.0270 58040 NdisWan - ok
18:12:19.0301 58040 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:12:19.0317 58040 NDProxy - ok
18:12:19.0332 58040 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:12:19.0332 58040 NetBIOS - ok
18:12:19.0348 58040 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:12:19.0363 58040 NetBT - ok
18:12:19.0457 58040 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:12:19.0457 58040 Netlogon - ok
18:12:19.0504 58040 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:12:19.0519 58040 Netman - ok
18:12:19.0551 58040 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:12:19.0566 58040 netprofm - ok
18:12:19.0613 58040 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:12:19.0613 58040 NetTcpPortSharing - ok
18:12:19.0644 58040 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:12:19.0644 58040 nfrd960 - ok
18:12:19.0675 58040 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:12:19.0691 58040 NlaSvc - ok
18:12:19.0707 58040 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:12:19.0707 58040 Npfs - ok
18:12:19.0722 58040 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:12:19.0738 58040 nsi - ok
18:12:19.0738 58040 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:12:19.0738 58040 nsiproxy - ok
18:12:19.0816 58040 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:12:19.0863 58040 Ntfs - ok
18:12:19.0941 58040 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:12:19.0941 58040 Null - ok
18:12:19.0972 58040 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
18:12:19.0987 58040 NVHDA - ok
18:12:20.0471 58040 nvlddmkm (b6d7d3ebb1401b04b48f40c3d0ce5b09) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:12:20.0533 58040 nvlddmkm - ok
18:12:20.0611 58040 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:12:20.0611 58040 nvraid - ok
18:12:20.0627 58040 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:12:20.0643 58040 nvstor - ok
18:12:20.0705 58040 NVSvc (1c594d199180864cbea5fa0b0b55287a) C:\Windows\system32\nvvsvc.exe
18:12:20.0721 58040 NVSvc - ok
18:12:20.0752 58040 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:12:20.0767 58040 nv_agp - ok
18:12:20.0767 58040 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:12:20.0767 58040 ohci1394 - ok
18:12:20.0799 58040 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:12:20.0799 58040 p2pimsvc - ok
18:12:20.0830 58040 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:12:20.0830 58040 p2psvc - ok
18:12:20.0845 58040 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:12:20.0861 58040 Parport - ok
18:12:20.0877 58040 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:12:20.0892 58040 partmgr - ok
18:12:20.0939 58040 Partner Service (9665402b7fa59302d520ad845ddfc026) C:\ProgramData\Partner\Partner.exe
18:12:20.0939 58040 Partner Service - ok
18:12:20.0955 58040 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:12:20.0970 58040 PcaSvc - ok
18:12:20.0986 58040 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:12:20.0986 58040 pci - ok
18:12:21.0017 58040 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:12:21.0017 58040 pciide - ok
18:12:21.0048 58040 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:12:21.0048 58040 pcmcia - ok
18:12:21.0079 58040 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:12:21.0079 58040 pcw - ok
18:12:21.0111 58040 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:12:21.0126 58040 PEAUTH - ok
18:12:21.0204 58040 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:12:21.0204 58040 PerfHost - ok
18:12:21.0282 58040 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:12:21.0329 58040 pla - ok
18:12:21.0391 58040 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:12:21.0391 58040 PlugPlay - ok
18:12:21.0407 58040 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:12:21.0407 58040 PNRPAutoReg - ok
18:12:21.0438 58040 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:12:21.0438 58040 PNRPsvc - ok
18:12:21.0485 58040 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
18:12:21.0501 58040 Point64 - ok
18:12:21.0532 58040 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:12:21.0532 58040 PolicyAgent - ok
18:12:21.0579 58040 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:12:21.0594 58040 Power - ok
18:12:21.0625 58040 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:12:21.0625 58040 PptpMiniport - ok
18:12:21.0641 58040 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:12:21.0641 58040 Processor - ok
18:12:21.0672 58040 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:12:21.0688 58040 ProfSvc - ok
18:12:21.0719 58040 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:12:21.0719 58040 ProtectedStorage - ok
18:12:21.0750 58040 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:12:21.0766 58040 Psched - ok
18:12:21.0781 58040 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:12:21.0797 58040 PxHlpa64 - ok
18:12:21.0859 58040 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:12:21.0875 58040 ql2300 - ok
18:12:21.0969 58040 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:12:21.0969 58040 ql40xx - ok
18:12:22.0000 58040 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:12:22.0015 58040 QWAVE - ok
18:12:22.0031 58040 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:12:22.0031 58040 QWAVEdrv - ok
18:12:22.0031 58040 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:12:22.0031 58040 RasAcd - ok
18:12:22.0047 58040 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:12:22.0062 58040 RasAgileVpn - ok
18:12:22.0078 58040 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:12:22.0078 58040 RasAuto - ok
18:12:22.0093 58040 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:12:22.0093 58040 Rasl2tp - ok
18:12:22.0140 58040 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:12:22.0140 58040 RasMan - ok
18:12:22.0156 58040 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:12:22.0156 58040 RasPppoe - ok
18:12:22.0187 58040 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:12:22.0187 58040 RasSstp - ok
18:12:22.0218 58040 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:12:22.0218 58040 rdbss - ok
18:12:22.0234 58040 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:12:22.0234 58040 rdpbus - ok
18:12:22.0249 58040 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:12:22.0249 58040 RDPCDD - ok
18:12:22.0265 58040 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:12:22.0265 58040 RDPENCDD - ok
18:12:22.0281 58040 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:12:22.0281 58040 RDPREFMP - ok
18:12:22.0312 58040 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:12:22.0327 58040 RDPWD - ok
18:12:22.0343 58040 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:12:22.0343 58040 rdyboost - ok
18:12:22.0374 58040 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:12:22.0390 58040 RemoteAccess - ok
18:12:22.0405 58040 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:12:22.0421 58040 RemoteRegistry - ok
18:12:22.0452 58040 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:12:22.0452 58040 RFCOMM - ok
18:12:22.0468 58040 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:12:22.0468 58040 RpcEptMapper - ok
18:12:22.0483 58040 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:12:22.0499 58040 RpcLocator - ok
18:12:22.0530 58040 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:12:22.0530 58040 RpcSs - ok
18:12:22.0546 58040 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:12:22.0546 58040 rspndr - ok
18:12:22.0593 58040 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
18:12:22.0593 58040 RSUSBVSTOR - ok
18:12:22.0624 58040 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:12:22.0639 58040 RTL8167 - ok
18:12:22.0671 58040 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:12:22.0671 58040 SamSs - ok
18:12:22.0780 58040 SbieDrv (ba76fa5696032c977ee4d5b4c5c83cfd) C:\Program Files\Sandboxie\SbieDrv.sys
18:12:22.0780 58040 SbieDrv - ok
18:12:22.0795 58040 SbieSvc (b424965d749c8ba5c493a2242141ba3b) C:\Program Files\Sandboxie\SbieSvc.exe
18:12:22.0795 58040 SbieSvc - ok
18:12:22.0827 58040 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:12:22.0827 58040 sbp2port - ok
18:12:22.0858 58040 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:12:22.0873 58040 SCardSvr - ok
18:12:22.0889 58040 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:12:22.0889 58040 scfilter - ok
18:12:22.0936 58040 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:12:22.0967 58040 Schedule - ok
18:12:22.0983 58040 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:12:22.0998 58040 SCPolicySvc - ok
18:12:23.0014 58040 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:12:23.0014 58040 SDRSVC - ok
18:12:23.0061 58040 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:12:23.0061 58040 secdrv - ok
18:12:23.0076 58040 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:12:23.0076 58040 seclogon - ok
18:12:23.0107 58040 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:12:23.0107 58040 SENS - ok
18:12:23.0123 58040 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:12:23.0123 58040 SensrSvc - ok
18:12:23.0139 58040 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
18:12:23.0139 58040 Serenum - ok
18:12:23.0154 58040 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:12:23.0170 58040 Serial - ok
18:12:23.0170 58040 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:12:23.0185 58040 sermouse - ok
18:12:23.0201 58040 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:12:23.0217 58040 SessionEnv - ok
18:12:23.0217 58040 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:12:23.0217 58040 sffdisk - ok
18:12:23.0217 58040 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:12:23.0217 58040 sffp_mmc - ok
18:12:23.0232 58040 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:12:23.0232 58040 sffp_sd - ok
18:12:23.0248 58040 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:12:23.0248 58040 sfloppy - ok
18:12:23.0279 58040 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:12:23.0279 58040 ShellHWDetection - ok
18:12:23.0295 58040 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
18:12:23.0295 58040 SiSGbeLH - ok
18:12:23.0310 58040 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:12:23.0310 58040 SiSRaid2 - ok
18:12:23.0310 58040 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:12:23.0310 58040 SiSRaid4 - ok
18:12:23.0326 58040 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:12:23.0326 58040 Smb - ok
18:12:23.0341 58040 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:12:23.0341 58040 SNMPTRAP - ok
18:12:23.0404 58040 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
18:12:23.0419 58040 speedfan - ok
18:12:23.0435 58040 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:12:23.0435 58040 spldr - ok
18:12:23.0466 58040 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:12:23.0497 58040 Spooler - ok
18:12:23.0591 58040 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:12:23.0653 58040 sppsvc - ok
18:12:23.0716 58040 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:12:23.0716 58040 sppuinotify - ok
18:12:23.0794 58040 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:12:23.0809 58040 srv - ok
18:12:23.0825 58040 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:12:23.0841 58040 srv2 - ok
18:12:23.0856 58040 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:12:23.0872 58040 srvnet - ok
18:12:23.0903 58040 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:12:23.0903 58040 SSDPSRV - ok
18:12:23.0919 58040 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:12:23.0919 58040 SstpSvc - ok
18:12:23.0981 58040 Steam Client Service - ok
18:12:24.0028 58040 Stereo Service (1d26267eb061652a0419698e7cf06d72) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:12:24.0043 58040 Stereo Service - ok
18:12:24.0059 58040 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:12:24.0059 58040 stexstor - ok
18:12:24.0106 58040 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:12:24.0137 58040 stisvc - ok
18:12:24.0137 58040 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:12:24.0153 58040 swenum - ok
18:12:24.0184 58040 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:12:24.0199 58040 swprv - ok
18:12:24.0262 58040 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:12:24.0324 58040 SysMain - ok
18:12:24.0387 58040 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:12:24.0402 58040 TabletInputService - ok
18:12:24.0418 58040 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:12:24.0433 58040 TapiSrv - ok
18:12:24.0449 58040 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:12:24.0449 58040 TBS - ok
18:12:24.0605 58040 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:12:24.0636 58040 Tcpip - ok
18:12:24.0777 58040 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:12:24.0792 58040 TCPIP6 - ok
18:12:24.0886 58040 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:12:24.0886 58040 tcpipreg - ok
18:12:24.0901 58040 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:12:24.0901 58040 TDPIPE - ok
18:12:24.0917 58040 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:12:24.0933 58040 TDTCP - ok
18:12:24.0964 58040 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:12:24.0964 58040 tdx - ok
18:12:24.0979 58040 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
18:12:24.0979 58040 TermDD - ok
18:12:25.0026 58040 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:12:25.0042 58040 TermService - ok
18:12:25.0057 58040 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:12:25.0057 58040 Themes - ok
18:12:25.0089 58040 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:12:25.0089 58040 THREADORDER - ok
18:12:25.0151 58040 TiMiniService (69d76ce06bb629b69165c81d83a4b03e) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
18:12:25.0151 58040 TiMiniService - ok
18:12:25.0182 58040 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
18:12:25.0182 58040 tmactmon - ok
18:12:25.0198 58040 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
18:12:25.0213 58040 tmcomm - ok
18:12:25.0229 58040 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
18:12:25.0229 58040 tmevtmgr - ok
18:12:25.0260 58040 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
18:12:25.0260 58040 tmtdi - ok
18:12:25.0291 58040 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:12:25.0307 58040 TrkWks - ok
18:12:25.0338 58040 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:12:25.0354 58040 TrustedInstaller - ok
18:12:25.0369 58040 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:12:25.0385 58040 tssecsrv - ok
18:12:25.0401 58040 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:12:25.0401 58040 TsUsbFlt - ok
18:12:25.0416 58040 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:12:25.0416 58040 TsUsbGD - ok
18:12:25.0432 58040 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:12:25.0432 58040 tunnel - ok
18:12:25.0463 58040 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
18:12:25.0463 58040 TurboB - ok
18:12:25.0510 58040 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:12:25.0510 58040 TurboBoost - ok
18:12:25.0525 58040 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:12:25.0525 58040 uagp35 - ok
18:12:25.0541 58040 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:12:25.0541 58040 udfs - ok
18:12:25.0572 58040 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:12:25.0572 58040 UI0Detect - ok
18:12:25.0603 58040 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:12:25.0603 58040 uliagpkx - ok
18:12:25.0619 58040 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:12:25.0635 58040 umbus - ok
18:12:25.0635 58040 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:12:25.0650 58040 UmPass - ok
18:12:25.0713 58040 UmxEngine (af950f62e5fc72ffdb7363f72600b21c) C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
18:12:25.0713 58040 UmxEngine - ok
18:12:25.0869 58040 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:12:25.0884 58040 UNS - ok
18:12:25.0993 58040 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:12:25.0993 58040 upnphost - ok
18:12:26.0040 58040 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:12:26.0040 58040 usbccgp - ok
18:12:26.0071 58040 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:12:26.0087 58040 usbcir - ok
18:12:26.0103 58040 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:12:26.0103 58040 usbehci - ok
18:12:26.0149 58040 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:12:26.0149 58040 usbhub - ok
18:12:26.0165 58040 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:12:26.0165 58040 usbohci - ok
18:12:26.0196 58040 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:12:26.0196 58040 usbprint - ok
18:12:26.0227 58040 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:12:26.0243 58040 usbscan - ok
18:12:26.0259 58040 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:12:26.0259 58040 USBSTOR - ok
18:12:26.0274 58040 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:12:26.0290 58040 usbuhci - ok
18:12:26.0321 58040 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:12:26.0321 58040 usbvideo - ok
18:12:26.0352 58040 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:12:26.0352 58040 UxSms - ok
18:12:26.0383 58040 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:12:26.0399 58040 VaultSvc - ok
18:12:26.0399 58040 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:12:26.0415 58040 vdrvroot - ok
18:12:26.0430 58040 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:12:26.0461 58040 vds - ok
18:12:26.0493 58040 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:12:26.0493 58040 vga - ok
18:12:26.0508 58040 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:12:26.0508 58040 VgaSave - ok
18:12:26.0524 58040 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:12:26.0524 58040 vhdmp - ok
18:12:26.0539 58040 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:12:26.0539 58040 viaide - ok
18:12:26.0571 58040 VideAceWindowsService (c37ce43fb54066ffb540729c6e6e194e) C:\ExpressGateUtil\VAWinService.exe
18:12:26.0571 58040 VideAceWindowsService - ok
18:12:26.0602 58040 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:12:26.0602 58040 volmgr - ok
18:12:26.0633 58040 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:12:26.0649 58040 volmgrx - ok
18:12:26.0664 58040 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:12:26.0680 58040 volsnap - ok
18:12:26.0695 58040 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:12:26.0695 58040 vsmraid - ok
18:12:26.0758 58040 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:12:26.0789 58040 VSS - ok
18:12:26.0867 58040 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:12:26.0883 58040 vwifibus - ok
18:12:26.0883 58040 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:12:26.0898 58040 vwififlt - ok
18:12:26.0914 58040 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:12:26.0929 58040 W32Time - ok
18:12:26.0929 58040 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:12:26.0945 58040 WacomPen - ok
18:12:26.0976 58040 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:12:26.0976 58040 WANARP - ok
18:12:26.0976 58040 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:12:26.0976 58040 Wanarpv6 - ok
18:12:27.0070 58040 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:12:27.0085 58040 WatAdminSvc - ok
18:12:27.0148 58040 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:12:27.0195 58040 wbengine - ok
18:12:27.0257 58040 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:12:27.0257 58040 WbioSrvc - ok
18:12:27.0288 58040 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:12:27.0304 58040 wcncsvc - ok
18:12:27.0319 58040 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:12:27.0319 58040 WcsPlugInService - ok
18:12:27.0351 58040 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:12:27.0351 58040 Wd - ok
18:12:27.0397 58040 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:12:27.0413 58040 Wdf01000 - ok
18:12:27.0429 58040 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:12:27.0444 58040 WdiServiceHost - ok
18:12:27.0444 58040 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:12:27.0444 58040 WdiSystemHost - ok
18:12:27.0460 58040 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:12:27.0475 58040 WebClient - ok
18:12:27.0491 58040 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:12:27.0491 58040 Wecsvc - ok
18:12:27.0507 58040 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:12:27.0522 58040 wercplsupport - ok
18:12:27.0538 58040 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:12:27.0553 58040 WerSvc - ok
18:12:27.0585 58040 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:12:27.0585 58040 WfpLwf - ok
18:12:27.0631 58040 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
18:12:27.0647 58040 WimFltr - ok
18:12:27.0647 58040 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:12:27.0663 58040 WIMMount - ok
18:12:27.0663 58040 WinHttpAutoProxySvc - ok
18:12:27.0709 58040 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:12:27.0709 58040 Winmgmt - ok
18:12:27.0787 58040 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:12:27.0865 58040 WinRM - ok
18:12:27.0975 58040 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:12:27.0975 58040 WinUsb - ok
18:12:28.0021 58040 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:12:28.0053 58040 Wlansvc - ok
18:12:28.0099 58040 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:12:28.0099 58040 wlcrasvc - ok
18:12:28.0333 58040 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:12:28.0333 58040 wlidsvc - ok
18:12:28.0427 58040 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:12:28.0427 58040 WmiAcpi - ok
18:12:28.0474 58040 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:12:28.0489 58040 wmiApSrv - ok
18:12:28.0521 58040 WMPNetworkSvc - ok
18:12:28.0552 58040 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:12:28.0567 58040 WPCSvc - ok
18:12:28.0583 58040 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:12:28.0583 58040 WPDBusEnum - ok
18:12:28.0599 58040 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:12:28.0599 58040 ws2ifsl - ok
18:12:28.0614 58040 WSearch - ok
18:12:28.0723 58040 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:12:28.0770 58040 wuauserv - ok
18:12:28.0833 58040 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:12:28.0848 58040 WudfPf - ok
18:12:28.0879 58040 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:12:28.0879 58040 WUDFRd - ok
18:12:28.0911 58040 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:12:28.0911 58040 wudfsvc - ok
18:12:28.0926 58040 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:12:28.0942 58040 WwanSvc - ok
18:12:28.0973 58040 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:12:29.0347 58040 \Device\Harddisk0\DR0 - ok
18:12:29.0347 58040 Boot (0x1200) (b64a48bfd40272b21c9532b283e55dd8) \Device\Harddisk0\DR0\Partition0
18:12:29.0347 58040 \Device\Harddisk0\DR0\Partition0 - ok
18:12:29.0379 58040 Boot (0x1200) (d0deeca99d7bd27e22e0d3ec366e5ebd) \Device\Harddisk0\DR0\Partition1
18:12:29.0379 58040 \Device\Harddisk0\DR0\Partition1 - ok
18:12:29.0379 58040 ============================================================
18:12:29.0379 58040 Scan finished
18:12:29.0379 58040 ============================================================
18:12:29.0379 56264 Detected object count: 0
18:12:29.0379 56264 Actual detected object count: 0


i am using a router but the only thing connected to it is this pc and a printer.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:07 AM

Posted 05 July 2012 - 07:20 PM

Hi, thanks for the info. Looks like you most likely grabbed the Rootkit from a Torrent download. Continuing tii yse that will continue to infect you.

We still need to do a couple other steps.

First reset the Winsock catalog.

Please Download this file, Click Me
Right-click on winsockfix.bat and click on Run as Administrator.


>>>

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.


How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Daishi

Daishi
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 06 July 2012 - 01:51 PM

winsockfix.bat couldn't find the wshelper.dll, but here are the other logs. it's running about the same as before.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-06 00:07:52
-----------------------------
00:07:52.483 OS Version: Windows x64 6.1.7601 Service Pack 1
00:07:52.483 Number of processors: 8 586 0x2A07
00:07:52.483 ComputerName: DAISHI UserName: jeff
00:07:57.329 Initialize success
00:08:27.581 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:08:27.584 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
00:08:27.608 Disk 0 MBR read successfully
00:08:27.610 Disk 0 MBR scan
00:08:27.612 Disk 0 Windows 7 default MBR code
00:08:27.618 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
00:08:27.634 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 190776 MB offset 52430848
00:08:27.637 Disk 0 Partition - 00 0F Extended LBA 260562 MB offset 443140096
00:08:27.687 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 260561 MB offset 443142144
00:08:27.702 Disk 0 scanning C:\Windows\system32\drivers
00:08:39.144 Service scanning
00:08:54.043 Modules scanning
00:08:54.043 Disk 0 trace - called modules:
00:08:54.059 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
00:08:54.059 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800aa4c790]
00:08:54.075 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800a24fe40]
00:08:54.075 5 ACPI.sys[fffff88000f8c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a252050]
00:08:54.075 Scan finished successfully
00:09:11.632 Disk 0 MBR has been saved successfully to "C:\Users\jeff\Desktop\MBR.dat"
00:09:11.648 The log file has been saved successfully to "C:\Users\jeff\Desktop\aswMBR.txt"


ESET
C:\Users\jeff\AppData\Local\Temp\ICReinstall\cnet2_camsnap2_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\jeff\AppData\Local\Temp\ICReinstall\cnet2_MyCam_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\jeff\AppData\Local\Temp\ICReinstall\cnet2_VideoBooth-2_3_9_6_Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\jeff\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\n Win64/Sirefef.W trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\jeff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5d64020a-73dae95a a variant of Java/Exploit.CVE-2012-0507.BZ trojan deleted - quarantined
C:\Users\jeff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\5031db0b-3a8d137e a variant of Java/Exploit.CVE-2012-0507.BZ trojan deleted - quarantined
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory multiple threats

Edited by Daishi, 06 July 2012 - 01:52 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:07 AM

Posted 06 July 2012 - 02:08 PM

How is it running now?

ReRun Minitoolbox with Only ths checked.
•List Winsock Entries
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Daishi

Daishi
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 06 July 2012 - 02:51 PM

im still getting the pop up ads, other then that it seems to be running fine.


MiniToolBox by Farbar Version: 25-06-2012
Ran by jeff (administrator) on 06-07-2012 at 15:50:07
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\VetRedir.dll [95568] (Computer Associates International, Inc.)
Catalog9 02 C:\Windows\SysWOW64\VetRedir.dll [95568] (Computer Associates International, Inc.)
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 C:\Windows\SysWOW64\VetRedir.dll [95568] (Computer Associates International, Inc.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\VetRedir64.dll [103760] (Computer Associates International, Inc.)
x64-Catalog9 02 C:\Windows\System32\VetRedir64.dll [103760] (Computer Associates International, Inc.)
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog9 12 mswsock.dll [File Not found] ()
x64-Catalog9 13 mswsock.dll [File Not found] ()
x64-Catalog9 14 C:\Windows\System32\VetRedir64.dll [103760] (Computer Associates International, Inc.)

**** End of log ****

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:07 AM

Posted 06 July 2012 - 03:33 PM

Ok its still in there And we will need some specialized tools to get it out.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Daishi

Daishi
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 06 July 2012 - 10:19 PM

i made a new post here http://www.bleepingcomputer.com/forums/topic459599.html, gmer wouldn't let me select everything.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:07 AM

Posted 07 July 2012 - 04:51 PM

Closed a nrw topic has a reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users