Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many issues, Looking for professional help - Definite virus


  • Please log in to reply
11 replies to this topic

#1 Ailments

Ailments

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 19 May 2013 - 06:51 PM

Hello,

 I have been using a Gateway NV55S Windows 7 Home Premium for about a year and a half. I haven't noticed any real problems in this time. However, upon closer inspection I've noticed many problems.The Windows Security Center disables itself automatically and Windows Defender closes seconds after being opened. Every now and again, google will redirect me to ads, and following other threads with similar problems, and different programs such as Rkill and aswMBR and Tdsskiller and Malwarebytes; It would seem I have a Win32: Vitro virus and perhaps more. My main concern is getting the security center running and stopping any further damage to my computer. Any help would be appreciated and I'll try to do whatever i need. Thanks.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:36 AM

Posted 19 May 2013 - 06:56 PM

Hello and welcome.. Appears you are infected so lets run these and see how it is after.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>>



EDIT sorry ,troubles with the editor

Edited by boopme, 19 May 2013 - 07:02 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:36 AM

Posted 19 May 2013 - 07:04 PM

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.
 
[url=http://www.bleepingcomputer.com/download/tdsskiller/dl/4/


Edited by boopme, 23 May 2013 - 08:00 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:36 AM

Posted 19 May 2013 - 07:04 PM

Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

>>>>>>
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by boopme, 30 May 2013 - 09:22 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Ailments

Ailments
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 19 May 2013 - 07:08 PM

Ok, I've complete the minitoolbox and posting it.

 

 

MiniToolBox by Farbar  Version:21-04-2013
Ran by Scott (administrator) on 19-05-2013 at 19:05:25
Running from "C:\Users\Scott\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================
 
Atheros AR5B97 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Batcomputer
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 16-DE-2B-60-F7-FA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter
   Physical Address. . . . . . . . . : 74-DE-2B-60-F7-FA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::354e:904e:620f:6d42%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.169.5(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, May 19, 2013 5:47:33 PM
   Lease Expires . . . . . . . . . . : Monday, May 20, 2013 6:47:38 PM
   Default Gateway . . . . . . . . . : 192.168.169.1
   DHCP Server . . . . . . . . . . . : 192.168.169.1
   DHCPv6 IAID . . . . . . . . . . . : 309648939
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-47-AB-CE-DC-0E-A1-0D-4A-20
   DNS Servers . . . . . . . . . . . : 192.168.169.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : DC-0E-A1-0D-4A-20
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.ch2.cmm1.lmc1a-west.ftth.conxxus.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{A99D402F-6DDF-4C14-B30C-F6D20EE216D1}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.PXE.ACER.COM:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.169.1
 
Name:    google.com
Addresses:  2607:f8b0:4009:804::1002
 173.194.46.36
 173.194.46.37
 173.194.46.46
 173.194.46.40
 173.194.46.34
 173.194.46.41
 173.194.46.38
 173.194.46.32
 173.194.46.35
 173.194.46.39
 173.194.46.33
 
 
Pinging google.com [173.194.46.36] with 32 bytes of data:
Reply from 173.194.46.36: bytes=32 time=17ms TTL=53
Reply from 173.194.46.36: bytes=32 time=15ms TTL=53
 
Ping statistics for 173.194.46.36:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 17ms, Average = 16ms
Server:  UnKnown
Address:  192.168.169.1
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=1287ms TTL=47
Reply from 98.139.183.24: bytes=32 time=1003ms TTL=47
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1003ms, Maximum = 1287ms, Average = 1145ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...16 de 2b 60 f7 fa ......Microsoft Virtual WiFi Miniport Adapter
 12...74 de 2b 60 f7 fa ......Atheros AR5B97 Wireless Network Adapter
 11...dc 0e a1 0d 4a 20 ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.169.1    192.168.169.5     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.169.0    255.255.255.0         On-link     192.168.169.5    281
    192.168.169.5  255.255.255.255         On-link     192.168.169.5    281
  192.168.169.255  255.255.255.255         On-link     192.168.169.5    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.169.5    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.169.5    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    281 fe80::/64                On-link
 12    281 fe80::354e:904e:620f:6d42/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File not found] ()
Catalog9 02 mswsock.dll [File not found] ()
Catalog9 03 mswsock.dll [File not found] ()
Catalog9 04 mswsock.dll [File not found] ()
Catalog9 05 mswsock.dll [File not found] ()
Catalog9 06 mswsock.dll [File not found] ()
Catalog9 07 mswsock.dll [File not found] ()
Catalog9 08 mswsock.dll [File not found] ()
Catalog9 09 mswsock.dll [File not found] ()
Catalog9 10 mswsock.dll [File not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/19/2013 05:47:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2013 03:46:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2013 03:22:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2013 00:49:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2013 00:20:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2013 11:54:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2013 10:40:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/17/2013 11:37:36 AM) (Source: Microsoft Security Client Setup) (User: Batcomputer)
Description: HRESULT:0x8004FF81
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x8004FF81.
 
Error: (05/17/2013 10:52:34 AM) (Source: MsiInstaller) (User: Batcomputer)
Description: Product: Microsoft Security Client -- Error 1920. Service 'Microsoft Antimalware Service' (MsMpSvc) failed to start.  Verify that you have sufficient privileges to start system services.
 
Error: (05/17/2013 01:16:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/19/2013 06:47:41 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/19/2013 06:47:39 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/19/2013 06:47:39 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/19/2013 06:47:37 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/19/2013 06:23:07 PM) (Source: DCOM) (User: )
Description: C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}2{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (05/19/2013 06:14:35 PM) (Source: DCOM) (User: )
Description: C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}2{06622D85-6856-4460-8DE1-A81921B41C4B}
 
Error: (05/19/2013 05:48:18 PM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.
 
Error: (05/19/2013 05:47:34 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/19/2013 05:47:33 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/19/2013 05:47:32 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
Microsoft Office Sessions:
=========================
Error: (05/19/2013 05:47:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2013 03:46:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2013 03:22:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2013 00:49:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2013 00:20:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2013 11:54:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2013 10:40:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/17/2013 11:37:36 AM) (Source: Microsoft Security Client Setup)(User: Batcomputer)
Description: HRESULT:0x8004FF81
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x8004FF81.
 
Error: (05/17/2013 10:52:34 AM) (Source: MsiInstaller)(User: Batcomputer)
Description: Product: Microsoft Security Client -- Error 1920. Service 'Microsoft Antimalware Service' (MsMpSvc) failed to start.  Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (05/17/2013 01:16:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
=========================== Installed Programs ============================
 
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Reader X (10.1.7) MUI (Version: 10.1.7)
Agatha Christie - Death on the Nile (Version: 2.2.0.98)
AMD APP SDK Runtime (Version: 2.4.595.9)
AMD System Monitor (Version: 1.0.5)
AMD VISION Engine Control Center (Version: 2011.0526.27.42091)
Arma 2: DayZ Mod
Arma 2: Operation Arrowhead Beta
ATI Catalyst Install Manager (Version: 3.0.820.0)
Backup Manager V3 (Version: 3.0.0.90)
BattlEye for OA Uninstall
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Broadcom Card Reader Driver Installer (Version: 14.8.2.2)
Broadcom NetLink Controller (Version: 14.8.4.1)
Build-a-lot 4 - Power Source (Version: 2.2.0.97)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0526.27.42091)
Catalyst Control Center InstallProxy (Version: 2011.0526.27.42091)
Catalyst Control Center Localization All (Version: 2011.0526.27.42091)
CCC Help Chinese Standard (Version: 2011.0526.0026.42091)
CCC Help Chinese Traditional (Version: 2011.0526.0026.42091)
CCC Help Czech (Version: 2011.0526.0026.42091)
CCC Help Danish (Version: 2011.0526.0026.42091)
CCC Help Dutch (Version: 2011.0526.0026.42091)
CCC Help English (Version: 2011.0526.0026.42091)
CCC Help Finnish (Version: 2011.0526.0026.42091)
CCC Help French (Version: 2011.0526.0026.42091)
CCC Help German (Version: 2011.0526.0026.42091)
CCC Help Greek (Version: 2011.0526.0026.42091)
CCC Help Hungarian (Version: 2011.0526.0026.42091)
CCC Help Italian (Version: 2011.0526.0026.42091)
CCC Help Japanese (Version: 2011.0526.0026.42091)
CCC Help Korean (Version: 2011.0526.0026.42091)
CCC Help Norwegian (Version: 2011.0526.0026.42091)
CCC Help Polish (Version: 2011.0526.0026.42091)
CCC Help Portuguese (Version: 2011.0526.0026.42091)
CCC Help Russian (Version: 2011.0526.0026.42091)
CCC Help Spanish (Version: 2011.0526.0026.42091)
CCC Help Swedish (Version: 2011.0526.0026.42091)
CCC Help Thai (Version: 2011.0526.0026.42091)
CCC Help Turkish (Version: 2011.0526.0026.42091)
ccc-utility64 (Version: 2011.0526.27.42091)
CCleaner (Version: 4.01)
Chronicles of Albian (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
Cradle of Rome 2 (Version: 2.2.0.95)
CyberLink MediaEspresso (Version: 6.5.1720_38230)
CyberLink PowerDVD 10 (Version: 10.0.2912.52)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo III (Version: 1.0.7.15295)
Dora's World Adventure (Version: 2.2.0.95)
Dota 2
Dropbox (Version: 1.6.18)
eBay Worldwide (Version: 2.2.0409)
ETDWare PS/2-X64 8.0.6.0_WHQL (Version: 8.0.6.0)
FATE: The Cursed King (Version: 2.2.0.97)
Final Drive: Nitro (Version: 2.2.0.95)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Gateway Games (Version: 1.0.2.5)
Gateway MyBackup (Version: 3.0.0.90)
Gateway Power Management (Version: 6.00.3008)
Gateway Recovery Management (Version: 5.00.3502)
Gateway Registration (Version: 1.04.3503)
Gateway ScreenSaver (Version: 1.1.1022.2010)
Gateway Social Networks (Version: 3.0.3106)
Gateway Updater (Version: 1.02.3500)
Google Chrome (Version: 26.0.1410.64)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
Happy Cloud Client (Version: 1.374)
Identity Card (Version: 1.00.3501)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Jewel Match 3 (Version: 2.2.0.97)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 5.1.7)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Mystery of Mortlake Mansion (Version: 2.2.0.98)
Nero Control Center 10 (Version: 10.2.11100.1.1)
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000)
Nero Core Components 10 (Version: 2.0.18100.8.8)
Nero DiscSpeed 10 (Version: 6.2.10500.2.100)
Nero DiscSpeed 10 Help (CHM) (Version: 10.5.10000)
Nero Express 10 (Version: 10.2.12000.21.100)
Nero Express 10 Help (CHM) (Version: 10.5.10200)
Nero Multimedia Suite 10 Essentials (Version: 10.5.10300)
Nero StartSmart 10 (Version: 10.2.11600.14.100)
Nero StartSmart 10 Help (CHM) (Version: 10.5.10000)
Nero Update (Version: 1.0.0018)
Norton Online Backup (Version: 2.1.17869)
OpenOffice.org 3.4 (Version: 3.4.9590)
Pando Media Booster (Version: 2.6.0.1)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
Play withSIX (Version: 1.30.0432)
Polar Bowler (Version: 2.2.0.97)
Polar Golfer (Version: 2.2.0.95)
Project64 1.6 (Version: 1.6)
Realtek High Definition Audio Driver (Version: 6.0.1.6343)
Sid Meier's Civilization V SDK
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.1 (Version: 6.1.129)
StarCraft II (Version: 2.0.6.25180)
Steam (Version: 1.0.0.0)
TERA
Times Reader (Version: 2.055)
Torchlight (Version: 2.2.0.97)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Video Web Camera (Version: 1.0.1904)
Virtual Villagers 5 - New Believers (Version: 2.2.0.97)
Welcome Center (Version: 1.02.3503)
WhiteSmoke US New Toolbar (Version: 6.9.0.16)
WildTangent Games App (Gateway Games) (Version: 4.0.5.14)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
WModem Driver Installer (Version: 2.0.6.9)
Zuma's Revenge (Version: 2.2.0.97)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 41%
Total physical RAM: 3562.9 MB
Available physical RAM: 2088.73 MB
Total Pagefile: 7123.99 MB
Available Pagefile: 5319.63 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.27 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Gateway) (Fixed) (Total:578.07 GB) (Free:429.54 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\BATCOMPUTER
 
Administrator            ASPNET                   Guest                    
Scott                    
 
 
**** End of log ****
 

I'm starting on the other things now.



#6 Ailments

Ailments
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 19 May 2013 - 07:21 PM

Here's the TDSSkiller

 

 

:17:44.0910 4912  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:17:45.0272 4912  ============================================================
19:17:45.0272 4912  Current date / time: 2013/05/19 19:17:45.0272
19:17:45.0272 4912  SystemInfo:
19:17:45.0272 4912  
19:17:45.0272 4912  OS Version: 6.1.7601 ServicePack: 1.0
19:17:45.0272 4912  Product type: Workstation
19:17:45.0272 4912  ComputerName: BATCOMPUTER
19:17:45.0273 4912  UserName: Scott
19:17:45.0273 4912  Windows directory: C:\Windows
19:17:45.0273 4912  System windows directory: C:\Windows
19:17:45.0273 4912  Running under WOW64
19:17:45.0273 4912  Processor architecture: Intel x64
19:17:45.0273 4912  Number of processors: 4
19:17:45.0273 4912  Page size: 0x1000
19:17:45.0273 4912  Boot type: Normal boot
19:17:45.0273 4912  ============================================================
19:17:46.0760 4912  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:17:46.0766 4912  ============================================================
19:17:46.0767 4912  \Device\Harddisk0\DR0:
19:17:46.0767 4912  MBR partitions:
19:17:46.0767 4912  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
19:17:46.0767 4912  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x48425000
19:17:46.0767 4912  ============================================================
19:17:46.0815 4912  C: <-> \Device\Harddisk0\DR0\Partition2
19:17:46.0815 4912  ============================================================
19:17:46.0815 4912  Initialize success
19:17:46.0815 4912  ============================================================
19:18:01.0841 3152  ============================================================
19:18:01.0841 3152  Scan started
19:18:01.0841 3152  Mode: Manual; TDLFS; 
19:18:01.0841 3152  ============================================================
19:18:02.0295 3152  ================ Scan system memory ========================
19:18:02.0295 3152  System memory - ok
19:18:02.0296 3152  ================ Scan services =============================
19:18:02.0476 3152  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:18:02.0482 3152  1394ohci - ok
19:18:02.0519 3152  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:18:02.0526 3152  ACPI - ok
19:18:02.0557 3152  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:18:02.0558 3152  AcpiPmi - ok
19:18:02.0677 3152  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:18:02.0680 3152  AdobeARMservice - ok
19:18:02.0737 3152  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:18:02.0748 3152  adp94xx - ok
19:18:02.0794 3152  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:18:02.0803 3152  adpahci - ok
19:18:02.0829 3152  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:18:02.0834 3152  adpu320 - ok
19:18:02.0879 3152  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:18:02.0881 3152  AeLookupSvc - ok
19:18:02.0944 3152  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:18:02.0954 3152  AFD - ok
19:18:02.0998 3152  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:18:03.0001 3152  agp440 - ok
19:18:03.0035 3152  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:18:03.0038 3152  ALG - ok
19:18:03.0067 3152  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:18:03.0068 3152  aliide - ok
19:18:03.0112 3152  [ 833D43CFBAC21365D36CF797377457D9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:18:03.0117 3152  AMD External Events Utility - ok
19:18:03.0137 3152  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:18:03.0139 3152  amdide - ok
19:18:03.0168 3152  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:18:03.0170 3152  AmdK8 - ok
19:18:03.0412 3152  [ FAD670B417ADCCD9C99BC3AA3D754958 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:18:03.0626 3152  amdkmdag - ok
19:18:03.0673 3152  [ F0B63DEAD17F760DBC85CCD7BF978C05 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:18:03.0680 3152  amdkmdap - ok
19:18:03.0715 3152  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:18:03.0717 3152  AmdPPM - ok
19:18:03.0741 3152  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:18:03.0744 3152  amdsata - ok
19:18:03.0770 3152  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:18:03.0773 3152  amdsbs - ok
19:18:03.0793 3152  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:18:03.0794 3152  amdxata - ok
19:18:03.0833 3152  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:18:03.0835 3152  AppID - ok
19:18:03.0870 3152  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:18:03.0871 3152  AppIDSvc - ok
19:18:03.0901 3152  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
19:18:03.0903 3152  Appinfo - ok
19:18:03.0959 3152  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:18:03.0962 3152  arc - ok
19:18:03.0998 3152  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:18:04.0002 3152  arcsas - ok
19:18:04.0111 3152  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:18:04.0126 3152  aspnet_state - ok
19:18:04.0145 3152  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:18:04.0147 3152  AsyncMac - ok
19:18:04.0178 3152  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:18:04.0179 3152  atapi - ok
19:18:04.0286 3152  [ DE9FB3DADE8FD39AE2C587DF22D36B8E ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:18:04.0336 3152  athr - ok
19:18:04.0389 3152  [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:18:04.0393 3152  AtiHDAudioService - ok
19:18:04.0437 3152  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:18:04.0449 3152  AudioEndpointBuilder - ok
19:18:04.0468 3152  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:18:04.0478 3152  AudioSrv - ok
19:18:04.0511 3152  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:18:04.0514 3152  AxInstSV - ok
19:18:04.0567 3152  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:18:04.0578 3152  b06bdrv - ok
19:18:04.0614 3152  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:18:04.0621 3152  b57nd60a - ok
19:18:04.0662 3152  [ A424CB46A145E5AABF15621550976DF2 ] b57xdbd         C:\Windows\system32\DRIVERS\b57xdbd.sys
19:18:04.0664 3152  b57xdbd - ok
19:18:04.0682 3152  [ BE4E6FD5A898812B85D5817AD9754A9F ] b57xdmp         C:\Windows\system32\DRIVERS\b57xdmp.sys
19:18:04.0684 3152  b57xdmp - ok
19:18:04.0723 3152  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:18:04.0726 3152  BDESVC - ok
19:18:04.0750 3152  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:18:04.0751 3152  Beep - ok
19:18:04.0812 3152  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:18:04.0826 3152  BFE - ok
19:18:04.0882 3152  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:18:04.0899 3152  BITS - ok
19:18:04.0933 3152  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
19:18:04.0935 3152  blbdrive - ok
19:18:04.0960 3152  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:18:04.0962 3152  bowser - ok
19:18:04.0990 3152  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:18:04.0992 3152  BrFiltLo - ok
19:18:05.0010 3152  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:18:05.0011 3152  BrFiltUp - ok
19:18:05.0091 3152  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:18:05.0094 3152  BridgeMP - ok
19:18:05.0140 3152  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:18:05.0144 3152  Browser - ok
19:18:05.0166 3152  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:18:05.0173 3152  Brserid - ok
19:18:05.0200 3152  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:18:05.0203 3152  BrSerWdm - ok
19:18:05.0223 3152  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:18:05.0225 3152  BrUsbMdm - ok
19:18:05.0258 3152  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:18:05.0259 3152  BrUsbSer - ok
19:18:05.0299 3152  [ 0970D8B7151E9113BF8D44CE2E954DF7 ] bScsiMSa        C:\Windows\system32\DRIVERS\bScsiMSa.sys
19:18:05.0301 3152  bScsiMSa - ok
19:18:05.0339 3152  [ 0C1EEE5AF32402D306874B110DE237EC ] bScsiSDa        C:\Windows\system32\DRIVERS\bScsiSDa.sys
19:18:05.0342 3152  bScsiSDa - ok
19:18:05.0369 3152  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:18:05.0371 3152  BTHMODEM - ok
19:18:05.0413 3152  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:18:05.0416 3152  bthserv - ok
19:18:05.0444 3152  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:18:05.0447 3152  cdfs - ok
19:18:05.0500 3152  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:18:05.0503 3152  cdrom - ok
19:18:05.0546 3152  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:18:05.0548 3152  CertPropSvc - ok
19:18:05.0578 3152  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:18:05.0581 3152  circlass - ok
19:18:05.0605 3152  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:18:05.0611 3152  CLFS - ok
19:18:05.0687 3152  [ 907C5ECB7DAFB164661020AF9EB8F08D ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:18:05.0694 3152  clr_optimization_v2.0.50727_32 - ok
19:18:05.0717 3152  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:18:05.0719 3152  clr_optimization_v2.0.50727_64 - ok
19:18:05.0753 3152  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:18:05.0784 3152  clr_optimization_v4.0.30319_64 - ok
19:18:05.0823 3152  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:18:05.0825 3152  CmBatt - ok
19:18:05.0851 3152  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:18:05.0853 3152  cmdide - ok
19:18:05.0905 3152  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:18:05.0915 3152  CNG - ok
19:18:05.0961 3152  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:18:05.0963 3152  Compbatt - ok
19:18:06.0000 3152  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:18:06.0002 3152  CompositeBus - ok
19:18:06.0023 3152  COMSysApp - ok
19:18:06.0051 3152  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:18:06.0053 3152  crcdisk - ok
19:18:06.0107 3152  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:18:06.0112 3152  CryptSvc - ok
19:18:06.0289 3152  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:18:06.0342 3152  DcomLaunch - ok
19:18:06.0427 3152  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:18:06.0433 3152  defragsvc - ok
19:18:06.0468 3152  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:18:06.0471 3152  DfsC - ok
19:18:06.0505 3152  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:18:06.0513 3152  Dhcp - ok
19:18:06.0548 3152  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:18:06.0550 3152  discache - ok
19:18:06.0587 3152  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:18:06.0591 3152  Disk - ok
19:18:06.0637 3152  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:18:06.0642 3152  Dnscache - ok
19:18:06.0672 3152  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:18:06.0679 3152  dot3svc - ok
19:18:06.0691 3152  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:18:06.0696 3152  DPS - ok
19:18:06.0723 3152  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:18:06.0725 3152  drmkaud - ok
19:18:06.0790 3152  [ 9DD3A22F804697606C2B7FF9E912FF6B ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
19:18:06.0798 3152  DsiWMIService - ok
19:18:06.0857 3152  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:18:06.0877 3152  DXGKrnl - ok
19:18:06.0917 3152  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:18:06.0921 3152  EapHost - ok
19:18:07.0030 3152  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:18:07.0071 3152  ebdrv - ok
19:18:07.0110 3152  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:18:07.0112 3152  EFS - ok
19:18:07.0201 3152  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:18:07.0211 3152  ehRecvr - ok
19:18:07.0227 3152  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:18:07.0229 3152  ehSched - ok
19:18:07.0282 3152  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:18:07.0291 3152  elxstor - ok
19:18:07.0394 3152  [ 48425C93B6F36529707206E4FA680CF3 ] ePowerSvc       C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
19:18:07.0411 3152  ePowerSvc - ok
19:18:07.0432 3152  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:18:07.0433 3152  ErrDev - ok
19:18:07.0491 3152  [ 9D8739A2A2173C9D27C499A3FC6EDA3F ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
19:18:07.0495 3152  ETD - ok
19:18:07.0539 3152  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:18:07.0549 3152  EventSystem - ok
19:18:07.0585 3152  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:18:07.0589 3152  exfat - ok
19:18:07.0625 3152  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:18:07.0629 3152  fastfat - ok
19:18:07.0685 3152  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:18:07.0700 3152  Fax - ok
19:18:07.0723 3152  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:18:07.0724 3152  fdc - ok
19:18:07.0746 3152  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:18:07.0749 3152  fdPHost - ok
19:18:07.0770 3152  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:18:07.0773 3152  FDResPub - ok
19:18:07.0811 3152  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:18:07.0813 3152  FileInfo - ok
19:18:07.0822 3152  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:18:07.0823 3152  Filetrace - ok
19:18:07.0850 3152  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:18:07.0851 3152  flpydisk - ok
19:18:07.0875 3152  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:18:07.0882 3152  FltMgr - ok
19:18:07.0956 3152  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:18:07.0980 3152  FontCache - ok
19:18:08.0028 3152  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:18:08.0029 3152  FontCache3.0.0.0 - ok
19:18:08.0061 3152  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:18:08.0063 3152  FsDepends - ok
19:18:08.0093 3152  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:18:08.0094 3152  Fs_Rec - ok
19:18:08.0138 3152  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:18:08.0144 3152  fvevol - ok
19:18:08.0196 3152  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:18:08.0198 3152  gagp30kx - ok
19:18:08.0254 3152  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:18:08.0271 3152  gpsvc - ok
19:18:08.0333 3152  [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService     C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
19:18:08.0335 3152  GREGService - ok
19:18:08.0364 3152  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:18:08.0365 3152  hcw85cir - ok
19:18:08.0391 3152  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:18:08.0398 3152  HdAudAddService - ok
19:18:08.0432 3152  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:18:08.0437 3152  HDAudBus - ok
19:18:08.0446 3152  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:18:08.0447 3152  HidBatt - ok
19:18:08.0481 3152  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:18:08.0483 3152  HidBth - ok
19:18:08.0521 3152  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:18:08.0522 3152  HidIr - ok
19:18:08.0554 3152  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
19:18:08.0557 3152  hidserv - ok
19:18:08.0588 3152  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:18:08.0590 3152  HidUsb - ok
19:18:08.0650 3152  [ DD9C88B116408B30F855A76E09DD2962 ] hitmanpro37     C:\Windows\system32\drivers\hitmanpro37.sys
19:18:08.0653 3152  hitmanpro37 - ok
19:18:08.0680 3152  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:18:08.0684 3152  hkmsvc - ok
19:18:08.0720 3152  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:18:08.0727 3152  HomeGroupListener - ok
19:18:08.0768 3152  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:18:08.0775 3152  HomeGroupProvider - ok
19:18:08.0805 3152  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:18:08.0807 3152  HpSAMD - ok
19:18:08.0846 3152  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
19:18:08.0847 3152  HTCAND64 - ok
19:18:08.0900 3152  [ CEEE7B472EF6C2EF13881351AE964C20 ] htcusbnet       C:\Windows\system32\DRIVERS\htcusbnet.sys
19:18:08.0903 3152  htcusbnet - ok
19:18:08.0958 3152  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:18:08.0974 3152  HTTP - ok
19:18:08.0998 3152  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:18:09.0000 3152  hwpolicy - ok
19:18:09.0028 3152  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:18:09.0032 3152  i8042prt - ok
19:18:09.0066 3152  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:18:09.0074 3152  iaStorV - ok
19:18:09.0157 3152  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:18:09.0170 3152  idsvc - ok
19:18:09.0213 3152  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:18:09.0214 3152  iirsp - ok
19:18:09.0268 3152  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:18:09.0286 3152  IKEEXT - ok
19:18:09.0409 3152  [ 88798B4381FD58FAE2DA07880C177C5C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:18:09.0462 3152  IntcAzAudAddService - ok
19:18:09.0479 3152  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:18:09.0480 3152  intelide - ok
19:18:09.0519 3152  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
19:18:09.0520 3152  intelppm - ok
19:18:09.0547 3152  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:18:09.0551 3152  IPBusEnum - ok
19:18:09.0577 3152  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:18:09.0578 3152  IpFilterDriver - ok
19:18:09.0609 3152  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:18:09.0611 3152  IPMIDRV - ok
19:18:09.0636 3152  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:18:09.0638 3152  IPNAT - ok
19:18:09.0661 3152  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:18:09.0662 3152  IRENUM - ok
19:18:09.0680 3152  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:18:09.0680 3152  isapnp - ok
19:18:09.0701 3152  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:18:09.0705 3152  iScsiPrt - ok
19:18:09.0764 3152  [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
19:18:09.0773 3152  k57nd60a - ok
19:18:09.0798 3152  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:18:09.0800 3152  kbdclass - ok
19:18:09.0840 3152  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:18:09.0842 3152  kbdhid - ok
19:18:09.0855 3152  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:18:09.0857 3152  KeyIso - ok
19:18:09.0896 3152  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:18:09.0898 3152  KSecDD - ok
19:18:09.0938 3152  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:18:09.0942 3152  KSecPkg - ok
19:18:09.0982 3152  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:18:09.0984 3152  ksthunk - ok
19:18:10.0033 3152  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:18:10.0043 3152  KtmRm - ok
19:18:10.0110 3152  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:18:10.0118 3152  LanmanServer - ok
19:18:10.0145 3152  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:18:10.0152 3152  LanmanWorkstation - ok
19:18:10.0217 3152  [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
19:18:10.0222 3152  Live Updater Service - ok
19:18:10.0253 3152  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:18:10.0256 3152  lltdio - ok
19:18:10.0299 3152  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:18:10.0307 3152  lltdsvc - ok
19:18:10.0317 3152  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:18:10.0320 3152  lmhosts - ok
19:18:10.0360 3152  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:18:10.0362 3152  LSI_FC - ok
19:18:10.0398 3152  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:18:10.0400 3152  LSI_SAS - ok
19:18:10.0432 3152  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:18:10.0434 3152  LSI_SAS2 - ok
19:18:10.0456 3152  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:18:10.0458 3152  LSI_SCSI - ok
19:18:10.0486 3152  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:18:10.0490 3152  luafv - ok
19:18:10.0524 3152  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:18:10.0529 3152  Mcx2Svc - ok
19:18:10.0563 3152  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:18:10.0565 3152  megasas - ok
19:18:10.0601 3152  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:18:10.0607 3152  MegaSR - ok
19:18:10.0625 3152  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:18:10.0629 3152  MMCSS - ok
19:18:10.0639 3152  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:18:10.0640 3152  Modem - ok
19:18:10.0668 3152  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:18:10.0670 3152  monitor - ok
19:18:10.0683 3152  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:18:10.0685 3152  mouclass - ok
19:18:10.0713 3152  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:18:10.0715 3152  mouhid - ok
19:18:10.0750 3152  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:18:10.0753 3152  mountmgr - ok
19:18:10.0780 3152  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:18:10.0784 3152  mpio - ok
19:18:10.0807 3152  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:18:10.0810 3152  mpsdrv - ok
19:18:10.0910 3152  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:18:10.0928 3152  MpsSvc - ok
19:18:10.0956 3152  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:18:10.0959 3152  MRxDAV - ok
19:18:10.0997 3152  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:18:11.0002 3152  mrxsmb - ok
19:18:11.0036 3152  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:18:11.0043 3152  mrxsmb10 - ok
19:18:11.0067 3152  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:18:11.0070 3152  mrxsmb20 - ok
19:18:11.0094 3152  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:18:11.0097 3152  msahci - ok
19:18:11.0116 3152  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:18:11.0119 3152  msdsm - ok
19:18:11.0156 3152  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:18:11.0161 3152  MSDTC - ok
19:18:11.0210 3152  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:18:11.0212 3152  Msfs - ok
19:18:11.0229 3152  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:18:11.0230 3152  mshidkmdf - ok
19:18:11.0244 3152  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:18:11.0245 3152  msisadrv - ok
19:18:11.0298 3152  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:18:11.0304 3152  MSiSCSI - ok
19:18:11.0313 3152  msiserver - ok
19:18:11.0349 3152  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:18:11.0350 3152  MSKSSRV - ok
19:18:11.0375 3152  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:18:11.0376 3152  MSPCLOCK - ok
19:18:11.0386 3152  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:18:11.0387 3152  MSPQM - ok
19:18:11.0541 3152  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:18:11.0579 3152  MsRPC - ok
19:18:11.0695 3152  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:18:11.0718 3152  mssmbios - ok
19:18:11.0742 3152  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:18:11.0743 3152  MSTEE - ok
19:18:11.0763 3152  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:18:11.0765 3152  MTConfig - ok
19:18:11.0789 3152  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:18:11.0791 3152  Mup - ok
19:18:11.0836 3152  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:18:11.0847 3152  napagent - ok
19:18:11.0902 3152  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:18:11.0909 3152  NativeWifiP - ok
19:18:11.0978 3152  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:18:11.0996 3152  NDIS - ok
19:18:12.0033 3152  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:18:12.0034 3152  NdisCap - ok
19:18:12.0053 3152  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:18:12.0055 3152  NdisTapi - ok
19:18:12.0074 3152  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:18:12.0077 3152  Ndisuio - ok
19:18:12.0104 3152  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:18:12.0109 3152  NdisWan - ok
19:18:12.0122 3152  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:18:12.0125 3152  NDProxy - ok
19:18:12.0159 3152  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:18:12.0161 3152  NetBIOS - ok
19:18:12.0205 3152  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:18:12.0212 3152  NetBT - ok
19:18:12.0244 3152  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:18:12.0246 3152  Netlogon - ok
19:18:12.0328 3152  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:18:12.0338 3152  Netman - ok
19:18:12.0378 3152  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:18:12.0403 3152  NetMsmqActivator - ok
19:18:12.0416 3152  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:18:12.0419 3152  NetPipeActivator - ok
19:18:12.0446 3152  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:18:12.0455 3152  netprofm - ok
19:18:12.0464 3152  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:18:12.0467 3152  NetTcpActivator - ok
19:18:12.0475 3152  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:18:12.0477 3152  NetTcpPortSharing - ok
19:18:12.0511 3152  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:18:12.0512 3152  nfrd960 - ok
19:18:12.0578 3152  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:18:12.0586 3152  NlaSvc - ok
19:18:12.0725 3152  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:18:12.0760 3152  NOBU - ok
19:18:12.0778 3152  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:18:12.0780 3152  Npfs - ok
19:18:12.0809 3152  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:18:12.0811 3152  nsi - ok
19:18:12.0839 3152  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:18:12.0841 3152  nsiproxy - ok
19:18:12.0903 3152  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:18:12.0923 3152  Ntfs - ok
19:18:12.0992 3152  [ 6CC09D2F0BA4A09BABC3C41B8FD888F7 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
19:18:12.0995 3152  NTI IScheduleSvc - ok
19:18:13.0017 3152  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
19:18:13.0019 3152  NTIDrvr - ok
19:18:13.0035 3152  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:18:13.0037 3152  Null - ok
19:18:13.0053 3152  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:18:13.0055 3152  nvraid - ok
19:18:13.0068 3152  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:18:13.0070 3152  nvstor - ok
19:18:13.0094 3152  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:18:13.0095 3152  nv_agp - ok
19:18:13.0123 3152  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:18:13.0124 3152  ohci1394 - ok
19:18:13.0169 3152  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:18:13.0175 3152  p2pimsvc - ok
19:18:13.0202 3152  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:18:13.0209 3152  p2psvc - ok
19:18:13.0245 3152  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:18:13.0247 3152  Parport - ok
19:18:13.0291 3152  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:18:13.0292 3152  partmgr - ok
19:18:13.0376 3152  [ 7C0582921913D00180EC2B8518BA135C ] pbfilter        C:\Program Files\PeerBlock\pbfilter.sys
19:18:13.0377 3152  pbfilter - ok
19:18:13.0414 3152  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:18:13.0419 3152  PcaSvc - ok
19:18:13.0452 3152  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:18:13.0455 3152  pci - ok
19:18:13.0480 3152  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:18:13.0481 3152  pciide - ok
19:18:13.0499 3152  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:18:13.0502 3152  pcmcia - ok
19:18:13.0524 3152  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:18:13.0525 3152  pcw - ok
19:18:13.0553 3152  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:18:13.0564 3152  PEAUTH - ok
19:18:13.0654 3152  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:18:13.0657 3152  PerfHost - ok
19:18:13.0737 3152  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:18:13.0767 3152  pla - ok
19:18:13.0817 3152  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:18:13.0827 3152  PlugPlay - ok
19:18:13.0866 3152  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:18:13.0871 3152  PNRPAutoReg - ok
19:18:13.0904 3152  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:18:13.0911 3152  PNRPsvc - ok
19:18:13.0958 3152  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:18:13.0970 3152  PolicyAgent - ok
19:18:14.0023 3152  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:18:14.0030 3152  Power - ok
19:18:14.0074 3152  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:18:14.0078 3152  PptpMiniport - ok
19:18:14.0102 3152  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:18:14.0104 3152  Processor - ok
19:18:14.0151 3152  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:18:14.0158 3152  ProfSvc - ok
19:18:14.0178 3152  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:18:14.0181 3152  ProtectedStorage - ok
19:18:14.0213 3152  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:18:14.0218 3152  Psched - ok
19:18:14.0283 3152  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:18:14.0312 3152  ql2300 - ok
19:18:14.0339 3152  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:18:14.0341 3152  ql40xx - ok
19:18:14.0386 3152  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:18:14.0394 3152  QWAVE - ok
19:18:14.0413 3152  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:18:14.0415 3152  QWAVEdrv - ok
19:18:14.0442 3152  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:18:14.0443 3152  RasAcd - ok
19:18:14.0482 3152  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:18:14.0485 3152  RasAgileVpn - ok
19:18:14.0524 3152  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:18:14.0529 3152  RasAuto - ok
19:18:14.0551 3152  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:18:14.0555 3152  Rasl2tp - ok
19:18:14.0579 3152  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:18:14.0589 3152  RasMan - ok
19:18:14.0620 3152  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:18:14.0624 3152  RasPppoe - ok
19:18:14.0648 3152  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:18:14.0651 3152  RasSstp - ok
19:18:14.0697 3152  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:18:14.0704 3152  rdbss - ok
19:18:14.0724 3152  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:18:14.0725 3152  rdpbus - ok
19:18:14.0748 3152  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:18:14.0750 3152  RDPCDD - ok
19:18:14.0769 3152  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:18:14.0771 3152  RDPENCDD - ok
19:18:14.0788 3152  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:18:14.0790 3152  RDPREFMP - ok
19:18:14.0835 3152  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:18:14.0837 3152  RdpVideoMiniport - ok
19:18:14.0882 3152  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:18:14.0886 3152  RDPWD - ok
19:18:14.0939 3152  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:18:14.0944 3152  rdyboost - ok
19:18:14.0987 3152  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:18:14.0992 3152  RemoteAccess - ok
19:18:15.0021 3152  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:18:15.0027 3152  RemoteRegistry - ok
19:18:15.0053 3152  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:18:15.0058 3152  RpcEptMapper - ok
19:18:15.0086 3152  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:18:15.0089 3152  RpcLocator - ok
19:18:15.0123 3152  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:18:15.0134 3152  RpcSs - ok
19:18:15.0172 3152  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:18:15.0175 3152  rspndr - ok
19:18:15.0189 3152  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:18:15.0192 3152  SamSs - ok
19:18:15.0220 3152  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:18:15.0222 3152  sbp2port - ok
19:18:15.0257 3152  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:18:15.0264 3152  SCardSvr - ok
19:18:15.0280 3152  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:18:15.0282 3152  scfilter - ok
19:18:15.0333 3152  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:18:15.0357 3152  Schedule - ok
19:18:15.0393 3152  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:18:15.0395 3152  SCPolicySvc - ok
19:18:15.0427 3152  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
19:18:15.0429 3152  sdbus - ok
19:18:15.0456 3152  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:18:15.0463 3152  SDRSVC - ok
19:18:15.0486 3152  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:18:15.0488 3152  secdrv - ok
19:18:15.0515 3152  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:18:15.0519 3152  seclogon - ok
19:18:15.0542 3152  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:18:15.0547 3152  SENS - ok
19:18:15.0556 3152  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:18:15.0561 3152  SensrSvc - ok
19:18:15.0580 3152  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:18:15.0582 3152  Serenum - ok
19:18:15.0624 3152  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
19:18:15.0627 3152  Serial - ok
19:18:15.0637 3152  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:18:15.0638 3152  sermouse - ok
19:18:15.0695 3152  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:18:15.0700 3152  SessionEnv - ok
19:18:15.0715 3152  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:18:15.0716 3152  sffdisk - ok
19:18:15.0735 3152  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:18:15.0736 3152  sffp_mmc - ok
19:18:15.0759 3152  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:18:15.0760 3152  sffp_sd - ok
19:18:15.0769 3152  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:18:15.0771 3152  sfloppy - ok
19:18:15.0839 3152  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:18:15.0848 3152  SharedAccess - ok
19:18:15.0893 3152  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:18:15.0904 3152  ShellHWDetection - ok
19:18:15.0926 3152  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:18:15.0928 3152  SiSRaid2 - ok
19:18:15.0947 3152  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:18:15.0949 3152  SiSRaid4 - ok
19:18:16.0041 3152  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:18:16.0044 3152  SkypeUpdate - ok
19:18:16.0082 3152  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:18:16.0085 3152  Smb - ok
19:18:16.0132 3152  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:18:16.0136 3152  SNMPTRAP - ok
19:18:16.0156 3152  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:18:16.0157 3152  spldr - ok
19:18:16.0206 3152  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:18:16.0220 3152  Spooler - ok
19:18:16.0333 3152  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:18:16.0377 3152  sppsvc - ok
19:18:16.0397 3152  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:18:16.0401 3152  sppuinotify - ok
19:18:16.0436 3152  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:18:16.0442 3152  srv - ok
19:18:16.0454 3152  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:18:16.0459 3152  srv2 - ok
19:18:16.0478 3152  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:18:16.0482 3152  srvnet - ok
19:18:16.0531 3152  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:18:16.0536 3152  SSDPSRV - ok
19:18:16.0556 3152  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:18:16.0562 3152  SstpSvc - ok
19:18:16.0582 3152  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:18:16.0583 3152  stexstor - ok
19:18:16.0618 3152  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:18:16.0630 3152  stisvc - ok
19:18:16.0655 3152  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:18:16.0657 3152  swenum - ok
19:18:16.0698 3152  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:18:16.0712 3152  swprv - ok
19:18:16.0788 3152  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:18:16.0824 3152  SysMain - ok
19:18:16.0845 3152  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:18:16.0851 3152  TabletInputService - ok
19:18:16.0889 3152  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:18:16.0899 3152  TapiSrv - ok
19:18:16.0921 3152  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:18:16.0926 3152  TBS - ok
19:18:17.0013 3152  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:18:17.0050 3152  Tcpip - ok
19:18:17.0103 3152  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:18:17.0122 3152  TCPIP6 - ok
19:18:17.0156 3152  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:18:17.0158 3152  tcpipreg - ok
19:18:17.0182 3152  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:18:17.0183 3152  TDPIPE - ok
19:18:17.0226 3152  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:18:17.0227 3152  TDTCP - ok
19:18:17.0249 3152  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:18:17.0253 3152  tdx - ok
19:18:17.0288 3152  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:18:17.0291 3152  TermDD - ok
19:18:17.0345 3152  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:18:17.0360 3152  TermService - ok
19:18:17.0381 3152  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:18:17.0385 3152  Themes - ok
19:18:17.0415 3152  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:18:17.0418 3152  THREADORDER - ok
19:18:17.0440 3152  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:18:17.0446 3152  TrkWks - ok
19:18:17.0507 3152  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:18:17.0510 3152  TrustedInstaller - ok
19:18:17.0538 3152  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:18:17.0540 3152  tssecsrv - ok
19:18:17.0582 3152  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:18:17.0584 3152  TsUsbFlt - ok
19:18:17.0620 3152  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:18:17.0621 3152  TsUsbGD - ok
19:18:17.0666 3152  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:18:17.0670 3152  tunnel - ok
19:18:17.0692 3152  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:18:17.0694 3152  uagp35 - ok
19:18:17.0730 3152  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
19:18:17.0732 3152  UBHelper - ok
19:18:17.0757 3152  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:18:17.0763 3152  udfs - ok
19:18:17.0802 3152  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:18:17.0807 3152  UI0Detect - ok
19:18:17.0854 3152  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:18:17.0856 3152  uliagpkx - ok
19:18:17.0892 3152  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:18:17.0895 3152  umbus - ok
19:18:17.0928 3152  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:18:17.0929 3152  UmPass - ok
19:18:17.0971 3152  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:18:17.0981 3152  upnphost - ok
19:18:18.0031 3152  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:18:18.0035 3152  usbaudio - ok
19:18:18.0068 3152  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:18:18.0072 3152  usbccgp - ok
19:18:18.0109 3152  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:18:18.0111 3152  usbcir - ok
19:18:18.0138 3152  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:18:18.0141 3152  usbehci - ok
19:18:18.0171 3152  [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
19:18:18.0174 3152  usbfilter - ok
19:18:18.0220 3152  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:18:18.0228 3152  usbhub - ok
19:18:18.0252 3152  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:18:18.0254 3152  usbohci - ok
19:18:18.0286 3152  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:18:18.0287 3152  usbprint - ok
19:18:18.0315 3152  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:18:18.0317 3152  usbscan - ok
19:18:18.0342 3152  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:18:18.0344 3152  USBSTOR - ok
19:18:18.0367 3152  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:18:18.0368 3152  usbuhci - ok
19:18:18.0394 3152  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:18:18.0400 3152  usbvideo - ok
19:18:18.0459 3152  [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
19:18:18.0460 3152  usb_rndisx - ok
19:18:18.0495 3152  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:18:18.0500 3152  UxSms - ok
19:18:18.0523 3152  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:18:18.0526 3152  VaultSvc - ok
19:18:18.0552 3152  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:18:18.0554 3152  vdrvroot - ok
19:18:18.0586 3152  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:18:18.0600 3152  vds - ok
19:18:18.0620 3152  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:18:18.0621 3152  vga - ok
19:18:18.0647 3152  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:18:18.0649 3152  VgaSave - ok
19:18:18.0678 3152  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:18:18.0683 3152  vhdmp - ok
19:18:18.0700 3152  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:18:18.0701 3152  viaide - ok
19:18:18.0720 3152  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:18:18.0722 3152  volmgr - ok
19:18:18.0752 3152  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:18:18.0759 3152  volmgrx - ok
19:18:18.0791 3152  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:18:18.0797 3152  volsnap - ok
19:18:18.0829 3152  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:18:18.0833 3152  vsmraid - ok
19:18:18.0907 3152  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:18:18.0945 3152  VSS - ok
19:18:18.0968 3152  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:18:18.0970 3152  vwifibus - ok
19:18:19.0013 3152  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:18:19.0016 3152  vwififlt - ok
19:18:19.0056 3152  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:18:19.0058 3152  vwifimp - ok
19:18:19.0084 3152  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:18:19.0094 3152  W32Time - ok
19:18:19.0120 3152  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:18:19.0122 3152  WacomPen - ok
19:18:19.0170 3152  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:18:19.0174 3152  WANARP - ok
19:18:19.0182 3152  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:18:19.0184 3152  Wanarpv6 - ok
19:18:19.0254 3152  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:18:19.0279 3152  WatAdminSvc - ok
19:18:19.0348 3152  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:18:19.0381 3152  wbengine - ok
19:18:19.0405 3152  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:18:19.0413 3152  WbioSrvc - ok
19:18:19.0443 3152  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:18:19.0453 3152  wcncsvc - ok
19:18:19.0482 3152  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:18:19.0487 3152  WcsPlugInService - ok
19:18:19.0520 3152  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:18:19.0522 3152  Wd - ok
19:18:19.0576 3152  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:18:19.0590 3152  Wdf01000 - ok
19:18:19.0606 3152  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:18:19.0611 3152  WdiServiceHost - ok
19:18:19.0619 3152  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:18:19.0624 3152  WdiSystemHost - ok
19:18:19.0669 3152  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:18:19.0677 3152  WebClient - ok
19:18:19.0706 3152  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:18:19.0715 3152  Wecsvc - ok
19:18:19.0740 3152  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:18:19.0745 3152  wercplsupport - ok
19:18:19.0773 3152  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:18:19.0778 3152  WerSvc - ok
19:18:19.0826 3152  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:18:19.0828 3152  WfpLwf - ok
19:18:19.0843 3152  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:18:19.0844 3152  WIMMount - ok
19:18:19.0893 3152  WinDefend - ok
19:18:19.0914 3152  WinHttpAutoProxySvc - ok
19:18:19.0978 3152  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:18:19.0983 3152  Winmgmt - ok
19:18:20.0063 3152  WinRing0_1_2_0 - ok
19:18:20.0148 3152  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:18:20.0187 3152  WinRM - ok
19:18:20.0252 3152  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:18:20.0253 3152  WinUsb - ok
19:18:20.0317 3152  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:18:20.0336 3152  Wlansvc - ok
19:18:20.0385 3152  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:18:20.0386 3152  wlcrasvc - ok
19:18:20.0502 3152  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:18:20.0536 3152  wlidsvc - ok
19:18:20.0562 3152  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:18:20.0564 3152  WmiAcpi - ok
19:18:20.0607 3152  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:18:20.0611 3152  wmiApSrv - ok
19:18:20.0649 3152  WMPNetworkSvc - ok
19:18:20.0680 3152  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:18:20.0685 3152  WPCSvc - ok
19:18:20.0703 3152  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:18:20.0709 3152  WPDBusEnum - ok
19:18:20.0732 3152  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:18:20.0733 3152  ws2ifsl - ok
19:18:20.0806 3152  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
19:18:20.0812 3152  wscsvc - ok
19:18:20.0929 3152  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:18:20.0975 3152  wuauserv - ok
19:18:21.0010 3152  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:18:21.0013 3152  WudfPf - ok
19:18:21.0051 3152  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:18:21.0054 3152  WUDFRd - ok
19:18:21.0098 3152  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:18:21.0104 3152  wudfsvc - ok
19:18:21.0154 3152  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:18:21.0163 3152  WwanSvc - ok
19:18:21.0196 3152  ================ Scan global ===============================
19:18:21.0233 3152  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:18:21.0279 3152  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
19:18:21.0296 3152  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
19:18:21.0332 3152  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:18:21.0367 3152  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:18:21.0377 3152  [Global] - ok
19:18:21.0378 3152  ================ Scan MBR ==================================
19:18:21.0398 3152  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:18:22.0727 3152  \Device\Harddisk0\DR0 - ok
19:18:22.0728 3152  ================ Scan VBR ==================================
19:18:22.0766 3152  [ B290663D05406EDCA4920DE40529C591 ] \Device\Harddisk0\DR0\Partition1
19:18:22.0770 3152  \Device\Harddisk0\DR0\Partition1 - ok
19:18:22.0797 3152  [ 0DBB100F8D6CD69A0A9A8997CEBFC340 ] \Device\Harddisk0\DR0\Partition2
19:18:22.0800 3152  \Device\Harddisk0\DR0\Partition2 - ok
19:18:22.0801 3152  ============================================================
19:18:22.0801 3152  Scan finished
19:18:22.0801 3152  ============================================================
19:18:22.0826 5004  Detected object count: 0
19:18:22.0826 5004  Actual detected object count: 0
 

Moving on to adwcleaner



#7 Ailments

Ailments
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 19 May 2013 - 07:25 PM

Here is the adwCleaner

 

 

# AdwCleaner v2.301 - Logfile created 05/19/2013 at 19:21:59
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Scott - BATCOMPUTER
# Boot Mode : Normal
# Running from : C:\Users\Scott\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\WhiteSmoke_US_New
Folder Deleted : C:\Users\Scott\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Scott\AppData\LocalLow\WhiteSmoke_US_New
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{462BE121-2B54-4218-BF00-B9BF8135B23F}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}
Key Deleted : HKLM\Software\WhiteSmoke_US_New
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{462BE121-2B54-4218-BF00-B9BF8135B23F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45956369-4A5C-4701-8F4C-7AD7520CB61F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCE65194-7FC2-4572-8606-6F9AD36BCF2F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{462BE121-2B54-4218-BF00-B9BF8135B23F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{462BE121-2B54-4218-BF00-B9BF8135B23F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{462BE121-2B54-4218-BF00-B9BF8135B23F}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{462BE121-2B54-4218-BF00-B9BF8135B23F}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16576
 
[OK] Registry is clean.
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [2841 octets] - [19/05/2013 19:21:59]
 
########## EOF - C:\AdwCleaner[S1].txt - [2901 octets] ##########
 

Now onto the scan.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:36 AM

Posted 19 May 2013 - 07:31 PM

OK, the ESET will need an hour or more.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Ailments

Ailments
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 19 May 2013 - 07:45 PM

Yeah i've noticed. If it helps I can tell you that its finding a large amount of Win32/Expiro.NAN Virus. Its found almost 50 counts of it and the scan is about halfway done.



#10 Ailments

Ailments
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 19 May 2013 - 10:56 PM

After 3 Hours of sitting at the same place, it had found over 1100 infected files, but it was stuck and I lost patience. I will restart the scan overnight and post it in the morning. They were all Win32/Expiro.Nan Virus, so it seems that's the problem according to that scan. Defender still closes after a few seconds and Security center keeps shutting off in the services.msc. Also my IE doesn't work, but I believe that is due to a windows update and not malware. Ill check back in with the scan in the morning. Thank you for your time with this.



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:36 AM

Posted 20 May 2013 - 11:29 AM

Ok, I want to tell you that after review this ...a virus that infects EXE files in all drives. It also collects your credentials from an infected computer and lowers Internet Explorer security.
This threat may make lasting changes to your computer's configuration that are NOT restored by detecting and removing this threat.
It is on the scale of a Virut infection. And you did show Vitro also. Since it is resistant it's the killer..
 
 
I'm afraid I have very bad news. Your system is infected with a nasty variant of Virut, a dangerous polymorphic file infector with IRCBot functionality which infects .exe, .scr files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. Why? According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). The Virux and Win32/Virut.17408 variants are an even more complex file infectors which can embed an iframe into the body of web-related files and infect script files (.php, .asp, .htm, .html, .xml). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer virut remains on a computer, the more critical system files will become infected and corrupt so the degree of damage can vary.

The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.

CA Virus detail of W32/Virut

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.

AVG Overview of W32/Virut Virut is commonly spread via a flash drive (usb, pen, thumb, jump) infection using RUNDLL32.EXE and other malicious files. It is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV However, the CA Security Advisor Research Blog have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS. Since virut is not effectively disinfectable, your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files (which could number in the thousands) cannot be deleted and anti-malware scanners cannot disinfect them properly. Security vendors that claim to be able to remove file infectors cannot guarantee that all traces of it will be removed as they may not find all the remnants. If something goes awry during the malware removal process there is always a risk the computer may become unstable or unbootable and you could loose access to all your data. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include: • Reimaging the system • Restoring the entire system using a full system backup from before the backdoor infection • Reformatting and reinstalling the system

Backdoors and What They Mean to You This is what security expert miekiemoes has to say: Virut and other File infectors - Throwing in the Towel?

If I guide someone with Virut (or any other File Infector) present and their Antivirus cannot properly disinfect it, then I recommend a format and reinstall...dealing with such infections is a waste of time and that's why I prefer the fastest and safest solution - which is a format and reinstall...After all, I think it would be irresponsible to let the malware "stew" (download/spread/run more malware) for another couple of days/weeks if you already know it's a lost case.

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Ailments

Ailments
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 20 May 2013 - 12:08 PM

Well... What a depressing Monday it has become. I've never even noticed serious problems on this computer, its just the security center wont turn on. Hell, I really only use the computer for some games and schoolwork. Sounds like I have some work ahead of me.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users