Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant huge spikes in network activity


  • Please log in to reply
16 replies to this topic

#1 thibauld

thibauld

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 29 June 2013 - 02:39 PM

Hi guys, 

 

For ages now our internet connectivity has been incredibly unstable. Sometimes it works for a few days in a row and then some days I can barely keep a connection for 5 minutes before I have to reset everything again. We've had this with several different modems and routers, and yesterday we got a new one from Ziggo. Currently I am the only one connected to our router/modem, aside from an Ipad and a printer.

 

Currently I am only using Chrome and Skype, but I can still see my total I/O speed go up to 200-300 kbps.

I tried to play 2 game of League of Legends earlier, where I (on good days) normally have a ping of up to 50ms, but today it kept going up and down between 50-ish and 1500-ish, making it just impossible to play (well). I don't really know if these are related, but I can't really find any reason why this is happening.

 

I am using Windows 7 Ultimate.

Our new modem is a new combined router/modem, Ubee evw321b.

 

Thanks in advance, 

 

Thibauld

 

.


Edited by thibauld, 29 June 2013 - 02:40 PM.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:56 PM

Posted 30 June 2013 - 02:53 AM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us
 

  • Please do NOT run, install or uninstall any programs,  unless instructed to do so. 
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
          
  • Please do not attach logs or use code boxes, just copy and paste the text. 
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
          
  • Please read every post completely before doing anything.  
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
          
  • Please provide feedback about your experience as we go.  
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
          

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!


  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.


:step2:

Please download AdwCleaner by Xplode onto your desktop.


  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:


  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points

NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

 


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 thibauld

thibauld
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 30 June 2013 - 10:39 AM

Hi again, thank you for your time!
 
These are just the results of the first scan, the TDSS removal kit. It found 3 Threats that had no cure option, which I skipped. Should I run the other scans now or wait with those?
 
17:31:03.0756 0596  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
17:31:04.0201 0596  ============================================================
17:31:04.0201 0596  Current date / time: 2013/06/30 17:31:04.0201
17:31:04.0201 0596  SystemInfo:
17:31:04.0201 0596  
17:31:04.0201 0596  OS Version: 6.1.7601 ServicePack: 1.0
17:31:04.0201 0596  Product type: Workstation
17:31:04.0201 0596  ComputerName: THIBAULD-PC
17:31:04.0201 0596  UserName: Thibauld
17:31:04.0201 0596  Windows directory: C:\Windows
17:31:04.0201 0596  System windows directory: C:\Windows
17:31:04.0201 0596  Running under WOW64
17:31:04.0201 0596  Processor architecture: Intel x64
17:31:04.0201 0596  Number of processors: 3
17:31:04.0201 0596  Page size: 0x1000
17:31:04.0201 0596  Boot type: Normal boot
17:31:04.0201 0596  ============================================================
17:31:05.0250 0596  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:31:05.0254 0596  ============================================================
17:31:05.0254 0596  \Device\Harddisk0\DR0:
17:31:05.0254 0596  MBR partitions:
17:31:05.0254 0596  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74704800
17:31:05.0254 0596  ============================================================
17:31:05.0270 0596  C: <-> \Device\Harddisk0\DR0\Partition1
17:31:05.0271 0596  ============================================================
17:31:05.0271 0596  Initialize success
17:31:05.0271 0596  ============================================================
17:34:03.0234 5908  ============================================================
17:34:03.0234 5908  Scan started
17:34:03.0234 5908  Mode: Manual; SigCheck; TDLFS; 
17:34:03.0234 5908  ============================================================
17:34:04.0559 5908  ================ Scan system memory ========================
17:34:04.0559 5908  System memory - ok
17:34:04.0559 5908  ================ Scan services =============================
17:34:04.0923 5908  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:34:04.0987 5908  1394ohci - ok
17:34:05.0010 5908  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:34:05.0022 5908  ACPI - ok
17:34:05.0037 5908  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:34:05.0096 5908  AcpiPmi - ok
17:34:05.0169 5908  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:34:05.0177 5908  AdobeARMservice - ok
17:34:05.0266 5908  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:34:05.0278 5908  AdobeFlashPlayerUpdateSvc - ok
17:34:05.0332 5908  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:34:05.0349 5908  adp94xx - ok
17:34:05.0360 5908  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:34:05.0375 5908  adpahci - ok
17:34:05.0388 5908  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:34:05.0400 5908  adpu320 - ok
17:34:05.0432 5908  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:34:05.0527 5908  AeLookupSvc - ok
17:34:05.0570 5908  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:34:05.0620 5908  AFD - ok
17:34:05.0651 5908  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:34:05.0661 5908  agp440 - ok
17:34:05.0681 5908  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:34:05.0727 5908  ALG - ok
17:34:05.0738 5908  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:34:05.0748 5908  aliide - ok
17:34:05.0788 5908  [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:34:05.0839 5908  AMD External Events Utility - ok
17:34:05.0903 5908  AMD FUEL Service - ok
17:34:05.0906 5908  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:34:05.0916 5908  amdide - ok
17:34:05.0945 5908  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
17:34:05.0956 5908  amdiox64 - ok
17:34:05.0990 5908  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:34:06.0033 5908  AmdK8 - ok
17:34:06.0222 5908  [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:34:06.0437 5908  amdkmdag - ok
17:34:06.0462 5908  [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:34:06.0485 5908  amdkmdap - ok
17:34:06.0505 5908  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:34:06.0538 5908  AmdPPM - ok
17:34:06.0575 5908  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:34:06.0586 5908  amdsata - ok
17:34:06.0617 5908  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:34:06.0629 5908  amdsbs - ok
17:34:06.0640 5908  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:34:06.0649 5908  amdxata - ok
17:34:06.0670 5908  [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:34:06.0679 5908  AODDriver4.1 - ok
17:34:06.0720 5908  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:34:06.0755 5908  AppID - ok
17:34:06.0770 5908  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:34:06.0797 5908  AppIDSvc - ok
17:34:06.0827 5908  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
17:34:06.0843 5908  Appinfo - ok
17:34:06.0916 5908  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:34:06.0924 5908  Apple Mobile Device - ok
17:34:06.0945 5908  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:34:06.0976 5908  AppMgmt - ok
17:34:06.0989 5908  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:34:07.0000 5908  arc - ok
17:34:07.0013 5908  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:34:07.0024 5908  arcsas - ok
17:34:07.0128 5908  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:34:07.0138 5908  aspnet_state - ok
17:34:07.0170 5908  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:34:07.0206 5908  AsyncMac - ok
17:34:07.0234 5908  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:34:07.0243 5908  atapi - ok
17:34:07.0286 5908  [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
17:34:07.0295 5908  AtiHDAudioService - ok
17:34:07.0458 5908  [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:34:07.0572 5908  atikmdag - ok
17:34:07.0632 5908  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:34:07.0688 5908  AudioEndpointBuilder - ok
17:34:07.0696 5908  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:34:07.0727 5908  AudioSrv - ok
17:34:07.0959 5908  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
17:34:08.0061 5908  AVGIDSAgent - ok
17:34:08.0092 5908  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:34:08.0103 5908  AVGIDSDriver - ok
17:34:08.0111 5908  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
17:34:08.0120 5908  AVGIDSHA - ok
17:34:08.0132 5908  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
17:34:08.0143 5908  Avgldx64 - ok
17:34:08.0172 5908  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
17:34:08.0182 5908  Avgloga - ok
17:34:08.0196 5908  [ 841C40C193889730848849AC220D9242 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
17:34:08.0206 5908  Avgmfx64 - ok
17:34:08.0217 5908  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
17:34:08.0226 5908  Avgrkx64 - ok
17:34:08.0237 5908  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
17:34:08.0248 5908  Avgtdia - ok
17:34:08.0275 5908  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
17:34:08.0286 5908  avgwd - ok
17:34:08.0330 5908  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:34:08.0377 5908  AxInstSV - ok
17:34:08.0419 5908  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:34:08.0454 5908  b06bdrv - ok
17:34:08.0476 5908  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:34:08.0505 5908  b57nd60a - ok
17:34:08.0547 5908  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:34:08.0566 5908  BDESVC - ok
17:34:08.0580 5908  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:34:08.0618 5908  Beep - ok
17:34:08.0671 5908  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:34:08.0720 5908  BFE - ok
17:34:08.0764 5908  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:34:08.0822 5908  BITS - ok
17:34:08.0839 5908  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:34:08.0862 5908  blbdrive - ok
17:34:08.0908 5908  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:34:08.0921 5908  Bonjour Service - ok
17:34:08.0942 5908  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:34:08.0968 5908  bowser - ok
17:34:08.0988 5908  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:34:09.0031 5908  BrFiltLo - ok
17:34:09.0050 5908  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:34:09.0061 5908  BrFiltUp - ok
17:34:09.0084 5908  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:34:09.0101 5908  Browser - ok
17:34:09.0124 5908  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:34:09.0158 5908  Brserid - ok
17:34:09.0179 5908  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:34:09.0191 5908  BrSerWdm - ok
17:34:09.0209 5908  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:34:09.0243 5908  BrUsbMdm - ok
17:34:09.0257 5908  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:34:09.0267 5908  BrUsbSer - ok
17:34:09.0286 5908  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:34:09.0326 5908  BTHMODEM - ok
17:34:09.0364 5908  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:34:09.0400 5908  bthserv - ok
17:34:09.0413 5908  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:34:09.0456 5908  cdfs - ok
17:34:09.0500 5908  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
17:34:09.0526 5908  cdrom - ok
17:34:09.0570 5908  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:34:09.0597 5908  CertPropSvc - ok
17:34:09.0602 5908  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:34:09.0631 5908  circlass - ok
17:34:09.0667 5908  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:34:09.0680 5908  CLFS - ok
17:34:09.0808 5908  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:34:09.0818 5908  clr_optimization_v2.0.50727_32 - ok
17:34:09.0855 5908  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:34:09.0865 5908  clr_optimization_v2.0.50727_64 - ok
17:34:09.0932 5908  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:34:09.0941 5908  clr_optimization_v4.0.30319_32 - ok
17:34:09.0947 5908  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:34:09.0956 5908  clr_optimization_v4.0.30319_64 - ok
17:34:09.0975 5908  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:34:09.0999 5908  CmBatt - ok
17:34:10.0047 5908  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:34:10.0056 5908  cmdide - ok
17:34:10.0081 5908  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:34:10.0109 5908  CNG - ok
17:34:10.0123 5908  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:34:10.0132 5908  Compbatt - ok
17:34:10.0151 5908  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:34:10.0162 5908  CompositeBus - ok
17:34:10.0166 5908  COMSysApp - ok
17:34:10.0169 5908  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:34:10.0179 5908  crcdisk - ok
17:34:10.0190 5908  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:34:10.0200 5908  CryptSvc - ok
17:34:10.0237 5908  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
17:34:10.0291 5908  CSC - ok
17:34:10.0315 5908  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
17:34:10.0340 5908  CscService - ok
17:34:10.0378 5908  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:34:10.0419 5908  DcomLaunch - ok
17:34:10.0444 5908  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:34:10.0485 5908  defragsvc - ok
17:34:10.0512 5908  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:34:10.0554 5908  DfsC - ok
17:34:10.0569 5908  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:34:10.0615 5908  Dhcp - ok
17:34:10.0629 5908  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:34:10.0662 5908  discache - ok
17:34:10.0683 5908  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:34:10.0692 5908  Disk - ok
17:34:10.0707 5908  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:34:10.0735 5908  Dnscache - ok
17:34:10.0780 5908  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:34:10.0826 5908  dot3svc - ok
17:34:10.0859 5908  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:34:10.0895 5908  DPS - ok
17:34:10.0930 5908  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:34:10.0949 5908  drmkaud - ok
17:34:11.0002 5908  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:34:11.0014 5908  dtsoftbus01 - ok
17:34:11.0062 5908  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:34:11.0115 5908  DXGKrnl - ok
17:34:11.0141 5908  EagleX64 - ok
17:34:11.0177 5908  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:34:11.0212 5908  EapHost - ok
17:34:11.0324 5908  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:34:11.0383 5908  ebdrv - ok
17:34:11.0410 5908  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:34:11.0443 5908  EFS - ok
17:34:11.0464 5908  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:34:11.0482 5908  elxstor - ok
17:34:11.0491 5908  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:34:11.0510 5908  ErrDev - ok
17:34:11.0537 5908  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:34:11.0568 5908  EventSystem - ok
17:34:11.0613 5908  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:34:11.0642 5908  exfat - ok
17:34:11.0664 5908  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:34:11.0701 5908  fastfat - ok
17:34:11.0715 5908  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:34:11.0735 5908  fdc - ok
17:34:11.0761 5908  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:34:11.0788 5908  fdPHost - ok
17:34:11.0798 5908  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:34:11.0839 5908  FDResPub - ok
17:34:11.0861 5908  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:34:11.0871 5908  FileInfo - ok
17:34:11.0880 5908  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:34:11.0920 5908  Filetrace - ok
17:34:11.0938 5908  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:34:11.0947 5908  flpydisk - ok
17:34:11.0984 5908  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:34:11.0996 5908  FltMgr - ok
17:34:12.0042 5908  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
17:34:12.0073 5908  FontCache - ok
17:34:12.0138 5908  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:34:12.0146 5908  FontCache3.0.0.0 - ok
17:34:12.0164 5908  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:34:12.0175 5908  FsDepends - ok
17:34:12.0203 5908  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:34:12.0212 5908  Fs_Rec - ok
17:34:12.0256 5908  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:34:12.0270 5908  fvevol - ok
17:34:12.0286 5908  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:34:12.0296 5908  gagp30kx - ok
17:34:12.0335 5908  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:34:12.0355 5908  GEARAspiWDM - ok
17:34:12.0391 5908  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:34:12.0428 5908  gpsvc - ok
17:34:12.0480 5908  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
17:34:12.0488 5908  hamachi - ok
17:34:12.0583 5908  [ DBCF8F2EA9111510B5B86E1EE9CD8816 ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
17:34:12.0629 5908  Hamachi2Svc - ok
17:34:12.0649 5908  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:34:12.0677 5908  hcw85cir - ok
17:34:12.0731 5908  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:34:12.0756 5908  HdAudAddService - ok
17:34:12.0783 5908  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:34:12.0808 5908  HDAudBus - ok
17:34:12.0823 5908  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:34:12.0833 5908  HidBatt - ok
17:34:12.0845 5908  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:34:12.0869 5908  HidBth - ok
17:34:12.0878 5908  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:34:12.0889 5908  HidIr - ok
17:34:12.0918 5908  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:34:12.0960 5908  hidserv - ok
17:34:13.0000 5908  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:34:13.0010 5908  HidUsb - ok
17:34:13.0047 5908  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:34:13.0101 5908  hkmsvc - ok
17:34:13.0132 5908  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:34:13.0164 5908  HomeGroupListener - ok
17:34:13.0177 5908  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:34:13.0188 5908  HomeGroupProvider - ok
17:34:13.0206 5908  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:34:13.0217 5908  HpSAMD - ok
17:34:13.0260 5908  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:34:13.0307 5908  HTTP - ok
17:34:13.0334 5908  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:34:13.0343 5908  hwpolicy - ok
17:34:13.0373 5908  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:34:13.0383 5908  i8042prt - ok
17:34:13.0411 5908  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:34:13.0427 5908  iaStorV - ok
17:34:13.0477 5908  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:34:13.0521 5908  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:34:13.0521 5908  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:34:13.0564 5908  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:34:13.0586 5908  idsvc - ok
17:34:13.0616 5908  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:34:13.0626 5908  iirsp - ok
17:34:13.0645 5908  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:34:13.0691 5908  IKEEXT - ok
17:34:13.0708 5908  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:34:13.0718 5908  intelide - ok
17:34:13.0736 5908  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:34:13.0755 5908  intelppm - ok
17:34:13.0786 5908  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:34:13.0814 5908  IPBusEnum - ok
17:34:13.0845 5908  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:34:13.0881 5908  IpFilterDriver - ok
17:34:13.0920 5908  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:34:13.0959 5908  iphlpsvc - ok
17:34:13.0985 5908  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:34:13.0995 5908  IPMIDRV - ok
17:34:14.0011 5908  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:34:14.0049 5908  IPNAT - ok
17:34:14.0091 5908  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:34:14.0110 5908  iPod Service - ok
17:34:14.0133 5908  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:34:14.0160 5908  IRENUM - ok
17:34:14.0179 5908  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:34:14.0188 5908  isapnp - ok
17:34:14.0204 5908  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:34:14.0217 5908  iScsiPrt - ok
17:34:14.0231 5908  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:34:14.0241 5908  kbdclass - ok
17:34:14.0259 5908  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:34:14.0279 5908  kbdhid - ok
17:34:14.0296 5908  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:34:14.0305 5908  KeyIso - ok
17:34:14.0329 5908  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:34:14.0338 5908  KSecDD - ok
17:34:14.0348 5908  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:34:14.0358 5908  KSecPkg - ok
17:34:14.0372 5908  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:34:14.0410 5908  ksthunk - ok
17:34:14.0440 5908  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:34:14.0480 5908  KtmRm - ok
17:34:14.0533 5908  [ CE4347E2D90DB2E5517B6F2BC720A862 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
17:34:14.0548 5908  LADF_CaptureOnly - ok
17:34:14.0560 5908  [ 85A9D21D3AE2EA963E111CB150895877 ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
17:34:14.0573 5908  LADF_RenderOnly - ok
17:34:14.0621 5908  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:34:14.0660 5908  LanmanServer - ok
17:34:14.0691 5908  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:34:14.0718 5908  LanmanWorkstation - ok
17:34:14.0768 5908  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
17:34:14.0781 5908  LGBusEnum - ok
17:34:14.0810 5908  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
17:34:14.0818 5908  LGVirHid - ok
17:34:14.0837 5908  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:34:14.0878 5908  lltdio - ok
17:34:14.0897 5908  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:34:14.0939 5908  lltdsvc - ok
17:34:14.0953 5908  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:34:14.0980 5908  lmhosts - ok
17:34:15.0003 5908  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:34:15.0014 5908  LSI_FC - ok
17:34:15.0026 5908  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:34:15.0037 5908  LSI_SAS - ok
17:34:15.0046 5908  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:34:15.0056 5908  LSI_SAS2 - ok
17:34:15.0069 5908  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:34:15.0080 5908  LSI_SCSI - ok
17:34:15.0108 5908  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:34:15.0150 5908  luafv - ok
17:34:15.0192 5908  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:34:15.0202 5908  MBAMProtector - ok
17:34:15.0240 5908  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:34:15.0253 5908  MBAMScheduler - ok
17:34:15.0272 5908  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:34:15.0288 5908  MBAMService - ok
17:34:15.0297 5908  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:34:15.0307 5908  megasas - ok
17:34:15.0319 5908  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:34:15.0333 5908  MegaSR - ok
17:34:15.0382 5908  Microsoft SharePoint Workspace Audit Service - ok
17:34:15.0410 5908  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:34:15.0438 5908  MMCSS - ok
17:34:15.0454 5908  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:34:15.0488 5908  Modem - ok
17:34:15.0491 5908  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:34:15.0510 5908  monitor - ok
17:34:15.0553 5908  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:34:15.0563 5908  mouclass - ok
17:34:15.0577 5908  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:34:15.0587 5908  mouhid - ok
17:34:15.0617 5908  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:34:15.0627 5908  mountmgr - ok
17:34:15.0664 5908  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:34:15.0674 5908  MozillaMaintenance - ok
17:34:15.0688 5908  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:34:15.0699 5908  mpio - ok
17:34:15.0713 5908  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:34:15.0741 5908  mpsdrv - ok
17:34:15.0782 5908  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:34:15.0832 5908  MpsSvc - ok
17:34:15.0857 5908  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:34:15.0883 5908  MRxDAV - ok
17:34:15.0912 5908  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:34:15.0949 5908  mrxsmb - ok
17:34:15.0961 5908  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:34:15.0985 5908  mrxsmb10 - ok
17:34:15.0996 5908  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:34:16.0006 5908  mrxsmb20 - ok
17:34:16.0034 5908  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:34:16.0043 5908  msahci - ok
17:34:16.0058 5908  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:34:16.0070 5908  msdsm - ok
17:34:16.0078 5908  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:34:16.0090 5908  MSDTC - ok
17:34:16.0119 5908  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:34:16.0146 5908  Msfs - ok
17:34:16.0157 5908  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:34:16.0184 5908  mshidkmdf - ok
17:34:16.0190 5908  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:34:16.0199 5908  msisadrv - ok
17:34:16.0236 5908  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:34:16.0266 5908  MSiSCSI - ok
17:34:16.0269 5908  msiserver - ok
17:34:16.0286 5908  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:34:16.0327 5908  MSKSSRV - ok
17:34:16.0345 5908  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:34:16.0388 5908  MSPCLOCK - ok
17:34:16.0392 5908  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:34:16.0432 5908  MSPQM - ok
17:34:16.0465 5908  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:34:16.0478 5908  MsRPC - ok
17:34:16.0488 5908  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:34:16.0497 5908  mssmbios - ok
17:34:16.0500 5908  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:34:16.0528 5908  MSTEE - ok
17:34:16.0562 5908  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:34:16.0571 5908  MTConfig - ok
17:34:16.0592 5908  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:34:16.0602 5908  Mup - ok
17:34:16.0645 5908  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:34:16.0688 5908  napagent - ok
17:34:16.0708 5908  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:34:16.0724 5908  NativeWifiP - ok
17:34:16.0764 5908  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:34:16.0788 5908  NDIS - ok
17:34:16.0798 5908  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:34:16.0838 5908  NdisCap - ok
17:34:16.0873 5908  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:34:16.0912 5908  NdisTapi - ok
17:34:16.0943 5908  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:34:16.0969 5908  Ndisuio - ok
17:34:17.0002 5908  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:34:17.0040 5908  NdisWan - ok
17:34:17.0067 5908  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:34:17.0102 5908  NDProxy - ok
17:34:17.0122 5908  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:34:17.0149 5908  NetBIOS - ok
17:34:17.0165 5908  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:34:17.0194 5908  NetBT - ok
17:34:17.0208 5908  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:34:17.0217 5908  Netlogon - ok
17:34:17.0255 5908  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:34:17.0306 5908  Netman - ok
17:34:17.0340 5908  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:34:17.0349 5908  NetMsmqActivator - ok
17:34:17.0353 5908  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:34:17.0361 5908  NetPipeActivator - ok
17:34:17.0383 5908  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:34:17.0431 5908  netprofm - ok
17:34:17.0485 5908  [ D66596DB0A0739A89C25B590CE36D628 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
17:34:17.0515 5908  netr28x - ok
17:34:17.0527 5908  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:34:17.0536 5908  NetTcpActivator - ok
17:34:17.0539 5908  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:34:17.0548 5908  NetTcpPortSharing - ok
17:34:17.0557 5908  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:34:17.0566 5908  nfrd960 - ok
17:34:17.0618 5908  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:34:17.0655 5908  NlaSvc - ok
17:34:17.0690 5908  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\Windows\system32\drivers\npf.sys
17:34:17.0699 5908  NPF - ok
17:34:17.0720 5908  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:34:17.0747 5908  Npfs - ok
17:34:17.0783 5908  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:34:17.0826 5908  nsi - ok
17:34:17.0838 5908  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:34:17.0865 5908  nsiproxy - ok
17:34:17.0906 5908  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:34:17.0942 5908  Ntfs - ok
17:34:17.0950 5908  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:34:17.0984 5908  Null - ok
17:34:18.0011 5908  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:34:18.0023 5908  nvraid - ok
17:34:18.0040 5908  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:34:18.0051 5908  nvstor - ok
17:34:18.0082 5908  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:34:18.0093 5908  nv_agp - ok
17:34:18.0105 5908  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:34:18.0115 5908  ohci1394 - ok
17:34:18.0160 5908  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:34:18.0171 5908  ose - ok
17:34:18.0297 5908  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:34:18.0398 5908  osppsvc - ok
17:34:18.0482 5908  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:34:18.0505 5908  p2pimsvc - ok
17:34:18.0526 5908  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:34:18.0550 5908  p2psvc - ok
17:34:18.0575 5908  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:34:18.0585 5908  Parport - ok
17:34:18.0611 5908  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:34:18.0621 5908  partmgr - ok
17:34:18.0632 5908  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:34:18.0659 5908  PcaSvc - ok
17:34:18.0675 5908  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:34:18.0686 5908  pci - ok
17:34:18.0699 5908  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:34:18.0708 5908  pciide - ok
17:34:18.0731 5908  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:34:18.0744 5908  pcmcia - ok
17:34:18.0760 5908  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:34:18.0769 5908  pcw - ok
17:34:18.0787 5908  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:34:18.0831 5908  PEAUTH - ok
17:34:18.0953 5908  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:34:19.0011 5908  PeerDistSvc - ok
17:34:19.0137 5908  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:34:19.0158 5908  PerfHost - ok
17:34:19.0209 5908  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:34:19.0266 5908  pla - ok
17:34:19.0303 5908  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:34:19.0342 5908  PlugPlay - ok
17:34:19.0353 5908  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:34:19.0376 5908  PNRPAutoReg - ok
17:34:19.0394 5908  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:34:19.0406 5908  PNRPsvc - ok
17:34:19.0444 5908  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:34:19.0490 5908  PolicyAgent - ok
17:34:19.0521 5908  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:34:19.0564 5908  Power - ok
17:34:19.0616 5908  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:34:19.0659 5908  PptpMiniport - ok
17:34:19.0684 5908  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:34:19.0707 5908  Processor - ok
17:34:19.0726 5908  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
17:34:19.0763 5908  ProfSvc - ok
17:34:19.0779 5908  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:34:19.0788 5908  ProtectedStorage - ok
17:34:19.0835 5908  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:34:19.0862 5908  Psched - ok
17:34:19.0899 5908  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:34:19.0933 5908  ql2300 - ok
17:34:19.0946 5908  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:34:19.0958 5908  ql40xx - ok
17:34:19.0994 5908  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:34:20.0010 5908  QWAVE - ok
17:34:20.0031 5908  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:34:20.0044 5908  QWAVEdrv - ok
17:34:20.0060 5908  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:34:20.0095 5908  RasAcd - ok
17:34:20.0133 5908  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:34:20.0161 5908  RasAgileVpn - ok
17:34:20.0175 5908  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:34:20.0203 5908  RasAuto - ok
17:34:20.0233 5908  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:34:20.0270 5908  Rasl2tp - ok
17:34:20.0287 5908  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:34:20.0318 5908  RasMan - ok
17:34:20.0332 5908  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:34:20.0375 5908  RasPppoe - ok
17:34:20.0388 5908  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:34:20.0417 5908  RasSstp - ok
17:34:20.0428 5908  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:34:20.0468 5908  rdbss - ok
17:34:20.0488 5908  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:34:20.0513 5908  rdpbus - ok
17:34:20.0530 5908  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:34:20.0557 5908  RDPCDD - ok
17:34:20.0618 5908  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:34:20.0640 5908  RDPDR - ok
17:34:20.0668 5908  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:34:20.0705 5908  RDPENCDD - ok
17:34:20.0715 5908  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:34:20.0742 5908  RDPREFMP - ok
17:34:20.0797 5908  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:34:20.0818 5908  RdpVideoMiniport - ok
17:34:20.0844 5908  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:34:20.0881 5908  RDPWD - ok
17:34:20.0917 5908  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:34:20.0929 5908  rdyboost - ok
17:34:20.0965 5908  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:34:21.0002 5908  RemoteAccess - ok
17:34:21.0032 5908  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:34:21.0071 5908  RemoteRegistry - ok
17:34:21.0104 5908  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
17:34:21.0113 5908  rpcapd - ok
17:34:21.0127 5908  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:34:21.0169 5908  RpcEptMapper - ok
17:34:21.0173 5908  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:34:21.0196 5908  RpcLocator - ok
17:34:21.0226 5908  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:34:21.0257 5908  RpcSs - ok
17:34:21.0287 5908  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:34:21.0314 5908  rspndr - ok
17:34:21.0353 5908  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:34:21.0365 5908  RTL8167 - ok
17:34:21.0402 5908  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
17:34:21.0443 5908  s3cap - ok
17:34:21.0454 5908  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:34:21.0463 5908  SamSs - ok
17:34:21.0477 5908  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:34:21.0488 5908  sbp2port - ok
17:34:21.0510 5908  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:34:21.0551 5908  SCardSvr - ok
17:34:21.0582 5908  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:34:21.0621 5908  scfilter - ok
17:34:21.0664 5908  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:34:21.0716 5908  Schedule - ok
17:34:21.0746 5908  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:34:21.0772 5908  SCPolicySvc - ok
17:34:21.0804 5908  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:34:21.0826 5908  SDRSVC - ok
17:34:21.0846 5908  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:34:21.0872 5908  secdrv - ok
17:34:21.0883 5908  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:34:21.0919 5908  seclogon - ok
17:34:21.0944 5908  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:34:21.0980 5908  SENS - ok
17:34:21.0993 5908  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:34:22.0009 5908  SensrSvc - ok
17:34:22.0024 5908  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:34:22.0050 5908  Serenum - ok
17:34:22.0065 5908  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:34:22.0075 5908  Serial - ok
17:34:22.0085 5908  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:34:22.0109 5908  sermouse - ok
17:34:22.0143 5908  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:34:22.0187 5908  SessionEnv - ok
17:34:22.0209 5908  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:34:22.0232 5908  sffdisk - ok
17:34:22.0245 5908  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:34:22.0269 5908  sffp_mmc - ok
17:34:22.0282 5908  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:34:22.0310 5908  sffp_sd - ok
17:34:22.0331 5908  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:34:22.0352 5908  sfloppy - ok
17:34:22.0384 5908  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:34:22.0416 5908  SharedAccess - ok
17:34:22.0452 5908  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:34:22.0483 5908  ShellHWDetection - ok
17:34:22.0496 5908  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:34:22.0506 5908  SiSRaid2 - ok
17:34:22.0521 5908  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:34:22.0531 5908  SiSRaid4 - ok
17:34:22.0576 5908  [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:34:22.0585 5908  SkypeUpdate - ok
17:34:22.0601 5908  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:34:22.0635 5908  Smb - ok
17:34:22.0673 5908  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:34:22.0697 5908  SNMPTRAP - ok
17:34:22.0715 5908  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:34:22.0724 5908  spldr - ok
17:34:22.0818 5908  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
17:34:22.0850 5908  Spooler - ok
17:34:23.0014 5908  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:34:23.0100 5908  sppsvc - ok
17:34:23.0121 5908  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:34:23.0159 5908  sppuinotify - ok
17:34:23.0187 5908  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:34:23.0227 5908  srv - ok
17:34:23.0240 5908  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:34:23.0254 5908  srv2 - ok
17:34:23.0267 5908  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:34:23.0292 5908  srvnet - ok
17:34:23.0334 5908  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:34:23.0375 5908  SSDPSRV - ok
17:34:23.0393 5908  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:34:23.0421 5908  SstpSvc - ok
17:34:23.0442 5908  Steam Client Service - ok
17:34:23.0463 5908  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:34:23.0472 5908  stexstor - ok
17:34:23.0513 5908  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:34:23.0547 5908  stisvc - ok
17:34:23.0576 5908  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
17:34:23.0585 5908  storflt - ok
17:34:23.0599 5908  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
17:34:23.0608 5908  storvsc - ok
17:34:23.0636 5908  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:34:23.0645 5908  swenum - ok
17:34:23.0658 5908  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:34:23.0703 5908  swprv - ok
17:34:23.0736 5908  Synth3dVsc - ok
17:34:23.0786 5908  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:34:23.0838 5908  SysMain - ok
17:34:23.0866 5908  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:34:23.0893 5908  TabletInputService - ok
17:34:23.0923 5908  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:34:23.0967 5908  TapiSrv - ok
17:34:23.0994 5908  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:34:24.0021 5908  TBS - ok
17:34:24.0070 5908  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:34:24.0111 5908  Tcpip - ok
17:34:24.0140 5908  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:34:24.0170 5908  TCPIP6 - ok
17:34:24.0205 5908  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:34:24.0246 5908  tcpipreg - ok
17:34:24.0284 5908  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:34:24.0371 5908  TDPIPE - ok
17:34:24.0427 5908  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:34:24.0477 5908  TDTCP - ok
17:34:24.0561 5908  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:34:24.0588 5908  tdx - ok
17:34:24.0628 5908  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:34:24.0645 5908  TermDD - ok
17:34:24.0694 5908  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:34:24.0730 5908  TermService - ok
17:34:24.0742 5908  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:34:24.0773 5908  Themes - ok
17:34:24.0799 5908  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:34:24.0828 5908  THREADORDER - ok
17:34:24.0849 5908  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:34:24.0888 5908  TrkWks - ok
17:34:24.0957 5908  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:34:24.0985 5908  TrustedInstaller - ok
17:34:25.0017 5908  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:34:25.0059 5908  tssecsrv - ok
17:34:25.0073 5908  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:34:25.0090 5908  TsUsbFlt - ok
17:34:25.0103 5908  tsusbhub - ok
17:34:25.0147 5908  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:34:25.0187 5908  tunnel - ok
17:34:25.0199 5908  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:34:25.0209 5908  uagp35 - ok
17:34:25.0242 5908  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:34:25.0287 5908  udfs - ok
17:34:25.0316 5908  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:34:25.0326 5908  UI0Detect - ok
17:34:25.0343 5908  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:34:25.0353 5908  uliagpkx - ok
17:34:25.0393 5908  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
17:34:25.0414 5908  umbus - ok
17:34:25.0431 5908  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:34:25.0453 5908  UmPass - ok
17:34:25.0469 5908  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
17:34:25.0481 5908  UmRdpService - ok
17:34:25.0518 5908  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:34:25.0567 5908  upnphost - ok
17:34:25.0589 5908  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
17:34:25.0633 5908  USBAAPL64 - ok
17:34:25.0675 5908  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:34:25.0698 5908  usbaudio - ok
17:34:25.0721 5908  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:34:25.0757 5908  usbccgp - ok
17:34:25.0786 5908  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:34:25.0798 5908  usbcir - ok
17:34:25.0814 5908  [ 74EE782B1D9C241EFE425565854C661C ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:34:25.0833 5908  usbehci - ok
17:34:25.0864 5908  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\Windows\system32\drivers\usbhub.sys
17:34:25.0878 5908  usbhub - ok
17:34:25.0904 5908  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:34:25.0914 5908  usbohci - ok
17:34:25.0935 5908  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:34:25.0960 5908  usbprint - ok
17:34:25.0972 5908  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
17:34:25.0994 5908  USBSTOR - ok
17:34:26.0010 5908  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:34:26.0034 5908  usbuhci - ok
17:34:26.0050 5908  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:34:26.0078 5908  UxSms - ok
17:34:26.0090 5908  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:34:26.0099 5908  VaultSvc - ok
17:34:26.0108 5908  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:34:26.0118 5908  vdrvroot - ok
17:34:26.0156 5908  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:34:26.0199 5908  vds - ok
17:34:26.0217 5908  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:34:26.0228 5908  vga - ok
17:34:26.0242 5908  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:34:26.0298 5908  VgaSave - ok
17:34:26.0314 5908  VGPU - ok
17:34:26.0336 5908  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:34:26.0349 5908  vhdmp - ok
17:34:26.0389 5908  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:34:26.0399 5908  viaide - ok
17:34:26.0417 5908  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
17:34:26.0428 5908  vmbus - ok
17:34:26.0441 5908  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
17:34:26.0464 5908  VMBusHID - ok
17:34:26.0484 5908  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:34:26.0493 5908  volmgr - ok
17:34:26.0529 5908  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:34:26.0542 5908  volmgrx - ok
17:34:26.0584 5908  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:34:26.0596 5908  volsnap - ok
17:34:26.0613 5908  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:34:26.0625 5908  vsmraid - ok
17:34:26.0682 5908  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:34:26.0745 5908  VSS - ok
17:34:26.0759 5908  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:34:26.0771 5908  vwifibus - ok
17:34:26.0792 5908  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:34:26.0806 5908  vwififlt - ok
17:34:26.0842 5908  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:34:26.0874 5908  W32Time - ok
17:34:26.0891 5908  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:34:26.0915 5908  WacomPen - ok
17:34:26.0941 5908  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:34:26.0968 5908  WANARP - ok
17:34:26.0971 5908  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:34:26.0997 5908  Wanarpv6 - ok
17:34:27.0037 5908  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:34:27.0067 5908  WatAdminSvc - ok
17:34:27.0115 5908  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:34:27.0152 5908  wbengine - ok
17:34:27.0163 5908  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:34:27.0178 5908  WbioSrvc - ok
17:34:27.0189 5908  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:34:27.0208 5908  wcncsvc - ok
17:34:27.0216 5908  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:34:27.0230 5908  WcsPlugInService - ok
17:34:27.0247 5908  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:34:27.0256 5908  Wd - ok
17:34:27.0277 5908  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:34:27.0295 5908  Wdf01000 - ok
17:34:27.0306 5908  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:34:27.0362 5908  WdiServiceHost - ok
17:34:27.0365 5908  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:34:27.0379 5908  WdiSystemHost - ok
17:34:27.0410 5908  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:34:27.0440 5908  WebClient - ok
17:34:27.0462 5908  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:34:27.0517 5908  Wecsvc - ok
17:34:27.0526 5908  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:34:27.0575 5908  wercplsupport - ok
17:34:27.0603 5908  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:34:27.0632 5908  WerSvc - ok
17:34:27.0663 5908  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:34:27.0690 5908  WfpLwf - ok
17:34:27.0710 5908  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:34:27.0720 5908  WIMMount - ok
17:34:27.0746 5908  WinDefend - ok
17:34:27.0756 5908  WinHttpAutoProxySvc - ok
17:34:27.0827 5908  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:34:27.0856 5908  Winmgmt - ok
17:34:27.0895 5908  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:34:27.0947 5908  WinRM - ok
17:34:27.0976 5908  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:34:27.0988 5908  WinUsb - ok
17:34:28.0068 5908  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:34:28.0095 5908  Wlansvc - ok
17:34:28.0135 5908  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:34:28.0155 5908  WmiAcpi - ok
17:34:28.0175 5908  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:34:28.0199 5908  wmiApSrv - ok
17:34:28.0202 5908  WMPNetworkSvc - ok
17:34:28.0206 5908  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:34:28.0228 5908  WPCSvc - ok
17:34:28.0263 5908  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:34:28.0275 5908  WPDBusEnum - ok
17:34:28.0292 5908  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:34:28.0338 5908  ws2ifsl - ok
17:34:28.0353 5908  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:34:28.0381 5908  wscsvc - ok
17:34:28.0384 5908  WSearch - ok
17:34:28.0492 5908  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:34:28.0541 5908  wuauserv - ok
17:34:28.0551 5908  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:34:28.0586 5908  WudfPf - ok
17:34:28.0618 5908  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:34:28.0659 5908  WUDFRd - ok
17:34:28.0673 5908  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:34:28.0700 5908  wudfsvc - ok
17:34:28.0729 5908  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:34:28.0760 5908  WwanSvc - ok
17:34:28.0857 5908  X6va012 - ok
17:34:28.0897 5908  [ 110F1BC710AD99423114CAE79F83C0F7 ] {09BB444F-B2E2-4009-BAF2-7B727681223E} C:\Program Files (x86)\VMLaunch\BuddyVM.sys
17:34:28.0915 5908  {09BB444F-B2E2-4009-BAF2-7B727681223E} ( UnsignedFile.Multi.Generic ) - warning
17:34:28.0915 5908  {09BB444F-B2E2-4009-BAF2-7B727681223E} - detected UnsignedFile.Multi.Generic (1)
17:34:28.0933 5908  ================ Scan global ===============================
17:34:28.0959 5908  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:34:28.0996 5908  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:34:29.0002 5908  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:34:29.0033 5908  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:34:29.0066 5908  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:34:29.0068 5908  [Global] - ok
17:34:29.0069 5908  ================ Scan MBR ==================================
17:34:29.0079 5908  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:34:29.0258 5908  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:34:29.0258 5908  \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:34:29.0259 5908  ================ Scan VBR ==================================
17:34:29.0261 5908  [ 117AD0D09F06727BC770A56F219BAD52 ] \Device\Harddisk0\DR0\Partition1
17:34:29.0279 5908  \Device\Harddisk0\DR0\Partition1 - ok
17:34:29.0279 5908  ============================================================
17:34:29.0279 5908  Scan finished
17:34:29.0279 5908  ============================================================
17:34:29.0288 5960  Detected object count: 3
17:34:29.0288 5960  Actual detected object count: 3
17:35:28.0216 5960  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:35:28.0216 5960  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:35:28.0218 5960  {09BB444F-B2E2-4009-BAF2-7B727681223E} ( UnsignedFile.Multi.Generic ) - skipped by user
17:35:28.0218 5960  {09BB444F-B2E2-4009-BAF2-7B727681223E} ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:35:28.0219 5960  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:35:28.0219 5960  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
 

 

 

P.S.

  • Under Objects to scan, check the boxes next to Verify file digital signaturesDetect TDLFS file system, then click OK.

These options were actually under Additional Options, in the version you linked me. Just thought I'd let you know.



#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:56 PM

Posted 30 June 2013 - 11:00 AM

Hi

 

Ok thank you

 

--------------------

 

IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes.
They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms.
This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.
Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities.
You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them.
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:



Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say:

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Help: I Got Hacked. Now What Do I Do?.

We will do our best to clean the computer of any infections seen on the log. However, because of the nature of this Trojan, I cannot offer a total
guarantee that there are no remnants left in the system, or that the computer will be trustworthy.

Many security experts believe that once infected with this type of Trojan, the best course of action is to reformat and reinstall the Operating System.
Making this decision is based on what the computer is used for, and what information can be accessed from it.

Knowing the above, do you wish to proceed with cleaning the malware from the computer?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 thibauld

thibauld
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 30 June 2013 - 11:30 AM

Hi again, thanks for the help.

 

While I often do banking stuff on this PC I've never seen any weird transactions or money being taken out of my account, and frankly, that's the only thing I worry about. 

I think I've actually had the same or very similar trojans on this PC before my latest windows reinstall, but I never actually completely wiped the harddrive and had windows leave a folder on the disk with files I wanted to keep.

There isn't much data on this PC that I'd want to save now, but would it be safe to put these on a USB drive?

 

I've had a few other problems as well, since yesterday one of my games completely broke and I cant get it working again, but this should be solves with a full windows reinstall too, so lets just do that. Is there any way you can help me with completely wiping the HD? 

 

However, this might still leave the problem that our internet speed for our entire house is currently just bleep. It could be that my PC is the source of this, or it could be someone elses PC or something on the network, but would that be easier to check if we didnt wipe my PC first?



#6 thibauld

thibauld
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 30 June 2013 - 12:10 PM

Here are the logs of the other programs I forgot to add to my previous post.

 

adwCleaner:

 

# AdwCleaner v2.303 - Logfile created 06/30/2013 at 19:02:18
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Thibauld - THIBAULD-PC
# Boot Mode : Normal
# Running from : C:\Users\Thibauld\Desktop\AdwCleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\contIInuEetosave
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Folder Found : C:\ProgramData\SeaarucHy-NewyTiaob
Folder Found : C:\Users\Thibauld\AppData\Roaming\Mozilla\Firefox\Profiles\z4wg9mlw.default\extensions\staged
Folder Found : C:\Users\Thibauld\AppData\Roaming\Mozilla\Firefox\Profiles\z4wg9mlw.default\jetpack
 
***** [Registry] *****
 
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16611
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v20.0.1 (en-US)
 
File : C:\Users\Thibauld\AppData\Roaming\Mozilla\Firefox\Profiles\z4wg9mlw.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\Thibauld\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [1717 octets] - [30/06/2013 19:02:18]
 
########## EOF - C:\AdwCleaner[R1].txt - [1777 octets] ##########


FSS:

 

Farbar Service Scanner Version: 27-06-2013
Ran by Thibauld (administrator) on 30-06-2013 at 19:04:16
Running from "C:\Users\Thibauld\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


MiniToolBox:

 

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Thibauld (administrator) on 30-06-2013 at 19:05:33
Running from "C:\Users\Thibauld\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Sitecom Wireless-N Network PCI Card WL-181 = Wireless Network Connection (Connected)
Hamachi Network Interface = Local Area Connection 2 (Connected)
Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection 2" nexthop=25.0.0.1 publish=Yes
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled 
 
managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 
 
advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Thibauld-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Sitecom Wireless-N Network PCI Card WL-181
   Physical Address. . . . . . . . . : 00-0C-F6-35-C8-72
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6dba:5a28:ff30:9a%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.178.18(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, 30 June , 2013 5:24:30 PM
   Lease Expires . . . . . . . . . . : Sunday, 30 June , 2013 7:54:49 PM
   Default Gateway . . . . . . . . . : 192.168.178.1
   DHCP Server . . . . . . . . . . . : 192.168.178.1
   DHCPv6 IAID . . . . . . . . . . . : 218107126
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-E1-DA-DB-00-24-1D-72-2A-E2
   DNS Servers . . . . . . . . . . . : 8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-24-1D-72-2A-E2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection 2:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Hamachi Network Interface
   Physical Address. . . . . . . . . : 7A-79-19-61-A8-0A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::1961:a80a(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::6559:56f1:f0dc:9e50%14(Preferred) 
   IPv4 Address. . . . . . . . . . . : 25.97.168.10(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Sunday, 30 June , 2013 5:09:32 PM
   Lease Expires . . . . . . . . . . : Monday, 30 June , 2014 5:11:39 PM
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
   DHCP Server . . . . . . . . . . . : 25.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 410679701
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-E1-DA-DB-00-24-1D-72-2A-E2
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:93:f0a:2685:3bcd(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::93:f0a:2685:3bcd%12(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{E8D4C41E-4459-441B-8855-AEB5DFC47689}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{D1134DBF-95C4-4298-9A13-86D951ADE5C1}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    google.com
Addresses:  2a00:1450:4013:c01::64
 74.125.136.102
 74.125.136.138
 74.125.136.100
 74.125.136.113
 74.125.136.139
 74.125.136.101
 
 
Pinging google.com [74.125.136.102] with 32 bytes of data:
Request timed out.
Reply from 74.125.136.102: bytes=32 time=19ms TTL=49
 
Ping statistics for 74.125.136.102:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 19ms, Average = 19ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    yahoo.com
Addresses:  98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=160ms TTL=48
Reply from 98.138.253.109: bytes=32 time=179ms TTL=48
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 160ms, Maximum = 179ms, Average = 169ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 0c f6 35 c8 72 ......Sitecom Wireless-N Network PCI Card WL-181
 10...00 24 1d 72 2a e2 ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
 14...7a 79 19 61 a8 0a ......Hamachi Network Interface
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         25.0.0.1     25.97.168.10   9256
          0.0.0.0          0.0.0.0    192.168.178.1   192.168.178.18     30
         25.0.0.0        255.0.0.0         On-link      25.97.168.10   9256
     25.97.168.10  255.255.255.255         On-link      25.97.168.10   9256
   25.255.255.255  255.255.255.255         On-link      25.97.168.10   9256
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.178.0    255.255.255.0         On-link    192.168.178.18    286
   192.168.178.18  255.255.255.255         On-link    192.168.178.18    286
  192.168.178.255  255.255.255.255         On-link    192.168.178.18    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      25.97.168.10   9256
        224.0.0.0        240.0.0.0         On-link    192.168.178.18    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      25.97.168.10   9256
  255.255.255.255  255.255.255.255         On-link    192.168.178.18    286
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         25.0.0.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14   9020 ::/0                     2620:9b::1900:1
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:5ef5:79fb:93:f0a:2685:3bcd/128
                                    On-link
 14    276 2620:9b::/96             On-link
 14    276 2620:9b::1961:a80a/128   On-link
 14    276 fe80::/64                On-link
 11    286 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::93:f0a:2685:3bcd/128
                                    On-link
 14    276 fe80::6559:56f1:f0dc:9e50/128
                                    On-link
 11    286 fe80::6dba:5a28:ff30:9a/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 14    276 ff00::/8                 On-link
 11    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/30/2013 05:11:52 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/30/2013 05:11:52 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/30/2013 05:11:52 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/30/2013 05:11:52 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (06/30/2013 05:11:51 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/30/2013 05:11:51 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (06/30/2013 05:11:51 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/30/2013 05:11:51 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the 
 
index.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/30/2013 05:11:51 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
Error: (06/30/2013 05:11:51 PM) (Source: ESENT) (User: )
Description: Windows (2996) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00AB3.log.
 
 
System errors:
=============
Error: (06/30/2013 05:11:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the 
 
service.
 
Error: (06/30/2013 05:11:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (06/30/2013 05:09:47 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (06/30/2013 05:09:42 PM) (Source: Service Control Manager) (User: )
Description: The BuddyVM service failed to start due to the following error: 
%%1275
 
Error: (06/30/2013 05:09:42 PM) (Source: Application Popup) (User: )
Description: \??\C:\Program Files (x86)\VMLaunch\BuddyVM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a 
 
compatible version of the driver.
 
Error: (06/30/2013 05:09:33 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (06/30/2013 06:55:00 AM) (Source: Service Control Manager) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/30/2013 06:55:00 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (06/30/2013 05:04:33 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (06/30/2013 05:04:27 AM) (Source: Service Control Manager) (User: )
Description: The BuddyVM service failed to start due to the following error: 
%%1275
 
 
Microsoft Office Sessions:
=========================
Error: (06/30/2013 05:11:52 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/30/2013 05:11:52 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/30/2013 05:11:52 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/30/2013 05:11:52 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (06/30/2013 05:11:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (06/30/2013 05:11:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (06/30/2013 05:11:51 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (06/30/2013 05:11:51 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700
 
Error: (06/30/2013 05:11:51 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
Error: (06/30/2013 05:11:51 PM) (Source: ESENT)(User: )
Description: Windows2996Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00AB3.log-1811
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-30 17:09:42.968
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be 
 
found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an 
 
unknown source.
 
  Date: 2013-06-30 17:09:42.890
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be 
 
found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an 
 
unknown source.
 
  Date: 2013-06-30 05:04:27.737
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be 
 
found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an 
 
unknown source.
 
  Date: 2013-06-30 05:04:27.643
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be 
 
found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an 
 
unknown source.
 
  Date: 2013-06-29 22:52:09.252
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be 
 
found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an 
 
unknown source.
 
  Date: 2013-06-29 22:52:09.158
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be 
 
found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an 
 
unknown source.
 
  Date: 2013-06-29 22:15:05.724
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be 
 
found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an 
 
unknown source.
 
  Date: 2013-06-29 22:15:05.646
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be 
 
found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an 
 
unknown source.
 
  Date: 2013-06-29 18:44:17.992
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be 
 
found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an 
 
unknown source.
 
  Date: 2013-06-29 18:44:17.914
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be 
 
found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an 
 
unknown source.
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.2.0)
Ace Utilities (Version: 5.3.0)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.0) - Nederlands (Version: 10.1.0)
Age of Mythology - The Titans Expansion
AirMech
AMD Accelerated Video Transcoding (Version: 12.5.100.20704)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0704.122.388)
AMD Media Foundation Decoders (Version: 1.0.70704.0230)
AMD VISION Engine Control Center (Version: 2012.0704.122.388)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Archeblade
AVG 2013 (Version: 13.0.2904)
AVG 2013 (Version: 13.0.3204)
AVG 2013 (Version: 2013.0.2904)
Bitcoin (Version: 0.8.1)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0704.122.388)
Catalyst Control Center InstallProxy (Version: 2012.0704.122.388)
Catalyst Control Center Localization All (Version: 2012.0704.122.388)
CCC Help Chinese Standard (Version: 2012.0704.0121.388)
CCC Help Chinese Traditional (Version: 2012.0704.0121.388)
CCC Help Czech (Version: 2012.0704.0121.388)
CCC Help Danish (Version: 2012.0704.0121.388)
CCC Help Dutch (Version: 2012.0704.0121.388)
CCC Help English (Version: 2012.0704.0121.388)
CCC Help Finnish (Version: 2012.0704.0121.388)
CCC Help French (Version: 2012.0704.0121.388)
CCC Help German (Version: 2012.0704.0121.388)
CCC Help Greek (Version: 2012.0704.0121.388)
CCC Help Hungarian (Version: 2012.0704.0121.388)
CCC Help Italian (Version: 2012.0704.0121.388)
CCC Help Japanese (Version: 2012.0704.0121.388)
CCC Help Korean (Version: 2012.0704.0121.388)
CCC Help Norwegian (Version: 2012.0704.0121.388)
CCC Help Polish (Version: 2012.0704.0121.388)
CCC Help Portuguese (Version: 2012.0704.0121.388)
CCC Help Russian (Version: 2012.0704.0121.388)
CCC Help Spanish (Version: 2012.0704.0121.388)
CCC Help Swedish (Version: 2012.0704.0121.388)
CCC Help Thai (Version: 2012.0704.0121.388)
CCC Help Turkish (Version: 2012.0704.0121.388)
ccc-utility64 (Version: 2012.0704.122.388)
CCleaner (Version: 4.03)
Counter-Strike: Global Offensive
DAEMON Tools Pro (Version: 5.2.0.0348)
DayZ Commander (Version: 0.92.79)
Entropia Universe (Version: 14.1.0.107516)
EVE Online (remove only)
EveHQ (Version: 2.11.7)
Fraps
Google Chrome (Version: 27.0.1453.116)
iTunes (Version: 11.0.1.12)
Jagged Alliance Online - Steam Edition
Java 7 Update 10 (64-bit) (Version: 7.0.100)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 35 (64-bit) (Version: 6.0.350)
Java™ SE Development Kit 6 Update 35 (64-bit) (Version: 1.6.0.350)
Logitech Gaming Software (Version: 8.40.83)
Logitech Gaming Software 8.40 (Version: 8.40.83)
LogMeIn Hamachi (Version: 2.1.0.362)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft SQL Server Compact 4.0 x64 ENU (Version: 4.0.8482.1)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mirror's Edge
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
NVIDIA PhysX (Version: 9.12.1031)
Optimizer Pro v3.0 (Version: 3.0)
Orcs Must Die! 2 Demo
osu! (Version: 0.0.0.0)
Pando Media Booster (Version: 2.6.0.7)
Path of Exile (Version: 0.9.13.22054)
PlanetSide 2
Ragnarok Online 2
Realm of the Mad God
Renaissance Heroes
Rise Of Legends (Version: 1.00.0000)
Skype™ 6.5 (Version: 6.5.158)
Source SDK Base 2007
Space Pirates and Zombies
Star Conflict
Steam (Version: 1.0.0.0)
Stronghold Kingdoms
System Requirements Lab Detection (Version: 1.0.5.0)
TeamSpeak 3 Client (Version: 3.0.10.1)
Terraria
Terraria 1.1.2 (Version: 1.1.2)
The Battle for Middle-earth ™ II
The Lord of the Rings, The Rise of the Witch-king
Torchlight II Demo
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.3 (Version: 2.0.3)
Warframe
WhatPulse version 2.1.1 (Version: 2.1.1)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
WinZip 16.5 (Version: 16.5.10096)
Wireshark 1.8.6 (64-bit) (Version: 1.8.6)
Wizardry Online
World in Conflict (Version: 1.0.0.0)
World of Warcraft (Version: 5.3.0.16992)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 73%
Total physical RAM: 4094.49 MB
Available physical RAM: 1100.76 MB
Total Pagefile: 8187.17 MB
Available Pagefile: 3961.68 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.86 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:931.51 GB) (Free:536.38 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\THIBAULD-PC
 
Administrator            Guest                    Thibauld                 
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
29-06-2013 20:32:32 Removed League of Legends
29-06-2013 20:34:53 Installed Microsoft Visual C++ 2005 Redistributable (x64)
29-06-2013 20:35:40 Installed League of Legends
29-06-2013 20:36:57 Installed DirectX
29-06-2013 20:42:01 Removed League of Legends
29-06-2013 20:44:40 Windows Modules Installer
29-06-2013 20:46:40 Installed League of Legends
29-06-2013 20:47:33 Installed DirectX
30-06-2013 03:09:25 Removed League of Legends
30-06-2013 03:12:29 Installed League of Legends
30-06-2013 03:12:59 Installed DirectX
30-06-2013 03:21:45 Removed League of Legends
30-06-2013 03:44:40 Installed League of Legends
30-06-2013 03:45:14 Installed DirectX
30-06-2013 03:54:28 Removed League of Legends
 
**** End of log ****


#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:56 PM

Posted 30 June 2013 - 02:54 PM

Please follow the instructions in ==>This Guide<== starting at Step 6.  If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==  Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 thibauld

thibauld
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 30 June 2013 - 03:49 PM

Is this step recommended before I wipe the HDD and reinstall windows, or isnt it neccesary at all?



#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:56 PM

Posted 01 July 2013 - 03:11 AM

Hi if you're going to wipe and reinstall, then there's little point in cleaning the computer beforehand.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 thibauld

thibauld
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 01 July 2013 - 09:35 AM

Do you know if or how I can be sure I will actually wipe everything when I reinstall windows? Last time I did Windows saved a lot of stuff and had a folder with all my old files still there.



#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:56 PM

Posted 01 July 2013 - 10:15 AM

It should be possible when booting with a Windows 7 disk.
Do you have one?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 thibauld

thibauld
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 01 July 2013 - 11:10 AM

Yes, it's an external HDD though



#13 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:56 PM

Posted 01 July 2013 - 11:15 AM

Sorry I'm asking if you have a Windows 7 disk instead?


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#14 thibauld

thibauld
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 01 July 2013 - 11:55 AM

Hmm I don't believe so, but unfortunately my disk drive is broken, it doesn't open or read anything anymore. 

 

For this reason I had the external HD that I somehow was able to make into a bootable drive, which I actually used for my last windows reinstall (my disk drive was broken back then as well, I never use disks anymore so I've never needed it since). There's a problem with it though. A month or something ago I tried to use it again for normal storage, and I dont think I've used it since that last windows reinstall, but when I was in a skype call with a friend and I plugged it in the audio freaked out and got bugged completely, and a lot of things didn't work anymore till I rebooted. I don't know if it's infected or just messed up because of what I did to it (I think it changed the file architecture), but right now it isnt really normally usable anymore. 

I tried to boot windows off the HD as well and it actually finished loading windows, after a few minutes, to the point where you see the standard windows background, but even after a long time nothing else would show up and no commands worked. 

 

I booted Windows again with my internal HD and hooked up the external HD again, but if I try to do anything with it in windows explorer tries to load/read stuff from the HD and then windows explorer crashes.


Edited by thibauld, 01 July 2013 - 12:15 PM.


#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:56 PM

Posted 01 July 2013 - 02:40 PM

To reinstall windows it's easiest to do so with a Windows disk & working cd / dvd drive in my opinion.

 

You have a Rootkit present which could be interfering with several parts of the computer.

 

If you want advice on replacing the cd / dvd drive I can refer you to internal hardware subforum.

Alternatively we can try to clean the computer.

 

Let me know what you would like to do.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users