Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Usage is Too High (Viruses)


  • Please log in to reply
27 replies to this topic

#1 georgehifi

georgehifi

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 22 January 2014 - 09:25 PM

Hi NASDAQ hope you can hepl me too, I have had the same virus/bug as JOSEPHTM had. On this thread  

http://www.bleepingcomputer.com/forums/t/503907/internet-usage-is-too-high-viruses/#entry3126920

 

I followed the same procedure but it still eating up my broadband. Below are the reports I saved.

Cheers George

 

 

RogueKiller V8.8.2 [Jan 17 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : George [Admin rights]
Mode : Scan -- Date : 01/23/2014 12:37:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[EXT RUNONCE][SUSP PATH] HKLM\Georgehifi_ON_D:\[...]\RunOnce : PC Tools Security (C:\DOCUME~1\GEORGE~1\LOCALS~1\Temp\900230~1.EXE [x]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[370] : NtTerminateProcess @ 0x82E72BFB -> HOOKED (C:\Windows\system32\drivers\TfSysMon.sys @ 0x8C80EDC0)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x65D24927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x65D24984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x65D42B62)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x65D2FA79)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\Georgehifi\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] 407da1108dc324effe8b5bcd255fc7d5
[BSP] fe609ed169ac31c8d2fc10b8abb23d3d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476836 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3500418AS ATA Device +++++
--- User ---
[MBR] b612a267ecb337ae2c7435b15110ac96
[BSP] b8173e06e89632d4a2615e0720537c65 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01232014_123748.txt >>

 

 

 

# AdwCleaner v3.017 - Report created 23/01/2014 at 13:31:52
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : George - GEORGE-PC
# Running from : C:\Users\George\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16457

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1561 octets] - [23/01/2014 12:44:06]
AdwCleaner[R1].txt - [685 octets] - [23/01/2014 13:31:52]
AdwCleaner[S0].txt - [1650 octets] - [23/01/2014 12:45:29]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [804 octets] ##########

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x86
Ran by George on Thu 23/01/2014 at 12:53:45.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 23/01/2014 at 12:56:03.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

RogueKiller V8.8.2 [Jan 17 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : George [Admin rights]
Mode : Scan -- Date : 01/23/2014 13:02:35
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[370] : NtTerminateProcess @ 0x82E70BFB -> HOOKED (C:\Windows\system32\drivers\TfSysMon.sys @ 0x8C81BDC0)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\Georgehifi\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] 407da1108dc324effe8b5bcd255fc7d5
[BSP] fe609ed169ac31c8d2fc10b8abb23d3d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476836 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3500418AS ATA Device +++++
--- User ---
[MBR] b612a267ecb337ae2c7435b15110ac96
[BSP] b8173e06e89632d4a2615e0720537c65 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01232014_130235.txt >>
RKreport[0]_D_01232014_124144.txt;RKreport[0]_D_01232014_130105.txt;RKreport[0]_S_01232014_123748.txt
RKreport[0]_S_01232014_130040.txt

 

 

 

Cheers George


Edited by georgehifi, 22 January 2014 - 09:34 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 PM

Posted 23 January 2014 - 01:51 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Run this tool.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#3 georgehifi

georgehifi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 23 January 2014 - 03:58 PM

Hi Nasdaq, thats for the help, here are the scans. My internet was getting used at between 7kbs and 15kbs per 10 seconds.

 

Cheers George

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-01-2014
Ran by George (administrator) on GEORGE-PC on 24-01-2014 07:51:38
Running from C:\Users\George\Desktop\New folder
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(PC Tools) C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
(PC Tools) C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(PC Tools) C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(PC Tools) C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ISTray] - C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe [2717816 2012-11-01] (PC Tools)
HKCU\...\Run: [NetLimiter] - C:\Program Files\NetLimiter 3\NLClientApp.exe /tray

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/webhp?sourceid=navclient&ie=UTF-8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7348D75A699FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - YRefresher - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Program Files\YRefresher\YRefresher.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU - YRefresher - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Program Files\YRefresher\YRefresher.dll ()
Winsock: Catalog9 11 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Tcpip\Parameters: [DhcpNameServer] 211.29.132.12 198.142.0.51 198.142.235.14

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.com.au
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

========================== Services (Whitelisted) =================

R2 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [403416 2012-10-31] (PC Tools)
R2 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1162360 2012-11-01] (PC Tools)
R3 ThreatFire; C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe [72824 2012-10-31] (PC Tools)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872 2012-06-09] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354456 2012-06-09] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [665200 2011-08-29] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433816 2012-06-09] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [25856 2003-10-19] (SlySoft, Inc.)
R2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [9728 2003-11-29] (Elaborate Bytes AG)
S3 gdrv; C:\Windows\gdrv.sys [17488 2012-08-22] (Windows ® 2000 DDK provider)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [368616 2012-10-22] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)
R0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools)
R1 pctgntdi; C:\Windows\System32\drivers\pctgntdi.sys [260760 2012-10-31] (PC Tools)
R3 pctplsg; C:\Windows\System32\drivers\pctplsg.sys [71752 2012-11-01] (PC Tools)
R3 pctplsm; C:\Windows\System32\drivers\pctplsm.sys [68272 2012-11-01] (PC Tools)
R1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [202280 2012-11-01] (PC Tools)
R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [55008 2012-10-31] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [36456 2012-10-31] (PC Tools)
R0 TFSysMon; C:\Windows\System32\drivers\TfSysMon.sys [577176 2012-10-31] (PC Tools)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [25624 2012-06-09] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2012-06-08] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2012-06-08] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25752 2012-06-09] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [23832 2012-06-09] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [55704 2012-06-09] (VMware, Inc.)
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [x]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-24 07:51 - 2014-01-24 07:51 - 00000000 ____D C:\Users\George\Desktop\New folder
2014-01-24 07:50 - 2014-01-24 07:50 - 00000000 ____D C:\FRST
2014-01-23 17:56 - 2014-01-23 17:56 - 00256813 _____ C:\Users\George\AppData\Local\census.cache
2014-01-23 17:56 - 2014-01-23 17:56 - 00109622 _____ C:\Users\George\AppData\Local\ars.cache
2014-01-23 17:33 - 2014-01-23 17:33 - 00000036 _____ C:\Users\George\AppData\Local\housecall.guid.cache
2014-01-23 17:31 - 2014-01-23 17:31 - 00003402 _____ C:\Users\George\Desktop\RKreport[0]_D_01232014_173139.txt
2014-01-23 17:31 - 2014-01-23 17:31 - 00003360 _____ C:\Users\George\Desktop\RKreport[0]_S_01232014_173100.txt
2014-01-23 17:28 - 2014-01-23 17:32 - 00000000 ____D C:\Users\George\Desktop\RK_Quarantine
2014-01-23 17:28 - 2014-01-23 17:28 - 03809280 _____ C:\Users\George\Desktop\RogueKiller.exe
2014-01-23 14:39 - 2014-01-23 14:39 - 00000634 _____ C:\Users\George\Desktop\JRT.txt
2014-01-23 14:37 - 2014-01-23 14:37 - 00001123 _____ C:\Users\George\Desktop\AdwCleaner[S2].txt
2014-01-23 14:35 - 2014-01-23 14:35 - 00001061 _____ C:\Users\George\Desktop\AdwCleaner[R3].txt
2014-01-23 14:32 - 2014-01-23 14:32 - 00003403 _____ C:\Users\George\Desktop\RKreport[0]_D_01232014_143241.txt
2014-01-23 14:25 - 2014-01-23 14:25 - 00003354 _____ C:\Users\George\Desktop\RKreport[0]_S_01232014_142538.txt
2014-01-23 12:53 - 2014-01-23 12:53 - 00000000 ____D C:\Windows\ERUNT
2014-01-23 12:43 - 2014-01-23 14:35 - 00000000 ____D C:\AdwCleaner
2014-01-23 12:32 - 2014-01-23 12:32 - 01037068 _____ (Thisisu) C:\Users\George\Desktop\JRT.exe
2014-01-23 12:31 - 2014-01-23 12:31 - 01236282 _____ C:\Users\George\Desktop\adwcleaner.exe
2014-01-23 07:01 - 2014-01-23 07:01 - 00000243 _____ C:\Users\George\Desktop\Internet Usage is Too High (Viruses) - Virus, Trojan, Spyware, and Malware Removal Logs.url
2014-01-22 11:24 - 2014-01-22 11:24 - 00000000 ____D C:\Program Files\PrivacyEraser Computing
2014-01-22 11:09 - 2014-01-22 11:09 - 00152136 _____ C:\Windows\Minidump\012214-31184-01.dmp
2014-01-22 11:08 - 2014-01-22 11:08 - 266578853 _____ C:\Windows\MEMORY.DMP
2014-01-21 17:57 - 2014-01-21 17:57 - 00000000 ____D C:\Program Files\Trend Micro
2014-01-05 16:23 - 2014-01-05 16:23 - 00000000 ____D C:\Users\George\Documents\Asus Eee PC-1000H

==================== One Month Modified Files and Folders =======

2014-01-24 07:51 - 2014-01-24 07:51 - 00000000 ____D C:\Users\George\Desktop\New folder
2014-01-24 07:50 - 2014-01-24 07:50 - 00000000 ____D C:\FRST
2014-01-24 07:40 - 2012-08-11 12:59 - 01356579 _____ C:\Windows\WindowsUpdate.log
2014-01-24 07:25 - 2009-07-14 15:34 - 00023936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-24 07:25 - 2009-07-14 15:34 - 00023936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-24 07:24 - 2010-11-21 08:01 - 00783066 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-24 07:23 - 2012-08-11 13:54 - 00000000 ____D C:\Users\George\AppData\Local\Windows Live
2014-01-24 07:19 - 2012-08-11 16:17 - 01644697 _____ C:\Windows\system32\Drivers\Cat.DB
2014-01-24 07:18 - 2013-01-25 23:23 - 00039218 _____ C:\Windows\setupact.log
2014-01-24 07:18 - 2012-11-18 21:01 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-24 07:18 - 2012-08-17 10:45 - 00000000 ____D C:\ProgramData\VMware
2014-01-24 07:18 - 2009-07-14 15:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-23 17:56 - 2014-01-23 17:56 - 00256813 _____ C:\Users\George\AppData\Local\census.cache
2014-01-23 17:56 - 2014-01-23 17:56 - 00109622 _____ C:\Users\George\AppData\Local\ars.cache
2014-01-23 17:44 - 2012-08-21 21:57 - 00007617 _____ C:\Users\George\AppData\Local\resmon.resmoncfg
2014-01-23 17:33 - 2014-01-23 17:33 - 00000036 _____ C:\Users\George\AppData\Local\housecall.guid.cache
2014-01-23 17:32 - 2014-01-23 17:28 - 00000000 ____D C:\Users\George\Desktop\RK_Quarantine
2014-01-23 17:31 - 2014-01-23 17:31 - 00003402 _____ C:\Users\George\Desktop\RKreport[0]_D_01232014_173139.txt
2014-01-23 17:31 - 2014-01-23 17:31 - 00003360 _____ C:\Users\George\Desktop\RKreport[0]_S_01232014_173100.txt
2014-01-23 17:28 - 2014-01-23 17:28 - 03809280 _____ C:\Users\George\Desktop\RogueKiller.exe
2014-01-23 14:39 - 2014-01-23 14:39 - 00000634 _____ C:\Users\George\Desktop\JRT.txt
2014-01-23 14:37 - 2014-01-23 14:37 - 00001123 _____ C:\Users\George\Desktop\AdwCleaner[S2].txt
2014-01-23 14:35 - 2014-01-23 14:35 - 00001061 _____ C:\Users\George\Desktop\AdwCleaner[R3].txt
2014-01-23 14:35 - 2014-01-23 12:43 - 00000000 ____D C:\AdwCleaner
2014-01-23 14:32 - 2014-01-23 14:32 - 00003403 _____ C:\Users\George\Desktop\RKreport[0]_D_01232014_143241.txt
2014-01-23 14:25 - 2014-01-23 14:25 - 00003354 _____ C:\Users\George\Desktop\RKreport[0]_S_01232014_142538.txt
2014-01-23 12:53 - 2014-01-23 12:53 - 00000000 ____D C:\Windows\ERUNT
2014-01-23 12:32 - 2014-01-23 12:32 - 01037068 _____ (Thisisu) C:\Users\George\Desktop\JRT.exe
2014-01-23 12:31 - 2014-01-23 12:31 - 01236282 _____ C:\Users\George\Desktop\adwcleaner.exe
2014-01-23 07:01 - 2014-01-23 07:01 - 00000243 _____ C:\Users\George\Desktop\Internet Usage is Too High (Viruses) - Virus, Trojan, Spyware, and Malware Removal Logs.url
2014-01-22 20:03 - 2010-11-21 08:48 - 00021546 _____ C:\Windows\PFRO.log
2014-01-22 19:41 - 2012-11-18 21:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-22 13:32 - 2012-08-11 15:05 - 00000000 ____D C:\Users\George\Documents\Nokia 6280
2014-01-22 11:34 - 2012-08-11 15:04 - 00000000 ____D C:\Users\George\Documents\George's PC Tools
2014-01-22 11:24 - 2014-01-22 11:24 - 00000000 ____D C:\Program Files\PrivacyEraser Computing
2014-01-22 11:22 - 2009-07-14 13:37 - 00000000 ___RD C:\Users\Public
2014-01-22 11:09 - 2014-01-22 11:09 - 00152136 _____ C:\Windows\Minidump\012214-31184-01.dmp
2014-01-22 11:09 - 2012-12-28 16:02 - 00000000 ____D C:\Windows\Minidump
2014-01-22 11:08 - 2014-01-22 11:08 - 266578853 _____ C:\Windows\MEMORY.DMP
2014-01-22 11:00 - 2012-09-21 12:06 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-22 10:30 - 2012-08-11 15:01 - 00000000 ____D C:\Users\George\Documents\Dac's & Transports for different convertors
2014-01-22 07:18 - 2012-08-11 13:00 - 00000000 ____D C:\Users\George\AppData\Local\VirtualStore
2014-01-21 20:22 - 2012-08-11 15:12 - 00000000 ____D C:\Users\George\Documents\Workers Comp
2014-01-21 20:02 - 2012-08-11 13:54 - 00069160 _____ C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-21 19:46 - 2012-08-11 13:00 - 00000000 ____D C:\Users\George
2014-01-21 19:46 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\system32\wfp
2014-01-21 19:45 - 2012-08-14 14:21 - 00000000 ____D C:\Users\Administrator
2014-01-21 19:45 - 2012-08-12 13:31 - 00000000 ____D C:\Users\Guest
2014-01-21 19:45 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\system32\NDF
2014-01-21 19:44 - 2012-10-29 13:50 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-21 19:44 - 2012-10-29 13:50 - 00000000 ____D C:\Program Files\iTunes
2014-01-21 19:44 - 2012-10-29 13:50 - 00000000 ____D C:\Program Files\iPod
2014-01-21 19:44 - 2012-10-29 13:49 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-21 19:44 - 2012-10-29 13:49 - 00000000 ____D C:\Program Files\Apple Software Update
2014-01-21 19:44 - 2012-10-23 14:53 - 00000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProntoEdit4
2014-01-21 19:44 - 2012-10-23 14:53 - 00000000 ____D C:\Program Files\ProntoEdit4
2014-01-21 19:44 - 2012-08-12 12:41 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-21 19:44 - 2012-08-12 12:41 - 00000000 ____D C:\Program Files\Brother
2014-01-21 19:44 - 2010-11-21 11:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2014-01-21 19:44 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\registration
2014-01-21 19:43 - 2013-08-04 20:58 - 00000000 ____D C:\Program Files\Java
2014-01-21 19:43 - 2012-10-29 13:50 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-21 19:43 - 2012-10-29 13:49 - 00000000 ____D C:\ProgramData\Apple
2014-01-21 19:43 - 2012-08-12 12:40 - 00000000 ____D C:\ProgramData\Brother
2014-01-21 17:57 - 2014-01-21 17:57 - 00000000 ____D C:\Program Files\Trend Micro
2014-01-17 07:14 - 2013-10-17 07:25 - 00000000 ____D C:\ProgramData\Oracle
2014-01-05 16:23 - 2014-01-05 16:23 - 00000000 ____D C:\Users\George\Documents\Asus Eee PC-1000H
2014-01-03 11:19 - 2012-08-11 15:01 - 00000000 ____D C:\Users\George\Documents\B&W 801
2014-01-02 16:17 - 2013-09-20 10:37 - 00000209 _____ C:\Users\George\Desktop\Head HiFi.url

Files to move or delete:
====================
C:\Users\George\303 200.exe

Some content of TEMP:
====================
C:\Users\George\AppData\Local\Temp\GC_PCTOOLS.exe
C:\Users\George\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\George\AppData\Local\Temp\ntdll_dump.dll
C:\Users\George\AppData\Local\Temp\nvStInst.exe
C:\Users\George\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-20 11:51

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-01-2014
Ran by George at 2014-01-24 07:52:14
Running from C:\Users\George\Desktop\New folder
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: PC Tools Spyware Doctor with AntiVirus (Disabled - Up to date) {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: PC Tools Spyware Doctor (Enabled - Up to date) {94076BB2-F3DA-227F-9A1E-F060FF73600F}

==================== Installed Programs ======================

@BIOS (Version: 2.08 - GIGABYTE)
Adobe Reader X (10.1.3) (Version: 10.1.3 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Brother MFL-Pro Suite MFC-240C (Version: 1.0.3.0 - Brother Industries, Ltd.)
CloneCD (Version:  - SlySoft)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DolbyFiles (Version: 0.1 - Nero AG) Hidden
Free Internet Eraser (Version: Free Internet Eraser 4.0 - PrivacyEraser Computing, Inc.)
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Internet Explorer (Enable DEP) (Version:  - )
IrfanView (remove only) (Version:  - )
iTunes (Version: 10.7.0.21 - Apple Inc.)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2000 Premium (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word 2000 (Version: 9.00.2720 - Microsoft Corporation)
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (Version:  - Nero AG)
Nero BurnRights (Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (Version: 4.4.12.100 - Nero AG) Hidden
Nero CoverDesigner Help (Version: 4.4.9.100 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (Version: 9.6.2.101 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero ShowTime (Version: 5.4.0.100 - Nero AG) Hidden
Nero ShowTime (Version: 5.4.21.100 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.33.100 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.4.27.100 - Nero AG) Hidden
Nero StartSmart OEM (Version: 9.4.10.100 - Nero AG) Hidden
Nero Vision (Version: 6.4.16.100 - Nero AG) Hidden
Nero Vision Help (Version: 6.4.15.100 - Nero AG) Hidden
NeroExpress (Version: 9.4.30.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Controller Driver 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2049 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4 (Version: 3.4.9590 - OpenOffice.org)
PC Tools Spyware Doctor 9.1 (Version: 9.1 - PC Tools)
ProntoEdit 4 (Version: 4.0.5 - Philips N.V.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden
VMware Player (Version: 4.0.4.30409 - VMware, Inc)
VMware Player (Version: 4.0.4.30409 - VMware, Inc.) Hidden
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR archiver (Version:  - )
Yrefresher 1.10 (Version:  - Yoconsoft)

==================== Restore Points  =========================

10-01-2014 22:43:35 Removed iTunes
10-01-2014 22:51:03 Removed Apple Application Support
10-01-2014 22:54:12 Removed Apple Mobile Device Support
10-01-2014 22:54:48 Removed Apple Software Update
10-01-2014 22:55:13 Removed Bonjour
10-01-2014 22:55:53 Removed ProntoEdit 4
16-01-2014 20:13:11 Installed Java 7 Update 51
21-01-2014 06:56:35 Installed HiJackThis
21-01-2014 07:20:40 PC Tools Spyware Doctor: Cleaning Threats
21-01-2014 08:40:19 Restore Operation
21-01-2014 08:53:46 Removed Java 7 Update 45
21-01-2014 20:10:37 Installed NetLimiter 3
21-01-2014 20:19:30 Removed NetLimiter 3
21-01-2014 21:07:51 PC Tools Spyware Doctor: Cleaning Threats
22-01-2014 00:42:31 Windows Update
22-01-2014 08:45:06 Removed Bonjour
23-01-2014 06:48:41 PC Tools Spyware Doctor: Cleaning Threats

==================== Hosts content: ==========================

2009-07-14 13:04 - 2009-06-11 08:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {16C4FC25-FA2B-4D53-BE4F-F9E17DF29EF6} - System32\Tasks\{817194D7-CF1A-41F4-882C-A32245F80E8E} => C:\Program Files\Windows Live\Mail\wlmail.exe [2012-09-12] (Microsoft Corporation)
Task: {4B659A4A-FCC7-4144-B708-C5FD2B956F5E} - System32\Tasks\{53C2FA17-79BA-4BEF-8B30-2AFD1D9B8875} => C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe [2008-12-24] (Brother Industries, Ltd.)
Task: {66488341-A046-4E3A-B611-5A3143F900EE} - System32\Tasks\{FE5B16A1-BA88-468C-842C-221B0D0816EE} => D:\Program Files\Outlook Express\wab.exe [2010-10-12] (Microsoft Corporation)
Task: {B9860698-9CA7-4B80-96BD-370B3EE52FC9} - System32\Tasks\{058A8845-3B49-476B-8680-D43B2EE38B31} => C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe [2008-12-24] (Brother Industries, Ltd.)
Task: {D8420B83-2D7B-442F-9DC7-44A82163EF6E} - System32\Tasks\{ADE87150-CCCC-409C-AD67-EA265405872D} => D:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Corporation) <==== ATTENTION
Task: {EBEE4D66-56DD-4661-B992-A042D87F9867} - System32\Tasks\{E1C05711-7AE3-4525-A3C1-EBC04158DC8E} => C:\Program Files\Windows Live\Mail\wlmail.exe [2012-09-12] (Microsoft Corporation)
Task: {FDFB3CBB-4F9F-4464-B078-12AD8B74B9E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-21] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-25 22:45 - 2011-04-22 19:20 - 00098304 _____ () C:\Program Files\YRefresher\YRefresher.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:1B427BF37624A856
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Description: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2014 07:19:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 03:04:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 02:45:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/23/2014 03:30:01 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Microsoft Office Sessions:
=========================
Error: (01/24/2014 07:19:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 03:04:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 02:45:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 3582.49 MB
Available physical RAM: 2451.85 MB
Total Pagefile: 7163.27 MB
Available Pagefile: 5758.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:363.12 GB) NTFS
Drive d: () (Fixed) (Total:465.75 GB) (Free:351.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 201003A9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: D94FD94F)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 PM

Posted 24 January 2014 - 09:54 AM

Nothing suspicious was found on your last log.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#5 georgehifi

georgehifi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 24 January 2014 - 02:36 PM

Hi Nasdaq, here is the Combofix txt. It's still being used at the rate of 5kb-15kb per 10 seconds. Hop you find some thing.

PS I'm in Sydney Australia that's why the delay in response it's 6am hope to catch you.

 

Cheers George

 

ComboFix 14-01-23.02 - George 25/01/2014   6:23.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.3582.2532 [GMT 11:00]
Running from: c:\users\George\Desktop\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\George\303 200.exe
c:\users\George\AppData\Roaming\inst.exe
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-24 to 2014-01-24  )))))))))))))))))))))))))))))))
.
.
2014-01-24 19:28 . 2014-01-24 19:29 -------- d-----w- c:\users\George\AppData\Local\temp
2014-01-23 20:50 . 2014-01-23 20:50 -------- d-----w- C:\FRST
2014-01-23 01:53 . 2014-01-23 01:53 -------- d-----w- c:\windows\ERUNT
2014-01-23 01:43 . 2014-01-24 06:09 -------- d-----w- C:\AdwCleaner
2014-01-22 00:42 . 2013-12-15 14:54 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAB03CCE-F28B-483B-BE17-107E70EF3561}\mpengine.dll
2014-01-22 00:24 . 2014-01-22 00:24 -------- d-----w- c:\program files\PrivacyEraser Computing
2014-01-22 00:23 . 2014-01-22 00:23 -------- d-----w- c:\users\George\AppData\Local\Programs
2014-01-21 06:57 . 2014-01-21 06:57 -------- d-----w- c:\program files\Trend Micro
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-17 19:13 . 2012-08-11 02:19 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-23 21:56 220632 ----a-w- c:\users\George\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-23 21:56 220632 ----a-w- c:\users\George\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-23 21:56 220632 ----a-w- c:\users\George\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="c:\program files\PC Tools\PC Tools Security\pctsGui.exe" [2012-11-01 2717816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 10:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-05-26 06:46 1159168 ----a-w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2003-10-26 21:53 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 00:26 114688 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 12:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\Pcouffin.sys [2012-08-13 47360]
R3 pctplsm;pctplsm;c:\windows\System32\drivers\pctplsm.sys [2012-11-01 68272]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-13 1343400]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-10-22 368616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-02-28 342168]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-02-28 909728]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-10-30 55008]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-10-30 577176]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 98928]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2012-10-31 260760]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2012-11-01 202280]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [2012-10-30 403416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-06-20 413472]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-08-29 665200]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2012-11-01 71752]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-10-30 36456]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-21 20:32 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-21 01:06]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com.au/webhp?sourceid=navclient&ie=UTF-8
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 211.29.132.12 198.142.0.51 198.142.235.14
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-NetLimiter - c:\program files\NetLimiter 3\NLClientApp.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1753810080-3305130814-2711033095-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1753810080-3305130814-2711033095-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1753810080-3305130814-2711033095-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-1753810080-3305130814-2711033095-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-25  06:29:58
ComboFix-quarantined-files.txt  2014-01-24 19:29
.
Pre-Run: 415,930,871,808 bytes free
Post-Run: 416,516,780,032 bytes free
.
- - End Of File - - 2EE207DB14F24513CD0E1833C8A65686
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

Just to show the usage at idle here is a couple of screenshot.

 

Attached Files


Edited by georgehifi, 24 January 2014 - 02:50 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 PM

Posted 25 January 2014 - 09:09 AM

Follow the instructions on this page.
You may be able to find out which program/application is causing this.

Performing a Clean Startup
http://www.sevenforums.com/tutorials/179159-troubleshoot-application-conflicts-performing-clean-startup.html

Keep me posted.

#7 georgehifi

georgehifi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 25 January 2014 - 04:17 PM

Hi Nasdaq, the only thing I have in startup is PCTools (pctsGui) virus guard. I tried to untick it but it says   (Access Denide You may have to log on as administrator, I open it as administrator, but it says the same again. (Access Denied)

 

So then I rebooted to safe mode with net working and PCTools is then disabled from startup. So I then looked at my broadband usage and all is quite, no usage at all, so it seems pctools pctsGui is the usage culprit.

 

 

Should I uninstal my virus guard? or do you have another idea? If you tell me to uninstal it, is there a better removal tool that's completely removes everthing?  

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 PM

Posted 26 January 2014 - 08:37 AM


Try this, it will stop the pctsGui.exe from running at startup.
It's only for the System Tray so you will not be missing much.

Open notepad and copy/paste the text in the quote box below into it:



Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"=-

ClearJavaCache::

Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.

Restart the computer normally.

If you decide to remove the tool use the Add/Remove Program (PC Tools Spyware Doctor 9.1 (Version: 9.1 - PC Tools))

Restart the computer normally and post a fresh ComboFix log.
I will check what is left behind.

p.s.
If all is well then you can revinstall the program if you still want it.

#9 georgehifi

georgehifi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 26 January 2014 - 02:37 PM

Hi, I went ahead and uninstaled PC-Tools Spyware, I also removed every thing to do with it from the registry.

But I'm still geting the same broardband  usage.

But if I boot to safe mode with networking, all is calm no broadband usage.

Here is the lastest Combofix log.

Hope you have some more ideas.

 

Cheers George

 

ComboFix 14-01-23.02 - George 27/01/2014   6:24.3.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.3582.2693 [GMT 11:00]
Running from: c:\users\George\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-26 to 2014-01-26  )))))))))))))))))))))))))))))))
.
.
2014-01-26 19:29 . 2014-01-26 19:29 -------- d-----w- c:\users\George\AppData\Local\temp
2014-01-26 19:29 . 2014-01-26 19:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-01-26 19:29 . 2014-01-26 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-26 19:29 . 2014-01-26 19:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-01-25 23:58 . 2013-12-15 14:54 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72766B11-709E-465D-AEAB-2BC0CABA83C4}\mpengine.dll
2014-01-23 20:50 . 2014-01-23 20:50 -------- d-----w- C:\FRST
2014-01-23 01:53 . 2014-01-23 01:53 -------- d-----w- c:\windows\ERUNT
2014-01-23 01:43 . 2014-01-24 06:09 -------- d-----w- C:\AdwCleaner
2014-01-22 00:23 . 2014-01-22 00:23 -------- d-----w- c:\users\George\AppData\Local\Programs
2014-01-21 06:57 . 2014-01-21 06:57 -------- d-----w- c:\program files\Trend Micro
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-17 19:13 . 2012-08-11 02:19 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-05-26 06:46 1159168 ----a-w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2003-10-26 21:53 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 00:26 114688 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\Pcouffin.sys [2012-08-13 47360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-13 1343400]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 98928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-06-20 413472]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-08-29 665200]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com.au/webhp?sourceid=navclient&ie=UTF-8
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 211.29.132.12 198.142.0.51 198.142.235.14
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1753810080-3305130814-2711033095-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1753810080-3305130814-2711033095-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1753810080-3305130814-2711033095-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-1753810080-3305130814-2711033095-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-27  06:30:39
ComboFix-quarantined-files.txt  2014-01-26 19:30
ComboFix2.txt  2014-01-25 00:44
ComboFix3.txt  2014-01-24 19:29
.
Pre-Run: 419,189,555,200 bytes free
Post-Run: 419,189,985,280 bytes free
.
- - End Of File - - FF7F7CBF90F2EECE7841A9E6661EA26E
A36C5E4F47E84449FF07ED3517B43A31     



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 PM

Posted 27 January 2014 - 08:58 AM



Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#11 georgehifi

georgehifi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 27 January 2014 - 04:00 PM

Here it is hope somethings in there. 

 

 

07:25:44.0136 2144  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:25:44.0136 2144  ============================================================
07:25:44.0136 2144  Current date / time: 2014/01/28 07:25:44.0136
07:25:44.0136 2144  SystemInfo:
07:25:44.0136 2144 
07:25:44.0136 2144  OS Version: 6.1.7601 ServicePack: 1.0
07:25:44.0136 2144  Product type: Workstation
07:25:44.0136 2144  ComputerName: GEORGE-PC
07:25:44.0136 2144  UserName: George
07:25:44.0136 2144  Windows directory: C:\Windows
07:25:44.0136 2144  System windows directory: C:\Windows
07:25:44.0136 2144  Processor architecture: Intel x86
07:25:44.0136 2144  Number of processors: 4
07:25:44.0136 2144  Page size: 0x1000
07:25:44.0136 2144  Boot type: Normal boot
07:25:44.0136 2144  ============================================================
07:25:44.0604 2144  Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
07:25:44.0620 2144  Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:25:44.0620 2144  ============================================================
07:25:44.0620 2144  \Device\Harddisk0\DR0:
07:25:44.0620 2144  MBR partitions:
07:25:44.0620 2144  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:25:44.0620 2144  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A352000
07:25:44.0620 2144  \Device\Harddisk1\DR1:
07:25:44.0620 2144  MBR partitions:
07:25:44.0620 2144  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
07:25:44.0620 2144  ============================================================
07:25:44.0682 2144  C: <-> \Device\Harddisk0\DR0\Partition2
07:25:44.0698 2144  D: <-> \Device\Harddisk1\DR1\Partition1
07:25:44.0698 2144  ============================================================
07:25:44.0698 2144  Initialize success
07:25:44.0698 2144  ============================================================
07:25:52.0763 3432  ============================================================
07:25:52.0763 3432  Scan started
07:25:52.0763 3432  Mode: Manual;
07:25:52.0763 3432  ============================================================
07:25:53.0356 3432  ================ Scan system memory ========================
07:25:53.0356 3432  System memory - ok
07:25:53.0356 3432  ================ Scan services =============================
07:25:53.0465 3432  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
07:25:53.0465 3432  1394ohci - ok
07:25:53.0481 3432  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:25:53.0481 3432  ACPI - ok
07:25:53.0496 3432  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
07:25:53.0512 3432  AcpiPmi - ok
07:25:53.0543 3432  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:25:53.0559 3432  AdobeARMservice - ok
07:25:53.0574 3432  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
07:25:53.0574 3432  adp94xx - ok
07:25:53.0605 3432  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
07:25:53.0621 3432  adpahci - ok
07:25:53.0637 3432  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
07:25:53.0637 3432  adpu320 - ok
07:25:53.0668 3432  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:25:53.0668 3432  AeLookupSvc - ok
07:25:53.0730 3432  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
07:25:53.0746 3432  AFD - ok
07:25:53.0746 3432  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
07:25:53.0746 3432  agp440 - ok
07:25:53.0761 3432  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
07:25:53.0761 3432  aic78xx - ok
07:25:53.0808 3432  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
07:25:53.0808 3432  ALG - ok
07:25:53.0824 3432  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:25:53.0824 3432  aliide - ok
07:25:53.0839 3432  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
07:25:53.0839 3432  amdagp - ok
07:25:53.0839 3432  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
07:25:53.0839 3432  amdide - ok
07:25:53.0855 3432  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
07:25:53.0855 3432  AmdK8 - ok
07:25:53.0871 3432  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
07:25:53.0871 3432  AmdPPM - ok
07:25:53.0917 3432  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:25:53.0917 3432  amdsata - ok
07:25:53.0933 3432  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
07:25:53.0933 3432  amdsbs - ok
07:25:53.0933 3432  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:25:53.0933 3432  amdxata - ok
07:25:53.0964 3432  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
07:25:53.0964 3432  AppID - ok
07:25:53.0995 3432  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:25:53.0995 3432  AppIDSvc - ok
07:25:54.0011 3432  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
07:25:54.0011 3432  Appinfo - ok
07:25:54.0073 3432  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
07:25:54.0073 3432  AppMgmt - ok
07:25:54.0089 3432  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
07:25:54.0089 3432  arc - ok
07:25:54.0105 3432  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
07:25:54.0105 3432  arcsas - ok
07:25:54.0183 3432  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
07:25:54.0183 3432  aspnet_state - ok
07:25:54.0198 3432  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:25:54.0198 3432  AsyncMac - ok
07:25:54.0198 3432  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
07:25:54.0198 3432  atapi - ok
07:25:54.0229 3432  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:25:54.0229 3432  AudioEndpointBuilder - ok
07:25:54.0229 3432  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
07:25:54.0245 3432  Audiosrv - ok
07:25:54.0276 3432  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:25:54.0276 3432  AxInstSV - ok
07:25:54.0292 3432  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
07:25:54.0307 3432  b06bdrv - ok
07:25:54.0323 3432  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
07:25:54.0323 3432  b57nd60x - ok
07:25:54.0339 3432  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:25:54.0339 3432  BDESVC - ok
07:25:54.0354 3432  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:25:54.0370 3432  Beep - ok
07:25:54.0401 3432  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
07:25:54.0417 3432  BFE - ok
07:25:54.0432 3432  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
07:25:54.0432 3432  BITS - ok
07:25:54.0448 3432  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
07:25:54.0448 3432  blbdrive - ok
07:25:54.0479 3432  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:25:54.0479 3432  bowser - ok
07:25:54.0495 3432  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
07:25:54.0495 3432  BrFiltLo - ok
07:25:54.0510 3432  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
07:25:54.0510 3432  BrFiltUp - ok
07:25:54.0541 3432  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
07:25:54.0541 3432  BridgeMP - ok
07:25:54.0573 3432  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
07:25:54.0573 3432  Browser - ok
07:25:54.0588 3432  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
07:25:54.0588 3432  Brserid - ok
07:25:54.0604 3432  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:25:54.0604 3432  BrSerWdm - ok
07:25:54.0619 3432  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:25:54.0619 3432  BrUsbMdm - ok
07:25:54.0619 3432  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:25:54.0635 3432  BrUsbSer - ok
07:25:54.0635 3432  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
07:25:54.0635 3432  BTHMODEM - ok
07:25:54.0682 3432  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
07:25:54.0682 3432  bthserv - ok
07:25:54.0807 3432  catchme - ok
07:25:54.0838 3432  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:25:54.0838 3432  cdfs - ok
07:25:54.0869 3432  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
07:25:54.0885 3432  cdrom - ok
07:25:54.0931 3432  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
07:25:54.0931 3432  CertPropSvc - ok
07:25:54.0947 3432  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
07:25:54.0947 3432  circlass - ok
07:25:54.0947 3432  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
07:25:54.0963 3432  CLFS - ok
07:25:55.0025 3432  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:25:55.0025 3432  clr_optimization_v2.0.50727_32 - ok
07:25:55.0056 3432  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:25:55.0056 3432  clr_optimization_v4.0.30319_32 - ok
07:25:55.0072 3432  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
07:25:55.0072 3432  CmBatt - ok
07:25:55.0072 3432  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:25:55.0072 3432  cmdide - ok
07:25:55.0103 3432  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
07:25:55.0103 3432  CNG - ok
07:25:55.0119 3432  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
07:25:55.0119 3432  Compbatt - ok
07:25:55.0134 3432  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
07:25:55.0134 3432  CompositeBus - ok
07:25:55.0150 3432  COMSysApp - ok
07:25:55.0165 3432  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
07:25:55.0165 3432  crcdisk - ok
07:25:55.0212 3432  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:25:55.0212 3432  CryptSvc - ok
07:25:55.0243 3432  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
07:25:55.0243 3432  CSC - ok
07:25:55.0275 3432  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
07:25:55.0290 3432  CscService - ok
07:25:55.0306 3432  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:25:55.0306 3432  DcomLaunch - ok
07:25:55.0337 3432  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
07:25:55.0337 3432  defragsvc - ok
07:25:55.0353 3432  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:25:55.0353 3432  DfsC - ok
07:25:55.0384 3432  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:25:55.0384 3432  Dhcp - ok
07:25:55.0399 3432  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
07:25:55.0399 3432  discache - ok
07:25:55.0446 3432  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
07:25:55.0446 3432  Disk - ok
07:25:55.0462 3432  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
07:25:55.0462 3432  dmvsc - ok
07:25:55.0493 3432  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:25:55.0493 3432  Dnscache - ok
07:25:55.0493 3432  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:25:55.0509 3432  dot3svc - ok
07:25:55.0509 3432  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
07:25:55.0509 3432  DPS - ok
07:25:55.0540 3432  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:25:55.0540 3432  drmkaud - ok
07:25:55.0571 3432  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:25:55.0571 3432  DXGKrnl - ok
07:25:55.0587 3432  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
07:25:55.0587 3432  EapHost - ok
07:25:55.0633 3432  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
07:25:55.0680 3432  ebdrv - ok
07:25:55.0696 3432  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
07:25:55.0696 3432  EFS - ok
07:25:55.0743 3432  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:25:55.0743 3432  ehRecvr - ok
07:25:55.0758 3432  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
07:25:55.0758 3432  ehSched - ok
07:25:55.0805 3432  [ E6739AAE91491D1114B5B66276A7C6E6 ] ElbyCDFL        C:\Windows\system32\Drivers\ElbyCDFL.sys
07:25:55.0821 3432  ElbyCDFL - ok
07:25:55.0836 3432  [ CD35088D84A17CA694658A3CB0EBD13C ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
07:25:55.0836 3432  ElbyCDIO - ok
07:25:55.0867 3432  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
07:25:55.0883 3432  elxstor - ok
07:25:55.0899 3432  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:25:55.0899 3432  ErrDev - ok
07:25:55.0930 3432  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
07:25:55.0930 3432  EventSystem - ok
07:25:55.0945 3432  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
07:25:55.0945 3432  exfat - ok
07:25:55.0961 3432  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:25:55.0961 3432  fastfat - ok
07:25:55.0992 3432  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
07:25:56.0008 3432  Fax - ok
07:25:56.0023 3432  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
07:25:56.0023 3432  fdc - ok
07:25:56.0023 3432  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
07:25:56.0039 3432  fdPHost - ok
07:25:56.0039 3432  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
07:25:56.0039 3432  FDResPub - ok
07:25:56.0070 3432  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:25:56.0070 3432  FileInfo - ok
07:25:56.0086 3432  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:25:56.0086 3432  Filetrace - ok
07:25:56.0101 3432  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
07:25:56.0117 3432  flpydisk - ok
07:25:56.0164 3432  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:25:56.0164 3432  FltMgr - ok
07:25:56.0211 3432  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
07:25:56.0226 3432  FontCache - ok
07:25:56.0257 3432  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:25:56.0257 3432  FontCache3.0.0.0 - ok
07:25:56.0273 3432  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
07:25:56.0273 3432  FsDepends - ok
07:25:56.0289 3432  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:25:56.0289 3432  Fs_Rec - ok
07:25:56.0335 3432  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:25:56.0335 3432  fvevol - ok
07:25:56.0351 3432  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
07:25:56.0351 3432  gagp30kx - ok
07:25:56.0382 3432  [ D556CB79967E92B5CC69686D16C1D846 ] gdrv            C:\Windows\gdrv.sys
07:25:56.0398 3432  gdrv - ok
07:25:56.0413 3432  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
07:25:56.0413 3432  gpsvc - ok
07:25:56.0476 3432  [ 88A6F2571405B3A4ABC4ED2F52136317 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
07:25:56.0476 3432  hcmon - ok
07:25:56.0491 3432  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
07:25:56.0491 3432  hcw85cir - ok
07:25:56.0523 3432  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:25:56.0523 3432  HdAudAddService - ok
07:25:56.0538 3432  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
07:25:56.0554 3432  HDAudBus - ok
07:25:56.0554 3432  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
07:25:56.0569 3432  HidBatt - ok
07:25:56.0569 3432  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
07:25:56.0569 3432  HidBth - ok
07:25:56.0601 3432  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
07:25:56.0601 3432  HidIr - ok
07:25:56.0616 3432  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
07:25:56.0616 3432  hidserv - ok
07:25:56.0647 3432  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:25:56.0647 3432  HidUsb - ok
07:25:56.0663 3432  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:25:56.0663 3432  hkmsvc - ok
07:25:56.0679 3432  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:25:56.0679 3432  HomeGroupListener - ok
07:25:56.0710 3432  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:25:56.0710 3432  HomeGroupProvider - ok
07:25:56.0725 3432  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:25:56.0725 3432  HpSAMD - ok
07:25:56.0741 3432  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:25:56.0741 3432  HTTP - ok
07:25:56.0757 3432  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:25:56.0757 3432  hwpolicy - ok
07:25:56.0772 3432  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
07:25:56.0772 3432  i8042prt - ok
07:25:56.0803 3432  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
07:25:56.0803 3432  iaStorV - ok
07:25:56.0850 3432  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:25:56.0866 3432  idsvc - ok
07:25:56.0866 3432  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
07:25:56.0866 3432  iirsp - ok
07:25:56.0897 3432  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
07:25:56.0897 3432  IKEEXT - ok
07:25:56.0913 3432  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
07:25:56.0913 3432  intelide - ok
07:25:56.0928 3432  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:25:56.0928 3432  intelppm - ok
07:25:56.0944 3432  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:25:56.0944 3432  IPBusEnum - ok
07:25:56.0959 3432  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:25:56.0959 3432  IpFilterDriver - ok
07:25:57.0006 3432  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:25:57.0006 3432  iphlpsvc - ok
07:25:57.0022 3432  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
07:25:57.0022 3432  IPMIDRV - ok
07:25:57.0037 3432  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
07:25:57.0037 3432  IPNAT - ok
07:25:57.0053 3432  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:25:57.0053 3432  IRENUM - ok
07:25:57.0053 3432  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:25:57.0069 3432  isapnp - ok
07:25:57.0069 3432  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
07:25:57.0069 3432  iScsiPrt - ok
07:25:57.0100 3432  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:25:57.0100 3432  kbdclass - ok
07:25:57.0115 3432  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
07:25:57.0115 3432  kbdhid - ok
07:25:57.0131 3432  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
07:25:57.0131 3432  KeyIso - ok
07:25:57.0147 3432  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:25:57.0147 3432  KSecDD - ok
07:25:57.0162 3432  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
07:25:57.0162 3432  KSecPkg - ok
07:25:57.0178 3432  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:25:57.0193 3432  KtmRm - ok
07:25:57.0225 3432  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
07:25:57.0225 3432  LanmanServer - ok
07:25:57.0240 3432  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:25:57.0240 3432  LanmanWorkstation - ok
07:25:57.0271 3432  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:25:57.0271 3432  lltdio - ok
07:25:57.0287 3432  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:25:57.0287 3432  lltdsvc - ok
07:25:57.0303 3432  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:25:57.0303 3432  lmhosts - ok
07:25:57.0318 3432  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
07:25:57.0318 3432  LSI_FC - ok
07:25:57.0349 3432  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
07:25:57.0349 3432  LSI_SAS - ok
07:25:57.0381 3432  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
07:25:57.0381 3432  LSI_SAS2 - ok
07:25:57.0396 3432  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
07:25:57.0396 3432  LSI_SCSI - ok
07:25:57.0396 3432  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
07:25:57.0396 3432  luafv - ok
07:25:57.0427 3432  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
07:25:57.0427 3432  Mcx2Svc - ok
07:25:57.0443 3432  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
07:25:57.0443 3432  megasas - ok
07:25:57.0459 3432  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
07:25:57.0459 3432  MegaSR - ok
07:25:57.0474 3432  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
07:25:57.0474 3432  MMCSS - ok
07:25:57.0490 3432  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
07:25:57.0490 3432  Modem - ok
07:25:57.0505 3432  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:25:57.0505 3432  monitor - ok
07:25:57.0521 3432  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:25:57.0521 3432  mouclass - ok
07:25:57.0537 3432  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:25:57.0537 3432  mouhid - ok
07:25:57.0537 3432  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:25:57.0537 3432  mountmgr - ok
07:25:57.0552 3432  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:25:57.0552 3432  mpio - ok
07:25:57.0568 3432  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:25:57.0568 3432  mpsdrv - ok
07:25:57.0583 3432  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:25:57.0583 3432  MpsSvc - ok
07:25:57.0599 3432  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:25:57.0599 3432  MRxDAV - ok
07:25:57.0615 3432  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:25:57.0630 3432  mrxsmb - ok
07:25:57.0630 3432  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:25:57.0646 3432  mrxsmb10 - ok
07:25:57.0646 3432  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:25:57.0661 3432  mrxsmb20 - ok
07:25:57.0661 3432  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
07:25:57.0661 3432  msahci - ok
07:25:57.0677 3432  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:25:57.0677 3432  msdsm - ok
07:25:57.0693 3432  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
07:25:57.0693 3432  MSDTC - ok
07:25:57.0724 3432  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:25:57.0724 3432  Msfs - ok
07:25:57.0724 3432  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
07:25:57.0739 3432  mshidkmdf - ok
07:25:57.0739 3432  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:25:57.0739 3432  msisadrv - ok
07:25:57.0771 3432  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:25:57.0786 3432  MSiSCSI - ok
07:25:57.0786 3432  msiserver - ok
07:25:57.0802 3432  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:25:57.0802 3432  MSKSSRV - ok
07:25:57.0817 3432  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:25:57.0817 3432  MSPCLOCK - ok
07:25:57.0817 3432  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:25:57.0817 3432  MSPQM - ok
07:25:57.0833 3432  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:25:57.0833 3432  MsRPC - ok
07:25:57.0849 3432  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
07:25:57.0849 3432  mssmbios - ok
07:25:57.0849 3432  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:25:57.0849 3432  MSTEE - ok
07:25:57.0864 3432  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
07:25:57.0864 3432  MTConfig - ok
07:25:57.0864 3432  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
07:25:57.0864 3432  Mup - ok
07:25:57.0895 3432  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
07:25:57.0895 3432  napagent - ok
07:25:57.0927 3432  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:25:57.0927 3432  NativeWifiP - ok
07:25:57.0973 3432  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:25:57.0973 3432  NDIS - ok
07:25:57.0989 3432  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
07:25:57.0989 3432  NdisCap - ok
07:25:58.0020 3432  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:25:58.0020 3432  NdisTapi - ok
07:25:58.0036 3432  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:25:58.0036 3432  Ndisuio - ok
07:25:58.0036 3432  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:25:58.0036 3432  NdisWan - ok
07:25:58.0051 3432  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:25:58.0051 3432  NDProxy - ok
07:25:58.0114 3432  [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
07:25:58.0129 3432  Nero BackItUp Scheduler 4.0 - ok
07:25:58.0145 3432  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:25:58.0145 3432  NetBIOS - ok
07:25:58.0145 3432  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
07:25:58.0161 3432  NetBT - ok
07:25:58.0161 3432  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
07:25:58.0161 3432  Netlogon - ok
07:25:58.0207 3432  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
07:25:58.0207 3432  Netman - ok
07:25:58.0239 3432  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:25:58.0239 3432  NetMsmqActivator - ok
07:25:58.0239 3432  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:25:58.0239 3432  NetPipeActivator - ok
07:25:58.0254 3432  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
07:25:58.0270 3432  netprofm - ok
07:25:58.0270 3432  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:25:58.0270 3432  NetTcpActivator - ok
07:25:58.0270 3432  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:25:58.0270 3432  NetTcpPortSharing - ok
07:25:58.0285 3432  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
07:25:58.0285 3432  nfrd960 - ok
07:25:58.0317 3432  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:25:58.0317 3432  NlaSvc - ok
07:25:58.0348 3432  NLNdisMP - ok
07:25:58.0379 3432  NLNdisPT - ok
07:25:58.0395 3432  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:25:58.0395 3432  Npfs - ok
07:25:58.0395 3432  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
07:25:58.0410 3432  nsi - ok
07:25:58.0410 3432  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:25:58.0410 3432  nsiproxy - ok
07:25:58.0473 3432  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:25:58.0488 3432  Ntfs - ok
07:25:58.0504 3432  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
07:25:58.0504 3432  Null - ok
07:25:58.0660 3432  [ 75FA3DC6C2838F35B15CF45E9E0D10A8 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:25:58.0722 3432  nvlddmkm - ok
07:25:58.0753 3432  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:25:58.0753 3432  nvraid - ok
07:25:58.0769 3432  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:25:58.0769 3432  nvstor - ok
07:25:58.0816 3432  [ 2784C071EC57DCDBA6D4A2A017F56CD4 ] nvsvc           C:\Windows\system32\nvvsvc.exe
07:25:58.0816 3432  nvsvc - ok
07:25:58.0847 3432  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:25:58.0847 3432  nv_agp - ok
07:25:58.0863 3432  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:25:58.0863 3432  ohci1394 - ok
07:25:58.0878 3432  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:25:58.0894 3432  p2pimsvc - ok
07:25:58.0909 3432  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
07:25:58.0909 3432  p2psvc - ok
07:25:58.0925 3432  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
07:25:58.0925 3432  Parport - ok
07:25:58.0956 3432  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:25:58.0956 3432  partmgr - ok
07:25:58.0956 3432  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
07:25:58.0956 3432  Parvdm - ok
07:25:58.0972 3432  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:25:58.0972 3432  PcaSvc - ok
07:25:58.0987 3432  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
07:25:58.0987 3432  pci - ok
07:25:59.0003 3432  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
07:25:59.0003 3432  pciide - ok
07:25:59.0019 3432  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
07:25:59.0019 3432  pcmcia - ok
07:25:59.0081 3432  [ 5B6C11DE7E839C05248CED8825470FEF ] Pcouffin        C:\Windows\system32\Drivers\Pcouffin.sys
07:25:59.0081 3432  Pcouffin - ok
07:25:59.0097 3432  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
07:25:59.0097 3432  pcw - ok
07:25:59.0112 3432  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:25:59.0128 3432  PEAUTH - ok
07:25:59.0159 3432  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
07:25:59.0175 3432  PeerDistSvc - ok
07:25:59.0221 3432  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
07:25:59.0253 3432  pla - ok
07:25:59.0268 3432  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:25:59.0284 3432  PlugPlay - ok
07:25:59.0284 3432  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
07:25:59.0284 3432  PNRPAutoReg - ok
07:25:59.0315 3432  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
07:25:59.0315 3432  PNRPsvc - ok
07:25:59.0331 3432  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:25:59.0331 3432  PolicyAgent - ok
07:25:59.0362 3432  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
07:25:59.0362 3432  Power - ok
07:25:59.0377 3432  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:25:59.0377 3432  PptpMiniport - ok
07:25:59.0393 3432  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
07:25:59.0393 3432  Processor - ok
07:25:59.0424 3432  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
07:25:59.0424 3432  ProfSvc - ok
07:25:59.0440 3432  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:25:59.0440 3432  ProtectedStorage - ok
07:25:59.0455 3432  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:25:59.0455 3432  Psched - ok
07:25:59.0502 3432  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
07:25:59.0518 3432  ql2300 - ok
07:25:59.0533 3432  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
07:25:59.0533 3432  ql40xx - ok
07:25:59.0565 3432  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
07:25:59.0565 3432  QWAVE - ok
07:25:59.0580 3432  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:25:59.0580 3432  QWAVEdrv - ok
07:25:59.0596 3432  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:25:59.0596 3432  RasAcd - ok
07:25:59.0611 3432  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
07:25:59.0611 3432  RasAgileVpn - ok
07:25:59.0627 3432  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
07:25:59.0643 3432  RasAuto - ok
07:25:59.0658 3432  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:25:59.0658 3432  Rasl2tp - ok
07:25:59.0674 3432  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
07:25:59.0689 3432  RasMan - ok
07:25:59.0705 3432  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:25:59.0705 3432  RasPppoe - ok
07:25:59.0721 3432  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:25:59.0736 3432  RasSstp - ok
07:25:59.0736 3432  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:25:59.0752 3432  rdbss - ok
07:25:59.0752 3432  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
07:25:59.0752 3432  rdpbus - ok
07:25:59.0767 3432  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:25:59.0767 3432  RDPCDD - ok
07:25:59.0783 3432  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
07:25:59.0783 3432  RDPDR - ok
07:25:59.0799 3432  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:25:59.0799 3432  RDPENCDD - ok
07:25:59.0814 3432  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
07:25:59.0814 3432  RDPREFMP - ok
07:25:59.0830 3432  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:25:59.0830 3432  RDPWD - ok
07:25:59.0861 3432  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:25:59.0861 3432  rdyboost - ok
07:25:59.0877 3432  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:25:59.0892 3432  RemoteAccess - ok
07:25:59.0908 3432  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:25:59.0908 3432  RemoteRegistry - ok
07:25:59.0939 3432  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:25:59.0939 3432  RpcEptMapper - ok
07:25:59.0955 3432  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
07:25:59.0955 3432  RpcLocator - ok
07:25:59.0970 3432  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
07:25:59.0970 3432  RpcSs - ok
07:26:00.0017 3432  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:26:00.0017 3432  rspndr - ok
07:26:00.0048 3432  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
07:26:00.0048 3432  RTL8167 - ok
07:26:00.0064 3432  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
07:26:00.0064 3432  s3cap - ok
07:26:00.0079 3432  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
07:26:00.0079 3432  SamSs - ok
07:26:00.0079 3432  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:26:00.0079 3432  sbp2port - ok
07:26:00.0111 3432  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:26:00.0111 3432  SCardSvr - ok
07:26:00.0126 3432  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:26:00.0126 3432  scfilter - ok
07:26:00.0142 3432  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
07:26:00.0157 3432  Schedule - ok
07:26:00.0173 3432  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:26:00.0173 3432  SCPolicySvc - ok
07:26:00.0189 3432  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:26:00.0189 3432  SDRSVC - ok
07:26:00.0204 3432  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:26:00.0204 3432  secdrv - ok
07:26:00.0220 3432  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
07:26:00.0220 3432  seclogon - ok
07:26:00.0235 3432  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
07:26:00.0235 3432  SENS - ok
07:26:00.0251 3432  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:26:00.0251 3432  SensrSvc - ok
07:26:00.0267 3432  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
07:26:00.0267 3432  Serenum - ok
07:26:00.0282 3432  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
07:26:00.0298 3432  Serial - ok
07:26:00.0298 3432  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
07:26:00.0298 3432  sermouse - ok
07:26:00.0313 3432  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
07:26:00.0313 3432  SessionEnv - ok
07:26:00.0329 3432  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:26:00.0329 3432  sffdisk - ok
07:26:00.0345 3432  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:26:00.0345 3432  sffp_mmc - ok
07:26:00.0360 3432  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:26:00.0360 3432  sffp_sd - ok
07:26:00.0360 3432  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
07:26:00.0360 3432  sfloppy - ok
07:26:00.0391 3432  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:26:00.0407 3432  SharedAccess - ok
07:26:00.0423 3432  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:26:00.0423 3432  ShellHWDetection - ok
07:26:00.0423 3432  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
07:26:00.0438 3432  sisagp - ok
07:26:00.0454 3432  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
07:26:00.0454 3432  SiSRaid2 - ok
07:26:00.0454 3432  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
07:26:00.0469 3432  SiSRaid4 - ok
07:26:00.0485 3432  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:26:00.0485 3432  Smb - ok
07:26:00.0516 3432  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:26:00.0516 3432  SNMPTRAP - ok
07:26:00.0532 3432  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
07:26:00.0532 3432  spldr - ok
07:26:00.0579 3432  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
07:26:00.0579 3432  Spooler - ok
07:26:00.0625 3432  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
07:26:00.0688 3432  sppsvc - ok
07:26:00.0688 3432  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
07:26:00.0688 3432  sppuinotify - ok
07:26:00.0719 3432  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:26:00.0719 3432  srv - ok
07:26:00.0735 3432  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:26:00.0735 3432  srv2 - ok
07:26:00.0750 3432  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:26:00.0750 3432  srvnet - ok
07:26:00.0766 3432  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:26:00.0781 3432  SSDPSRV - ok
07:26:00.0797 3432  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:26:00.0797 3432  SstpSvc - ok
07:26:00.0859 3432  [ 2222073BE0232E70A397B8302293AA9D ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
07:26:00.0859 3432  Stereo Service - ok
07:26:00.0875 3432  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
07:26:00.0875 3432  stexstor - ok
07:26:00.0906 3432  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
07:26:00.0922 3432  StiSvc - ok
07:26:00.0937 3432  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
07:26:00.0937 3432  storflt - ok
07:26:00.0953 3432  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
07:26:00.0953 3432  StorSvc - ok
07:26:00.0969 3432  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
07:26:00.0969 3432  storvsc - ok
07:26:00.0984 3432  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
07:26:00.0984 3432  swenum - ok
07:26:01.0000 3432  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
07:26:01.0000 3432  swprv - ok
07:26:01.0031 3432  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
07:26:01.0062 3432  SysMain - ok
07:26:01.0078 3432  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:26:01.0078 3432  TabletInputService - ok
07:26:01.0078 3432  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:26:01.0093 3432  TapiSrv - ok
07:26:01.0109 3432  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
07:26:01.0109 3432  TBS - ok
07:26:01.0156 3432  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:26:01.0187 3432  Tcpip - ok
07:26:01.0218 3432  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:26:01.0218 3432  TCPIP6 - ok
07:26:01.0265 3432  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:26:01.0265 3432  tcpipreg - ok
07:26:01.0296 3432  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:26:01.0327 3432  TDPIPE - ok
07:26:01.0359 3432  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:26:01.0359 3432  TDTCP - ok
07:26:01.0374 3432  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:26:01.0374 3432  tdx - ok
07:26:01.0390 3432  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
07:26:01.0390 3432  TermDD - ok
07:26:01.0405 3432  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
07:26:01.0421 3432  TermService - ok
07:26:01.0421 3432  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
07:26:01.0421 3432  Themes - ok
07:26:01.0437 3432  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
07:26:01.0437 3432  THREADORDER - ok
07:26:01.0468 3432  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
07:26:01.0468 3432  TrkWks - ok
07:26:01.0515 3432  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:26:01.0515 3432  TrustedInstaller - ok
07:26:01.0530 3432  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:26:01.0530 3432  tssecsrv - ok
07:26:01.0530 3432  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:26:01.0546 3432  TsUsbFlt - ok
07:26:01.0546 3432  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
07:26:01.0546 3432  TsUsbGD - ok
07:26:01.0561 3432  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:26:01.0561 3432  tunnel - ok
07:26:01.0577 3432  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
07:26:01.0577 3432  uagp35 - ok
07:26:01.0593 3432  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:26:01.0608 3432  udfs - ok
07:26:01.0624 3432  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:26:01.0624 3432  UI0Detect - ok
07:26:01.0639 3432  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:26:01.0639 3432  uliagpkx - ok
07:26:01.0655 3432  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
07:26:01.0671 3432  umbus - ok
07:26:01.0671 3432  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
07:26:01.0671 3432  UmPass - ok
07:26:01.0702 3432  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
07:26:01.0702 3432  UmRdpService - ok
07:26:01.0717 3432  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
07:26:01.0733 3432  upnphost - ok
07:26:01.0764 3432  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
07:26:01.0764 3432  USBAAPL - ok
07:26:01.0795 3432  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
07:26:01.0795 3432  usbccgp - ok
07:26:01.0811 3432  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:26:01.0811 3432  usbcir - ok
07:26:01.0827 3432  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
07:26:01.0827 3432  usbehci - ok
07:26:01.0858 3432  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:26:01.0858 3432  usbhub - ok
07:26:01.0889 3432  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
07:26:01.0889 3432  usbohci - ok
07:26:01.0905 3432  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
07:26:01.0905 3432  usbprint - ok
07:26:01.0920 3432  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
07:26:01.0920 3432  usbscan - ok
07:26:01.0936 3432  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:26:01.0936 3432  USBSTOR - ok
07:26:01.0936 3432  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
07:26:01.0936 3432  usbuhci - ok
07:26:01.0983 3432  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
07:26:01.0983 3432  usbvideo - ok
07:26:01.0998 3432  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
07:26:01.0998 3432  UxSms - ok
07:26:02.0014 3432  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
07:26:02.0014 3432  VaultSvc - ok
07:26:02.0029 3432  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:26:02.0029 3432  vdrvroot - ok
07:26:02.0045 3432  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
07:26:02.0045 3432  vds - ok
07:26:02.0076 3432  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:26:02.0076 3432  vga - ok
07:26:02.0076 3432  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:26:02.0076 3432  VgaSave - ok
07:26:02.0092 3432  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
07:26:02.0092 3432  vhdmp - ok
07:26:02.0123 3432  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
07:26:02.0123 3432  viaagp - ok
07:26:02.0123 3432  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
07:26:02.0123 3432  ViaC7 - ok
07:26:02.0123 3432  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
07:26:02.0139 3432  viaide - ok
07:26:02.0170 3432  [ 1562A089B46C821487AFF8D01EE5547E ] VMAuthdService  C:\Program Files\VMware\VMware Player\vmware-authd.exe
07:26:02.0185 3432  VMAuthdService - ok
07:26:02.0201 3432  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
07:26:02.0201 3432  vmbus - ok
07:26:02.0217 3432  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
07:26:02.0217 3432  VMBusHID - ok
07:26:02.0248 3432  [ 15759158F7531853616B2B43AF962FCB ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
07:26:02.0248 3432  vmci - ok
07:26:02.0295 3432  [ 130E7287F096B0C728F4EFD4D9C139FD ] vmkbd2          C:\Windows\system32\drivers\VMkbd.sys
07:26:02.0295 3432  vmkbd2 - ok
07:26:02.0295 3432  [ 1AFA4AF55CBEA579A4BBE4F90967F720 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
07:26:02.0295 3432  VMnetAdapter - ok
07:26:02.0326 3432  [ 392964A7BF46986FBD44B24A3BEC2088 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
07:26:02.0326 3432  VMnetBridge - ok
07:26:02.0373 3432  [ 1A84266C6FB9B3355122C9007A35DEDC ] VMnetDHCP       C:\Windows\system32\vmnetdhcp.exe
07:26:02.0373 3432  VMnetDHCP - ok
07:26:02.0404 3432  [ 90F8543E91409882AC7A8EA1DD145A34 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
07:26:02.0404 3432  VMnetuserif - ok
07:26:02.0435 3432  [ BBAB75F67E18283D6DA1B7B8C900457B ] VMparport       C:\Windows\system32\Drivers\VMparport.sys
07:26:02.0435 3432  VMparport - ok
07:26:02.0482 3432  [ AF76C6D3F5053459E18E4C519FB496C8 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
07:26:02.0482 3432  VMUSBArbService - ok
07:26:02.0544 3432  [ 48A1ECAFDFFF839B81E1BDE8D1A09D39 ] VMware NAT Service C:\Windows\system32\vmnat.exe
07:26:02.0544 3432  VMware NAT Service - ok
07:26:02.0575 3432  [ 84D36EF82E2EF007E71E978F93690D5B ] vmx86           C:\Windows\system32\Drivers\vmx86.sys
07:26:02.0575 3432  vmx86 - ok
07:26:02.0607 3432  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:26:02.0607 3432  volmgr - ok
07:26:02.0622 3432  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:26:02.0622 3432  volmgrx - ok
07:26:02.0653 3432  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:26:02.0653 3432  volsnap - ok
07:26:02.0700 3432  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
07:26:02.0700 3432  vsmraid - ok
07:26:02.0731 3432  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
07:26:02.0747 3432  VSS - ok
07:26:02.0747 3432  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
07:26:02.0747 3432  vwifibus - ok
07:26:02.0778 3432  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
07:26:02.0778 3432  W32Time - ok
07:26:02.0794 3432  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
07:26:02.0794 3432  WacomPen - ok
07:26:02.0809 3432  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
07:26:02.0809 3432  WANARP - ok
07:26:02.0809 3432  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:26:02.0809 3432  Wanarpv6 - ok
07:26:02.0856 3432  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
07:26:02.0872 3432  WatAdminSvc - ok
07:26:02.0903 3432  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
07:26:02.0934 3432  wbengine - ok
07:26:02.0965 3432  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:26:02.0965 3432  WbioSrvc - ok
07:26:02.0981 3432  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:26:02.0997 3432  wcncsvc - ok
07:26:03.0012 3432  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:26:03.0012 3432  WcsPlugInService - ok
07:26:03.0028 3432  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
07:26:03.0043 3432  Wd - ok
07:26:03.0075 3432  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:26:03.0075 3432  Wdf01000 - ok
07:26:03.0090 3432  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:26:03.0106 3432  WdiServiceHost - ok
07:26:03.0106 3432  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:26:03.0106 3432  WdiSystemHost - ok
07:26:03.0121 3432  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
07:26:03.0137 3432  WebClient - ok
07:26:03.0153 3432  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:26:03.0153 3432  Wecsvc - ok
07:26:03.0184 3432  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:26:03.0184 3432  wercplsupport - ok
07:26:03.0231 3432  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:26:03.0231 3432  WerSvc - ok
07:26:03.0246 3432  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
07:26:03.0246 3432  WfpLwf - ok
07:26:03.0246 3432  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:26:03.0246 3432  WIMMount - ok
07:26:03.0293 3432  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
07:26:03.0309 3432  WinDefend - ok
07:26:03.0309 3432  WinHttpAutoProxySvc - ok
07:26:03.0340 3432  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:26:03.0355 3432  Winmgmt - ok
07:26:03.0387 3432  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
07:26:03.0402 3432  WinRM - ok
07:26:03.0465 3432  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
07:26:03.0465 3432  WinUsb - ok
07:26:03.0480 3432  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:26:03.0496 3432  Wlansvc - ok
07:26:03.0589 3432  [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:26:03.0605 3432  wlidsvc - ok
07:26:03.0605 3432  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
07:26:03.0621 3432  WmiAcpi - ok
07:26:03.0636 3432  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:26:03.0636 3432  wmiApSrv - ok
07:26:03.0699 3432  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
07:26:03.0714 3432  WMPNetworkSvc - ok
07:26:03.0745 3432  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:26:03.0745 3432  WPCSvc - ok
07:26:03.0761 3432  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:26:03.0761 3432  WPDBusEnum - ok
07:26:03.0792 3432  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:26:03.0792 3432  ws2ifsl - ok
07:26:03.0808 3432  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
07:26:03.0808 3432  wscsvc - ok
07:26:03.0808 3432  WSearch - ok
07:26:03.0870 3432  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
07:26:03.0901 3432  wuauserv - ok
07:26:03.0933 3432  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:26:03.0933 3432  WudfPf - ok
07:26:03.0948 3432  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:26:03.0964 3432  WUDFRd - ok
07:26:03.0979 3432  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:26:03.0979 3432  wudfsvc - ok
07:26:03.0995 3432  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
07:26:04.0011 3432  WwanSvc - ok
07:26:04.0011 3432  ================ Scan global ===============================
07:26:04.0042 3432  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
07:26:04.0073 3432  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
07:26:04.0073 3432  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
07:26:04.0104 3432  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
07:26:04.0120 3432  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
07:26:04.0120 3432  [Global] - ok
07:26:04.0120 3432  ================ Scan MBR ==================================
07:26:04.0120 3432  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:26:04.0447 3432  \Device\Harddisk0\DR0 - ok
07:26:04.0447 3432  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
07:26:04.0557 3432  \Device\Harddisk1\DR1 - ok
07:26:04.0557 3432  ================ Scan VBR ==================================
07:26:04.0572 3432  [ 2C18D5409F0214005DFCD4AEEFC9DD23 ] \Device\Harddisk0\DR0\Partition1
07:26:04.0572 3432  \Device\Harddisk0\DR0\Partition1 - ok
07:26:04.0572 3432  [ 928DBE964E6C790AFF9CB2A7E71F7EEA ] \Device\Harddisk0\DR0\Partition2
07:26:04.0572 3432  \Device\Harddisk0\DR0\Partition2 - ok
07:26:04.0588 3432  [ DE3DAF248CF78CEF68C8D05FB12A3D1B ] \Device\Harddisk1\DR1\Partition1
07:26:04.0588 3432  \Device\Harddisk1\DR1\Partition1 - ok
07:26:04.0588 3432  ============================================================
07:26:04.0588 3432  Scan finished
07:26:04.0588 3432  ============================================================
07:26:04.0588 3420  Detected object count: 0
07:26:04.0588 3420  Actual detected object count: 0
07:27:41.0341 3916  ============================================================
07:27:41.0341 3916  Scan started
07:27:41.0341 3916  Mode: Manual; SigCheck; TDLFS;
07:27:41.0341 3916  ============================================================
07:27:41.0434 3916  ================ Scan system memory ========================
07:27:41.0434 3916  System memory - ok
07:27:41.0434 3916  ================ Scan services =============================
07:27:41.0497 3916  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
07:27:41.0575 3916  1394ohci - ok
07:27:41.0575 3916  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:27:41.0590 3916  ACPI - ok
07:27:41.0606 3916  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
07:27:41.0622 3916  AcpiPmi - ok
07:27:41.0684 3916  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:27:41.0700 3916  AdobeARMservice - ok
07:27:41.0731 3916  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
07:27:41.0746 3916  adp94xx - ok
07:27:41.0762 3916  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
07:27:41.0778 3916  adpahci - ok
07:27:41.0793 3916  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
07:27:41.0793 3916  adpu320 - ok
07:27:41.0824 3916  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:27:41.0871 3916  AeLookupSvc - ok
07:27:41.0887 3916  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
07:27:41.0918 3916  AFD - ok
07:27:41.0949 3916  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
07:27:41.0949 3916  agp440 - ok
07:27:41.0965 3916  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
07:27:41.0980 3916  aic78xx - ok
07:27:41.0980 3916  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
07:27:42.0012 3916  ALG - ok
07:27:42.0027 3916  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:27:42.0043 3916  aliide - ok
07:27:42.0043 3916  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
07:27:42.0058 3916  amdagp - ok
07:27:42.0058 3916  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
07:27:42.0074 3916  amdide - ok
07:27:42.0074 3916  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
07:27:42.0105 3916  AmdK8 - ok
07:27:42.0121 3916  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
07:27:42.0152 3916  AmdPPM - ok
07:27:42.0168 3916  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:27:42.0183 3916  amdsata - ok
07:27:42.0199 3916  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
07:27:42.0214 3916  amdsbs - ok
07:27:42.0230 3916  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:27:42.0246 3916  amdxata - ok
07:27:42.0246 3916  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
07:27:42.0277 3916  AppID - ok
07:27:42.0308 3916  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:27:42.0355 3916  AppIDSvc - ok
07:27:42.0375 3916  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
07:27:42.0407 3916  Appinfo - ok
07:27:42.0422 3916  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
07:27:42.0453 3916  AppMgmt - ok
07:27:42.0453 3916  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
07:27:42.0469 3916  arc - ok
07:27:42.0485 3916  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
07:27:42.0500 3916  arcsas - ok
07:27:42.0563 3916  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
07:27:42.0578 3916  aspnet_state - ok
07:27:42.0594 3916  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:27:42.0625 3916  AsyncMac - ok
07:27:42.0641 3916  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
07:27:42.0656 3916  atapi - ok
07:27:42.0672 3916  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:27:42.0719 3916  AudioEndpointBuilder - ok
07:27:42.0719 3916  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
07:27:42.0750 3916  Audiosrv - ok
07:27:42.0750 3916  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:27:42.0781 3916  AxInstSV - ok
07:27:42.0797 3916  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
07:27:42.0843 3916  b06bdrv - ok
07:27:42.0875 3916  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
07:27:42.0906 3916  b57nd60x - ok
07:27:42.0906 3916  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:27:42.0937 3916  BDESVC - ok
07:27:42.0953 3916  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:27:42.0984 3916  Beep - ok
07:27:42.0999 3916  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
07:27:43.0031 3916  BFE - ok
07:27:43.0062 3916  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
07:27:43.0109 3916  BITS - ok
07:27:43.0124 3916  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
07:27:43.0156 3916  blbdrive - ok
07:27:43.0171 3916  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:27:43.0187 3916  bowser - ok
07:27:43.0187 3916  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
07:27:43.0202 3916  BrFiltLo - ok
07:27:43.0202 3916  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
07:27:43.0234 3916  BrFiltUp - ok
07:27:43.0249 3916  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
07:27:43.0280 3916  BridgeMP - ok
07:27:43.0296 3916  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
07:27:43.0327 3916  Browser - ok
07:27:43.0343 3916  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
07:27:43.0374 3916  Brserid - ok
07:27:43.0390 3916  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:27:43.0405 3916  BrSerWdm - ok
07:27:43.0405 3916  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:27:43.0436 3916  BrUsbMdm - ok
07:27:43.0452 3916  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:27:43.0483 3916  BrUsbSer - ok
07:27:43.0499 3916  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
07:27:43.0514 3916  BTHMODEM - ok
07:27:43.0530 3916  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
07:27:43.0561 3916  bthserv - ok
07:27:43.0670 3916  catchme - ok
07:27:43.0686 3916  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:27:43.0733 3916  cdfs - ok
07:27:43.0748 3916  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
07:27:43.0780 3916  cdrom - ok
07:27:43.0795 3916  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
07:27:43.0826 3916  CertPropSvc - ok
07:27:43.0842 3916  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
07:27:43.0858 3916  circlass - ok
07:27:43.0873 3916  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
07:27:43.0873 3916  CLFS - ok
07:27:43.0920 3916  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:27:43.0936 3916  clr_optimization_v2.0.50727_32 - ok
07:27:43.0967 3916  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:27:43.0982 3916  clr_optimization_v4.0.30319_32 - ok
07:27:43.0982 3916  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
07:27:44.0014 3916  CmBatt - ok
07:27:44.0029 3916  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:27:44.0029 3916  cmdide - ok
07:27:44.0060 3916  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
07:27:44.0076 3916  CNG - ok
07:27:44.0092 3916  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
07:27:44.0107 3916  Compbatt - ok
07:27:44.0123 3916  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
07:27:44.0138 3916  CompositeBus - ok
07:27:44.0154 3916  COMSysApp - ok
07:27:44.0154 3916  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
07:27:44.0170 3916  crcdisk - ok
07:27:44.0201 3916  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:27:44.0232 3916  CryptSvc - ok
07:27:44.0263 3916  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
07:27:44.0279 3916  CSC - ok
07:27:44.0294 3916  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
07:27:44.0326 3916  CscService - ok
07:27:44.0372 3916  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:27:44.0393 3916  DcomLaunch - ok
07:27:44.0409 3916  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
07:27:44.0455 3916  defragsvc - ok
07:27:44.0471 3916  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:27:44.0518 3916  DfsC - ok
07:27:44.0533 3916  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:27:44.0565 3916  Dhcp - ok
07:27:44.0580 3916  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
07:27:44.0611 3916  discache - ok
07:27:44.0627 3916  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
07:27:44.0643 3916  Disk - ok
07:27:44.0658 3916  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
07:27:44.0689 3916  dmvsc - ok
07:27:44.0721 3916  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:27:44.0752 3916  Dnscache - ok
07:27:44.0767 3916  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:27:44.0814 3916  dot3svc - ok
07:27:44.0845 3916  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
07:27:44.0892 3916  DPS - ok
07:27:44.0908 3916  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:27:44.0939 3916  drmkaud - ok
07:27:44.0970 3916  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:27:45.0001 3916  DXGKrnl - ok
07:27:45.0001 3916  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
07:27:45.0048 3916  EapHost - ok
07:27:45.0095 3916  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
07:27:45.0157 3916  ebdrv - ok
07:27:45.0189 3916  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
07:27:45.0189 3916  EFS - ok
07:27:45.0235 3916  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:27:45.0267 3916  ehRecvr - ok
07:27:45.0282 3916  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
07:27:45.0298 3916  ehSched - ok
07:27:45.0313 3916  [ E6739AAE91491D1114B5B66276A7C6E6 ] ElbyCDFL        C:\Windows\system32\Drivers\ElbyCDFL.sys
07:27:45.0329 3916  ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
07:27:45.0329 3916  ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
07:27:45.0345 3916  [ CD35088D84A17CA694658A3CB0EBD13C ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
07:27:45.0376 3916  ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
07:27:45.0376 3916  ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
07:27:45.0407 3916  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
07:27:45.0423 3916  elxstor - ok
07:27:45.0438 3916  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:27:45.0485 3916  ErrDev - ok
07:27:45.0516 3916  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
07:27:45.0563 3916  EventSystem - ok
07:27:45.0579 3916  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
07:27:45.0610 3916  exfat - ok
07:27:45.0625 3916  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:27:45.0641 3916  fastfat - ok
07:27:45.0672 3916  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
07:27:45.0703 3916  Fax - ok
07:27:45.0719 3916  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
07:27:45.0719 3916  fdc - ok
07:27:45.0735 3916  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
07:27:45.0766 3916  fdPHost - ok
07:27:45.0781 3916  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
07:27:45.0813 3916  FDResPub - ok
07:27:45.0844 3916  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:27:45.0844 3916  FileInfo - ok
07:27:45.0859 3916  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:27:45.0875 3916  Filetrace - ok
07:27:45.0891 3916  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
07:27:45.0906 3916  flpydisk - ok
07:27:45.0937 3916  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:27:45.0937 3916  FltMgr - ok
07:27:45.0984 3916  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
07:27:46.0015 3916  FontCache - ok
07:27:46.0047 3916  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:27:46.0062 3916  FontCache3.0.0.0 - ok
07:27:46.0078 3916  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
07:27:46.0078 3916  FsDepends - ok
07:27:46.0093 3916  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:27:46.0109 3916  Fs_Rec - ok
07:27:46.0125 3916  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:27:46.0140 3916  fvevol - ok
07:27:46.0156 3916  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
07:27:46.0156 3916  gagp30kx - ok
07:27:46.0187 3916  [ D556CB79967E92B5CC69686D16C1D846 ] gdrv            C:\Windows\gdrv.sys
07:27:46.0203 3916  gdrv - ok
07:27:46.0218 3916  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
07:27:46.0265 3916  gpsvc - ok
07:27:46.0281 3916  [ 88A6F2571405B3A4ABC4ED2F52136317 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
07:27:46.0296 3916  hcmon - ok
07:27:46.0312 3916  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
07:27:46.0312 3916  hcw85cir - ok
07:27:46.0343 3916  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:27:46.0379 3916  HdAudAddService - ok
07:27:46.0395 3916  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
07:27:46.0426 3916  HDAudBus - ok
07:27:46.0426 3916  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
07:27:46.0473 3916  HidBatt - ok
07:27:46.0488 3916  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
07:27:46.0520 3916  HidBth - ok
07:27:46.0535 3916  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
07:27:46.0566 3916  HidIr - ok
07:27:46.0582 3916  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
07:27:46.0629 3916  hidserv - ok
07:27:46.0660 3916  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:27:46.0676 3916  HidUsb - ok
07:27:46.0707 3916  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:27:46.0738 3916  hkmsvc - ok
07:27:46.0769 3916  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:27:46.0800 3916  HomeGroupListener - ok
07:27:46.0847 3916  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:27:46.0878 3916  HomeGroupProvider - ok
07:27:46.0910 3916  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:27:46.0925 3916  HpSAMD - ok
07:27:46.0941 3916  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:27:46.0972 3916  HTTP - ok
07:27:46.0988 3916  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:27:46.0988 3916  hwpolicy - ok
07:27:47.0003 3916  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
07:27:47.0034 3916  i8042prt - ok
07:27:47.0050 3916  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
07:27:47.0066 3916  iaStorV - ok
07:27:47.0097 3916  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:27:47.0128 3916  idsvc - ok
07:27:47.0128 3916  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
07:27:47.0144 3916  iirsp - ok
07:27:47.0159 3916  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
07:27:47.0206 3916  IKEEXT - ok
07:27:47.0222 3916  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
07:27:47.0222 3916  intelide - ok
07:27:47.0237 3916  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:27:47.0253 3916  intelppm - ok
07:27:47.0268 3916  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:27:47.0284 3916  IPBusEnum - ok
07:27:47.0300 3916  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:27:47.0315 3916  IpFilterDriver - ok
07:27:47.0346 3916  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:27:47.0393 3916  iphlpsvc - ok
07:27:47.0409 3916  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
07:27:47.0424 3916  IPMIDRV - ok
07:27:47.0440 3916  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
07:27:47.0471 3916  IPNAT - ok
07:27:47.0487 3916  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:27:47.0502 3916  IRENUM - ok
07:27:47.0518 3916  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:27:47.0534 3916  isapnp - ok
07:27:47.0549 3916  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
07:27:47.0549 3916  iScsiPrt - ok
07:27:47.0565 3916  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:27:47.0580 3916  kbdclass - ok
07:27:47.0580 3916  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
07:27:47.0612 3916  kbdhid - ok
07:27:47.0627 3916  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
07:27:47.0627 3916  KeyIso - ok
07:27:47.0658 3916  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:27:47.0658 3916  KSecDD - ok
07:27:47.0674 3916  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
07:27:47.0690 3916  KSecPkg - ok
07:27:47.0721 3916  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:27:47.0752 3916  KtmRm - ok
07:27:47.0783 3916  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
07:27:47.0814 3916  LanmanServer - ok
07:27:47.0846 3916  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:27:47.0861 3916  LanmanWorkstation - ok
07:27:47.0877 3916  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:27:47.0924 3916  lltdio - ok
07:27:47.0939 3916  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:27:47.0970 3916  lltdsvc - ok
07:27:47.0986 3916  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:27:48.0017 3916  lmhosts - ok
07:27:48.0033 3916  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
07:27:48.0048 3916  LSI_FC - ok
07:27:48.0064 3916  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
07:27:48.0064 3916  LSI_SAS - ok
07:27:48.0080 3916  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
07:27:48.0080 3916  LSI_SAS2 - ok
07:27:48.0095 3916  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
07:27:48.0111 3916  LSI_SCSI - ok
07:27:48.0111 3916  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
07:27:48.0142 3916  luafv - ok
07:27:48.0173 3916  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
07:27:48.0189 3916  Mcx2Svc - ok
07:27:48.0189 3916  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
07:27:48.0204 3916  megasas - ok
07:27:48.0220 3916  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
07:27:48.0236 3916  MegaSR - ok
07:27:48.0251 3916  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
07:27:48.0298 3916  MMCSS - ok
07:27:48.0298 3916  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
07:27:48.0314 3916  Modem - ok
07:27:48.0329 3916  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:27:48.0360 3916  monitor - ok
07:27:48.0381 3916  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:27:48.0381 3916  mouclass - ok
07:27:48.0397 3916  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:27:48.0412 3916  mouhid - ok
07:27:48.0443 3916  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:27:48.0443 3916  mountmgr - ok
07:27:48.0459 3916  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:27:48.0475 3916  mpio - ok
07:27:48.0475 3916  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:27:48.0506 3916  mpsdrv - ok
07:27:48.0537 3916  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:27:48.0568 3916  MpsSvc - ok
07:27:48.0584 3916  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:27:48.0599 3916  MRxDAV - ok
07:27:48.0615 3916  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:27:48.0615 3916  mrxsmb - ok
07:27:48.0631 3916  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:27:48.0646 3916  mrxsmb10 - ok
07:27:48.0662 3916  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:27:48.0662 3916  mrxsmb20 - ok
07:27:48.0693 3916  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
07:27:48.0693 3916  msahci - ok
07:27:48.0709 3916  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:27:48.0709 3916  msdsm - ok
07:27:48.0740 3916  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
07:27:48.0755 3916  MSDTC - ok
07:27:48.0787 3916  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:27:48.0802 3916  Msfs - ok
07:27:48.0818 3916  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
07:27:48.0833 3916  mshidkmdf - ok
07:27:48.0849 3916  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:27:48.0849 3916  msisadrv - ok
07:27:48.0880 3916  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:27:48.0927 3916  MSiSCSI - ok
07:27:48.0927 3916  msiserver - ok
07:27:48.0943 3916  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:27:48.0974 3916  MSKSSRV - ok
07:27:48.0989 3916  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:27:49.0036 3916  MSPCLOCK - ok
07:27:49.0052 3916  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:27:49.0099 3916  MSPQM - ok
07:27:49.0114 3916  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:27:49.0130 3916  MsRPC - ok
07:27:49.0130 3916  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
07:27:49.0145 3916  mssmbios - ok
07:27:49.0145 3916  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:27:49.0161 3916  MSTEE - ok
07:27:49.0177 3916  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
07:27:49.0208 3916  MTConfig - ok
07:27:49.0223 3916  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
07:27:49.0239 3916  Mup - ok
07:27:49.0255 3916  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
07:27:49.0301 3916  napagent - ok
07:27:49.0317 3916  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:27:49.0333 3916  NativeWifiP - ok
07:27:49.0379 3916  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:27:49.0411 3916  NDIS - ok
07:27:49.0426 3916  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
07:27:49.0457 3916  NdisCap - ok
07:27:49.0473 3916  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:27:49.0504 3916  NdisTapi - ok
07:27:49.0520 3916  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:27:49.0567 3916  Ndisuio - ok
07:27:49.0598 3916  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:27:49.0629 3916  NdisWan - ok
07:27:49.0660 3916  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:27:49.0676 3916  NDProxy - ok
07:27:49.0723 3916  [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
07:27:49.0738 3916  Nero BackItUp Scheduler 4.0 - ok
07:27:49.0754 3916  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:27:49.0785 3916  NetBIOS - ok
07:27:49.0801 3916  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
07:27:49.0832 3916  NetBT - ok
07:27:49.0832 3916  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
07:27:49.0847 3916  Netlogon - ok
07:27:49.0863 3916  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
07:27:49.0894 3916  Netman - ok
07:27:49.0910 3916  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:27:49.0910 3916  NetMsmqActivator - ok
07:27:49.0910 3916  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:27:49.0925 3916  NetPipeActivator - ok
07:27:49.0941 3916  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
07:27:49.0972 3916  netprofm - ok
07:27:49.0972 3916  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:27:49.0988 3916  NetTcpActivator - ok
07:27:49.0988 3916  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:27:50.0003 3916  NetTcpPortSharing - ok
07:27:50.0019 3916  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
07:27:50.0019 3916  nfrd960 - ok
07:27:50.0050 3916  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:27:50.0097 3916  NlaSvc - ok
07:27:50.0097 3916  NLNdisMP - ok
07:27:50.0097 3916  NLNdisPT - ok
07:27:50.0113 3916  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:27:50.0144 3916  Npfs - ok
07:27:50.0144 3916  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
07:27:50.0175 3916  nsi - ok
07:27:50.0191 3916  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:27:50.0206 3916  nsiproxy - ok
07:27:50.0253 3916  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:27:50.0284 3916  Ntfs - ok
07:27:50.0284 3916  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
07:27:50.0315 3916  Null - ok
07:27:50.0461 3916  [ 75FA3DC6C2838F35B15CF45E9E0D10A8 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:27:50.0601 3916  nvlddmkm - ok
07:27:50.0632 3916  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:27:50.0632 3916  nvraid - ok
07:27:50.0664 3916  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:27:50.0679 3916  nvstor - ok
07:27:50.0710 3916  [ 2784C071EC57DCDBA6D4A2A017F56CD4 ] nvsvc           C:\Windows\system32\nvvsvc.exe
07:27:50.0742 3916  nvsvc - ok
07:27:50.0773 3916  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:27:50.0773 3916  nv_agp - ok
07:27:50.0788 3916  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:27:50.0820 3916  ohci1394 - ok
07:27:50.0851 3916  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:27:50.0866 3916  p2pimsvc - ok
07:27:50.0898 3916  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
07:27:50.0898 3916  p2psvc - ok
07:27:50.0913 3916  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
07:27:50.0929 3916  Parport - ok
07:27:50.0960 3916  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:27:50.0960 3916  partmgr - ok
07:27:50.0976 3916  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
07:27:50.0991 3916  Parvdm - ok
07:27:51.0007 3916  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:27:51.0022 3916  PcaSvc - ok
07:27:51.0038 3916  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
07:27:51.0054 3916  pci - ok
07:27:51.0054 3916  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
07:27:51.0069 3916  pciide - ok
07:27:51.0069 3916  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
07:27:51.0085 3916  pcmcia - ok
07:27:51.0116 3916  [ 5B6C11DE7E839C05248CED8825470FEF ] Pcouffin        C:\Windows\system32\Drivers\Pcouffin.sys
07:27:51.0163 3916  Pcouffin - ok
07:27:51.0178 3916  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
07:27:51.0194 3916  pcw - ok
07:27:51.0210 3916  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:27:51.0272 3916  PEAUTH - ok
07:27:51.0303 3916  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
07:27:51.0334 3916  PeerDistSvc - ok
07:27:51.0381 3916  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
07:27:51.0444 3916  pla - ok
07:27:51.0475 3916  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:27:51.0506 3916  PlugPlay - ok
07:27:51.0522 3916  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
07:27:51.0553 3916  PNRPAutoReg - ok
07:27:51.0584 3916  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
07:27:51.0584 3916  PNRPsvc - ok
07:27:51.0615 3916  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:27:51.0662 3916  PolicyAgent - ok
07:27:51.0693 3916  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
07:27:51.0709 3916  Power - ok
07:27:51.0724 3916  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:27:51.0771 3916  PptpMiniport - ok
07:27:51.0787 3916  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
07:27:51.0818 3916  Processor - ok
07:27:51.0849 3916  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
07:27:51.0880 3916  ProfSvc - ok
07:27:51.0896 3916  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:27:51.0912 3916  ProtectedStorage - ok
07:27:51.0927 3916  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:27:51.0974 3916  Psched - ok
07:27:52.0005 3916  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
07:27:52.0036 3916  ql2300 - ok
07:27:52.0052 3916  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
07:27:52.0068 3916  ql40xx - ok
07:27:52.0083 3916  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
07:27:52.0114 3916  QWAVE - ok
07:27:52.0130 3916  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:27:52.0146 3916  QWAVEdrv - ok
07:27:52.0146 3916  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:27:52.0177 3916  RasAcd - ok
07:27:52.0177 3916  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
07:27:52.0208 3916  RasAgileVpn - ok
07:27:52.0224 3916  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
07:27:52.0255 3916  RasAuto - ok
07:27:52.0270 3916  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:27:52.0302 3916  Rasl2tp - ok
07:27:52.0317 3916  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
07:27:52.0348 3916  RasMan - ok
07:27:52.0364 3916  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:27:52.0385 3916  RasPppoe - ok
07:27:52.0400 3916  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:27:52.0463 3916  RasSstp - ok
07:27:52.0478 3916  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:27:52.0509 3916  rdbss - ok
07:27:52.0525 3916  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
07:27:52.0541 3916  rdpbus - ok
07:27:52.0541 3916  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:27:52.0587 3916  RDPCDD - ok
07:27:52.0619 3916  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
07:27:52.0634 3916  RDPDR - ok
07:27:52.0634 3916  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:27:52.0665 3916  RDPENCDD - ok
07:27:52.0681 3916  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
07:27:52.0712 3916  RDPREFMP - ok
07:27:52.0728 3916  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:27:52.0775 3916  RDPWD - ok
07:27:52.0790 3916  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:27:52.0806 3916  rdyboost - ok
07:27:52.0821 3916  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:27:52.0853 3916  RemoteAccess - ok
07:27:52.0868 3916  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:27:52.0899 3916  RemoteRegistry - ok
07:27:52.0899 3916  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:27:52.0946 3916  RpcEptMapper - ok
07:27:52.0946 3916  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
07:27:52.0977 3916  RpcLocator - ok
07:27:52.0993 3916  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
07:27:53.0024 3916  RpcSs - ok
07:27:53.0040 3916  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:27:53.0087 3916  rspndr - ok
07:27:53.0118 3916  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
07:27:53.0133 3916  RTL8167 - ok
07:27:53.0149 3916  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
07:27:53.0196 3916  s3cap - ok
07:27:53.0211 3916  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
07:27:53.0227 3916  SamSs - ok
07:27:53.0243 3916  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:27:53.0258 3916  sbp2port - ok
07:27:53.0274 3916  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:27:53.0321 3916  SCardSvr - ok
07:27:53.0336 3916  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:27:53.0367 3916  scfilter - ok
07:27:53.0399 3916  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
07:27:53.0430 3916  Schedule - ok
07:27:53.0445 3916  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:27:53.0477 3916  SCPolicySvc - ok
07:27:53.0477 3916  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:27:53.0508 3916  SDRSVC - ok
07:27:53.0539 3916  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:27:53.0555 3916  secdrv - ok
07:27:53.0570 3916  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
07:27:53.0633 3916  seclogon - ok
07:27:53.0648 3916  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
07:27:53.0664 3916  SENS - ok
07:27:53.0679 3916  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:27:53.0711 3916  SensrSvc - ok
07:27:53.0726 3916  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
07:27:53.0742 3916  Serenum - ok
07:27:53.0757 3916  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
07:27:53.0773 3916  Serial - ok
07:27:53.0789 3916  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
07:27:53.0804 3916  sermouse - ok
07:27:53.0820 3916  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
07:27:53.0851 3916  SessionEnv - ok
07:27:53.0851 3916  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:27:53.0882 3916  sffdisk - ok
07:27:53.0898 3916  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:27:53.0898 3916  sffp_mmc - ok
07:27:53.0898 3916  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:27:53.0929 3916  sffp_sd - ok
07:27:53.0945 3916  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
07:27:53.0960 3916  sfloppy - ok
07:27:53.0991 3916  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:27:54.0023 3916  SharedAccess - ok
07:27:54.0054 3916  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:27:54.0069 3916  ShellHWDetection - ok
07:27:54.0085 3916  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
07:27:54.0085 3916  sisagp - ok
07:27:54.0116 3916  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
07:27:54.0116 3916  SiSRaid2 - ok
07:27:54.0132 3916  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
07:27:54.0132 3916  SiSRaid4 - ok
07:27:54.0147 3916  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:27:54.0163 3916  Smb - ok
07:27:54.0179 3916  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:27:54.0194 3916  SNMPTRAP - ok
07:27:54.0194 3916  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
07:27:54.0210 3916  spldr - ok
07:27:54.0241 3916  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
07:27:54.0257 3916  Spooler - ok
07:27:54.0303 3916  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
07:27:54.0366 3916  sppsvc - ok
07:27:54.0366 3916  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
07:27:54.0402 3916  sppuinotify - ok
07:27:54.0418 3916  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:27:54.0433 3916  srv - ok
07:27:54.0449 3916  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:27:54.0449 3916  srv2 - ok
07:27:54.0464 3916  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:27:54.0480 3916  srvnet - ok
07:27:54.0511 3916  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:27:54.0542 3916  SSDPSRV - ok
07:27:54.0542 3916  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:27:54.0589 3916  SstpSvc - ok
07:27:54.0667 3916  [ 2222073BE0232E70A397B8302293AA9D ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
07:27:54.0683 3916  Stereo Service - ok
07:27:54.0698 3916  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
07:27:54.0714 3916  stexstor - ok
07:27:54.0745 3916  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
07:27:54.0776 3916  StiSvc - ok
07:27:54.0792 3916  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
07:27:54.0808 3916  storflt - ok
07:27:54.0808 3916  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
07:27:54.0823 3916  StorSvc - ok
07:27:54.0839 3916  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
07:27:54.0839 3916  storvsc - ok
07:27:54.0854 3916  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
07:27:54.0870 3916  swenum - ok
07:27:54.0886 3916  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
07:27:54.0917 3916  swprv - ok
07:27:54.0948 3916  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
07:27:54.0979 3916  SysMain - ok
07:27:54.0995 3916  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:27:55.0010 3916  TabletInputService - ok
07:27:55.0042 3916  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:27:55.0088 3916  TapiSrv - ok
07:27:55.0104 3916  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
07:27:55.0135 3916  TBS - ok
07:27:55.0166 3916  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:27:55.0213 3916  Tcpip - ok
07:27:55.0229 3916  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:27:55.0260 3916  TCPIP6 - ok
07:27:55.0276 3916  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:27:55.0276 3916  tcpipreg - ok
07:27:55.0291 3916  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:27:55.0322 3916  TDPIPE - ok
07:27:55.0338 3916  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:27:55.0354 3916  TDTCP - ok
07:27:55.0354 3916  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:27:55.0400 3916  tdx - ok
07:27:55.0400 3916  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
07:27:55.0416 3916  TermDD - ok
07:27:55.0447 3916  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
07:27:55.0478 3916  TermService - ok
07:27:55.0478 3916  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
07:27:55.0510 3916  Themes - ok
07:27:55.0541 3916  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
07:27:55.0556 3916  THREADORDER - ok
07:27:55.0572 3916  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
07:27:55.0603 3916  TrkWks - ok
07:27:55.0650 3916  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:27:55.0681 3916  TrustedInstaller - ok
07:27:55.0697 3916  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:27:55.0712 3916  tssecsrv - ok
07:27:55.0728 3916  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:27:55.0759 3916  TsUsbFlt - ok
07:27:55.0790 3916  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
07:27:55.0822 3916  TsUsbGD - ok
07:27:55.0837 3916  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:27:55.0868 3916  tunnel - ok
07:27:55.0884 3916  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
07:27:55.0900 3916  uagp35 - ok
07:27:55.0915 3916  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:27:55.0962 3916  udfs - ok
07:27:55.0993 3916  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:27:56.0040 3916  UI0Detect - ok
07:27:56.0040 3916  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:27:56.0056 3916  uliagpkx - ok
07:27:56.0071 3916  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
07:27:56.0087 3916  umbus - ok
07:27:56.0087 3916  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
07:27:56.0118 3916  UmPass - ok
07:27:56.0165 3916  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
07:27:56.0196 3916  UmRdpService - ok
07:27:56.0212 3916  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
07:27:56.0258 3916  upnphost - ok
07:27:56.0290 3916  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
07:27:56.0290 3916  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
07:27:56.0290 3916  USBAAPL - detected UnsignedFile.Multi.Generic (1)
07:27:56.0321 3916  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
07:27:56.0352 3916  usbccgp - ok
07:27:56.0368 3916  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:27:56.0386 3916  usbcir - ok
07:27:56.0388 3916  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
07:27:56.0388 3916  usbehci - ok
07:27:56.0435 3916  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:27:56.0435 3916  usbhub - ok
07:27:56.0451 3916  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
07:27:56.0482 3916  usbohci - ok
07:27:56.0497 3916  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
07:27:56.0513 3916  usbprint - ok
07:27:56.0513 3916  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
07:27:56.0544 3916  usbscan - ok
07:27:56.0560 3916  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:27:56.0591 3916  USBSTOR - ok
07:27:56.0607 3916  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
07:27:56.0622 3916  usbuhci - ok
07:27:56.0653 3916  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
07:27:56.0669 3916  usbvideo - ok
07:27:56.0685 3916  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
07:27:56.0700 3916  UxSms - ok
07:27:56.0716 3916  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
07:27:56.0731 3916  VaultSvc - ok
07:27:56.0747 3916  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:27:56.0747 3916  vdrvroot - ok
07:27:56.0763 3916  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
07:27:56.0809 3916  vds - ok
07:27:56.0825 3916  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:27:56.0856 3916  vga - ok
07:27:56.0872 3916  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:27:56.0887 3916  VgaSave - ok
07:27:56.0903 3916  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
07:27:56.0903 3916  vhdmp - ok
07:27:56.0919 3916  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
07:27:56.0934 3916  viaagp - ok
07:27:56.0965 3916  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
07:27:57.0012 3916  ViaC7 - ok
07:27:57.0028 3916  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
07:27:57.0028 3916  viaide - ok
07:27:57.0106 3916  [ 1562A089B46C821487AFF8D01EE5547E ] VMAuthdService  C:\Program Files\VMware\VMware Player\vmware-authd.exe
07:27:57.0137 3916  VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
07:27:57.0137 3916  VMAuthdService - detected UnsignedFile.Multi.Generic (1)
07:27:57.0168 3916  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
07:27:57.0184 3916  vmbus - ok
07:27:57.0184 3916  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
07:27:57.0215 3916  VMBusHID - ok
07:27:57.0246 3916  [ 15759158F7531853616B2B43AF962FCB ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
07:27:57.0246 3916  vmci - ok
07:27:57.0277 3916  [ 130E7287F096B0C728F4EFD4D9C139FD ] vmkbd2          C:\Windows\system32\drivers\VMkbd.sys
07:27:57.0293 3916  vmkbd2 - ok
07:27:57.0309 3916  [ 1AFA4AF55CBEA579A4BBE4F90967F720 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
07:27:57.0324 3916  VMnetAdapter - ok
07:27:57.0324 3916  [ 392964A7BF46986FBD44B24A3BEC2088 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
07:27:57.0340 3916  VMnetBridge - ok
07:27:57.0355 3916  [ 1A84266C6FB9B3355122C9007A35DEDC ] VMnetDHCP       C:\Windows\system32\vmnetdhcp.exe
07:27:57.0371 3916  VMnetDHCP - ok
07:27:57.0387 3916  [ 90F8543E91409882AC7A8EA1DD145A34 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
07:27:57.0387 3916  VMnetuserif - ok
07:27:57.0418 3916  [ BBAB75F67E18283D6DA1B7B8C900457B ] VMparport       C:\Windows\system32\Drivers\VMparport.sys
07:27:57.0433 3916  VMparport - ok
07:27:57.0465 3916  [ AF76C6D3F5053459E18E4C519FB496C8 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
07:27:57.0496 3916  VMUSBArbService - ok
07:27:57.0511 3916  [ 48A1ECAFDFFF839B81E1BDE8D1A09D39 ] VMware NAT Service C:\Windows\system32\vmnat.exe
07:27:57.0527 3916  VMware NAT Service - ok
07:27:57.0558 3916  [ 84D36EF82E2EF007E71E978F93690D5B ] vmx86           C:\Windows\system32\Drivers\vmx86.sys
07:27:57.0574 3916  vmx86 - ok
07:27:57.0589 3916  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:27:57.0605 3916  volmgr - ok
07:27:57.0621 3916  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:27:57.0621 3916  volmgrx - ok
07:27:57.0667 3916  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:27:57.0683 3916  volsnap - ok
07:27:57.0683 3916  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
07:27:57.0699 3916  vsmraid - ok
07:27:57.0730 3916  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
07:27:57.0777 3916  VSS - ok
07:27:57.0792 3916  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
07:27:57.0808 3916  vwifibus - ok
07:27:57.0808 3916  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
07:27:57.0839 3916  W32Time - ok
07:27:57.0855 3916  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
07:27:57.0855 3916  WacomPen - ok
07:27:57.0870 3916  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
07:27:57.0886 3916  WANARP - ok
07:27:57.0886 3916  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:27:57.0917 3916  Wanarpv6 - ok
07:27:57.0948 3916  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
07:27:57.0979 3916  WatAdminSvc - ok
07:27:57.0995 3916  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
07:27:58.0042 3916  wbengine - ok
07:27:58.0057 3916  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:27:58.0089 3916  WbioSrvc - ok
07:27:58.0104 3916  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:27:58.0120 3916  wcncsvc - ok
07:27:58.0135 3916  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:27:58.0167 3916  WcsPlugInService - ok
07:27:58.0198 3916  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
07:27:58.0213 3916  Wd - ok
07:27:58.0245 3916  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:27:58.0276 3916  Wdf01000 - ok
07:27:58.0276 3916  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:27:58.0307 3916  WdiServiceHost - ok
07:27:58.0307 3916  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:27:58.0323 3916  WdiSystemHost - ok
07:27:58.0354 3916  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
07:27:58.0387 3916  WebClient - ok
07:27:58.0406 3916  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:27:58.0437 3916  Wecsvc - ok
07:27:58.0437 3916  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:27:58.0468 3916  wercplsupport - ok
07:27:58.0484 3916  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:27:58.0546 3916  WerSvc - ok
07:27:58.0577 3916  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
07:27:58.0608 3916  WfpLwf - ok
07:27:58.0624 3916  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:27:58.0640 3916  WIMMount - ok
07:27:58.0686 3916  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
07:27:58.0718 3916  WinDefend - ok
07:27:58.0718 3916  WinHttpAutoProxySvc - ok
07:27:58.0764 3916  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:27:58.0796 3916  Winmgmt - ok
07:27:58.0827 3916  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
07:27:58.0874 3916  WinRM - ok
07:27:58.0905 3916  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
07:27:58.0920 3916  WinUsb - ok
07:27:58.0936 3916  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:27:58.0952 3916  Wlansvc - ok
07:27:59.0030 3916  [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:27:59.0076 3916  wlidsvc - ok
07:27:59.0076 3916  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
07:27:59.0092 3916  WmiAcpi - ok
07:27:59.0108 3916  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:27:59.0139 3916  wmiApSrv - ok
07:27:59.0186 3916  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
07:27:59.0217 3916  WMPNetworkSvc - ok
07:27:59.0232 3916  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:27:59.0264 3916  WPCSvc - ok
07:27:59.0295 3916  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:27:59.0310 3916  WPDBusEnum - ok
07:27:59.0326 3916  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:27:59.0373 3916  ws2ifsl - ok
07:27:59.0388 3916  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
07:27:59.0420 3916  wscsvc - ok
07:27:59.0420 3916  WSearch - ok
07:27:59.0466 3916  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
07:27:59.0498 3916  wuauserv - ok
07:27:59.0529 3916  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:27:59.0544 3916  WudfPf - ok
07:27:59.0560 3916  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:27:59.0576 3916  WUDFRd - ok
07:27:59.0591 3916  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:27:59.0591 3916  wudfsvc - ok
07:27:59.0622 3916  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
07:27:59.0638 3916  WwanSvc - ok
07:27:59.0638 3916  ================ Scan global ===============================
07:27:59.0669 3916  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
07:27:59.0685 3916  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
07:27:59.0700 3916  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
07:27:59.0716 3916  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
07:27:59.0732 3916  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
07:27:59.0747 3916  [Global] - ok
07:27:59.0747 3916  ================ Scan MBR ==================================
07:27:59.0747 3916  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:28:00.0168 3916  \Device\Harddisk0\DR0 - ok
07:28:00.0184 3916  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
07:28:00.0356 3916  \Device\Harddisk1\DR1 - ok
07:28:00.0356 3916  ================ Scan VBR ==================================
07:28:00.0356 3916  [ 2C18D5409F0214005DFCD4AEEFC9DD23 ] \Device\Harddisk0\DR0\Partition1
07:28:00.0371 3916  \Device\Harddisk0\DR0\Partition1 - ok
07:28:00.0371 3916  [ 928DBE964E6C790AFF9CB2A7E71F7EEA ] \Device\Harddisk0\DR0\Partition2
07:28:00.0371 3916  \Device\Harddisk0\DR0\Partition2 - ok
07:28:00.0387 3916  [ DE3DAF248CF78CEF68C8D05FB12A3D1B ] \Device\Harddisk1\DR1\Partition1
07:28:00.0389 3916  \Device\Harddisk1\DR1\Partition1 - ok
07:28:00.0389 3916  ============================================================
07:28:00.0389 3916  Scan finished
07:28:00.0389 3916  ============================================================
07:28:00.0392 1960  Detected object count: 4
07:28:00.0392 1960  Actual detected object count: 4
07:29:49.0393 1960  ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
07:29:49.0393 1960  ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:29:49.0393 1960  ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
07:29:49.0393 1960  ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:29:49.0393 1960  USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
07:29:49.0393 1960  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:29:49.0393 1960  VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
07:29:49.0393 1960  VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-28 07:36:12
-----------------------------
07:36:12.307    OS Version: Windows 6.1.7601 Service Pack 1
07:36:12.307    Number of processors: 4 586 0xF0B
07:36:12.307    ComputerName: GEORGE-PC  UserName: George
07:36:13.586    Initialize success
07:37:12.324    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
07:37:12.339    Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476938MB BusType: 3
07:37:12.339    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-6
07:37:12.339    Disk 1 Vendor: ST3500418AS CC38 Size: 476938MB BusType: 3
07:37:12.433    Disk 0 MBR read successfully
07:37:12.433    Disk 0 MBR scan
07:37:12.449    Disk 0 Windows 7 default MBR code
07:37:12.449    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
07:37:12.449    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476836 MB offset 206848
07:37:12.464    Disk 0 scanning sectors +976766976
07:37:12.495    Disk 0 scanning C:\Windows\system32\drivers
07:37:18.564    Service scanning
07:37:27.690    Modules scanning
07:37:32.604    Disk 0 trace - called modules:
07:37:33.134    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
07:37:33.134    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865948b0]
07:37:33.150    3 CLASSPNP.SYS[8c7ba59e] -> nt!IofCallDriver -> [0x86024918]
07:37:33.150    5 ACPI.sys[8c2c63d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86086030]
07:37:33.150    Scan finished successfully
07:37:48.376    Disk 0 MBR has been saved successfully to "C:\Users\George\Desktop\MBR.dat"
07:37:48.376    The log file has been saved successfully to "C:\Users\George\Desktop\aswMBR.txt"

 

 

Attached Files

  • Attached File  MBR.zip   559bytes   0 downloads


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 PM

Posted 28 January 2014 - 09:03 AM

Nothing conclusif.

We need to find out what process, driver is the culprit.

Run this cleaning tool. Follow the instructions on the page.

Performing a Clean Startup
http://www.sevenforums.com/tutorials/179159-troubleshoot-application-conflicts-performing-clean-startup.html

Keep me posted.

#13 georgehifi

georgehifi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 28 January 2014 - 06:45 PM

I ran the selective program and it seems the unauthorised usage is in Microsoft Services and all other were unchecked. See usage spikes every few mins in the screen shots below. 

 

Cheers George

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 PM

Posted 29 January 2014 - 09:15 AM


Execute this.

Open notepad and copy/paste the text in the quote box below into it:


Driver::
NLNdisMP
NLNdisPT
ThreatFire

Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Restart the computer normally.

If the problem persists you will have to find out which process/service is causing this delay.

Download this Process Explorer tool.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
RUN IT AND TRY to find the Process / file that is draining your CPU.
Instructions on the help file.

Keep me posted.

#15 georgehifi

georgehifi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 29 January 2014 - 03:40 PM

Here is the Combofix log with the "Driver:: NLNdisMP NLNdisPT ThreatFire" inserted. I still have the same unauthorised internet usage problem. I tried and ran the Process Explorer tool, but there to much going on, even watched it as a clean start up with only MS processes. This is starting to get me down.

 

 ComboFix 14-01-23.02 - George 30/01/2014   6:25.4.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.3582.2691 [GMT 11:00]
Running from: c:\users\George\Desktop\ComboFix.exe
Command switches used :: c:\users\George\Desktop\CFScript.xt.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NLNdisMP
-------\Service_NLNdisPT
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-28 to 2014-01-29  )))))))))))))))))))))))))))))))
.
.
2014-01-29 19:31 . 2014-01-29 19:33 -------- d-----w- c:\users\George\AppData\Local\temp
2014-01-29 19:31 . 2014-01-29 19:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-01-29 19:31 . 2014-01-29 19:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-29 19:31 . 2014-01-29 19:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-01-25 23:58 . 2013-12-15 14:54 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72766B11-709E-465D-AEAB-2BC0CABA83C4}\mpengine.dll
2014-01-23 20:50 . 2014-01-23 20:50 -------- d-----w- C:\FRST
2014-01-23 01:53 . 2014-01-23 01:53 -------- d-----w- c:\windows\ERUNT
2014-01-23 01:43 . 2014-01-24 06:09 -------- d-----w- C:\AdwCleaner
2014-01-22 00:23 . 2014-01-22 00:23 -------- d-----w- c:\users\George\AppData\Local\Programs
2014-01-21 06:57 . 2014-01-21 06:57 -------- d-----w- c:\program files\Trend Micro
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-17 19:13 . 2012-08-11 02:19 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-05-26 06:46 1159168 ----a-w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2003-10-26 21:53 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 00:26 114688 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\Pcouffin.sys [2012-08-13 47360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-13 1343400]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 98928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-06-20 413472]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-08-29 665200]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]
.
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com.au/webhp?sourceid=navclient&ie=UTF-8
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 211.29.132.12 198.142.0.51 198.142.235.14
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1753810080-3305130814-2711033095-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1753810080-3305130814-2711033095-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1753810080-3305130814-2711033095-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-1753810080-3305130814-2711033095-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\vmnat.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2014-01-30  06:37:48 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-29 19:37
ComboFix2.txt  2014-01-26 19:30
ComboFix3.txt  2014-01-25 00:44
ComboFix4.txt  2014-01-24 19:29
.
Pre-Run: 418,467,340,288 bytes free
Post-Run: 418,326,278,144 bytes free
.
- - End Of File - - F5EE5C06A9D65206B12BCD099A12A71C
A36C5E4F47E84449FF07ED3517B43A31
 
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users