Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

webpage redirected while browsing Facebook


  • Please log in to reply
30 replies to this topic

#1 zkteh

zkteh

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 03 October 2012 - 07:11 AM

as stated in Topic Title .... :whistle:

Posted Image

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:04 AM

Posted 03 October 2012 - 09:33 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 04 October 2012 - 01:46 AM

will post the asWBR logs ... ( my download speed sucks now )
can i post my ESET Smart Secuirty 5 full scan logs ? since ESET online scanner used same engine ?



14:27:43.0402 5824 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:27:44.0626 5824 ============================================================
14:27:44.0626 5824 Current date / time: 2012/10/04 14:27:44.0626
14:27:44.0626 5824 SystemInfo:
14:27:44.0626 5824
14:27:44.0626 5824 OS Version: 6.1.7601 ServicePack: 1.0
14:27:44.0626 5824 Product type: Workstation
14:27:44.0626 5824 ComputerName: DELL-PC
14:27:44.0626 5824 UserName: DELL
14:27:44.0626 5824 Windows directory: C:\Windows
14:27:44.0626 5824 System windows directory: C:\Windows
14:27:44.0626 5824 Running under WOW64
14:27:44.0626 5824 Processor architecture: Intel x64
14:27:44.0626 5824 Number of processors: 4
14:27:44.0626 5824 Page size: 0x1000
14:27:44.0626 5824 Boot type: Normal boot
14:27:44.0626 5824 ============================================================
14:27:45.0439 5824 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:27:45.0444 5824 Drive \Device\Harddisk1\DR1 - Size: 0x3AFC00000 (14.75 Gb), SectorSize: 0x200, Cylinders: 0x784, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:27:45.0446 5824 ============================================================
14:27:45.0446 5824 \Device\Harddisk0\DR0:
14:27:45.0446 5824 MBR partitions:
14:27:45.0446 5824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:27:45.0446 5824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC7CE000
14:27:45.0455 5824 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC801000, BlocksNum 0x23B5C800
14:27:45.0455 5824 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x3035D800, BlocksNum 0xA027441
14:27:45.0455 5824 \Device\Harddisk1\DR1:
14:27:45.0455 5824 MBR partitions:
14:27:45.0455 5824 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D7DFC1
14:27:45.0455 5824 ============================================================
14:27:45.0486 5824 C: <-> \Device\Harddisk0\DR0\Partition2
14:27:45.0505 5824 G: <-> \Device\Harddisk0\DR0\Partition1
14:27:45.0570 5824 E: <-> \Device\Harddisk0\DR0\Partition4
14:27:45.0606 5824 D: <-> \Device\Harddisk0\DR0\Partition3
14:27:45.0606 5824 ============================================================
14:27:45.0606 5824 Initialize success
14:27:45.0606 5824 ============================================================
14:27:50.0292 3624 ============================================================
14:27:50.0292 3624 Scan started
14:27:50.0292 3624 Mode: Manual;
14:27:50.0292 3624 ============================================================
14:27:51.0403 3624 ================ Scan system memory ========================
14:27:51.0403 3624 System memory - ok
14:27:51.0403 3624 ================ Scan services =============================
14:27:51.0516 3624 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:27:51.0518 3624 1394ohci - ok
14:27:51.0537 3624 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:27:51.0541 3624 ACPI - ok
14:27:51.0544 3624 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:27:51.0546 3624 AcpiPmi - ok
14:27:51.0554 3624 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:27:51.0559 3624 adp94xx - ok
14:27:51.0566 3624 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:27:51.0569 3624 adpahci - ok
14:27:51.0575 3624 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:27:51.0577 3624 adpu320 - ok
14:27:51.0599 3624 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:27:51.0601 3624 AeLookupSvc - ok
14:27:51.0643 3624 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
14:27:51.0645 3624 AERTFilters - ok
14:27:51.0676 3624 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:27:51.0681 3624 AFD - ok
14:27:51.0694 3624 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:27:51.0695 3624 agp440 - ok
14:27:51.0706 3624 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:27:51.0707 3624 ALG - ok
14:27:51.0726 3624 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:27:51.0747 3624 aliide - ok
14:27:51.0762 3624 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:27:51.0763 3624 amdide - ok
14:27:51.0787 3624 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:27:51.0789 3624 AmdK8 - ok
14:27:51.0793 3624 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:27:51.0795 3624 AmdPPM - ok
14:27:51.0812 3624 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:27:51.0814 3624 amdsata - ok
14:27:51.0820 3624 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:27:51.0822 3624 amdsbs - ok
14:27:51.0832 3624 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:27:51.0833 3624 amdxata - ok
14:27:51.0852 3624 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:27:51.0854 3624 AppID - ok
14:27:51.0862 3624 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:27:51.0864 3624 AppIDSvc - ok
14:27:51.0878 3624 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:27:51.0880 3624 Appinfo - ok
14:27:51.0902 3624 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:27:51.0928 3624 AppMgmt - ok
14:27:51.0947 3624 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:27:51.0949 3624 arc - ok
14:27:51.0954 3624 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:27:51.0955 3624 arcsas - ok
14:27:52.0023 3624 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:27:52.0039 3624 aspnet_state - ok
14:27:52.0063 3624 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:27:52.0065 3624 AsyncMac - ok
14:27:52.0077 3624 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:27:52.0077 3624 atapi - ok
14:27:52.0125 3624 [ 7D89B0C443F6068E5B27AA3B972069FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:27:52.0150 3624 athr - ok
14:27:52.0183 3624 [ 788914C42AD8318F1DD7A565EAFFB049 ] athrusb C:\Windows\system32\DRIVERS\athrxusb.sys
14:27:52.0201 3624 athrusb - ok
14:27:52.0227 3624 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:27:52.0233 3624 AudioEndpointBuilder - ok
14:27:52.0243 3624 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:27:52.0247 3624 AudioSrv - ok
14:27:52.0269 3624 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:27:52.0272 3624 AxInstSV - ok
14:27:52.0305 3624 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:27:52.0311 3624 b06bdrv - ok
14:27:52.0329 3624 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:27:52.0332 3624 b57nd60a - ok
14:27:52.0346 3624 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:27:52.0348 3624 BDESVC - ok
14:27:52.0362 3624 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:27:52.0364 3624 Beep - ok
14:27:52.0397 3624 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:27:52.0405 3624 BFE - ok
14:27:52.0447 3624 BITCOMET_HELPER_SERVICE - ok
14:27:52.0473 3624 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
14:27:52.0482 3624 BITS - ok
14:27:52.0497 3624 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:27:52.0498 3624 blbdrive - ok
14:27:52.0526 3624 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:27:52.0531 3624 bowser - ok
14:27:52.0546 3624 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:27:52.0548 3624 BrFiltLo - ok
14:27:52.0552 3624 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:27:52.0553 3624 BrFiltUp - ok
14:27:52.0583 3624 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:27:52.0585 3624 Browser - ok
14:27:52.0604 3624 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:27:52.0609 3624 Brserid - ok
14:27:52.0614 3624 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:27:52.0616 3624 BrSerWdm - ok
14:27:52.0620 3624 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:27:52.0625 3624 BrUsbMdm - ok
14:27:52.0629 3624 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:27:52.0631 3624 BrUsbSer - ok
14:27:52.0634 3624 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:27:52.0636 3624 BTHMODEM - ok
14:27:52.0657 3624 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:27:52.0661 3624 bthserv - ok
14:27:52.0690 3624 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:27:52.0692 3624 cdfs - ok
14:27:52.0710 3624 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:27:52.0727 3624 cdrom - ok
14:27:52.0745 3624 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:27:52.0748 3624 CertPropSvc - ok
14:27:52.0765 3624 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
14:27:52.0767 3624 circlass - ok
14:27:52.0784 3624 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:27:52.0789 3624 CLFS - ok
14:27:52.0828 3624 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:27:52.0831 3624 clr_optimization_v2.0.50727_32 - ok
14:27:52.0858 3624 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:27:52.0861 3624 clr_optimization_v2.0.50727_64 - ok
14:27:52.0911 3624 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:27:52.0945 3624 clr_optimization_v4.0.30319_32 - ok
14:27:52.0967 3624 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:27:52.0974 3624 clr_optimization_v4.0.30319_64 - ok
14:27:52.0992 3624 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:27:52.0993 3624 CmBatt - ok
14:27:53.0012 3624 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:27:53.0013 3624 cmdide - ok
14:27:53.0110 3624 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:27:53.0114 3624 CNG - ok
14:27:53.0144 3624 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:27:53.0164 3624 Compbatt - ok
14:27:53.0210 3624 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:27:53.0232 3624 CompositeBus - ok
14:27:53.0238 3624 COMSysApp - ok
14:27:53.0259 3624 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:27:53.0260 3624 crcdisk - ok
14:27:53.0282 3624 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:27:53.0284 3624 CryptSvc - ok
14:27:53.0315 3624 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
14:27:53.0321 3624 CSC - ok
14:27:53.0342 3624 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
14:27:53.0348 3624 CscService - ok
14:27:53.0376 3624 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:27:53.0382 3624 DcomLaunch - ok
14:27:53.0411 3624 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:27:53.0415 3624 defragsvc - ok
14:27:53.0428 3624 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:27:53.0430 3624 DfsC - ok
14:27:53.0454 3624 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:27:53.0457 3624 Dhcp - ok
14:27:53.0467 3624 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:27:53.0468 3624 discache - ok
14:27:53.0476 3624 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:27:53.0478 3624 Disk - ok
14:27:53.0510 3624 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
14:27:53.0512 3624 dmvsc - ok
14:27:53.0536 3624 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:27:53.0538 3624 Dnscache - ok
14:27:53.0554 3624 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:27:53.0559 3624 dot3svc - ok
14:27:53.0578 3624 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:27:53.0580 3624 DPS - ok
14:27:53.0604 3624 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:27:53.0617 3624 drmkaud - ok
14:27:53.0642 3624 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:27:53.0643 3624 dtsoftbus01 - ok
14:27:53.0677 3624 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:27:53.0682 3624 DXGKrnl - ok
14:27:53.0714 3624 [ D00EAE9C735A7DEE8049E50D73D25434 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
14:27:53.0715 3624 eamonm - ok
14:27:53.0741 3624 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:27:53.0743 3624 EapHost - ok
14:27:53.0791 3624 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:27:53.0834 3624 ebdrv - ok
14:27:53.0850 3624 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:27:53.0852 3624 EFS - ok
14:27:53.0904 3624 [ E5EDDE3C8158DD0CBC5812F201DCDED0 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
14:27:53.0905 3624 ehdrv - ok
14:27:53.0940 3624 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:27:53.0947 3624 ehRecvr - ok
14:27:53.0955 3624 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:27:53.0957 3624 ehSched - ok
14:27:54.0021 3624 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
14:27:54.0025 3624 ekrn - ok
14:27:54.0050 3624 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:27:54.0055 3624 elxstor - ok
14:27:54.0077 3624 [ 587F0F4145A1536A6E37EFD769B7665F ] epfw C:\Windows\system32\DRIVERS\epfw.sys
14:27:54.0078 3624 epfw - ok
14:27:54.0111 3624 [ D2F812358EE8EE23CBB5C4DAFFB5B819 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
14:27:54.0112 3624 EpfwLWF - ok
14:27:54.0137 3624 [ 34BF55D69AB74D14C7E7A17259CB7DF8 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
14:27:54.0138 3624 epfwwfp - ok
14:27:54.0147 3624 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:27:54.0149 3624 ErrDev - ok
14:27:54.0186 3624 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:27:54.0193 3624 EventSystem - ok
14:27:54.0207 3624 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:27:54.0210 3624 exfat - ok
14:27:54.0216 3624 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:27:54.0218 3624 fastfat - ok
14:27:54.0238 3624 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:27:54.0245 3624 Fax - ok
14:27:54.0257 3624 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:27:54.0258 3624 fdc - ok
14:27:54.0269 3624 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:27:54.0270 3624 fdPHost - ok
14:27:54.0280 3624 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:27:54.0282 3624 FDResPub - ok
14:27:54.0291 3624 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:27:54.0296 3624 FileInfo - ok
14:27:54.0302 3624 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:27:54.0303 3624 Filetrace - ok
14:27:54.0307 3624 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:27:54.0308 3624 flpydisk - ok
14:27:54.0319 3624 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:27:54.0322 3624 FltMgr - ok
14:27:54.0347 3624 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:27:54.0364 3624 FontCache - ok
14:27:54.0398 3624 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:27:54.0400 3624 FontCache3.0.0.0 - ok
14:27:54.0413 3624 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:27:54.0416 3624 FsDepends - ok
14:27:54.0433 3624 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:27:54.0434 3624 Fs_Rec - ok
14:27:54.0445 3624 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:27:54.0448 3624 fvevol - ok
14:27:54.0456 3624 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:27:54.0460 3624 gagp30kx - ok
14:27:54.0487 3624 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:27:54.0495 3624 gpsvc - ok
14:27:54.0521 3624 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
14:27:54.0544 3624 hamachi - ok
14:27:54.0605 3624 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
14:27:54.0615 3624 Hamachi2Svc - ok
14:27:54.0650 3624 [ 49FF998B490B4AEF6C71A669FD10F09B ] hcmon C:\Windows\system32\drivers\hcmon.sys
14:27:54.0667 3624 hcmon - ok
14:27:54.0683 3624 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:27:54.0685 3624 hcw85cir - ok
14:27:54.0713 3624 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:27:54.0719 3624 HdAudAddService - ok
14:27:54.0739 3624 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:27:54.0741 3624 HDAudBus - ok
14:27:54.0759 3624 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:27:54.0760 3624 HECIx64 - ok
14:27:54.0768 3624 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:27:54.0770 3624 HidBatt - ok
14:27:54.0778 3624 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:27:54.0780 3624 HidBth - ok
14:27:54.0788 3624 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:27:54.0790 3624 HidIr - ok
14:27:54.0812 3624 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:27:54.0814 3624 hidserv - ok
14:27:54.0832 3624 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:27:54.0833 3624 HidUsb - ok
14:27:54.0859 3624 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:27:54.0861 3624 hkmsvc - ok
14:27:54.0873 3624 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:27:54.0876 3624 HomeGroupListener - ok
14:27:54.0901 3624 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:27:54.0904 3624 HomeGroupProvider - ok
14:27:54.0915 3624 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:27:54.0917 3624 HpSAMD - ok
14:27:54.0932 3624 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:27:54.0939 3624 HTTP - ok
14:27:54.0951 3624 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:27:54.0952 3624 hwpolicy - ok
14:27:54.0965 3624 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:27:54.0979 3624 i8042prt - ok
14:27:54.0993 3624 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:27:54.0997 3624 iaStorV - ok
14:27:55.0044 3624 [ 20D3DD1098AAAE4955D53FD0C8892EDF ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
14:27:55.0058 3624 IDMWFP - ok
14:27:55.0104 3624 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:27:55.0113 3624 idsvc - ok
14:27:55.0130 3624 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:27:55.0132 3624 iirsp - ok
14:27:55.0168 3624 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:27:55.0178 3624 IKEEXT - ok
14:27:55.0228 3624 [ F04D22D7A49A1B2210DBADF0B803E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:27:55.0236 3624 IntcAzAudAddService - ok
14:27:55.0247 3624 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:27:55.0248 3624 intelide - ok
14:27:55.0267 3624 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:27:55.0267 3624 intelppm - ok
14:27:55.0278 3624 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:27:55.0281 3624 IPBusEnum - ok
14:27:55.0306 3624 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:27:55.0308 3624 IpFilterDriver - ok
14:27:55.0332 3624 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:27:55.0337 3624 iphlpsvc - ok
14:27:55.0341 3624 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:27:55.0343 3624 IPMIDRV - ok
14:27:55.0359 3624 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:27:55.0362 3624 IPNAT - ok
14:27:55.0366 3624 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:27:55.0369 3624 IRENUM - ok
14:27:55.0406 3624 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:27:55.0408 3624 isapnp - ok
14:27:55.0421 3624 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:27:55.0424 3624 iScsiPrt - ok
14:27:55.0455 3624 [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
14:27:55.0457 3624 k57nd60a - ok
14:27:55.0481 3624 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:27:55.0482 3624 kbdclass - ok
14:27:55.0500 3624 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:27:55.0502 3624 kbdhid - ok
14:27:55.0515 3624 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:27:55.0516 3624 KeyIso - ok
14:27:55.0539 3624 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:27:55.0541 3624 KSecDD - ok
14:27:55.0554 3624 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:27:55.0556 3624 KSecPkg - ok
14:27:55.0569 3624 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:27:55.0572 3624 ksthunk - ok
14:27:55.0592 3624 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:27:55.0597 3624 KtmRm - ok
14:27:55.0620 3624 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:27:55.0627 3624 LanmanServer - ok
14:27:55.0639 3624 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:27:55.0643 3624 LanmanWorkstation - ok
14:27:55.0667 3624 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:27:55.0668 3624 lltdio - ok
14:27:55.0686 3624 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:27:55.0690 3624 lltdsvc - ok
14:27:55.0706 3624 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:27:55.0708 3624 lmhosts - ok
14:27:55.0752 3624 [ 0B4F38AA22D5634C48EDB18FE257F005 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:27:55.0753 3624 LMS - ok
14:27:55.0763 3624 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:27:55.0765 3624 LSI_FC - ok
14:27:55.0782 3624 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:27:55.0784 3624 LSI_SAS - ok
14:27:55.0798 3624 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:27:55.0800 3624 LSI_SAS2 - ok
14:27:55.0804 3624 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:27:55.0806 3624 LSI_SCSI - ok
14:27:55.0824 3624 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:27:55.0827 3624 luafv - ok
14:27:55.0846 3624 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:27:55.0849 3624 Mcx2Svc - ok
14:27:55.0858 3624 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:27:55.0859 3624 megasas - ok
14:27:55.0871 3624 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:27:55.0875 3624 MegaSR - ok
14:27:55.0891 3624 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:27:55.0893 3624 MMCSS - ok
14:27:55.0908 3624 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:27:55.0910 3624 Modem - ok
14:27:55.0938 3624 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:27:55.0939 3624 monitor - ok
14:27:55.0960 3624 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:27:55.0961 3624 mouclass - ok
14:27:55.0976 3624 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:27:55.0978 3624 mouhid - ok
14:27:56.0004 3624 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:27:56.0005 3624 mountmgr - ok
14:27:56.0010 3624 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:27:56.0013 3624 mpio - ok
14:27:56.0022 3624 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:27:56.0024 3624 mpsdrv - ok
14:27:56.0044 3624 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:27:56.0052 3624 MpsSvc - ok
14:27:56.0067 3624 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:27:56.0069 3624 MRxDAV - ok
14:27:56.0083 3624 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:27:56.0085 3624 mrxsmb - ok
14:27:56.0095 3624 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:27:56.0099 3624 mrxsmb10 - ok
14:27:56.0111 3624 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:27:56.0113 3624 mrxsmb20 - ok
14:27:56.0122 3624 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:27:56.0124 3624 msahci - ok
14:27:56.0128 3624 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:27:56.0131 3624 msdsm - ok
14:27:56.0139 3624 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:27:56.0142 3624 MSDTC - ok
14:27:56.0153 3624 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:27:56.0157 3624 Msfs - ok
14:27:56.0166 3624 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:27:56.0168 3624 mshidkmdf - ok
14:27:56.0182 3624 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:27:56.0183 3624 msisadrv - ok
14:27:56.0218 3624 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:27:56.0221 3624 MSiSCSI - ok
14:27:56.0225 3624 msiserver - ok
14:27:56.0243 3624 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:27:56.0245 3624 MSKSSRV - ok
14:27:56.0255 3624 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:27:56.0257 3624 MSPCLOCK - ok
14:27:56.0262 3624 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:27:56.0264 3624 MSPQM - ok
14:27:56.0277 3624 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:27:56.0280 3624 MsRPC - ok
14:27:56.0293 3624 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:27:56.0294 3624 mssmbios - ok
14:27:56.0303 3624 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:27:56.0305 3624 MSTEE - ok
14:27:56.0319 3624 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:27:56.0320 3624 MTConfig - ok
14:27:56.0331 3624 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:27:56.0332 3624 Mup - ok
14:27:56.0363 3624 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:27:56.0368 3624 napagent - ok
14:27:56.0395 3624 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:27:56.0399 3624 NativeWifiP - ok
14:27:56.0420 3624 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:27:56.0437 3624 NDIS - ok
14:27:56.0458 3624 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:27:56.0460 3624 NdisCap - ok
14:27:56.0479 3624 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:27:56.0480 3624 NdisTapi - ok
14:27:56.0494 3624 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:27:56.0496 3624 Ndisuio - ok
14:27:56.0501 3624 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:27:56.0504 3624 NdisWan - ok
14:27:56.0524 3624 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:27:56.0526 3624 NDProxy - ok
14:27:56.0534 3624 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:27:56.0535 3624 NetBIOS - ok
14:27:56.0541 3624 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:27:56.0544 3624 NetBT - ok
14:27:56.0557 3624 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:27:56.0558 3624 Netlogon - ok
14:27:56.0580 3624 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:27:56.0585 3624 Netman - ok
14:27:56.0611 3624 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:27:56.0614 3624 NetMsmqActivator - ok
14:27:56.0618 3624 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:27:56.0619 3624 NetPipeActivator - ok
14:27:56.0640 3624 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:27:56.0645 3624 netprofm - ok
14:27:56.0649 3624 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:27:56.0650 3624 NetTcpActivator - ok
14:27:56.0653 3624 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:27:56.0654 3624 NetTcpPortSharing - ok
14:27:56.0690 3624 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:27:56.0692 3624 nfrd960 - ok
14:27:56.0718 3624 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:27:56.0722 3624 NlaSvc - ok
14:27:56.0762 3624 [ AD42FB061166AF0643806800304BD76F ] NLNdisMP C:\Windows\system32\DRIVERS\nlndis.sys
14:27:56.0763 3624 NLNdisMP - ok
14:27:56.0776 3624 [ AD42FB061166AF0643806800304BD76F ] NLNdisPT C:\Windows\system32\DRIVERS\nlndis.sys
14:27:56.0776 3624 NLNdisPT - ok
14:27:56.0833 3624 [ 6988373E38223438B09F0C27D7E67393 ] nlsvc C:\Program Files\NetLimiter 3\nlsvc.exe
14:27:56.0859 3624 nlsvc - ok
14:27:56.0887 3624 [ 75E6581DE9A0B155EDAB6807E668BE06 ] nltdi C:\Program Files\NetLimiter 3\nltdi.sys
14:27:56.0888 3624 nltdi - ok
14:27:56.0903 3624 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:27:56.0904 3624 Npfs - ok
14:27:56.0929 3624 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:27:56.0931 3624 nsi - ok
14:27:56.0948 3624 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:27:56.0949 3624 nsiproxy - ok
14:27:56.0984 3624 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:27:57.0010 3624 Ntfs - ok
14:27:57.0024 3624 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:27:57.0025 3624 Null - ok
14:27:57.0053 3624 [ CDDD4478757288DF4BB1494BFD084259 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
14:27:57.0055 3624 NVHDA - ok
14:27:57.0247 3624 [ A5D0603CAE6C334B1386204D94393C04 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:27:57.0388 3624 nvlddmkm - ok
14:27:57.0394 3624 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:27:57.0397 3624 nvraid - ok
14:27:57.0402 3624 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:27:57.0404 3624 nvstor - ok
14:27:57.0424 3624 [ 268D382FCC6A8A568AAB7C6DC8C71BB3 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:27:57.0428 3624 nvsvc - ok
14:27:57.0438 3624 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:27:57.0441 3624 nv_agp - ok
14:27:57.0516 3624 [ D99D7854F2D03463C82B2BB2D8C43ABC ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
14:27:57.0542 3624 OfficeSvc - ok
14:27:57.0559 3624 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:27:57.0561 3624 ohci1394 - ok
14:27:57.0622 3624 [ F148101BFA4C8F2D0CD123483A989DC4 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:27:57.0624 3624 ose - ok
14:27:57.0731 3624 [ 31DC8D825D2C4EB0FF7ED021BB92C541 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:27:57.0812 3624 osppsvc - ok
14:27:57.0837 3624 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:27:57.0841 3624 p2pimsvc - ok
14:27:57.0856 3624 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:27:57.0861 3624 p2psvc - ok
14:27:57.0879 3624 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
14:27:57.0881 3624 Parport - ok
14:27:57.0895 3624 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:27:57.0896 3624 partmgr - ok
14:27:57.0910 3624 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:27:57.0915 3624 PcaSvc - ok
14:27:57.0927 3624 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:27:57.0929 3624 pci - ok
14:27:57.0936 3624 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:27:57.0937 3624 pciide - ok
14:27:57.0954 3624 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:27:57.0957 3624 pcmcia - ok
14:27:57.0968 3624 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:27:57.0969 3624 pcw - ok
14:27:57.0978 3624 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:27:57.0984 3624 PEAUTH - ok
14:27:58.0021 3624 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:27:58.0046 3624 PeerDistSvc - ok
14:27:58.0106 3624 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:27:58.0110 3624 PerfHost - ok
14:27:58.0168 3624 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:27:58.0194 3624 pla - ok
14:27:58.0244 3624 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:27:58.0249 3624 PlugPlay - ok
14:27:58.0264 3624 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:27:58.0266 3624 PNRPAutoReg - ok
14:27:58.0286 3624 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:27:58.0288 3624 PNRPsvc - ok
14:27:58.0319 3624 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:27:58.0324 3624 PolicyAgent - ok
14:27:58.0350 3624 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:27:58.0353 3624 Power - ok
14:27:58.0380 3624 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:27:58.0382 3624 PptpMiniport - ok
14:27:58.0393 3624 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:27:58.0396 3624 Processor - ok
14:27:58.0417 3624 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:27:58.0420 3624 ProfSvc - ok
14:27:58.0430 3624 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:27:58.0431 3624 ProtectedStorage - ok
14:27:58.0459 3624 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:27:58.0460 3624 Psched - ok
14:27:58.0488 3624 [ D8589A43B352E7F2317194C98447149F ] pwdrvio C:\Windows\system32\pwdrvio.sys
14:27:58.0491 3624 pwdrvio - ok
14:27:58.0527 3624 [ 4B8FDA635F4D2E7D638B2B3817B5AFC8 ] pwdspio C:\Windows\system32\pwdspio.sys
14:27:58.0529 3624 pwdspio - ok
14:27:58.0565 3624 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:27:58.0591 3624 ql2300 - ok
14:27:58.0605 3624 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:27:58.0607 3624 ql40xx - ok
14:27:58.0628 3624 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:27:58.0632 3624 QWAVE - ok
14:27:58.0642 3624 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:27:58.0644 3624 QWAVEdrv - ok
14:27:58.0649 3624 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:27:58.0650 3624 RasAcd - ok
14:27:58.0668 3624 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:27:58.0670 3624 RasAgileVpn - ok
14:27:58.0681 3624 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:27:58.0683 3624 RasAuto - ok
14:27:58.0688 3624 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:27:58.0690 3624 Rasl2tp - ok
14:27:58.0707 3624 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:27:58.0712 3624 RasMan - ok
14:27:58.0717 3624 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:27:58.0719 3624 RasPppoe - ok
14:27:58.0734 3624 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:27:58.0735 3624 RasSstp - ok
14:27:58.0741 3624 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:27:58.0745 3624 rdbss - ok
14:27:58.0769 3624 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:27:58.0792 3624 rdpbus - ok
14:27:58.0838 3624 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:27:58.0838 3624 RDPCDD - ok
14:27:58.0858 3624 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:27:58.0861 3624 RDPDR - ok
14:27:58.0887 3624 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:27:58.0887 3624 RDPENCDD - ok
14:27:58.0899 3624 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:27:58.0900 3624 RDPREFMP - ok
14:27:58.0928 3624 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:27:58.0930 3624 RdpVideoMiniport - ok
14:27:58.0951 3624 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:27:58.0954 3624 RDPWD - ok
14:27:58.0985 3624 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:27:58.0988 3624 rdyboost - ok
14:27:58.0999 3624 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:27:59.0001 3624 RemoteAccess - ok
14:27:59.0015 3624 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:27:59.0018 3624 RemoteRegistry - ok
14:27:59.0033 3624 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:27:59.0035 3624 RpcEptMapper - ok
14:27:59.0046 3624 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:27:59.0047 3624 RpcLocator - ok
14:27:59.0063 3624 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:27:59.0066 3624 RpcSs - ok
14:27:59.0070 3624 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:27:59.0073 3624 rspndr - ok
14:27:59.0096 3624 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:27:59.0097 3624 s3cap - ok
14:27:59.0112 3624 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:27:59.0114 3624 SamSs - ok
14:27:59.0118 3624 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:27:59.0120 3624 sbp2port - ok
14:27:59.0135 3624 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:27:59.0138 3624 SCardSvr - ok
14:27:59.0144 3624 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:27:59.0146 3624 scfilter - ok
14:27:59.0171 3624 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:27:59.0189 3624 Schedule - ok
14:27:59.0214 3624 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:27:59.0215 3624 SCPolicySvc - ok
14:27:59.0233 3624 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:27:59.0236 3624 SDRSVC - ok
14:27:59.0257 3624 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:27:59.0259 3624 secdrv - ok
14:27:59.0272 3624 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:27:59.0274 3624 seclogon - ok
14:27:59.0290 3624 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:27:59.0292 3624 SENS - ok
14:27:59.0305 3624 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:27:59.0307 3624 SensrSvc - ok
14:27:59.0315 3624 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
14:27:59.0317 3624 Serenum - ok
14:27:59.0336 3624 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
14:27:59.0338 3624 Serial - ok
14:27:59.0348 3624 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:27:59.0362 3624 sermouse - ok
14:27:59.0379 3624 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:27:59.0382 3624 SessionEnv - ok
14:27:59.0386 3624 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:27:59.0387 3624 sffdisk - ok
14:27:59.0391 3624 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:27:59.0392 3624 sffp_mmc - ok
14:27:59.0396 3624 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:27:59.0397 3624 sffp_sd - ok
14:27:59.0401 3624 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:27:59.0403 3624 sfloppy - ok
14:27:59.0431 3624 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:27:59.0436 3624 SharedAccess - ok
14:27:59.0451 3624 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:27:59.0455 3624 ShellHWDetection - ok
14:27:59.0463 3624 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:27:59.0465 3624 SiSRaid2 - ok
14:27:59.0471 3624 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:27:59.0473 3624 SiSRaid4 - ok
14:27:59.0487 3624 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:27:59.0489 3624 Smb - ok
14:27:59.0515 3624 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:27:59.0517 3624 SNMPTRAP - ok
14:27:59.0525 3624 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:27:59.0526 3624 spldr - ok
14:27:59.0549 3624 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:27:59.0554 3624 Spooler - ok
14:27:59.0612 3624 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:27:59.0655 3624 sppsvc - ok
14:27:59.0669 3624 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:27:59.0672 3624 sppuinotify - ok
14:27:59.0695 3624 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:27:59.0700 3624 srv - ok
14:27:59.0713 3624 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:27:59.0719 3624 srv2 - ok
14:27:59.0733 3624 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:27:59.0735 3624 srvnet - ok
14:27:59.0751 3624 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:27:59.0754 3624 SSDPSRV - ok
14:27:59.0759 3624 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:27:59.0762 3624 SstpSvc - ok
14:27:59.0779 3624 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:27:59.0781 3624 stexstor - ok
14:27:59.0813 3624 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:27:59.0820 3624 stisvc - ok
14:27:59.0845 3624 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:27:59.0846 3624 storflt - ok
14:27:59.0855 3624 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:27:59.0857 3624 storvsc - ok
14:27:59.0870 3624 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:27:59.0871 3624 swenum - ok
14:27:59.0886 3624 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:27:59.0893 3624 swprv - ok
14:27:59.0906 3624 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
14:27:59.0908 3624 Synth3dVsc - ok
14:27:59.0941 3624 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:27:59.0966 3624 SysMain - ok
14:27:59.0979 3624 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:27:59.0982 3624 TabletInputService - ok
14:28:00.0015 3624 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
14:28:00.0017 3624 tap0901t - ok
14:28:00.0028 3624 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:28:00.0032 3624 TapiSrv - ok
14:28:00.0046 3624 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:28:00.0048 3624 TBS - ok
14:28:00.0089 3624 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:28:00.0115 3624 Tcpip - ok
14:28:00.0156 3624 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:28:00.0164 3624 TCPIP6 - ok
14:28:00.0188 3624 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:28:00.0189 3624 tcpipreg - ok
14:28:00.0202 3624 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:28:00.0203 3624 TDPIPE - ok
14:28:00.0227 3624 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:28:00.0235 3624 TDTCP - ok
14:28:00.0252 3624 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:28:00.0254 3624 tdx - ok
14:28:00.0325 3624 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
14:28:00.0338 3624 TeamViewer7 - ok
14:28:00.0362 3624 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:28:00.0373 3624 TermDD - ok
14:28:00.0391 3624 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
14:28:00.0392 3624 terminpt - ok
14:28:00.0419 3624 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:28:00.0427 3624 TermService - ok
14:28:00.0443 3624 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:28:00.0446 3624 Themes - ok
14:28:00.0453 3624 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:28:00.0454 3624 THREADORDER - ok
14:28:00.0469 3624 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:28:00.0472 3624 TrkWks - ok
14:28:00.0500 3624 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:28:00.0502 3624 TrustedInstaller - ok
14:28:00.0514 3624 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:28:00.0515 3624 tssecsrv - ok
14:28:00.0526 3624 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:28:00.0528 3624 TsUsbFlt - ok
14:28:00.0536 3624 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:28:00.0537 3624 TsUsbGD - ok
14:28:00.0562 3624 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
14:28:00.0564 3624 tsusbhub - ok
14:28:00.0576 3624 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:28:00.0579 3624 tunnel - ok
14:28:00.0628 3624 [ 3DB1CE045A552161EF7252988752C65F ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
14:28:00.0635 3624 TunngleService - ok
14:28:00.0639 3624 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:28:00.0640 3624 uagp35 - ok
14:28:00.0657 3624 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:28:00.0661 3624 udfs - ok
14:28:00.0687 3624 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:28:00.0690 3624 UI0Detect - ok
14:28:00.0698 3624 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:28:00.0700 3624 uliagpkx - ok
14:28:00.0723 3624 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:28:00.0736 3624 umbus - ok
14:28:00.0742 3624 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:28:00.0746 3624 UmPass - ok
14:28:00.0772 3624 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
14:28:00.0775 3624 UmRdpService - ok
14:28:00.0856 3624 [ 6FDB1CA1ADD261F893C90738EBA37197 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:28:00.0866 3624 UNS - ok
14:28:00.0896 3624 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:28:00.0901 3624 upnphost - ok
14:28:00.0912 3624 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:28:00.0918 3624 usbccgp - ok
14:28:00.0935 3624 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:28:00.0939 3624 usbcir - ok
14:28:00.0955 3624 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:28:00.0967 3624 usbehci - ok
14:28:00.0990 3624 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:28:01.0007 3624 usbhub - ok
14:28:01.0019 3624 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:28:01.0021 3624 usbohci - ok
14:28:01.0041 3624 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:28:01.0042 3624 usbprint - ok
14:28:01.0064 3624 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:28:01.0066 3624 usbscan - ok
14:28:01.0073 3624 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:28:01.0075 3624 USBSTOR - ok
14:28:01.0085 3624 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:28:01.0087 3624 usbuhci - ok
14:28:01.0100 3624 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:28:01.0102 3624 UxSms - ok
14:28:01.0110 3624 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:28:01.0111 3624 VaultSvc - ok
14:28:01.0132 3624 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:28:01.0132 3624 vdrvroot - ok
14:28:01.0146 3624 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:28:01.0152 3624 vds - ok
14:28:01.0161 3624 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:28:01.0163 3624 vga - ok
14:28:01.0175 3624 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:28:01.0176 3624 VgaSave - ok
14:28:01.0180 3624 VGPU - ok
14:28:01.0198 3624 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:28:01.0201 3624 vhdmp - ok
14:28:01.0210 3624 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:28:01.0212 3624 viaide - ok
14:28:01.0251 3624 [ 7171B884DA8BFB1CE5C8BAE46D993CB1 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
14:28:01.0252 3624 VMAuthdService - ok
14:28:01.0277 3624 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:28:01.0280 3624 vmbus - ok
14:28:01.0288 3624 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:28:01.0289 3624 VMBusHID - ok
14:28:01.0323 3624 [ 6203C901DEFF10631AAD919B3BD1489B ] vmci C:\Windows\system32\DRIVERS\vmci.sys
14:28:01.0324 3624 vmci - ok
14:28:01.0340 3624 [ AF3FAAE90D4BE41ECB510969A05C1842 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
14:28:01.0342 3624 vmkbd - ok
14:28:01.0347 3624 [ AEF53B47E960F227BF7638A6A1A9D5C6 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
14:28:01.0348 3624 VMnetAdapter - ok
14:28:01.0355 3624 [ C234A1DC2F06A15B9210787F54253810 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
14:28:01.0367 3624 VMnetBridge - ok
14:28:01.0370 3624 VMnetDHCP - ok
14:28:01.0380 3624 [ B19B92D57515D3DE3330ADD34AB6AB05 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
14:28:01.0382 3624 VMnetuserif - ok
14:28:01.0412 3624 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
14:28:01.0422 3624 vmusb - ok
14:28:01.0445 3624 [ 105CC87FF31CB3C911ED6C515EC82F75 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
14:28:01.0452 3624 VMUSBArbService - ok
14:28:01.0460 3624 VMware NAT Service - ok
14:28:01.0471 3624 [ B95C74CB53894249F43A8302E9AF7E23 ] vmx86 C:\Windows\system32\drivers\vmx86.sys
14:28:01.0473 3624 vmx86 - ok
14:28:01.0489 3624 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:28:01.0491 3624 volmgr - ok
14:28:01.0506 3624 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:28:01.0510 3624 volmgrx - ok
14:28:01.0517 3624 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:28:01.0521 3624 volsnap - ok
14:28:01.0526 3624 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:28:01.0529 3624 vsmraid - ok
14:28:01.0542 3624 [ 1BD504B8678825B40C515BEF5BFB08E7 ] vsock C:\Windows\system32\drivers\vsock.sys
14:28:01.0543 3624 vsock - ok
14:28:01.0577 3624 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:28:01.0603 3624 VSS - ok
14:28:01.0613 3624 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:28:01.0614 3624 vwifibus - ok
14:28:01.0637 3624 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:28:01.0639 3624 vwififlt - ok
14:28:01.0665 3624 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:28:01.0670 3624 W32Time - ok
14:28:01.0708 3624 [ 37E4600E2CDAD3C1A3613A25B97D457C ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
14:28:01.0709 3624 wacmoumonitor - ok
14:28:01.0722 3624 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:28:01.0724 3624 WacomPen - ok
14:28:01.0762 3624 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:28:01.0765 3624 WANARP - ok
14:28:01.0771 3624 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:28:01.0772 3624 Wanarpv6 - ok
14:28:01.0812 3624 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:28:01.0829 3624 WatAdminSvc - ok
14:28:01.0866 3624 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:28:01.0892 3624 wbengine - ok
14:28:01.0899 3624 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:28:01.0905 3624 WbioSrvc - ok
14:28:01.0924 3624 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:28:01.0929 3624 wcncsvc - ok
14:28:01.0942 3624 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:28:01.0945 3624 WcsPlugInService - ok
14:28:01.0958 3624 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:28:01.0960 3624 Wd - ok
14:28:01.0977 3624 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:28:01.0983 3624 Wdf01000 - ok
14:28:01.0997 3624 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:28:01.0999 3624 WdiServiceHost - ok
14:28:02.0003 3624 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:28:02.0005 3624 WdiSystemHost - ok
14:28:02.0016 3624 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:28:02.0020 3624 WebClient - ok
14:28:02.0030 3624 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:28:02.0034 3624 Wecsvc - ok
14:28:02.0049 3624 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:28:02.0052 3624 wercplsupport - ok
14:28:02.0074 3624 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:28:02.0077 3624 WerSvc - ok
14:28:02.0093 3624 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:28:02.0095 3624 WfpLwf - ok
14:28:02.0105 3624 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:28:02.0106 3624 WIMMount - ok
14:28:02.0112 3624 WinDefend - ok
14:28:02.0119 3624 WinHttpAutoProxySvc - ok
14:28:02.0159 3624 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:28:02.0161 3624 Winmgmt - ok
14:28:02.0194 3624 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:28:02.0228 3624 WinRM - ok
14:28:02.0258 3624 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:28:02.0268 3624 Wlansvc - ok
14:28:02.0274 3624 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:28:02.0276 3624 WmiAcpi - ok
14:28:02.0292 3624 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:28:02.0295 3624 wmiApSrv - ok
14:28:02.0309 3624 WMPNetworkSvc - ok
14:28:02.0329 3624 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:28:02.0332 3624 WPCSvc - ok
14:28:02.0346 3624 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:28:02.0349 3624 WPDBusEnum - ok
14:28:02.0354 3624 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:28:02.0355 3624 ws2ifsl - ok
14:28:02.0368 3624 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
14:28:02.0372 3624 wscsvc - ok
14:28:02.0377 3624 WSearch - ok
14:28:02.0430 3624 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:28:02.0465 3624 wuauserv - ok
14:28:02.0473 3624 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:28:02.0482 3624 WudfPf - ok
14:28:02.0498 3624 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:28:02.0500 3624 WUDFRd - ok
14:28:02.0514 3624 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:28:02.0517 3624 wudfsvc - ok
14:28:02.0532 3624 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:28:02.0536 3624 WwanSvc - ok
14:28:02.0578 3624 ================ Scan global ===============================
14:28:02.0599 3624 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:28:02.0621 3624 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:28:02.0629 3624 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:28:02.0650 3624 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:28:02.0666 3624 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:28:02.0671 3624 [Global] - ok
14:28:02.0674 3624 ================ Scan MBR ==================================
14:28:02.0687 3624 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:28:02.0905 3624 \Device\Harddisk0\DR0 - ok
14:28:02.0910 3624 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:28:02.0948 3624 \Device\Harddisk1\DR1 - ok
14:28:02.0949 3624 ================ Scan VBR ==================================
14:28:02.0968 3624 [ C0371A28D8DC0DCF0C104ECB14B8A679 ] \Device\Harddisk0\DR0\Partition1
14:28:02.0970 3624 \Device\Harddisk0\DR0\Partition1 - ok
14:28:02.0982 3624 [ 45E843B964749B68C02136F39296E20D ] \Device\Harddisk0\DR0\Partition2
14:28:02.0984 3624 \Device\Harddisk0\DR0\Partition2 - ok
14:28:03.0002 3624 [ 04BB5FCB2453AD7F4C52C23F098FFE53 ] \Device\Harddisk0\DR0\Partition3
14:28:03.0004 3624 \Device\Harddisk0\DR0\Partition3 - ok
14:28:03.0008 3624 [ 81A343019A88C73F4F64E5D625A4913B ] \Device\Harddisk0\DR0\Partition4
14:28:03.0010 3624 \Device\Harddisk0\DR0\Partition4 - ok
14:28:03.0014 3624 [ FF7AABC07EB4830E0F70523EA060068E ] \Device\Harddisk1\DR1\Partition1
14:28:03.0017 3624 \Device\Harddisk1\DR1\Partition1 - ok
14:28:03.0018 3624 ============================================================
14:28:03.0018 3624 Scan finished
14:28:03.0018 3624 ============================================================
14:28:03.0028 3460 Detected object count: 0
14:28:03.0028 3460 Actual detected object count: 0

#4 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 04 October 2012 - 02:13 AM

my ESET full scan : Date: 1/10/2012

Scan Log
Version of virus signature database: 7533 (20121001)
Date: 1/10/2012 Time: 6:49:31 PM
Scanned disks, folders and files: Operating memory;Boot sector;C:\Boot sector;C:\;D:\Boot sector;D:\;E:\Boot sector;E:\;F:\Boot sector;F:\;G:\Boot sector;G:\;I:\Boot sector;I:\;J:\Boot sector;J:\
C:\$Recycle.Bin\S-1-5-21-970553753-799633038-556229140-1000\$RD1CINC.zip ZIP WI-Fi ToolZ/DE/DNsoft.be WiFi SiStr.msi MSI _BC91471D24ABD4B174748FB3FDC85807 CAB _AED673AE68A74A36ABB8723FEF768A3D MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarApp.dll - a variant of Win32/Toolbar.Babylon potentially unwanted application - action selection postponed until scan completion
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe - probably a variant of Win32/Toolbar.Babylon potentially unwanted application - action selection postponed until scan completion
C:\Program Files (x86)\TianXing\play.exe - a variant of Win32/Packed.FlyStudio potentially unwanted application - action selection postponed until scan completion
C:\Program Files (x86)\TianXing\update.exe - a variant of Win32/Packed.FlyStudio potentially unwanted application - action selection postponed until scan completion
C:\Users\DELL\AppData\Local\Temp\.exe - a variant of MSIL/Injector.YW trojan - cleaned by deleting - quarantined [1]
C:\Users\DELL\AppData\Local\Temp\.exe - a variant of MSIL/Injector.YW trojan - cleaned by deleting - quarantined [1]
C:\Users\DELL\AppData\Local\Temp\.exe - a variant of MSIL/Injector.YW trojan - cleaned by deleting - quarantined [1]
C:\Users\DELL\AppData\Local\Temp\.exe - a variant of MSIL/Injector.YW trojan - cleaned by deleting - quarantined [1]
C:\Users\DELL\AppData\Local\Temp\.exe - a variant of MSIL/Injector.YW trojan - cleaned by deleting - quarantined [1]
C:\Users\DELL\AppData\Local\Temp\41F7B82E-BAB0-7891-A4C7-8F04B55A89C5\Latest\BrowserManagerSetup.exe UPX v13_m14 - is OK
C:\Users\DELL\AppData\Local\Temp\41F7B82E-BAB0-7891-A4C7-8F04B55A89C5\Latest\MyBabylonTB.exe NSIS BabylonToolbar4ie.exe NSIS Script.nsi - Win32/Toolbar.Babylon potentially unwanted application
C:\Users\DELL\AppData\Local\Temp\41F7B82E-BAB0-7891-A4C7-8F04B55A89C5\Latest\MyBabylonTB.exe NSIS BabylonToolbar4ie.exe NSIS BabylonToolbarApp.dll - a variant of Win32/Toolbar.Babylon potentially unwanted application
C:\Users\DELL\AppData\Local\Temp\41F7B82E-BAB0-7891-A4C7-8F04B55A89C5\Latest\MyBabylonTB.exe NSIS BabylonToolbar4ie.exe NSIS BabylonToolbarsrv.exe - probably a variant of Win32/Toolbar.Babylon potentially unwanted application
C:\Users\DELL\AppData\Roaming\BitComet\fav\passport_info_en_us.mht MIME - is OK (internal scanning not performed)
C:\Users\DELL\AppData\Roaming\BitComet\fav\passport_info_zh_cn.mht MIME - is OK (internal scanning not performed)
C:\Users\DELL\AppData\Roaming\BitComet\fav\passport_info_zh_tw.mht MIME - is OK (internal scanning not performed)
C:\Users\DELL\AppData\Roaming\BitComet\fav\passport_login_en_us.mht MIME - is OK (internal scanning not performed)
C:\Users\DELL\AppData\Roaming\BitComet\fav\passport_login_zh_cn.mht MIME - is OK (internal scanning not performed)
C:\Users\DELL\AppData\Roaming\BitComet\fav\passport_login_zh_tw.mht MIME - is OK (internal scanning not performed)
C:\Users\DELL\AppData\Roaming\MicroSys\Launch.exe - a variant of MSIL/Injector.ALZ trojan - cleaned by deleting - quarantined [1]
C:\Users\DELL\Downloads\installer_jdownloader.exe NSIS Script.nsi - Win32/Toolbar.Babylon potentially unwanted application
C:\Users\DELL\Downloads\mplayerl.exe - a variant of Win32/InstallCore.AF potentially unwanted application - action selection postponed until scan completion
C:\Users\DELL\Downloads\tool.rar RAR tool.exe - a variant of MSIL/Kryptik.FC trojan - was a part of the deleted object
C:\Users\DELL\Downloads\VLCMediaPlayerSetup.exe NSIS biclient.exe - a variant of Win32/Somoto.A potentially unwanted application
C:\Users\DELL\Downloads\读取ADSL密码.rar RAR MYRASDIAL.exe - is OK
C:\Users\DELL\Downloads\Compressed\WI-Fi ToolZ_-_GeXeM\WI-Fi ToolZ\DE\DNsoft.be WiFi SiStr.msi MSI _BC91471D24ABD4B174748FB3FDC85807 CAB _AED673AE68A74A36ABB8723FEF768A3D MIME - is OK (internal scanning not performed)
C:\Users\DELL\Pictures\HADES V2.rar RAR HADES V2.exe - a variant of Win32/FlyStudio potentially unwanted application
C:\Users\DELL\Pictures\HADES V2\HADES V2.exe - a variant of Win32/FlyStudio potentially unwanted application - action selection postponed until scan completion
D:\TDDownload\setup_tglm_33422.exe INNO {app}\play.exe - a variant of Win32/Packed.FlyStudio potentially unwanted application
D:\TDDownload\setup_tglm_33422.exe INNO {app}\update.exe - a variant of Win32/Packed.FlyStudio potentially unwanted application
D:\TDDownload\Steam+Gifts.rar RAR Steam Gifts.exe - a variant of Win32/Packed.MoleboxVS.H potentially unwanted application
D:\TDDownload\窪諦+晤最脹疑蹋諒最.zip ZIP ____+______________/____________ ______ ____ ________ QQ____ QQ____ QQ________ ________ ________.mht MIME - is OK (internal scanning not performed)
D:\TDDownload\窪諦+晤最脹疑蹋諒最.zip ZIP ____+______________/________ - ________,________,________,________,________,________ - __________________________! - ________ - Hackvip.com.mht MIME - is OK (internal scanning not performed)
D:\TDDownload\窪諦+晤最脹疑蹋諒最.zip ZIP ____+______________/________--____________________________________________________- Hackvip.com.mht MIME - is OK (internal scanning not performed)
D:\TDDownload\窪諦+晤最脹疑蹋諒最\窪諦+晤最脹疑蹋諒最\窪價華 - 窪諦撮扲,窪諦璃,窪諦陔恓,窪諦諒最,窪諦假,窪諦厙桴 - 笢弊窪諦撮扲假訧捅藷誧厙! - 窪價華 - Hackvip.com.mht MIME - is OK (internal scanning not performed)
D:\TDDownload\窪諦+晤最脹疑蹋諒最\窪諦+晤最脹疑蹋諒最\窪價華--笢弊郔湮腔窪諦璃窪諦諒最窪諦雄賒窪諦訧埭狟婥價華ㄐ- Hackvip.com.mht MIME - is OK (internal scanning not performed)
D:\TDDownload\窪諦+晤最脹疑蹋諒最\窪諦+晤最脹疑蹋諒最\貌狦窪諦價華 窪價厙 窪諦 躂鎮瓷馮 QQ躂鎮 QQ聒瘍 QQ躇鎢賤 傻陓聒 厙桴.mht MIME - is OK (internal scanning not performed)
E:\$Recycle.Bin\S-1-5-21-970553753-799633038-556229140-1000\$RMP9I54.rar RAR ________________\__G________.zip ZIP __G________/________/www.cybs8.com___________________.zip ZIP __________________/__________________.exe - a variant of Win32/FlyStudio potentially unwanted application
E:\$Recycle.Bin\S-1-5-21-970553753-799633038-556229140-1000\$RK97FNG\教程集合下载地址\千G黑客教程.zip ZIP __G________/________/www.cybs8.com___________________.zip ZIP __________________/__________________.exe - a variant of Win32/FlyStudio potentially unwanted application
E:\$Recycle.Bin\S-1-5-21-970553753-799633038-556229140-1000\$RK97FNG\教程集合下载地址\千G黑客教程\千G黑客教程\软件破解\www.cybs8.com_电话短信全能攻击器.zip ZIP __________________/__________________.exe - a variant of Win32/FlyStudio potentially unwanted application
E:\Users\USER\Downloads\Programs\BitComet_1.33_x64_setup.exe NSIS passport_info_en_us.mht MIME - is OK (internal scanning not performed)
E:\Users\USER\Downloads\Programs\BitComet_1.33_x64_setup.exe NSIS passport_info_zh_cn.mht MIME - is OK (internal scanning not performed)
E:\Users\USER\Downloads\Programs\BitComet_1.33_x64_setup.exe NSIS passport_info_zh_tw.mht MIME - is OK (internal scanning not performed)
E:\Users\USER\Downloads\Programs\BitComet_1.33_x64_setup.exe NSIS passport_login_en_us.mht MIME - is OK (internal scanning not performed)
E:\Users\USER\Downloads\Programs\BitComet_1.33_x64_setup.exe NSIS passport_login_zh_cn.mht MIME - is OK (internal scanning not performed)
E:\Users\USER\Downloads\Programs\BitComet_1.33_x64_setup.exe NSIS passport_login_zh_tw.mht MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarApp.dll - a variant of Win32/Toolbar.Babylon potentially unwanted application - deleted - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe - probably a variant of Win32/Toolbar.Babylon potentially unwanted application - deleted - quarantined
C:\Program Files (x86)\TianXing\play.exe - a variant of Win32/Packed.FlyStudio potentially unwanted application - deleted - quarantined
C:\Program Files (x86)\TianXing\update.exe - a variant of Win32/Packed.FlyStudio potentially unwanted application - deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\41F7B82E-BAB0-7891-A4C7-8F04B55A89C5\Latest\MyBabylonTB.exe NSIS BabylonToolbar4ie.exe NSIS Script.nsi - Win32/Toolbar.Babylon potentially unwanted application - was a part of the deleted object
C:\Users\DELL\AppData\Local\Temp\41F7B82E-BAB0-7891-A4C7-8F04B55A89C5\Latest\MyBabylonTB.exe NSIS BabylonToolbar4ie.exe NSIS BabylonToolbarApp.dll - a variant of Win32/Toolbar.Babylon potentially unwanted application - was a part of the deleted object
C:\Users\DELL\AppData\Local\Temp\41F7B82E-BAB0-7891-A4C7-8F04B55A89C5\Latest\MyBabylonTB.exe NSIS BabylonToolbar4ie.exe NSIS BabylonToolbarsrv.exe - probably a variant of Win32/Toolbar.Babylon potentially unwanted application - was a part of the deleted object
C:\Users\DELL\Downloads\installer_jdownloader.exe NSIS Script.nsi - Win32/Toolbar.Babylon potentially unwanted application - was a part of the deleted object
C:\Users\DELL\Downloads\mplayerl.exe - a variant of Win32/InstallCore.AF potentially unwanted application - deleted - quarantined
C:\Users\DELL\Downloads\VLCMediaPlayerSetup.exe NSIS biclient.exe - a variant of Win32/Somoto.A potentially unwanted application - was a part of the deleted object
C:\Users\DELL\Pictures\HADES V2.rar RAR HADES V2.exe - a variant of Win32/FlyStudio potentially unwanted application - was a part of the deleted object
C:\Users\DELL\Pictures\HADES V2\HADES V2.exe - a variant of Win32/FlyStudio potentially unwanted application - deleted - quarantined
D:\TDDownload\setup_tglm_33422.exe INNO {app}\play.exe - a variant of Win32/Packed.FlyStudio potentially unwanted application - was a part of the deleted object
D:\TDDownload\setup_tglm_33422.exe INNO {app}\update.exe - a variant of Win32/Packed.FlyStudio potentially unwanted application - was a part of the deleted object
D:\TDDownload\Steam+Gifts.rar RAR Steam Gifts.exe - a variant of Win32/Packed.MoleboxVS.H potentially unwanted application - was a part of the deleted object
E:\$Recycle.Bin\S-1-5-21-970553753-799633038-556229140-1000\$RMP9I54.rar RAR ________________\__G________.zip ZIP __G________/________/www.cybs8.com___________________.zip ZIP __________________/__________________.exe - a variant of Win32/FlyStudio potentially unwanted application - was a part of the deleted object
E:\$Recycle.Bin\S-1-5-21-970553753-799633038-556229140-1000\$RK97FNG\教程集合下载地址\千G黑客教程.zip ZIP __G________/________/www.cybs8.com___________________.zip ZIP __________________/__________________.exe - a variant of Win32/FlyStudio potentially unwanted application - was a part of the deleted object
E:\$Recycle.Bin\S-1-5-21-970553753-799633038-556229140-1000\$RK97FNG\教程集合下载地址\千G黑客教程\千G黑客教程\软件破解\www.cybs8.com_电话短信全能攻击器.zip ZIP __________________/__________________.exe - a variant of Win32/FlyStudio potentially unwanted application - was a part of the deleted object
Number of scanned objects: 733924
Number of threats found: 25
Number of cleaned objects: 25
Time of completion: 8:59:15 PM Total scanning time: 7784 sec (02:09:44)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.

#5 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 04 October 2012 - 02:28 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-04 15:00:04
-----------------------------
15:00:04.310 OS Version: Windows x64 6.1.7601 Service Pack 1
15:00:04.311 Number of processors: 4 586 0x2502
15:00:04.311 ComputerName: DELL-PC UserName: DELL
15:00:05.373 Initialize success
15:12:04.953 AVAST engine defs: 12100302
15:14:55.811 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:14:55.818 Disk 0 Vendor: ST3500418AS CC45 Size: 476940MB BusType: 3
15:14:55.832 Disk 0 MBR read successfully
15:14:55.836 Disk 0 MBR scan
15:14:55.844 Disk 0 Windows 7 default MBR code
15:14:55.855 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 100 MB offset 2048
15:14:55.868 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102300 MB offset 206848
15:14:55.875 Disk 0 Partition - 00 0F Extended LBA 292537 MB offset 209719233
15:14:55.897 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 81998 MB offset 808835072
15:14:55.922 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 292537 MB offset 209719296
15:14:55.957 Disk 0 scanning C:\Windows\system32\drivers
15:15:09.543 Service scanning
15:15:32.104 Modules scanning
15:15:32.449 Disk 0 trace - called modules:
15:15:32.468 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:15:32.476 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b7a060]
15:15:32.484 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa80048ec580]
15:15:32.494 5 ACPI.sys[fffff88000f527a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048ee060]
15:15:36.571 AVAST engine scan C:\Windows
15:15:38.561 AVAST engine scan C:\Windows\system32
15:19:13.390 AVAST engine scan C:\Windows\system32\drivers
15:19:25.427 AVAST engine scan C:\Users\DELL
15:23:36.316 File: C:\Users\DELL\Downloads\??ADSL??\MYRASDIAL.exe **INFECTED** Win32:Trojan-gen
15:24:15.911 AVAST engine scan C:\ProgramData
15:24:33.163 Scan finished successfully
15:27:50.358 Disk 0 MBR has been saved successfully to "C:\Users\DELL\Documents\MBR.dat"
15:27:50.363 The log file has been saved successfully to "C:\Users\DELL\Documents\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:04 AM

Posted 04 October 2012 - 05:19 AM

can i post my ESET Smart Secuirty 5 full scan logs ? since ESET online scanner used same engine ?


Please run ESET scanner and post the logs

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

Edited by narenxp, 04 October 2012 - 05:46 AM.


#7 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 04 October 2012 - 06:00 AM

ok... i will do those steps ..

but how i can "remove" those unwanted start-up items ? ... ( i see there from Task Manger ) ( processes Tab )

msconfig not useful ... at all ... :/

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:04 AM

Posted 04 October 2012 - 06:07 AM

We will look into it in the end

#9 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 04 October 2012 - 06:11 AM

" Flush DNS "  

why ? :huh: i am using preferred DNS ( Google Public DNS )

#10 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 04 October 2012 - 08:03 AM

Eset online scanner logs
PLs help me to delete these .... ( i didn't tick " remove found threats " ) sry

wait for the following logs :whistle:

C:\$Recycle.Bin\S-1-5-21-970553753-799633038-556229140-1000\$RD1CINC.zip
a variant of Win32/PSWTool.WirelessNetView.A application

C:\Users\DELL\Downloads\DTLite4454-0316.exe
Win32/OpenCandy application

C:\Users\DELL\Downloads\Compressed\WI-Fi ToolZ_-_GeXeM\WI-Fi ToolZ\wirelessnetview\WirelessNetView.exe
a variant of Win32/PSWTool.WirelessNetView.A application

D:\Removable Disk\Zkteh\Ptc.ky.ner0.rar
a variant of Win32/HackTool.Patcher.U application

D:\Removable Disk\Zkteh\Ptc.ky.ner0\Ptc.ky.ner0\Patch\Patch.exe
a variant of Win32/HackTool.Patcher.U application

E:\Users\USER\Downloads\IDM 6.12 Build 3 Full Patch Terindikasi.com.rar
a variant of Win32/HackTool.Patcher.U application

E:\Users\USER\Downloads\Programs\DAEMONToolsPro510-0333.exe
Win32/OpenCandy application

Edited by zkteh, 04 October 2012 - 08:31 AM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:04 AM

Posted 04 October 2012 - 09:35 AM

PLs help me to delete these .... ( i didn't tick " remove found threats " ) sry


Tick mark Remove following threats

#12 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 05 October 2012 - 08:37 AM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.04.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
DELL :: DELL-PC [administrator]

5/10/2012 8:34:29 PM
mbam-log-2012-10-05 (20-34-29).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 488373
Time elapsed: 53 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Program Files (x86)\QvodPlayer\QvodBand.dll (Spyware.OnlineGames) -> Delete on reboot.

Registry Keys Detected: 4
HKCR\fsp (PUP.Funshion) -> No action taken.
HKCR\Funshion Task (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funshion (PUP.Funshion) -> No action taken.
HKCR\thunder (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 18
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\Baiduflash (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\Baiduflash\subflash (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\Cacheflash (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flash (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashStamp (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\popwind (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\control (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\historyTorrent (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\ini (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\screensave (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\Seed (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\serv (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\Shortcut (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\update (PUP.Funshion) -> No action taken.

Files Detected: 74
D:\TDDownload\FunshionInstall_C145373.exe (PUP.Funshion) -> No action taken.
C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk (PUP.Funshion) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Funshion.lnk (PUP.Funshion) -> No action taken.
C:\Windows\System32\funshion.ini (PUP.Funshion) -> No action taken.
C:\Windows\SysWOW64\funshion.ini (PUP.Funshion) -> No action taken.
C:\Users\DELL\FunShion.ini (PUP.Funshion) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion Game.lnk (PUP.Funshion) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion Use Help.lnk (PUP.Funshion) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion.lnk (PUP.Funshion) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\FunshionDoctor.lnk (PUP.Funshion) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Shopping Sites.lnk (PUP.Funshion) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Uninstall Funshion.lnk (PUP.Funshion) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Update History.lnk (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\install.ini (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\Cacheflash\blankFs.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\Cacheflash\donghuanew_18.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flash\DC996574_2866_7E4D_83BF_B1977BBD144B.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\02D1B49A_7989_DFA4_4286_9A1F3F86DEF1.flv (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\06D0E120_06FD_A0AC_C4C8_8BFADE5DD331.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\080939DC_66A5_80E3_9C54_E5BA1F15D2F0.date1347694630.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\0B899376_A7BD_D2A3_4796_B50825CC51F2.date1347277816.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\12A56567_5B88_662F_47D9_08035D2C59A1.date1347694630.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\16C0BB73_D44F_2246_F085_4BEE5D17A4E1.flv (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\17ED6ECE_875D_9C85_55F5_71BEC6B10999.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\28213489_8AC9_8DBD_7E5A_5809BA338F4D.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\2AD27CE4_E576_BCF6_3D01_16B16020E4B5.date1347396554.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\419C62E6_C826_A080_B96E_811C45EC6849.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\42D7DEEA_CD9C_3BA1_19C2_31A38DC3DD0F.date1347694630.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\43ACE1F6_3B76_6C67_8C59_15B7957E1B5D.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\49F1FFBC_048A_0FC7_2263_CC85E242E2CE.date1347396554.flv (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\50A3C43E_CA21_6BB4_702A_76C11A957DCF.date1347694630.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\55C20688_D127_B4F7_F8AC_59048551B747.date1347396554.flv (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\5792417C_694A_BD16_D6EA_CBFAE9FBDEF9.flv (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\5ED02CE9_B563_C39E_1FCB_EBD909A02D9B.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\65660.date1347396554.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\68936.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\72088.date1347396554.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\741F8B01_4762_63AB_856C_B855E9785906.date1347516608.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\7B747036_FD90_176D_980F_C19D45456E45.date1347694630.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\8439C82B_982F_8F61_338E_160C8639192C.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\99380E67_E303_E7BF_E1E9_5CCC44308B09.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\A7F2082F_C58F_54A6_84E7_2B4D07188029.date1347396554.flv (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\A833EB4C_1CD3_2193_C21D_20B2B2DA708D.date1347429008.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\B86B90E6_9259_31D5_1AD8_9942AEF6E85F.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\B9A575B4_4132_1325_A51F_38400B4C225C.date1347694630.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\EAB06EBF_A558_A178_0975_7E780C74010E.flv (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\flashNew\FAD108DE_4854_AC55_0464_ED2CCAC5D5EE.date1347516608.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\popwind\8361B9CA_90FA_A00F_D482_C7878D570661.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\cache\popwind\F20723AC_EB44_9E7A_26E3_1DE8EAE00EEE.swf (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\control\1347193842_1347193835_506882_18524595_1287220256_127.dat (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\control\1347193842_1347193835_506882_18524595_1287220256_127.fsp (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\control\1347193842_1347193842_513467_70be18656cc3ebfdc094d5fa28882c148153e35c.json (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\control\1347193842_1347193842_513467_70be18656cc3ebfdc094d5fa28882c148153e35c.json_backup (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\historyTorrent\台湾Beautyleg写真-第150集.fsp (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\historyTorrent\第二处女-001.fsp (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\ini\httpfile.ini (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\ini\temp_config.ini (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\Shortcut\FunShortcut.ini (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\update\AdLinkParamFile.fax (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\update\ad_define.fai (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\update\ad_define.fai.bak (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\update\ad_material.fax (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\update\flashParam.txt (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\update\flashParam.txt.bak (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\update\MiniAdLinkParamFile.fax (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\update\popwind.json (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\update\Shopping Sites.lnk (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\update\StampPolicy.txt (PUP.Funshion) -> No action taken.
C:\Users\DELL\funshion\update\updatexmlfile.txt (PUP.Funshion) -> No action taken.
C:\Program Files (x86)\QvodPlayer\QvodBand.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Users\DELL\AppData\Local\Temp\tdu.tmp (Packer.ModifiedUPX) -> Quarantined and deleted successfully.
E:\com.run (Trojan.Agent) -> Quarantined and deleted successfully.
E:\krnln.fnr (Backdoor.Bot) -> Quarantined and deleted successfully.
E:\shell.fne (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#13 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 05 October 2012 - 08:43 AM

MiniToolBox by Farbar Version: 23-07-2012
Ran by DELL (administrator) on 05-10-2012 at 21:41:18
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: socks=localhost:9050

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
DW1525 (802.11n) WLAN PCIe Card = Wireless Network Connection (Hardware not present)
TAP-Win32 Adapter V9 (Tunngle) = Tunngle (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set subinterface interface=畸: subinterface=ethernet_6 mtu=1492
add address name="VMware Network Adapter VMnet1" address=192.168.61.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet8" address=192.168.211.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : DELL-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Tunngle:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle)
Physical Address. . . . . . . . . : 00-FF-12-CB-19-A7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 84-2B-2B-B6-08-E7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fb:ef8b:f152:7bea%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, 5 October, 2012 6:33:09 PM
Lease Expires . . . . . . . . . . : Saturday, 6 October, 2012 6:33:09 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 243542827
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-C6-CE-79-84-2B-2B-B6-08-E7
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-6C-CB-12
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::56c:cb12(Preferred)
Link-local IPv6 Address . . . . . : fe80::d131:c9e1:92a9:ba10%21(Preferred)
IPv4 Address. . . . . . . . . . . : 5.108.203.18(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Friday, 5 October, 2012 6:33:07 PM
Lease Expires . . . . . . . . . . : Saturday, 5 October, 2013 6:35:14 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 511342963
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-C6-CE-79-84-2B-2B-B6-08-E7
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::39b0:b3b8:134c:76ee%31(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.61.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 771772502
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-C6-CE-79-84-2B-2B-B6-08-E7
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e9d1:254a:1e70:4ee3%32(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.211.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 788549718
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-C6-CE-79-84-2B-2B-B6-08-E7
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{91C05BAD-3336-4EF7-BCC7-7DA9634B9B34}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B6B3691E-6DF8-41B9-BF29-C3938449A2D6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{12CB19A7-84BE-493D-9A6F-A8EA9B251CC6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7720A6B3-6E34-4E49-9437-E53B5D0B49B3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DE5E7F89-172F-487A-9ECF-869EE63CC17D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: google.com
Addresses: 2404:6800:4001:c01::66
58.27.108.175
58.27.108.148
58.27.108.160
58.27.108.153
58.27.108.165
58.27.108.180
58.27.108.173
58.27.108.158
58.27.108.183
58.27.108.178
58.27.108.155
58.27.108.185
58.27.108.170
58.27.108.163
58.27.108.150
58.27.108.168


Pinging google.com [58.27.108.175] with 32 bytes of data:
Reply from 58.27.108.175: bytes=32 time=22ms TTL=59
Reply from 58.27.108.175: bytes=32 time=21ms TTL=59

Ping statistics for 58.27.108.175:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 22ms, Average = 21ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=384ms TTL=51
Reply from 98.139.183.24: bytes=32 time=407ms TTL=51

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 384ms, Maximum = 407ms, Average = 395ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
24...00 ff 12 cb 19 a7 ......TAP-Win32 Adapter V9 (Tunngle)
11...84 2b 2b b6 08 e7 ......Broadcom NetLink ™ Gigabit Ethernet
21...7a 79 05 6c cb 12 ......Hamachi Network Interface
31...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
32...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
33...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.108.203.18 9256
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 20
5.0.0.0 255.0.0.0 On-link 5.108.203.18 9256
5.108.203.18 255.255.255.255 On-link 5.108.203.18 9256
5.255.255.255 255.255.255.255 On-link 5.108.203.18 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 276
192.168.1.4 255.255.255.255 On-link 192.168.1.4 276
192.168.1.255 255.255.255.255 On-link 192.168.1.4 276
192.168.61.0 255.255.255.0 On-link 192.168.61.1 276
192.168.61.1 255.255.255.255 On-link 192.168.61.1 276
192.168.61.255 255.255.255.255 On-link 192.168.61.1 276
192.168.211.0 255.255.255.0 On-link 192.168.211.1 276
192.168.211.1 255.255.255.255 On-link 192.168.211.1 276
192.168.211.255 255.255.255.255 On-link 192.168.211.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 276
224.0.0.0 240.0.0.0 On-link 5.108.203.18 9256
224.0.0.0 240.0.0.0 On-link 192.168.61.1 276
224.0.0.0 240.0.0.0 On-link 192.168.211.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 276
255.255.255.255 255.255.255.255 On-link 5.108.203.18 9256
255.255.255.255 255.255.255.255 On-link 192.168.61.1 276
255.255.255.255 255.255.255.255 On-link 192.168.211.1 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
21 276 2620:9b::/96 On-link
21 276 2620:9b::56c:cb12/128 On-link
11 276 fe80::/64 On-link
21 276 fe80::/64 On-link
31 276 fe80::/64 On-link
32 276 fe80::/64 On-link
11 276 fe80::fb:ef8b:f152:7bea/128
On-link
31 276 fe80::39b0:b3b8:134c:76ee/128
On-link
21 276 fe80::d131:c9e1:92a9:ba10/128
On-link
32 276 fe80::e9d1:254a:1e70:4ee3/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
21 276 ff00::/8 On-link
31 276 ff00::/8 On-link
32 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\letvNet.dll [768200] (??网信息技?(北京)股份有限公司)
Catalog9 02 C:\Windows\SysWOW64\letvNet.dll [768200] (??网信息技?(北京)股份有限公司)
Catalog9 03 C:\Windows\SysWOW64\letvNet.dll [768200] (??网信息技?(北京)股份有限公司)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\letvNet.dll [768200] (??网信息技?(北京)股份有限公司)
Catalog9 15 %windir%\SysWOW64\vsocklib.dll [File Not found] ()
Catalog9 16 %windir%\SysWOW64\vsocklib.dll [File Not found] ()
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 %windir%\System32\vsocklib.dll [File Not found] ()
x64-Catalog9 12 %windir%\System32\vsocklib.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/05/2012 08:38:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/05/2012 06:34:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2012 10:01:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: unetbootin-windows-581.exe, version: 1.1.1.1, time stamp: 0x503b19e9
Faulting module name: unetbootin-windows-581.exe, version: 1.1.1.1, time stamp: 0x503b19e9
Exception code: 0xc0000005
Fault offset: 0x00971022
Faulting process id: 0x1060
Faulting application start time: 0xunetbootin-windows-581.exe0
Faulting application path: unetbootin-windows-581.exe1
Faulting module path: unetbootin-windows-581.exe2
Report Id: unetbootin-windows-581.exe3

Error: (10/04/2012 07:01:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2012 06:54:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2012 06:53:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2012 06:12:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2012 05:46:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2012 02:16:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2012 09:36:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/30/2012 11:16:51 AM) (Source: BROWSER) (User: )
Description: The browser was unable to promote itself to master browser. The computer that currently
believes it is the master browser is unknown.

Error: (09/30/2012 10:56:16 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 5.108.203.18.
The computer with the IP address 5.131.201.221 did not allow the name to be claimed by
this computer.

Error: (09/27/2012 07:02:02 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer VIVOS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B6B3691E-6DF8-41B9-BF29-C3938449A2D6}.
The master browser is stopping or an election is being forced.

Error: (09/26/2012 07:12:09 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer VIVOS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B6B3691E-6DF8-41B9-BF29-C3938449A2D6}.
The master browser is stopping or an election is being forced.

Error: (09/24/2012 02:54:56 PM) (Source: DCOM) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (09/24/2012 02:20:48 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (09/24/2012 02:20:48 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (09/24/2012 02:19:35 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/24/2012 02:19:35 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/24/2012 02:19:35 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (10/05/2012 08:38:36 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (10/05/2012 06:34:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2012 10:01:50 PM) (Source: Application Error)(User: )
Description: unetbootin-windows-581.exe1.1.1.1503b19e9unetbootin-windows-581.exe1.1.1.1503b19e9c000000500971022106001cda237430d0fb3C:\Users\DELL\Downloads\unetbootin-windows-581.exeC:\Users\DELL\Downloads\unetbootin-windows-581.exe0a67089a-0e2c-11e2-8594-b13fd2d2d976

Error: (10/04/2012 07:01:28 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\DELL\Downloads\esetsmartinstaller_enu.exe

Error: (10/04/2012 06:54:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\DELL\Downloads\esetsmartinstaller_enu.exe

Error: (10/04/2012 06:53:59 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\DELL\Downloads\esetsmartinstaller_enu.exe

Error: (10/04/2012 06:12:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2012 05:46:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2012 02:16:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2012 09:36:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
AIFF MP3 Converter v3.3 build 1049
Any Video Converter 3.5.2
Auslogics Disk Defrag (Version: 3.5)
BitComet 1.33 64-bit (Version: 1.33)
Botanicula
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 12.54.02)
Canon MP Navigator EX 2.0
CanoScan LiDE 200 Scanner Driver
DAEMON Tools Lite (Version: 4.45.4.0316)
DW 1525 Driver Installation (Version: 8.0)
Easy Driver Pro v8.03 (Version: 8.03)
EasyBCD 2.1.2 (Version: 2.1.2)
ESET Online Scanner v3
ESET Smart Security (Version: 5.2.9.1)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
FLVPlayer4Free Free FLV Player 4.8.0.0
Foxit Reader (Version: 5.3.1.606)
Funshion (Version: 2.8.0.40)
Google Books Downloader version 2.1 (Version: 2.1)
Google Chrome (Version: 22.0.1229.79)
Google Drive (Version: 1.4.3365.1552)
Google Update Helper (Version: 1.3.21.123)
HP USB Disk Storage Format Tool
ImgBurn (Version: 2.5.7.0)
inSSIDer (Version: 2.1.5)
Intel® Management Engine Components (Version: 6.0.0.1179)
LIMBO
LogMeIn Hamachi (Version: 2.1.0.215)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Media Player Classic - Home Cinema 1.6.1.4235 (Version: 1.6.1.4235)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft AppLocale (Version: 1.0.0)
Microsoft Office 365 Home Premium Preview - en-us (Version: 15.0.4128.1025)
Microsoft Office Proofing Tools 2013 Preview - Chinese (Simplified) (Version: 15.0.4128.1014)
Microsoft SkyDrive (Version: 16.4.4111.0525)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows Application Compatibility Database
Microsoft XNA Framework Redistributable 3.0 (Version: 3.0.11010.0)
MiniTool Partition Wizard Home Edition 7.5
MiniTool Power Data Recovery
Monster Hunter Frontier Online (Version: 1.500)
Need for Speed? The Run (Version: 1.0.0.0)
NetLimiter 3 (Version: 3.0.0.11)
NVIDIA Drivers (Version: 1.10.56.34)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4128.1025)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4128.1022)
OROCHI_Z 1.0
PCSX2 - Playstation 2 Emulator
Portal 2
Portal 2 - The Final Hours
PPStream V2.7.0.1488 Final (Version: 2.7.0.1488)
Realtek High Definition Audio Driver (Version: 6.0.1.5919)
Recuva (Version: 1.43)
SnapCrab for Windows 1.0.2
Speccy (Version: 1.18)
Steam (Version: 1.0.0.0)
TCSpeedBooster
TeamViewer 7 (Version: 7.0.14563)
The Ball RC 1
Throttle (Version: 6.7.9.2012)
tools-linux (Version: 9.2.0.812388)
Tunngle beta
Unmechanical
Vessel
VMware Player (Version: 5.0.0)
VMwarePlayer_x64 (Version: 5.0.0)
VueScan
Windows 7 USB/DVD Download Tool (Version: 1.0.30)
Xirrus Wi-Fi Inspector (Version: 1.2.1.4)
YTD Video Downloader 3.9.2
邧OROCHI Z (Version: 1.00.0000)
快播 5.4.111 (Version: 5.4.111)
有道?典 (Version: 4.4)
有道云?? (Version: 2.0)
毞俴荌秞(2012)V1.0.0.3
氈弝厙釐萇弝 V6.2.0.140 (Version: V6.2.0.140)
秞厒雄 5.1.1.08312 (Version: 5.1.1.08312)
迅雷看看播放器
迅雷看看高清播放?件

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 3959.12 MB
Available physical RAM: 1974.96 MB
Total Pagefile: 7916.43 MB
Available Pagefile: 5612.34 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.13 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:99.9 GB) (Free:40.13 GB) NTFS
2 Drive d: (Files ) (Fixed) (Total:285.68 GB) (Free:120.58 GB) NTFS
3 Drive e: (Winodows 8 RP) (Fixed) (Total:80.08 GB) (Free:55.21 GB) NTFS
5 Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
7 Drive j: () (Removable) (Total:1.88 GB) (Free:0.37 GB) NTFS

========================= Users: ========================================

User accounts for \\DELL-PC

Administrator DELL Guest

========================= Restore Points ==================================

22-09-2012 07:01:50 Device Driver Package Install: TAP-Win32 Provider V9 (Tunngle) Network adapters
24-09-2012 11:36:46 Installed DirectX
30-09-2012 13:51:37 IObit Uninstaller restore point
03-10-2012 12:50:41 Removed BabylonObjectInstaller
03-10-2012 12:53:34 IObit Uninstaller restore point

**** End of log ****

Farbar Service Scanner Version: 19-09-2012
Ran by DELL (administrator) on 05-10-2012 at 21:42:55
Running from "C:\Users\DELL\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#14 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 05 October 2012 - 08:45 AM

Farbar Service Scanner Version: 19-09-2012
Ran by DELL (administrator) on 05-10-2012 at 21:42:55
Running from "C:\Users\DELL\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#15 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 05 October 2012 - 10:20 AM

# AdwCleaner v2.003 - Logfile created 10/05/2012 at 23:17:11
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : DELL - DELL-PC
# Boot Mode : Normal
# Running from : C:\Users\DELL\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3162 octets] - [05/10/2012 21:51:38]
AdwCleaner[S2].txt - [710 octets] - [05/10/2012 23:17:11]

########## EOF - C:\AdwCleaner[S2].txt - [769 octets] ##########




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users