Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible viruses in my laptop


  • Please log in to reply
13 replies to this topic

#1 DadOhs

DadOhs

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 19 August 2013 - 12:30 PM

Hi, I have a dell laptop running windows 7 home premium w/svc pk1, 8gb ram, 500+gb hdd.

 

Whenever I open either Mozilla firefox or IE I keep getting half sized pages opening and they are always for the same site.

The address is: http://www.lnksr.com/sc?p=OTU4ODU0NjE2Mf5WB4%2F%2Fse%2BzUpEykBRqg9Gd13fXCOWOgGXyzqQ0UukPSHKczPlptwDImzteGVBAQRvzx7omDt0hmb7rMMd%2Feb2msAvE3%2B8nMg4kXj8ilift1PY7Ry5%2Bv5QMlTfgYJO0uxYj%2F22sD2yM9KNvd2HtQIjtr26fRPWuo%2BEG%2FQXM0k055Kdvws9fWeABOgZAlEf9V0crdCwobyUMQfLB8lTaYOU8hCS5wmfrP2%2BnQB58wbwpiV8Nce%2F34Lmd7BUDIRuXyj5gDVOrXRPycKzimEoJobVn2tKQOi6swEtU%2BsgSUWmXMXhMuYhs6XBA5AA9%2FRz1ahhtb%2FPLNqaLlOekwFJVI6g%3D&t=1

 

This is blocked by my Trend Micro A/V (good until 2040).But it comes back as soon as I click on anything within a website.

I ran Malwarebytes from safe mode and it deleted 21 reg entries, 4 folders, & 29 files within my system.

Trend Micro has not found anything.

I was told that I may have a Google Redirect Virus, and possibly a FLV Virus because I am getting inundated with requests to upgrade my Adobe Flash Player and everywhere I am getting ads for FLV Player downloads.

 

Please Help!!

 

Here is my Mini Toolbox Results & Malwarebytes Logs

 

MinitoolBox;

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Mario (administrator) on 19-08-2013 at 10:29:03
Running from "C:\Users\Mario\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 1030 = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Mario-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : cfl.rr.com

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : AC-72-89-9F-17-81
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : AC-72-89-9F-17-81
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : AC-72-89-9F-17-84
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : cfl.rr.com
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1030
   Physical Address. . . . . . . . . : AC-72-89-9F-17-80
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8930:a076:8bb4:d1ef%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.11.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, August 19, 2013 9:26:10 AM
   Lease Expires . . . . . . . . . . : Wednesday, August 21, 2013 9:26:09 AM
   Default Gateway . . . . . . . . . : 192.168.11.1
   DHCP Server . . . . . . . . . . . : 192.168.11.1
   DHCPv6 IAID . . . . . . . . . . . : 229405321
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-08-0D-31-84-8F-69-A8-6D-97
   DNS Servers . . . . . . . . . . . : 192.168.11.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : cfl.rr.com
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 84-8F-69-A8-6D-97
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{87F75CA2-D4FC-4532-AD99-6EFEEEBC78E0}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {84B89806-2EC0-42E0-9F3A-53C293F4BCF6}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.cfl.rr.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : cfl.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:20d2:3b69:b743:d93b(Preferred)
   Link-local IPv6 Address . . . . . : fe80::20d2:3b69:b743:d93b%29(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 21:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2F78EDAB-88FC-4C60-8B14-AB777EB1AA40}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4CEB7379-4B1A-4C12-A9AF-5ECF3EEBA241}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  buffalo.setup
Address:  192.168.11.1

Name:    google.com
Addresses:  2607:f8b0:4002:c04::8a
   74.125.140.139
   74.125.140.100
   74.125.140.101
   74.125.140.102
   74.125.140.113
   74.125.140.138

Pinging google.com [74.125.140.102] with 32 bytes of data:
Reply from 74.125.140.102: bytes=32 time=45ms TTL=43
Reply from 74.125.140.102: bytes=32 time=45ms TTL=43

Ping statistics for 74.125.140.102:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 45ms, Maximum = 45ms, Average = 45ms
Server:  buffalo.setup
Address:  192.168.11.1

Name:    yahoo.com
Addresses:  206.190.36.45
   98.138.253.109
   98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=78ms TTL=45
Reply from 98.139.183.24: bytes=32 time=122ms TTL=45

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 78ms, Maximum = 122ms, Average = 100ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...ac 72 89 9f 17 81 ......Microsoft Virtual WiFi Miniport Adapter #2
 16...ac 72 89 9f 17 81 ......Microsoft Virtual WiFi Miniport Adapter
 15...ac 72 89 9f 17 84 ......Bluetooth Device (Personal Area Network)
 12...ac 72 89 9f 17 80 ......Intel® Centrino® Wireless-N 1030
 11...84 8f 69 a8 6d 97 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 29...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 46...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
 48...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.11.1     192.168.11.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.11.0    255.255.255.0         On-link      192.168.11.3    281
     192.168.11.3  255.255.255.255         On-link      192.168.11.3    281
   192.168.11.255  255.255.255.255         On-link      192.168.11.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.11.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.11.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 29     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 29     58 2001::/32                On-link
 29    306 2001:0:9d38:6abd:20d2:3b69:b743:d93b/128
                                    On-link
 12    281 fe80::/64                On-link
 29    306 fe80::/64                On-link
 29    306 fe80::20d2:3b69:b743:d93b/128
                                    On-link
 12    281 fe80::8930:a076:8bb4:d1ef/128
                                    On-link
  1    306 ff00::/8                 On-link
 29    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/19/2013 09:30:56 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (08/19/2013 09:29:36 AM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (08/19/2013 09:26:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2013 05:14:12 PM) (Source: Application Hang) (User: )
Description: The program WorldOfTanks.exe version 0.8.7.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 100

Start Time: 01ce9c578676c99a

Termination Time: 6

Application Path: C:\Games\World_of_Tanks\WorldOfTanks.exe

Report Id: fc5744c0-084a-11e3-b2f2-ac72899f1784

Error: (08/18/2013 04:01:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/18/2013 03:35:04 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (08/18/2013 03:33:39 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (08/18/2013 03:30:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2013 11:18:06 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (08/17/2013 11:15:33 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

System errors:
=============
Error: (08/15/2013 00:39:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (08/15/2013 00:39:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (08/15/2013 00:39:05 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (08/15/2013 00:38:35 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (08/02/2013 03:55:20 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (07/29/2013 03:50:48 PM) (Source: DCOM) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (07/24/2013 08:21:09 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:17:34 PM on ?7/?24/?2013 was unexpected.

Error: (07/21/2013 00:49:15 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (07/20/2013 05:42:26 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (07/16/2013 10:11:12 PM) (Source: Service Control Manager) (User: )
Description: The TomTomHOMEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Microsoft Office Sessions:
=========================
Error: (08/19/2013 09:30:56 AM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (08/19/2013 09:29:36 AM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (08/19/2013 09:26:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2013 05:14:12 PM) (Source: Application Hang)(User: )
Description: WorldOfTanks.exe0.8.7.010001ce9c578676c99a6C:\Games\World_of_Tanks\WorldOfTanks.exefc5744c0-084a-11e3-b2f2-ac72899f1784

Error: (08/18/2013 04:01:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (08/18/2013 03:35:04 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (08/18/2013 03:33:39 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (08/18/2013 03:30:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2013 11:18:06 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (08/17/2013 11:15:33 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

=========================== Installed Programs ============================

4500_G510gm_Help (Version: 000.0.440.000)
4500G510gm (Version: 000.0.423.000)
4500G510gm_Software_Min (Version: 000.0.423.000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe AIR (Version: 2.6.0.19140)
Adobe Community Help (Version: 3.5.23)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Photoshop Elements 10 (Version: 10.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.07)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Advanced Audio FX Engine (Version: 1.12.05)
Big Fish Games: Game Manager (Version: 3.0.1.60)
Bing Rewards Client Installer (Version: 16.0.345.0)
BufferChm (Version: 130.0.331.000)
Cozi (Version: 1.0.6505.38692)
D3DX10 (Version: 15.4.2368.0902)
Deer Avenger
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Home Systems Service Agreement (Version: 2.0.0)
Dell Marketplace Webslice IE8 (Version: 8.0)
Dell MusicStage (Version: 1.6.225.0)
Dell PhotoStage (Version: 1.5.0.65)
Dell Stage (Version: 1.7.209.0)
Dell Touchpad (Version: 7.1209.101.204)
Dell VideoStage  (Version: 1.2.0.1712)
Dell Webcam Central (Version: 2.01.17)
DHTML Editing Component (Version: 6.02.0001)
DirectX 9 Runtime (Version: 1.00.0000)
eBay (Version: 1.4.0)
Elements 10 Organizer (Version: 10.0)
EQ2MAP Updater 1.2.6 (Version: 1.2.6)
EverQuest II
GameSpy Arcade
Google Talk Plugin (Version: 4.4.2.14502)
GoToAssist 8.0.0.514
HP Deskjet 1000 J110 series Basic Device Software (Version: 28.0.1313.0)
HP Deskjet 1000 J110 series Product Improvement Study (Version: 28.0.1313.0)
HP Officejet 4500 G510g-m (Version: 13.0)
HP Photo Creations (Version: 1.0.0.7702)
HP Update (Version: 5.005.000.002)
HPDiagnosticAlert (Version: 1.00.0000)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2345)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.0.1.0489)
Intel® PROSet/Wireless WiFi Software (Version: 14.1.2000)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Intel® WiDi (Version: 2.1.38.0)
Intel® Wireless Display
Internet Explorer (Version: 8)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 27 (64-bit) (Version: 6.0.270)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
jZip (Version: 2.0.0.133556)
Laplink SafeErase (Version: 4.1.153)
Legends of Norrath
LyricXeeker
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MDI-MINERAL LE (Version: 2011.05.20)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Rise Of Nations
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
My Dell (Version: 3.3.6280.92)
Network64 (Version: 130.0.550.000)
Network64 (Version: 140.0.221.000)
Pengu Wars
PhotoShowExpress (Version: 2.0.063)
PingPlotter Standard 3.40.2s (Version: 3.40.2.5)
Pirate101 (Version: 1.0.0)
PSE10 STI Installer (Version: 10.0)
Quickset64 (Version: 11.0.15)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.6312)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Scan (Version: 13.0.0.0)
SketchUp 2013 (Version: 13.0.3689)
Skype Toolbars (Version: 1.0.4051)
Skype™ 5.10 (Version: 5.10.116)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
TomTom HOME (Version: 2.9.5)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Toolbox (Version: 130.0.648.000)
TopArcadeHits
Trend Micro Titanium (Version: 3.1.1109)
Trend Micro™ Titanium™ (Version: 3.00)
TrustedID (Version: 5.0)
Turbo Lister 2 (Version: 2.00.0000)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Zip Opener
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Wizard101 (Version: 1.0.0)
World of Tanks - Common Test
Zip Opener Packages

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 8086.17 MB
Available physical RAM: 5903.6 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 13367.39 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.25 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:576.54 GB) (Free:456.85 GB) NTFS

========================= Users: ========================================

User accounts for \\MARIO-PC

Administrator            Guest                    Mario                   

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

MalwareBytes Log;

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.19.03

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16660
Mario :: MARIO-PC [administrator]

8/19/2013 11:00:55 AM
mbam-log-2013-08-19 (11-00-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225538
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 21
HKCR\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39A17362-9C1D-4907-9428-0D28A94DC79D} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCR\Interface\{627A968A-03E6-41C7-B11B-4E442B376F95} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCR\CLSID\{47f90046-b382-4d3f-a9f9-57076589b4e6} (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
HKCR\TypeLib\{de27cf30-9c47-4ff7-ae8a-2c3df0abde90} (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
HKCR\Interface\{1C57FE15-0393-48BA-86AE-9217507C478D} (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47F90046-B382-4D3F-A9F9-57076589B4E6} (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{47F90046-B382-4D3F-A9F9-57076589B4E6} (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{47F90046-B382-4D3F-A9F9-57076589B4E6} (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lyrix@lyrixeeker.co (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
HKCR\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39A17362-9C1D-4907-9428-0D28A94DC79D} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\Interface\{627A968A-03E6-41C7-B11B-4E442B376F95} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\Mario\AppData\Local\TopArcadeHits (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Users\Mario\AppData\Local\TopArcadeHits (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 29
C:\Users\Mario\AppData\Local\Temp\is357113909\Toparcadehits.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Mario\AppData\Local\TopArcadeHits\tah.config (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Mario\AppData\Local\TopArcadeHits\Toparcadehits.dll (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Mario\AppData\Local\TopArcadeHits\uninstaller.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Mario\AppData\Local\TopArcadeHits\updater.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Play Toparcadehits Online.url (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Uninstall Toparcadehits.lnk (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\chrome.manifest (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\01.crx (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\01.xpi (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\02.crx (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\02.xpi (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\128.crx (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\128.dat (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\128.dll (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\128.xpi (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\crx.dat (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\crx.db (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\sqlite3.dll (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\Uninstall.exe (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\xpi.dat (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyriXeeker\xpi.db (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Windows\Tasks\LyricXeeker Update.job (PUP.Optional.Lyrixeeker) -> Quarantined and deleted successfully.
C:\Users\Mario\AppData\Local\TopArcadeHits\tah.config (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Mario\AppData\Local\TopArcadeHits\Toparcadehits.dll (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Mario\AppData\Local\TopArcadeHits\uninstaller.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Mario\AppData\Local\TopArcadeHits\updater.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\TopArcadeHits.job (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

(end)

 

Thank You in advance!!

Mario

aka DadOhs



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:55 PM

Posted 19 August 2013 - 01:31 PM

Hi Mario, let's also look at these.

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 DadOhs

DadOhs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 19 August 2013 - 05:18 PM

Thank you for your time in helping me with this issue..... I have completed the first 2 steps and the ESET is currently downloading. The only thing to happen so far is that ESET didn't recognize my version (10) of I.E. so I went the long way and did the download. I will list all the files results when completed.

 

Once again, thank you for your time... it is greatly appreciated!! :)



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:55 PM

Posted 19 August 2013 - 07:34 PM

That's fine.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 DadOhs

DadOhs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 19 August 2013 - 09:15 PM

Ok, so here is everything I got back from my scans:

 

TDSKiller;

 

18:01:55.0012 0x0be4  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
18:01:55.0574 0x0be4  ============================================================
18:01:55.0574 0x0be4  Current date / time: 2013/08/19 18:01:55.0574
18:01:55.0574 0x0be4  SystemInfo:
18:01:55.0574 0x0be4 
18:01:55.0574 0x0be4  OS Version: 6.1.7601 ServicePack: 1.0
18:01:55.0574 0x0be4  Product type: Workstation
18:01:55.0574 0x0be4  ComputerName: MARIO-PC
18:01:55.0574 0x0be4  UserName: Mario
18:01:55.0574 0x0be4  Windows directory: C:\Windows
18:01:55.0574 0x0be4  System windows directory: C:\Windows
18:01:55.0574 0x0be4  Running under WOW64
18:01:55.0574 0x0be4  Processor architecture: Intel x64
18:01:55.0574 0x0be4  Number of processors: 4
18:01:55.0574 0x0be4  Page size: 0x1000
18:01:55.0574 0x0be4  Boot type: Normal boot
18:01:55.0574 0x0be4  ============================================================
18:01:56.0619 0x0be4  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:01:56.0634 0x0be4  ============================================================
18:01:56.0634 0x0be4  \Device\Harddisk0\DR0:
18:01:56.0634 0x0be4  MBR partitions:
18:01:56.0634 0x0be4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
18:01:56.0634 0x0be4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x48113AB0
18:01:56.0634 0x0be4  ============================================================
18:01:56.0681 0x0be4  C: <-> \Device\Harddisk0\DR0\Partition2
18:01:56.0681 0x0be4  ============================================================
18:01:56.0681 0x0be4  Initialize success
18:01:56.0681 0x0be4  ============================================================
18:02:44.0684 0x1890  ============================================================
18:02:44.0684 0x1890  Scan started
18:02:44.0684 0x1890  Mode: Manual; TDLFS;
18:02:44.0684 0x1890  ============================================================
18:02:44.0902 0x1890  ================ Scan system memory ========================
18:02:44.0902 0x1890  System memory - ok
18:02:44.0902 0x1890  ================ Scan services =============================
18:02:45.0230 0x1890  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:02:45.0277 0x1890  1394ohci - ok
18:02:45.0324 0x1890  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:02:45.0324 0x1890  ACPI - ok
18:02:45.0339 0x1890  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:02:45.0370 0x1890  AcpiPmi - ok
18:02:45.0516 0x1890  [ C245E08EC469A52A622EFDC9787A0DCC ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
18:02:45.0516 0x1890  AdobeActiveFileMonitor10.0 - ok
18:02:45.0672 0x1890  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:02:45.0672 0x1890  AdobeARMservice - ok
18:02:45.0890 0x1890  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:02:45.0953 0x1890  AdobeFlashPlayerUpdateSvc - ok
18:02:46.0015 0x1890  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:02:46.0077 0x1890  adp94xx - ok
18:02:46.0109 0x1890  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:02:46.0171 0x1890  adpahci - ok
18:02:46.0187 0x1890  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:02:46.0233 0x1890  adpu320 - ok
18:02:46.0265 0x1890  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:02:46.0296 0x1890  AeLookupSvc - ok
18:02:46.0405 0x1890  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:02:46.0405 0x1890  AERTFilters - ok
18:02:46.0483 0x1890  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:02:46.0530 0x1890  AFD - ok
18:02:46.0577 0x1890  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:02:46.0623 0x1890  agp440 - ok
18:02:46.0655 0x1890  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:02:46.0670 0x1890  ALG - ok
18:02:46.0733 0x1890  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:02:46.0779 0x1890  aliide - ok
18:02:46.0795 0x1890  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:02:46.0842 0x1890  amdide - ok
18:02:46.0889 0x1890  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:02:46.0935 0x1890  AmdK8 - ok
18:02:46.0951 0x1890  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:02:46.0982 0x1890  AmdPPM - ok
18:02:47.0029 0x1890  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:02:47.0076 0x1890  amdsata - ok
18:02:47.0107 0x1890  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:02:47.0154 0x1890  amdsbs - ok
18:02:47.0169 0x1890  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:02:47.0185 0x1890  amdxata - ok
18:02:47.0310 0x1890  [ 18F64623E76FF58009D6F9CB9DEA5D0A ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
18:02:47.0325 0x1890  Amsp - ok
18:02:47.0390 0x1890  [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
18:02:47.0424 0x1890  ApfiltrService - ok
18:02:47.0471 0x1890  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:02:47.0502 0x1890  AppID - ok
18:02:47.0533 0x1890  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:02:47.0549 0x1890  AppIDSvc - ok
18:02:47.0611 0x1890  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
18:02:47.0642 0x1890  Appinfo - ok
18:02:47.0674 0x1890  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
18:02:47.0689 0x1890  arc - ok
18:02:47.0705 0x1890  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:02:47.0720 0x1890  arcsas - ok
18:02:48.0079 0x1890  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:02:48.0079 0x1890  aspnet_state - ok
18:02:48.0126 0x1890  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:02:48.0157 0x1890  AsyncMac - ok
18:02:48.0204 0x1890  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:02:48.0220 0x1890  atapi - ok
18:02:48.0329 0x1890  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:02:48.0407 0x1890  AudioEndpointBuilder - ok
18:02:48.0407 0x1890  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:02:48.0407 0x1890  AudioSrv - ok
18:02:48.0422 0x1890  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:02:48.0454 0x1890  AxInstSV - ok
18:02:48.0485 0x1890  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:02:48.0532 0x1890  b06bdrv - ok
18:02:48.0563 0x1890  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:02:48.0625 0x1890  b57nd60a - ok
18:02:48.0656 0x1890  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:02:48.0672 0x1890  BDESVC - ok
18:02:48.0688 0x1890  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:02:48.0703 0x1890  Beep - ok
18:02:48.0734 0x1890  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:02:48.0797 0x1890  BFE - ok
18:02:48.0922 0x1890  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:02:48.0937 0x1890  BITS - ok
18:02:48.0953 0x1890  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:02:49.0000 0x1890  blbdrive - ok
18:02:49.0140 0x1890  [ C620C59D46F43BEECC556F65E801312B ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
18:02:49.0156 0x1890  Bluetooth Device Monitor - ok
18:02:49.0327 0x1890  [ 5E5EDCCEEA4FA3FDF3A907AC204B5828 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
18:02:49.0358 0x1890  Bluetooth Media Service - ok
18:02:49.0431 0x1890  [ 826E65C945738CBD64F89EAE4406687F ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
18:02:49.0431 0x1890  Bluetooth OBEX Service - ok
18:02:49.0462 0x1890  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:02:49.0478 0x1890  bowser - ok
18:02:49.0509 0x1890  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:02:49.0524 0x1890  BrFiltLo - ok
18:02:49.0540 0x1890  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:02:49.0556 0x1890  BrFiltUp - ok
18:02:49.0602 0x1890  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:02:49.0649 0x1890  Browser - ok
18:02:49.0649 0x1890  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:02:49.0680 0x1890  Brserid - ok
18:02:49.0696 0x1890  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:02:49.0727 0x1890  BrSerWdm - ok
18:02:49.0727 0x1890  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:02:49.0758 0x1890  BrUsbMdm - ok
18:02:49.0774 0x1890  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:02:49.0790 0x1890  BrUsbSer - ok
18:02:49.0852 0x1890  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
18:02:49.0930 0x1890  BthEnum - ok
18:02:49.0946 0x1890  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:02:49.0977 0x1890  BTHMODEM - ok
18:02:50.0008 0x1890  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:02:50.0008 0x1890  BthPan - ok
18:02:50.0117 0x1890  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
18:02:50.0180 0x1890  BTHPORT - ok
18:02:50.0226 0x1890  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:02:50.0289 0x1890  bthserv - ok
18:02:50.0320 0x1890  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
18:02:50.0382 0x1890  BTHUSB - ok
18:02:50.0429 0x1890  [ 962BD3689E2C85F0BA97F3D7E7BA540B ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
18:02:50.0445 0x1890  btmaux - ok
18:02:50.0460 0x1890  [ EC1220B647F0D995DA5CAD4153454779 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
18:02:50.0507 0x1890  btmhsf - ok
18:02:50.0523 0x1890  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:02:50.0538 0x1890  cdfs - ok
18:02:50.0585 0x1890  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:02:50.0632 0x1890  cdrom - ok
18:02:50.0648 0x1890  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:02:50.0679 0x1890  CertPropSvc - ok
18:02:50.0710 0x1890  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
18:02:50.0741 0x1890  circlass - ok
18:02:50.0772 0x1890  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:02:50.0804 0x1890  CLFS - ok
18:02:50.0866 0x1890  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:02:50.0882 0x1890  clr_optimization_v2.0.50727_32 - ok
18:02:50.0991 0x1890  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:02:51.0038 0x1890  clr_optimization_v2.0.50727_64 - ok
18:02:51.0147 0x1890  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:02:51.0147 0x1890  clr_optimization_v4.0.30319_32 - ok
18:02:51.0178 0x1890  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:02:51.0178 0x1890  clr_optimization_v4.0.30319_64 - ok
18:02:51.0240 0x1890  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:02:51.0303 0x1890  CmBatt - ok
18:02:51.0318 0x1890  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:02:51.0334 0x1890  cmdide - ok
18:02:51.0401 0x1890  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
18:02:51.0464 0x1890  CNG - ok
18:02:51.0526 0x1890  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:02:51.0542 0x1890  Compbatt - ok
18:02:51.0573 0x1890  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:02:51.0589 0x1890  CompositeBus - ok
18:02:51.0604 0x1890  COMSysApp - ok
18:02:51.0620 0x1890  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:02:51.0667 0x1890  crcdisk - ok
18:02:51.0698 0x1890  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:02:51.0698 0x1890  CryptSvc - ok
18:02:51.0776 0x1890  [ DF214BFF646880D0EB31BDC86136B29B ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
18:02:51.0823 0x1890  CtClsFlt - ok
18:02:52.0088 0x1890  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:02:52.0103 0x1890  cvhsvc - ok
18:02:52.0197 0x1890  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:02:52.0213 0x1890  DcomLaunch - ok
18:02:52.0291 0x1890  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:02:52.0337 0x1890  defragsvc - ok
18:02:52.0353 0x1890  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:02:52.0384 0x1890  DfsC - ok
18:02:52.0431 0x1890  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:02:52.0478 0x1890  Dhcp - ok
18:02:52.0509 0x1890  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:02:52.0525 0x1890  discache - ok
18:02:52.0556 0x1890  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
18:02:52.0603 0x1890  Disk - ok
18:02:52.0649 0x1890  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:02:52.0712 0x1890  Dnscache - ok
18:02:52.0743 0x1890  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:02:52.0805 0x1890  dot3svc - ok
18:02:52.0821 0x1890  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:02:52.0852 0x1890  DPS - ok
18:02:52.0883 0x1890  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:02:52.0899 0x1890  drmkaud - ok
18:02:52.0961 0x1890  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:02:53.0008 0x1890  DXGKrnl - ok
18:02:53.0055 0x1890  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:02:53.0102 0x1890  EapHost - ok
18:02:53.0227 0x1890  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:02:53.0497 0x1890  ebdrv - ok
18:02:53.0544 0x1890  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:02:53.0559 0x1890  EFS - ok
18:02:53.0715 0x1890  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:02:53.0731 0x1890  ehRecvr - ok
18:02:53.0746 0x1890  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:02:53.0746 0x1890  ehSched - ok
18:02:53.0793 0x1890  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:02:53.0840 0x1890  elxstor - ok
18:02:53.0856 0x1890  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:02:53.0871 0x1890  ErrDev - ok
18:02:53.0918 0x1890  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:02:53.0934 0x1890  EventSystem - ok
18:02:54.0214 0x1890  [ ED8FBADBBAF7420ADEAE2D5D81F0D4A1 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:02:54.0230 0x1890  EvtEng - ok
18:02:54.0308 0x1890  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:02:54.0402 0x1890  exfat - ok
18:02:54.0464 0x1890  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:02:54.0526 0x1890  fastfat - ok
18:02:54.0714 0x1890  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:02:54.0776 0x1890  Fax - ok
18:02:54.0792 0x1890  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
18:02:54.0807 0x1890  fdc - ok
18:02:54.0823 0x1890  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:02:54.0838 0x1890  fdPHost - ok
18:02:54.0854 0x1890  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:02:54.0885 0x1890  FDResPub - ok
18:02:54.0916 0x1890  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:02:54.0963 0x1890  FileInfo - ok
18:02:54.0979 0x1890  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:02:54.0994 0x1890  Filetrace - ok
18:02:55.0026 0x1890  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:02:55.0041 0x1890  flpydisk - ok
18:02:55.0057 0x1890  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:02:55.0088 0x1890  FltMgr - ok
18:02:55.0166 0x1890  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
18:02:55.0213 0x1890  FontCache - ok
18:02:55.0306 0x1890  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:02:55.0306 0x1890  FontCache3.0.0.0 - ok
18:02:55.0353 0x1890  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:02:55.0389 0x1890  FsDepends - ok
18:02:55.0405 0x1890  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:02:55.0483 0x1890  Fs_Rec - ok
18:02:55.0545 0x1890  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:02:55.0608 0x1890  fvevol - ok
18:02:55.0623 0x1890  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:02:55.0655 0x1890  gagp30kx - ok
18:02:55.0717 0x1890  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
18:02:55.0779 0x1890  GoToAssist - ok
18:02:55.0889 0x1890  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:02:55.0935 0x1890  gpsvc - ok
18:02:55.0967 0x1890  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:02:56.0013 0x1890  hcw85cir - ok
18:02:56.0045 0x1890  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:02:56.0045 0x1890  HDAudBus - ok
18:02:56.0060 0x1890  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:02:56.0107 0x1890  HidBatt - ok
18:02:56.0169 0x1890  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:02:56.0201 0x1890  HidBth - ok
18:02:56.0247 0x1890  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:02:56.0294 0x1890  HidIr - ok
18:02:56.0372 0x1890  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:02:56.0403 0x1890  hidserv - ok
18:02:56.0450 0x1890  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:02:56.0466 0x1890  HidUsb - ok
18:02:56.0481 0x1890  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:02:56.0513 0x1890  hkmsvc - ok
18:02:56.0591 0x1890  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:02:56.0637 0x1890  HomeGroupListener - ok
18:02:56.0653 0x1890  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:02:56.0684 0x1890  HomeGroupProvider - ok
18:02:56.0715 0x1890  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:02:56.0762 0x1890  HpSAMD - ok
18:02:57.0137 0x1890  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:02:57.0152 0x1890  HPSLPSVC - ok
18:02:57.0199 0x1890  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:02:57.0261 0x1890  HTTP - ok
18:02:57.0293 0x1890  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:02:57.0308 0x1890  hwpolicy - ok
18:02:57.0324 0x1890  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:02:57.0355 0x1890  i8042prt - ok
18:02:57.0407 0x1890  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\drivers\iaStor.sys
18:02:57.0407 0x1890  iaStor - ok
18:02:57.0454 0x1890  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:02:57.0500 0x1890  iaStorV - ok
18:02:57.0547 0x1890  [ E44F0B4DC753C14930B8DC48BB7A1644 ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
18:02:57.0594 0x1890  iBtFltCoex - ok
18:02:57.0703 0x1890  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:02:57.0734 0x1890  idsvc - ok
18:02:58.0624 0x1890  [ A47D902F5C0C43DCF5EE2CAE02BF39A8 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:02:59.0310 0x1890  igfx - ok
18:02:59.0341 0x1890  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:02:59.0388 0x1890  iirsp - ok
18:02:59.0611 0x1890  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:02:59.0658 0x1890  IKEEXT - ok
18:02:59.0689 0x1890  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\drivers\Impcd.sys
18:02:59.0736 0x1890  Impcd - ok
18:02:59.0783 0x1890  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
18:02:59.0830 0x1890  intaud_WaveExtensible - ok
18:03:00.0001 0x1890  [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:03:00.0064 0x1890  IntcAzAudAddService - ok
18:03:00.0079 0x1890  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
18:03:00.0142 0x1890  IntcDAud - ok
18:03:00.0173 0x1890  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:03:00.0204 0x1890  intelide - ok
18:03:00.0267 0x1890  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:03:00.0267 0x1890  intelppm - ok
18:03:00.0313 0x1890  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:03:00.0376 0x1890  IPBusEnum - ok
18:03:00.0391 0x1890  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:03:00.0423 0x1890  IpFilterDriver - ok
18:03:00.0438 0x1890  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:03:00.0501 0x1890  iphlpsvc - ok
18:03:00.0516 0x1890  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:03:00.0532 0x1890  IPMIDRV - ok
18:03:00.0547 0x1890  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:03:00.0579 0x1890  IPNAT - ok
18:03:00.0610 0x1890  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:03:00.0625 0x1890  IRENUM - ok
18:03:00.0657 0x1890  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:03:00.0672 0x1890  isapnp - ok
18:03:00.0688 0x1890  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:03:00.0719 0x1890  iScsiPrt - ok
18:03:00.0750 0x1890  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
18:03:00.0766 0x1890  iwdbus - ok
18:03:00.0781 0x1890  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:03:00.0813 0x1890  kbdclass - ok
18:03:00.0813 0x1890  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:03:00.0844 0x1890  kbdhid - ok
18:03:00.0875 0x1890  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:03:00.0875 0x1890  KeyIso - ok
18:03:00.0906 0x1890  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:03:00.0937 0x1890  KSecDD - ok
18:03:00.0969 0x1890  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:03:01.0000 0x1890  KSecPkg - ok
18:03:01.0015 0x1890  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:03:01.0031 0x1890  ksthunk - ok
18:03:01.0062 0x1890  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:03:01.0093 0x1890  KtmRm - ok
18:03:01.0171 0x1890  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:03:01.0234 0x1890  LanmanServer - ok
18:03:01.0265 0x1890  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:03:01.0296 0x1890  LanmanWorkstation - ok
18:03:01.0327 0x1890  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:03:01.0359 0x1890  lltdio - ok
18:03:01.0392 0x1890  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:03:01.0455 0x1890  lltdsvc - ok
18:03:01.0486 0x1890  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:03:01.0533 0x1890  lmhosts - ok
18:03:01.0580 0x1890  [ 7F32D4C47A50E7223491E8FB9359907D ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:03:01.0595 0x1890  LMS - ok
18:03:01.0611 0x1890  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:03:01.0658 0x1890  LSI_FC - ok
18:03:01.0689 0x1890  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:03:01.0720 0x1890  LSI_SAS - ok
18:03:01.0720 0x1890  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:03:01.0751 0x1890  LSI_SAS2 - ok
18:03:01.0767 0x1890  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:03:01.0814 0x1890  LSI_SCSI - ok
18:03:01.0829 0x1890  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:03:01.0860 0x1890  luafv - ok
18:03:01.0892 0x1890  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:03:01.0923 0x1890  Mcx2Svc - ok
18:03:01.0938 0x1890  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:03:01.0954 0x1890  megasas - ok
18:03:01.0985 0x1890  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:03:02.0001 0x1890  MegaSR - ok
18:03:02.0032 0x1890  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
18:03:02.0079 0x1890  MEIx64 - ok
18:03:02.0126 0x1890  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:03:02.0172 0x1890  MMCSS - ok
18:03:02.0235 0x1890  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:03:02.0282 0x1890  Modem - ok
18:03:02.0297 0x1890  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:03:02.0297 0x1890  monitor - ok
18:03:02.0313 0x1890  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:03:02.0360 0x1890  mouclass - ok
18:03:02.0391 0x1890  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:03:02.0406 0x1890  mouhid - ok
18:03:02.0422 0x1890  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:03:02.0438 0x1890  mountmgr - ok
18:03:02.0516 0x1890  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:03:02.0578 0x1890  MozillaMaintenance - ok
18:03:02.0594 0x1890  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:03:02.0625 0x1890  mpio - ok
18:03:02.0656 0x1890  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:03:02.0687 0x1890  mpsdrv - ok
18:03:02.0703 0x1890  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:03:02.0781 0x1890  MpsSvc - ok
18:03:02.0796 0x1890  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:03:02.0828 0x1890  MRxDAV - ok
18:03:02.0859 0x1890  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:03:02.0906 0x1890  mrxsmb - ok
18:03:02.0921 0x1890  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:03:02.0984 0x1890  mrxsmb10 - ok
18:03:03.0015 0x1890  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:03:03.0062 0x1890  mrxsmb20 - ok
18:03:03.0093 0x1890  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:03:03.0124 0x1890  msahci - ok
18:03:03.0155 0x1890  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:03:03.0186 0x1890  msdsm - ok
18:03:03.0202 0x1890  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:03:03.0218 0x1890  MSDTC - ok
18:03:03.0233 0x1890  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:03:03.0264 0x1890  Msfs - ok
18:03:03.0296 0x1890  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:03:03.0296 0x1890  mshidkmdf - ok
18:03:03.0311 0x1890  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:03:03.0327 0x1890  msisadrv - ok
18:03:03.0358 0x1890  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:03:03.0394 0x1890  MSiSCSI - ok
18:03:03.0394 0x1890  msiserver - ok
18:03:03.0425 0x1890  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:03:03.0441 0x1890  MSKSSRV - ok
18:03:03.0472 0x1890  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:03:03.0503 0x1890  MSPCLOCK - ok
18:03:03.0535 0x1890  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:03:03.0535 0x1890  MSPQM - ok
18:03:03.0566 0x1890  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:03:03.0613 0x1890  MsRPC - ok
18:03:03.0628 0x1890  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:03:03.0628 0x1890  mssmbios - ok
18:03:03.0644 0x1890  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:03:03.0659 0x1890  MSTEE - ok
18:03:03.0691 0x1890  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:03:03.0706 0x1890  MTConfig - ok
18:03:03.0722 0x1890  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:03:03.0753 0x1890  Mup - ok
18:03:03.0800 0x1890  [ F02A154FDE5DA779E971352256E64CFF ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:03:03.0862 0x1890  MyWiFiDHCPDNS - ok
18:03:03.0940 0x1890  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:03:03.0956 0x1890  napagent - ok
18:03:04.0003 0x1890  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:03:04.0065 0x1890  NativeWifiP - ok
18:03:04.0143 0x1890  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:03:04.0159 0x1890  NDIS - ok
18:03:04.0190 0x1890  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:03:04.0205 0x1890  NdisCap - ok
18:03:04.0252 0x1890  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:03:04.0268 0x1890  NdisTapi - ok
18:03:04.0299 0x1890  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:03:04.0346 0x1890  Ndisuio - ok
18:03:04.0361 0x1890  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:03:04.0393 0x1890  NdisWan - ok
18:03:04.0393 0x1890  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:03:04.0424 0x1890  NDProxy - ok
18:03:04.0502 0x1890  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:03:04.0517 0x1890  Net Driver HPZ12 - ok
18:03:04.0549 0x1890  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:03:04.0580 0x1890  NetBIOS - ok
18:03:04.0595 0x1890  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:03:04.0611 0x1890  NetBT - ok
18:03:04.0627 0x1890  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:03:04.0627 0x1890  Netlogon - ok
18:03:04.0658 0x1890  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:03:04.0720 0x1890  Netman - ok
18:03:04.0751 0x1890  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:03:04.0751 0x1890  NetMsmqActivator - ok
18:03:04.0767 0x1890  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:03:04.0767 0x1890  NetPipeActivator - ok
18:03:04.0798 0x1890  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:03:04.0798 0x1890  netprofm - ok
18:03:04.0798 0x1890  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:03:04.0798 0x1890  NetTcpActivator - ok
18:03:04.0798 0x1890  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:03:04.0814 0x1890  NetTcpPortSharing - ok
18:03:05.0282 0x1890  [ C3FC3EEE5A0CE77A02B27CFDFAF0C758 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
18:03:05.0739 0x1890  NETwNs64 - ok
18:03:05.0786 0x1890  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:03:05.0802 0x1890  nfrd960 - ok
18:03:05.0833 0x1890  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:03:05.0895 0x1890  NlaSvc - ok
18:03:05.0911 0x1890  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:03:05.0942 0x1890  Npfs - ok
18:03:05.0958 0x1890  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:03:06.0004 0x1890  nsi - ok
18:03:06.0004 0x1890  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:03:06.0036 0x1890  nsiproxy - ok
18:03:06.0114 0x1890  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:03:06.0192 0x1890  Ntfs - ok
18:03:06.0223 0x1890  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:03:06.0238 0x1890  Null - ok
18:03:06.0270 0x1890  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
18:03:06.0316 0x1890  nusb3hub - ok
18:03:06.0363 0x1890  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:03:06.0410 0x1890  nusb3xhc - ok
18:03:06.0426 0x1890  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:03:06.0504 0x1890  nvraid - ok
18:03:06.0582 0x1890  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:03:06.0660 0x1890  nvstor - ok
18:03:06.0706 0x1890  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:03:06.0769 0x1890  nv_agp - ok
18:03:06.0784 0x1890  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:03:06.0816 0x1890  ohci1394 - ok
18:03:06.0862 0x1890  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:03:06.0956 0x1890  ose - ok
18:03:07.0476 0x1890  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:03:07.0881 0x1890  osppsvc - ok
18:03:07.0913 0x1890  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:03:07.0959 0x1890  p2pimsvc - ok
18:03:07.0991 0x1890  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:03:08.0022 0x1890  p2psvc - ok
18:03:08.0053 0x1890  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
18:03:08.0084 0x1890  Parport - ok
18:03:08.0115 0x1890  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:03:08.0147 0x1890  partmgr - ok
18:03:08.0147 0x1890  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:03:08.0178 0x1890  PcaSvc - ok
18:03:08.0225 0x1890  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:03:08.0271 0x1890  pci - ok
18:03:08.0287 0x1890  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:03:08.0303 0x1890  pciide - ok
18:03:08.0334 0x1890  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:03:08.0381 0x1890  pcmcia - ok
18:03:08.0412 0x1890  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:03:08.0427 0x1890  pcw - ok
18:03:08.0459 0x1890  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:03:08.0521 0x1890  PEAUTH - ok
18:03:08.0615 0x1890  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:03:08.0646 0x1890  PerfHost - ok
18:03:08.0693 0x1890  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:03:08.0786 0x1890  pla - ok
18:03:08.0817 0x1890  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:03:08.0880 0x1890  PlugPlay - ok
18:03:08.0927 0x1890  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:03:08.0942 0x1890  Pml Driver HPZ12 - ok
18:03:08.0958 0x1890  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:03:08.0973 0x1890  PNRPAutoReg - ok
18:03:09.0005 0x1890  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:03:09.0005 0x1890  PNRPsvc - ok
18:03:09.0036 0x1890  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:03:09.0098 0x1890  PolicyAgent - ok
18:03:09.0129 0x1890  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:03:09.0161 0x1890  Power - ok
18:03:09.0192 0x1890  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:03:09.0270 0x1890  PptpMiniport - ok
18:03:09.0285 0x1890  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
18:03:09.0301 0x1890  Processor - ok
18:03:09.0348 0x1890  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:03:09.0395 0x1890  ProfSvc - ok
18:03:09.0410 0x1890  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:03:09.0410 0x1890  ProtectedStorage - ok
18:03:09.0431 0x1890  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:03:09.0462 0x1890  Psched - ok
18:03:09.0493 0x1890  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
18:03:09.0540 0x1890  PxHlpa64 - ok
18:03:09.0587 0x1890  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:03:09.0649 0x1890  ql2300 - ok
18:03:09.0680 0x1890  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:03:09.0727 0x1890  ql40xx - ok
18:03:09.0758 0x1890  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:03:09.0790 0x1890  QWAVE - ok
18:03:09.0805 0x1890  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:03:09.0821 0x1890  QWAVEdrv - ok
18:03:09.0836 0x1890  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:03:09.0868 0x1890  RasAcd - ok
18:03:09.0883 0x1890  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:03:09.0914 0x1890  RasAgileVpn - ok
18:03:09.0930 0x1890  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:03:09.0946 0x1890  RasAuto - ok
18:03:09.0961 0x1890  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:03:09.0992 0x1890  Rasl2tp - ok
18:03:10.0024 0x1890  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:03:10.0086 0x1890  RasMan - ok
18:03:10.0102 0x1890  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:03:10.0133 0x1890  RasPppoe - ok
18:03:10.0148 0x1890  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:03:10.0180 0x1890  RasSstp - ok
18:03:10.0211 0x1890  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:03:10.0258 0x1890  rdbss - ok
18:03:10.0273 0x1890  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:03:10.0289 0x1890  rdpbus - ok
18:03:10.0320 0x1890  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:03:10.0351 0x1890  RDPCDD - ok
18:03:10.0367 0x1890  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:03:10.0367 0x1890  RDPENCDD - ok
18:03:10.0382 0x1890  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:03:10.0398 0x1890  RDPREFMP - ok
18:03:10.0445 0x1890  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:03:10.0476 0x1890  RdpVideoMiniport - ok
18:03:10.0507 0x1890  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:03:10.0538 0x1890  RDPWD - ok
18:03:10.0554 0x1890  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:03:10.0601 0x1890  rdyboost - ok
18:03:10.0679 0x1890  [ 3A1EF2F8D0808BECE6A2FEF3EA3987A5 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:03:10.0694 0x1890  RegSrvc - ok
18:03:10.0710 0x1890  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:03:10.0741 0x1890  RemoteAccess - ok
18:03:10.0772 0x1890  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:03:10.0804 0x1890  RemoteRegistry - ok
18:03:10.0850 0x1890  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:03:10.0897 0x1890  RFCOMM - ok
18:03:11.0006 0x1890  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
18:03:11.0069 0x1890  RoxMediaDB12OEM - ok
18:03:11.0100 0x1890  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
18:03:11.0100 0x1890  RoxWatch12 - ok
18:03:11.0147 0x1890  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:03:11.0194 0x1890  RpcEptMapper - ok
18:03:11.0225 0x1890  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:03:11.0240 0x1890  RpcLocator - ok
18:03:11.0256 0x1890  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:03:11.0256 0x1890  RpcSs - ok
18:03:11.0303 0x1890  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:03:11.0318 0x1890  rspndr - ok
18:03:11.0350 0x1890  [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
18:03:11.0381 0x1890  RSUSBSTOR - ok
18:03:11.0433 0x1890  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:03:11.0448 0x1890  RTL8167 - ok
18:03:11.0464 0x1890  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:03:11.0464 0x1890  SamSs - ok
18:03:11.0495 0x1890  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:03:11.0526 0x1890  sbp2port - ok
18:03:11.0557 0x1890  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:03:11.0589 0x1890  SCardSvr - ok
18:03:11.0589 0x1890  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:03:11.0604 0x1890  scfilter - ok
18:03:11.0635 0x1890  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:03:11.0729 0x1890  Schedule - ok
18:03:11.0745 0x1890  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:03:11.0745 0x1890  SCPolicySvc - ok
18:03:11.0760 0x1890  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:03:11.0791 0x1890  SDRSVC - ok
18:03:11.0823 0x1890  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:03:11.0838 0x1890  secdrv - ok
18:03:11.0854 0x1890  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:03:11.0869 0x1890  seclogon - ok
18:03:11.0901 0x1890  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:03:11.0947 0x1890  SENS - ok
18:03:11.0947 0x1890  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:03:11.0979 0x1890  SensrSvc - ok
18:03:11.0994 0x1890  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:03:12.0010 0x1890  Serenum - ok
18:03:12.0041 0x1890  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
18:03:12.0057 0x1890  Serial - ok
18:03:12.0103 0x1890  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:03:12.0181 0x1890  sermouse - ok
18:03:12.0197 0x1890  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:03:12.0228 0x1890  SessionEnv - ok
18:03:12.0244 0x1890  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:03:12.0259 0x1890  sffdisk - ok
18:03:12.0275 0x1890  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:03:12.0291 0x1890  sffp_mmc - ok
18:03:12.0306 0x1890  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:03:12.0322 0x1890  sffp_sd - ok
18:03:12.0337 0x1890  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:03:12.0353 0x1890  sfloppy - ok
18:03:12.0400 0x1890  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
18:03:12.0447 0x1890  Sftfs - ok
18:03:12.0493 0x1890  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:03:12.0509 0x1890  sftlist - ok
18:03:12.0540 0x1890  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:03:12.0556 0x1890  Sftplay - ok
18:03:12.0571 0x1890  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:03:12.0587 0x1890  Sftredir - ok
18:03:12.0681 0x1890  [ 74EC60E20516AAA573BE74F31175270F ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:03:12.0696 0x1890  SftService - ok
18:03:12.0727 0x1890  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
18:03:12.0743 0x1890  Sftvol - ok
18:03:12.0759 0x1890  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:03:12.0759 0x1890  sftvsa - ok
18:03:12.0790 0x1890  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:03:12.0883 0x1890  SharedAccess - ok
18:03:12.0899 0x1890  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:03:12.0961 0x1890  ShellHWDetection - ok
18:03:12.0993 0x1890  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:03:13.0024 0x1890  SiSRaid2 - ok
18:03:13.0039 0x1890  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:03:13.0071 0x1890  SiSRaid4 - ok
18:03:13.0149 0x1890  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:03:13.0447 0x1890  SkypeUpdate - ok
18:03:13.0479 0x1890  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:03:13.0510 0x1890  Smb - ok
18:03:13.0557 0x1890  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:03:13.0603 0x1890  SNMPTRAP - ok
18:03:13.0603 0x1890  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:03:13.0635 0x1890  spldr - ok
18:03:13.0666 0x1890  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:03:13.0697 0x1890  Spooler - ok
18:03:13.0806 0x1890  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:03:13.0822 0x1890  sppsvc - ok
18:03:13.0837 0x1890  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:03:13.0853 0x1890  sppuinotify - ok
18:03:13.0884 0x1890  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:03:13.0947 0x1890  srv - ok
18:03:13.0962 0x1890  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:03:13.0993 0x1890  srv2 - ok
18:03:14.0009 0x1890  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:03:14.0040 0x1890  srvnet - ok
18:03:14.0071 0x1890  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:03:14.0134 0x1890  SSDPSRV - ok
18:03:14.0149 0x1890  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:03:14.0165 0x1890  SstpSvc - ok
18:03:14.0196 0x1890  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:03:14.0227 0x1890  stexstor - ok
18:03:14.0274 0x1890  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:03:14.0368 0x1890  stisvc - ok
18:03:14.0399 0x1890  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:03:14.0461 0x1890  stllssvr - ok
18:03:14.0493 0x1890  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:03:14.0524 0x1890  swenum - ok
18:03:14.0539 0x1890  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:03:14.0602 0x1890  swprv - ok
18:03:14.0633 0x1890  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:03:14.0664 0x1890  SysMain - ok
18:03:14.0680 0x1890  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:03:14.0695 0x1890  TabletInputService - ok
18:03:14.0711 0x1890  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:03:14.0773 0x1890  TapiSrv - ok
18:03:14.0773 0x1890  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:03:14.0805 0x1890  TBS - ok
18:03:14.0883 0x1890  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:03:14.0992 0x1890  Tcpip - ok
18:03:15.0023 0x1890  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:03:15.0039 0x1890  TCPIP6 - ok
18:03:15.0054 0x1890  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:03:15.0085 0x1890  tcpipreg - ok
18:03:15.0101 0x1890  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:03:15.0117 0x1890  TDPIPE - ok
18:03:15.0132 0x1890  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:03:15.0163 0x1890  TDTCP - ok
18:03:15.0195 0x1890  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:03:15.0241 0x1890  tdx - ok
18:03:15.0257 0x1890  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:03:15.0273 0x1890  TermDD - ok
18:03:15.0304 0x1890  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:03:15.0335 0x1890  TermService - ok
18:03:15.0351 0x1890  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:03:15.0366 0x1890  Themes - ok
18:03:15.0397 0x1890  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:03:15.0397 0x1890  THREADORDER - ok
18:03:15.0447 0x1890  [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
18:03:15.0509 0x1890  tmactmon - ok
18:03:15.0540 0x1890  [ 360E61217D4E1E333583D0C721057F70 ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
18:03:15.0587 0x1890  tmcomm - ok
18:03:15.0603 0x1890  [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
18:03:15.0634 0x1890  tmevtmgr - ok
18:03:15.0650 0x1890  [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
18:03:15.0650 0x1890  tmtdi - ok
18:03:15.0759 0x1890  [ 0765EE4A7A0D6609BF91CA2E4700E885 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
18:03:15.0759 0x1890  TomTomHOMEService - ok
18:03:15.0790 0x1890  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:03:15.0837 0x1890  TrkWks - ok
18:03:15.0884 0x1890  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:03:15.0946 0x1890  TrustedInstaller - ok
18:03:15.0993 0x1890  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:03:16.0024 0x1890  tssecsrv - ok
18:03:16.0055 0x1890  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:03:16.0086 0x1890  TsUsbFlt - ok
18:03:16.0118 0x1890  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:03:16.0164 0x1890  TsUsbGD - ok
18:03:16.0211 0x1890  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:03:16.0258 0x1890  tunnel - ok
18:03:16.0305 0x1890  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
18:03:16.0336 0x1890  TurboB - ok
18:03:16.0414 0x1890  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:03:16.0461 0x1890  TurboBoost - ok
18:03:16.0476 0x1890  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:03:16.0492 0x1890  uagp35 - ok
18:03:16.0508 0x1890  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:03:16.0570 0x1890  udfs - ok
18:03:16.0586 0x1890  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:03:16.0617 0x1890  UI0Detect - ok
18:03:16.0648 0x1890  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:03:16.0664 0x1890  uliagpkx - ok
18:03:16.0695 0x1890  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:03:16.0710 0x1890  umbus - ok
18:03:16.0726 0x1890  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:03:16.0773 0x1890  UmPass - ok
18:03:16.0898 0x1890  [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:03:16.0898 0x1890  UNS - ok
18:03:16.0929 0x1890  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:03:16.0991 0x1890  upnphost - ok
18:03:17.0007 0x1890  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:03:17.0054 0x1890  usbccgp - ok
18:03:17.0069 0x1890  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:03:17.0100 0x1890  usbcir - ok
18:03:17.0132 0x1890  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:03:17.0147 0x1890  usbehci - ok
18:03:17.0194 0x1890  [ 8B892002D7B79312821169A14317AB86 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:03:17.0272 0x1890  usbhub - ok
18:03:17.0288 0x1890  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:03:17.0303 0x1890  usbohci - ok
18:03:17.0334 0x1890  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:03:17.0381 0x1890  usbprint - ok
18:03:17.0417 0x1890  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:03:17.0495 0x1890  usbscan - ok
18:03:17.0527 0x1890  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:03:17.0589 0x1890  USBSTOR - ok
18:03:17.0605 0x1890  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:03:17.0651 0x1890  usbuhci - ok
18:03:17.0683 0x1890  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:03:17.0714 0x1890  usbvideo - ok
18:03:17.0745 0x1890  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:03:17.0776 0x1890  UxSms - ok
18:03:17.0807 0x1890  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:03:17.0807 0x1890  VaultSvc - ok
18:03:17.0839 0x1890  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:03:17.0885 0x1890  vdrvroot - ok
18:03:17.0901 0x1890  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:03:17.0948 0x1890  vds - ok
18:03:17.0948 0x1890  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:03:17.0979 0x1890  vga - ok
18:03:17.0995 0x1890  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:03:18.0010 0x1890  VgaSave - ok
18:03:18.0041 0x1890  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:03:18.0073 0x1890  vhdmp - ok
18:03:18.0073 0x1890  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:03:18.0104 0x1890  viaide - ok
18:03:18.0104 0x1890  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:03:18.0119 0x1890  volmgr - ok
18:03:18.0135 0x1890  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:03:18.0166 0x1890  volmgrx - ok
18:03:18.0197 0x1890  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:03:18.0229 0x1890  volsnap - ok
18:03:18.0244 0x1890  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:03:18.0275 0x1890  vsmraid - ok
18:03:18.0338 0x1890  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:03:18.0447 0x1890  VSS - ok
18:03:18.0463 0x1890  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:03:18.0478 0x1890  vwifibus - ok
18:03:18.0494 0x1890  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:03:18.0525 0x1890  vwififlt - ok
18:03:18.0541 0x1890  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:03:18.0541 0x1890  vwifimp - ok
18:03:18.0572 0x1890  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:03:18.0619 0x1890  W32Time - ok
18:03:18.0650 0x1890  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:03:18.0681 0x1890  WacomPen - ok
18:03:18.0712 0x1890  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:03:18.0743 0x1890  WANARP - ok
18:03:18.0743 0x1890  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:03:18.0743 0x1890  Wanarpv6 - ok
18:03:18.0821 0x1890  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:03:18.0899 0x1890  WatAdminSvc - ok
18:03:18.0962 0x1890  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:03:19.0102 0x1890  wbengine - ok
18:03:19.0118 0x1890  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:03:19.0165 0x1890  WbioSrvc - ok
18:03:19.0180 0x1890  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:03:19.0211 0x1890  wcncsvc - ok
18:03:19.0227 0x1890  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:03:19.0243 0x1890  WcsPlugInService - ok
18:03:19.0258 0x1890  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
18:03:19.0289 0x1890  Wd - ok
18:03:19.0321 0x1890  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:03:19.0399 0x1890  Wdf01000 - ok
18:03:19.0399 0x1890  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:03:19.0435 0x1890  WdiServiceHost - ok
18:03:19.0435 0x1890  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:03:19.0435 0x1890  WdiSystemHost - ok
18:03:19.0497 0x1890  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:03:19.0528 0x1890  WebClient - ok
18:03:19.0544 0x1890  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:03:19.0560 0x1890  Wecsvc - ok
18:03:19.0591 0x1890  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:03:19.0591 0x1890  wercplsupport - ok
18:03:19.0622 0x1890  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:03:19.0669 0x1890  WerSvc - ok
18:03:19.0700 0x1890  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:03:19.0716 0x1890  WfpLwf - ok
18:03:19.0762 0x1890  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
18:03:19.0809 0x1890  WimFltr - ok
18:03:19.0840 0x1890  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:03:19.0856 0x1890  WIMMount - ok
18:03:19.0887 0x1890  WinDefend - ok
18:03:19.0903 0x1890  WinHttpAutoProxySvc - ok
18:03:19.0965 0x1890  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:03:20.0028 0x1890  Winmgmt - ok
18:03:20.0090 0x1890  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:03:20.0215 0x1890  WinRM - ok
18:03:20.0262 0x1890  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:03:20.0293 0x1890  Wlansvc - ok
18:03:20.0324 0x1890  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:03:20.0355 0x1890  wlcrasvc - ok
18:03:20.0464 0x1890  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:03:20.0464 0x1890  wlidsvc - ok
18:03:20.0496 0x1890  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:03:20.0496 0x1890  WmiAcpi - ok
18:03:20.0511 0x1890  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:03:20.0589 0x1890  wmiApSrv - ok
18:03:20.0620 0x1890  WMPNetworkSvc - ok
18:03:20.0652 0x1890  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:03:20.0683 0x1890  WPCSvc - ok
18:03:20.0698 0x1890  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:03:20.0730 0x1890  WPDBusEnum - ok
18:03:20.0730 0x1890  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:03:20.0745 0x1890  ws2ifsl - ok
18:03:20.0776 0x1890  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:03:20.0776 0x1890  wscsvc - ok
18:03:20.0776 0x1890  WSearch - ok
18:03:20.0854 0x1890  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:03:20.0870 0x1890  wuauserv - ok
18:03:20.0901 0x1890  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:03:20.0948 0x1890  WudfPf - ok
18:03:20.0979 0x1890  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:03:21.0042 0x1890  WUDFRd - ok
18:03:21.0073 0x1890  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:03:21.0104 0x1890  wudfsvc - ok
18:03:21.0135 0x1890  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:03:21.0198 0x1890  WwanSvc - ok
18:03:21.0213 0x1890  ================ Scan global ===============================
18:03:21.0244 0x1890  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:03:21.0354 0x1890  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:03:21.0421 0x1890  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:03:21.0452 0x1890  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:03:21.0530 0x1890  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:03:21.0546 0x1890  [Global] - ok
18:03:21.0546 0x1890  ================ Scan MBR ==================================
18:03:21.0561 0x1890  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:03:22.0014 0x1890  \Device\Harddisk0\DR0 - ok
18:03:22.0014 0x1890  ================ Scan VBR ==================================
18:03:22.0014 0x1890  [ 69B675C5EA6DD149AC56D3E563999F70 ] \Device\Harddisk0\DR0\Partition1
18:03:22.0014 0x1890  \Device\Harddisk0\DR0\Partition1 - ok
18:03:22.0045 0x1890  [ 915C3A247FB5B28AB40D14CB4701C3BA ] \Device\Harddisk0\DR0\Partition2
18:03:22.0045 0x1890  \Device\Harddisk0\DR0\Partition2 - ok
18:03:22.0045 0x1890  ============================================================
18:03:22.0045 0x1890  Scan finished
18:03:22.0045 0x1890  ============================================================
18:03:22.0076 0x1b7c  Detected object count: 0
18:03:22.0076 0x1b7c  Actual detected object count: 0
18:04:15.0017 0x0ad4  Deinitialize success
 

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

AdwCleaner; for some reason this program created 2 files on my HDD so I am including them both. Also at some point I must have had another copy of it because there were some much older files marked adwcleaner r1 & s1 that I deleted so as not to confuse them with what we are doing now.

 

1st file was saved as AdwCleaner (R2)

 

# AdwCleaner v2.306 - Logfile created 08/19/2013 at 18:05:03
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Mario - MARIO-PC
# Boot Mode : Normal
# Running from : C:\Users\Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSWPL9FO\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
File Found : C:\Users\Mario\Desktop\jZip.lnk
Folder Found : C:\Program Files (x86)\jZip
Folder Found : C:\ProgramData\APN
Folder Found : C:\Users\Mario\AppData\Local\jZip
Folder Found : C:\Users\Mario\AppData\Local\Temp\jZip
Folder Found : C:\Users\Mario\AppData\Roaming\DSite
Folder Found : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3muj2wlq.default\FCTB

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\jZip
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\Software\jZip
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0.1 (en-US)

File : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3muj2wlq.default\prefs.js

Found : user_pref("browser.search.selectedEngine", "Search the Web");
Found : user_pref("freecauseb987141395b701c469cf961a01420158.AutoSearchEventData", "auto%20search");
Found : user_pref("freecauseb987141395b701c469cf961a01420158.ClearCacheDate", 19);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.DNSCatch", true);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.DisplayEULA", true);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.DnsCatchEventData", "dns%20catch");
Found : user_pref("freecauseb987141395b701c469cf961a01420158.EBOMode", false);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.EnableDCAData_xx", true);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.EnableDCA_xx", false);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.FirstLaunchShown", true);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.InstallDomain", "upromise.com");
Found : user_pref("freecauseb987141395b701c469cf961a01420158.InstallType", "one_click");
Found : user_pref("freecauseb987141395b701c469cf961a01420158.NewTabSearchEventData", "tab%20search");
Found : user_pref("freecauseb987141395b701c469cf961a01420158.ShowRecommendedOptions", true);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.StateReportDate", "1376795568364");
Found : user_pref("freecauseb987141395b701c469cf961a01420158.TopRightSearchEventData", "top%20right%20search[...]
Found : user_pref("freecauseb987141395b701c469cf961a01420158.beforeInstallSaved", true);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.beforeinstall.homepage", "hxxp%3A//www.google.c[...]
Found : user_pref("freecauseb987141395b701c469cf961a01420158.beforeinstall.search", "Google");
Found : user_pref("freecauseb987141395b701c469cf961a01420158.comp.affiliate.116.disabled", false);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.58.engine_img", "aHR0cHM6Ly9zdGF0aW[...]
Found : user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.58.engine_url", "aHR0cDovL29sbWNkbi[...]
Found : user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.58.text", "Search%20the%20Web");
Found : user_pref("freecauseb987141395b701c469cf961a01420158.customNewTab", false);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.dcaDefaultMode", false);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.dcaShowInstallerPage", false);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.dcaShowSurvey", true);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.helpUsImprove", true);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.hideOthers", true);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.partnerauth", false);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.processAddrBar", true);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.remove_homepage", true);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.remove_search", true);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.restoreSearch", false);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.searchHistory", false);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.session", "7005DD645C5C0E0CE472555E46335A86C88D[...]
Found : user_pref("freecauseb987141395b701c469cf961a01420158.showFirstLaunchOptions", false);
Found : user_pref("freecauseb987141395b701c469cf961a01420158.tb_lang", "en");
Found : user_pref("freecauseb987141395b701c469cf961a01420158.tool_id", "100987");
Found : user_pref("freecauseb987141395b701c469cf961a01420158.user_id", "78162");
Found : user_pref("freecauseb987141395b701c469cf961a01420158.user_key", "be71088d0e84053ad81f14297d6000ff68b[...]
Found : user_pref("freecauseb987141395b701c469cf961a01420158.user_layouts", "100987");
Found : user_pref("freecauseb987141395b701c469cf961a01420158.vars.display_state", "show");
Found : user_pref("freecauseb987141395b701c469cf961a01420158.xml_service_url", "cf2788bd15fe5bcbc566786e33a9[...]
Found : user_pref("freecauseb987141395b701c469cf961a01420158.yahooSearch", false);

*************************

AdwCleaner[R1].txt - [4375 octets] - [22/03/2013 14:21:49]
AdwCleaner[R2].txt - [6745 octets] - [19/08/2013 18:05:03]
AdwCleaner[S1].txt - [4364 octets] - [22/03/2013 14:22:41]

########## EOF - C:\AdwCleaner[R2].txt - [6865 octets] ##########

 

2nd file was saved as AdwCleaner (S2)

 

# AdwCleaner v2.306 - Logfile created 08/19/2013 at 18:06:04
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Mario - MARIO-PC
# Boot Mode : Normal
# Running from : C:\Users\Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSWPL9FO\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
File Deleted : C:\Users\Mario\Desktop\jZip.lnk
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\Users\Mario\AppData\Local\jZip
Folder Deleted : C:\Users\Mario\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\Mario\AppData\Roaming\DSite
Folder Deleted : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3muj2wlq.default\FCTB

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0.1 (en-US)

File : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3muj2wlq.default\prefs.js

C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3muj2wlq.default\user.js ... Deleted !

Deleted : user_pref("browser.search.selectedEngine", "Search the Web");
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.ClearCacheDate", 19);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.DNSCatch", true);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.DisplayEULA", true);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.EBOMode", false);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.EnableDCAData_xx", true);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.EnableDCA_xx", false);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.FirstLaunchShown", true);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.InstallDomain", "upromise.com");
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.InstallType", "one_click");
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.ShowRecommendedOptions", true);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.StateReportDate", "1376795568364");
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.beforeInstallSaved", true);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.beforeinstall.homepage", "hxxp%3A//www.google.c[...]
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.beforeinstall.search", "Google");
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.comp.affiliate.116.disabled", false);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.58.engine_img", "aHR0cHM6Ly9zdGF0aW[...]
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.58.engine_url", "aHR0cDovL29sbWNkbi[...]
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.58.text", "Search%20the%20Web");
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.customNewTab", false);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.dcaDefaultMode", false);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.dcaShowInstallerPage", false);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.dcaShowSurvey", true);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.helpUsImprove", true);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.hideOthers", true);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.partnerauth", false);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.processAddrBar", true);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.remove_homepage", true);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.remove_search", true);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.restoreSearch", false);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.searchHistory", false);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.session", "7005DD645C5C0E0CE472555E46335A86C88D[...]
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.showFirstLaunchOptions", false);
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.tb_lang", "en");
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.tool_id", "100987");
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.user_id", "78162");
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.user_key", "be71088d0e84053ad81f14297d6000ff68b[...]
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.user_layouts", "100987");
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.vars.display_state", "show");
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.xml_service_url", "cf2788bd15fe5bcbc566786e33a9[...]
Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.yahooSearch", false);

*************************

AdwCleaner[R1].txt - [4375 octets] - [22/03/2013 14:21:49]
AdwCleaner[R2].txt - [6934 octets] - [19/08/2013 18:05:03]
AdwCleaner[S1].txt - [4364 octets] - [22/03/2013 14:22:41]
AdwCleaner[S2].txt - [7103 octets] - [19/08/2013 18:06:04]

########## EOF - C:\AdwCleaner[S2].txt - [7163 octets] ##########

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

ESET Log;

 

C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\datamngr.dll a variant of Win64/Toolbar.SearchSuite.A application cleaned by deleting - quarantined
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll a variant of Win64/Toolbar.SearchSuite.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Users\Mario\AppData\Local\Temp\OtCqQb0X.exe.part Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\Mario\AppData\Local\Temp\TIlCjgij.exe.part a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined
C:\Users\Mario\AppData\Local\Temp\is357113909\uninstaller.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Users\Mario\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3muj2wlq.default\extensions\gpgxexiuan@gpgxexiuan.org.xpi Win32/TrojanDownloader.Tracur.AD.Gen trojan deleted - quarantined
C:\Users\Mario\Downloads\ZipOpenerSetup.exe a variant of Win32/InstallCore.CF application cleaned by deleting - quarantined
 

That's all for now... I look forward to your scrutiny of these files.

 

Mario



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:55 PM

Posted 20 August 2013 - 09:55 AM

OK, good Adwcleaner was changed after I posted to post 2 logs now. I need to fix my instructions now.

This was a good clean.. I would like to run two last scans ,both quick.

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 DadOhs

DadOhs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 20 August 2013 - 01:59 PM

Ok I've run the 2 apps as requested, Here are the logs for your perusal:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.1 (08.19.2013:1)
OS: Windows 7 Home Premium x64
Ran by Mario on Tue 08/20/2013 at 13:46:21.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrixeeker

 

~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\shoE8C8.tmp

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\Mario\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Mario\appdata\local\{02F8303A-6B82-4446-971C-F55B140308C3}
Successfully deleted: [Empty Folder] C:\Users\Mario\appdata\local\{446B0E50-ECA7-45B0-B0CA-02DB8584162F}
Successfully deleted: [Empty Folder] C:\Users\Mario\appdata\local\{764220DF-BC27-4905-BBCF-0746FDE18AA9}
Successfully deleted: [Empty Folder] C:\Users\Mario\appdata\local\{80A1A3FF-5B25-4C6C-BD54-171F7441C9F2}
Successfully deleted: [Empty Folder] C:\Users\Mario\appdata\local\{965FA31B-DF64-4DE3-B850-62681F9D6E2F}
Successfully deleted: [Empty Folder] C:\Users\Mario\appdata\local\{A12CEF0C-25E8-405A-B479-9C989EEA09A5}
Successfully deleted: [Empty Folder] C:\Users\Mario\appdata\local\{C2F5EE55-0E31-4EF2-9413-FB3704E11019}
Successfully deleted: [Empty Folder] C:\Users\Mario\appdata\local\{F8027CD0-A342-45E3-B45A-D544A109C7D8}
Successfully deleted: [Empty Folder] C:\Users\Mario\appdata\local\{FE92C634-2425-4361-A46F-B4467DDD64F6}

 

~~~ FireFox

Emptied folder: C:\Users\Mario\AppData\Roaming\mozilla\firefox\profiles\3muj2wlq.default\minidumps [616 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/20/2013 at 13:50:54.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

RKILL

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/20/2013 02:55:29 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\Mario\Desktop\rkill\rkill-08-20-2013-02-55-31.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 08/20/2013 02:55:59 PM
Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)

 

 

As always I await your expert opinion!! :)

 

Mario

aka DadOhs



#8 DadOhs

DadOhs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 21 August 2013 - 07:23 PM

I don't know if it is related, but every time I try go to a page in Firefox I get a pop up page with this address in it, which is blocked by my A/V trend micro. http://www.lnksr.com

 

Thanx for your time.

Mario



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:55 PM

Posted 22 August 2013 - 10:56 AM

You're welcome.
In FireFox it may be the Add ons/Plugins. First look for any unknown ADD Onsand disable. Or
Try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins

Keeping your third-party plugins up to date
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 DadOhs

DadOhs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 23 August 2013 - 06:26 PM

I disabled anything that  couldn't place and so far so good.... time will tell on that.

how about the rest of the scans... anything on them?

 

Once again... I appreciate all your help!!

 

Mario



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:55 PM

Posted 23 August 2013 - 08:53 PM

OK, you removed a lot of ad and spyware and a couple info stealers,so change your passwords now.

Then create a new restore point and you are good to go.

[url=]http://www.bleepingcomputer.com/tutorials/tutorial56.html]Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.

Edited by boopme, 23 August 2013 - 08:54 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 DadOhs

DadOhs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 24 August 2013 - 10:02 PM

ok, when I did this, Go to Start > Programs > Accessories > System Tools and click "System Restore".

There was an option in there to delete the restore points so I did that first and it said it would delete all restore points on the PC. So I went ahead and deleted all the restore points and created a new one, and I am about to reboot... will post again in a minute.



#13 DadOhs

DadOhs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 24 August 2013 - 10:07 PM

ok, it looks like everything is running with no issues!!

 

Once again, Thank You for all your help!!

I guess you can close this thread and chalk one more satisfied person, who will promote this site to everyone!!

 

Have a great tomorrow!!

 

Mario



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:55 PM

Posted 25 August 2013 - 10:38 PM

Thanks Mario,glad to have helped.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users