Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads and other annoying pop ups, cant remove it(((


  • Please log in to reply
23 replies to this topic

#1 superia

superia

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 31 August 2013 - 01:48 PM

Hi i have a problem some random ads opens up and i cant close them and some other ads saying i dont have some plugins((( how to remove them? i've read that you have to

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.
 

 but i dont know how to do log report that it suggesting me here in the 1st step. now im trying to download the second program aswMBR. and see how it goes any help? please!!! :help: :help: :help: :(  :(  :(  :bowdown:  :bowdown:  :bowdown:  :killcomp:  :killcomp:  :killcomp:


Edited by superia, 31 August 2013 - 02:00 PM.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:38 PM

Posted 31 August 2013 - 03:40 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us
 

  • Please do NOT run, install or uninstall any programs,  unless instructed to do so.
    We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.


NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

step1.gif

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!


  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.



step2.gif

Please download AdwCleaner by Xplode onto your desktop.


  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.



step3.gif

Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.



step4.gif

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:


  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points

NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 superia

superia
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 05 September 2013 - 03:02 PM

hi. im trying now to save everything. it's a lot of information(((

there is no way to keep? everything would be deleted?



#4 superia

superia
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 08 September 2013 - 12:40 PM

13:35:01.0442 0x13e0  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
13:35:01.0819 0x13e0  ============================================================
13:35:01.0819 0x13e0  Current date / time: 2013/09/08 13:35:01.0819
13:35:01.0819 0x13e0  SystemInfo:
13:35:01.0819 0x13e0 
13:35:01.0819 0x13e0  OS Version: 6.0.6002 ServicePack: 2.0
13:35:01.0819 0x13e0  Product type: Workstation
13:35:01.0819 0x13e0  ComputerName: INNA-PC
13:35:01.0820 0x13e0  UserName: Inna
13:35:01.0820 0x13e0  Windows directory: C:\Windows
13:35:01.0820 0x13e0  System windows directory: C:\Windows
13:35:01.0820 0x13e0  Running under WOW64
13:35:01.0820 0x13e0  Processor architecture: Intel x64
13:35:01.0820 0x13e0  Number of processors: 2
13:35:01.0820 0x13e0  Page size: 0x1000
13:35:01.0820 0x13e0  Boot type: Normal boot
13:35:01.0820 0x13e0  ============================================================
13:35:02.0475 0x13e0  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:35:02.0481 0x13e0  ============================================================
13:35:02.0481 0x13e0  \Device\Harddisk0\DR0:
13:35:02.0481 0x13e0  MBR partitions:
13:35:02.0481 0x13e0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x179E30DA
13:35:02.0511 0x13e0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x179E3158, BlocksNum 0x3A5F423
13:35:02.0511 0x13e0  ============================================================
13:35:02.0540 0x13e0  C: <-> \Device\Harddisk0\DR0\Partition1
13:35:02.0587 0x13e0  D: <-> \Device\Harddisk0\DR0\Partition2
13:35:02.0587 0x13e0  ============================================================
13:35:02.0587 0x13e0  Initialize success
13:35:02.0587 0x13e0  ============================================================
13:35:57.0547 0x1680  ============================================================
13:35:57.0547 0x1680  Scan started
13:35:57.0547 0x1680  Mode: Manual; SigCheck; TDLFS;
13:35:57.0547 0x1680  ============================================================
13:35:57.0821 0x1680  ================ Scan system memory ========================
13:35:57.0821 0x1680  System memory - ok
13:35:57.0821 0x1680  ================ Scan services =============================
13:35:58.0029 0x1680  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
13:35:58.0144 0x1680  ACPI - ok
13:35:58.0186 0x1680  [ 2E68544BCE94DE6677F700CF1D582B6D ] ACPIVPC         C:\Windows\system32\DRIVERS\AcpiVpc.sys
13:35:58.0204 0x1680  ACPIVPC - ok
13:35:58.0326 0x1680  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:35:58.0340 0x1680  AdobeARMservice - ok
13:35:58.0421 0x1680  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:35:58.0491 0x1680  adp94xx - ok
13:35:58.0537 0x1680  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:35:58.0561 0x1680  adpahci - ok
13:35:58.0584 0x1680  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
13:35:58.0600 0x1680  adpu160m - ok
13:35:58.0634 0x1680  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:35:58.0651 0x1680  adpu320 - ok
13:35:58.0709 0x1680  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:35:58.0841 0x1680  AeLookupSvc - ok
13:35:58.0934 0x1680  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD             C:\Windows\system32\drivers\afd.sys
13:35:59.0016 0x1680  AFD - ok
13:35:59.0079 0x1680  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:35:59.0093 0x1680  agp440 - ok
13:35:59.0157 0x1680  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:35:59.0173 0x1680  aic78xx - ok
13:35:59.0202 0x1680  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
13:35:59.0391 0x1680  ALG - ok
13:35:59.0438 0x1680  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:35:59.0451 0x1680  aliide - ok
13:35:59.0466 0x1680  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
13:35:59.0482 0x1680  amdide - ok
13:35:59.0517 0x1680  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:35:59.0595 0x1680  AmdK8 - ok
13:35:59.0668 0x1680  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
13:35:59.0732 0x1680  Appinfo - ok
13:35:59.0805 0x1680  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
13:35:59.0835 0x1680  arc - ok
13:35:59.0909 0x1680  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:35:59.0924 0x1680  arcsas - ok
13:35:59.0965 0x1680  [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService    C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe
13:36:00.0006 0x1680  ASLDRService ( UnsignedFile.Multi.Generic ) - warning
13:36:00.0006 0x1680  ASLDRService - detected UnsignedFile.Multi.Generic (1)
13:36:00.0067 0x1680  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:36:00.0119 0x1680  AsyncMac - ok
13:36:00.0197 0x1680  [ E68D9B3A3905619732F7FE039466A623 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:36:00.0211 0x1680  atapi - ok
13:36:00.0267 0x1680  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:36:00.0305 0x1680  AudioEndpointBuilder - ok
13:36:00.0314 0x1680  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:36:00.0350 0x1680  AudioSrv - ok
13:36:00.0407 0x1680  [ DC5F22480EC7BC7F2763856B98658B9A ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:36:00.0462 0x1680  b57nd60a - ok
13:36:00.0531 0x1680  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
13:36:00.0544 0x1680  BcmSqlStartupSvc - ok
13:36:00.0607 0x1680  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE             C:\Windows\System32\bfe.dll
13:36:00.0672 0x1680  BFE - ok
13:36:00.0753 0x1680  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\System32\qmgr.dll
13:36:00.0837 0x1680  BITS - ok
13:36:00.0914 0x1680  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
13:36:00.0951 0x1680  blbdrive - ok
13:36:00.0995 0x1680  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:36:01.0058 0x1680  bowser - ok
13:36:01.0097 0x1680  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
13:36:01.0125 0x1680  BrFiltLo - ok
13:36:01.0156 0x1680  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
13:36:01.0209 0x1680  BrFiltUp - ok
13:36:01.0256 0x1680  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
13:36:01.0301 0x1680  Browser - ok
13:36:01.0330 0x1680  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
13:36:01.0520 0x1680  Brserid - ok
13:36:01.0572 0x1680  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
13:36:01.0629 0x1680  BrSerWdm - ok
13:36:01.0655 0x1680  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
13:36:01.0744 0x1680  BrUsbMdm - ok
13:36:01.0774 0x1680  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
13:36:01.0845 0x1680  BrUsbSer - ok
13:36:01.0908 0x1680  [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
13:36:01.0940 0x1680  BthEnum - ok
13:36:01.0982 0x1680  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:36:02.0039 0x1680  BTHMODEM - ok
13:36:02.0063 0x1680  [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:36:02.0128 0x1680  BthPan - ok
13:36:02.0199 0x1680  [ E1466882252FF51EDDE48C3F7EDA2591 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
13:36:02.0342 0x1680  BTHPORT - ok
13:36:02.0491 0x1680  [ 22E65FFD640F16968F855F5B3528D366 ] BthServ         C:\Windows\System32\bthserv.dll
13:36:02.0521 0x1680  BthServ - ok
13:36:02.0557 0x1680  [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
13:36:02.0587 0x1680  BTHUSB - ok
13:36:02.0633 0x1680  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:36:02.0692 0x1680  cdfs - ok
13:36:02.0743 0x1680  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:36:02.0801 0x1680  cdrom - ok
13:36:02.0860 0x1680  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:36:02.0903 0x1680  CertPropSvc - ok
13:36:02.0929 0x1680  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:36:02.0978 0x1680  circlass - ok
13:36:03.0095 0x1680  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
13:36:03.0180 0x1680  CLFS - ok
13:36:03.0276 0x1680  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:36:03.0290 0x1680  clr_optimization_v2.0.50727_32 - ok
13:36:03.0337 0x1680  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:36:03.0350 0x1680  clr_optimization_v2.0.50727_64 - ok
13:36:03.0431 0x1680  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:36:03.0446 0x1680  clr_optimization_v4.0.30319_32 - ok
13:36:03.0513 0x1680  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:36:03.0527 0x1680  clr_optimization_v4.0.30319_64 - ok
13:36:03.0549 0x1680  [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:36:03.0601 0x1680  CmBatt - ok
13:36:03.0620 0x1680  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:36:03.0632 0x1680  cmdide - ok
13:36:03.0654 0x1680  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:36:03.0667 0x1680  Compbatt - ok
13:36:03.0673 0x1680  COMSysApp - ok
13:36:03.0685 0x1680  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:36:03.0698 0x1680  crcdisk - ok
13:36:03.0746 0x1680  [ 5AAC48EAF8EACF247DB44FB61B900D89 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:36:03.0779 0x1680  CryptSvc - ok
13:36:03.0854 0x1680  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:36:03.0911 0x1680  DcomLaunch - ok
13:36:03.0953 0x1680  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:36:03.0992 0x1680  DfsC - ok
13:36:04.0143 0x1680  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
13:36:04.0402 0x1680  DFSR - ok
13:36:04.0464 0x1680  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
13:36:04.0504 0x1680  Dhcp - ok
13:36:04.0531 0x1680  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
13:36:04.0545 0x1680  disk - ok
13:36:04.0581 0x1680  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:36:04.0613 0x1680  Dnscache - ok
13:36:04.0650 0x1680  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:36:04.0683 0x1680  dot3svc - ok
13:36:04.0718 0x1680  [ 74C02B1717740C3B8039539E23E4B53F ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
13:36:04.0769 0x1680  Dot4 - ok
13:36:04.0797 0x1680  [ 08321D1860235BF42CF2854234337AEA ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:36:04.0848 0x1680  Dot4Print - ok
13:36:04.0869 0x1680  [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
13:36:04.0925 0x1680  dot4usb - ok
13:36:04.0959 0x1680  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
13:36:05.0038 0x1680  DPS - ok
13:36:05.0086 0x1680  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:36:05.0124 0x1680  drmkaud - ok
13:36:05.0193 0x1680  [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:36:05.0235 0x1680  DXGKrnl - ok
13:36:05.0294 0x1680  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
13:36:05.0359 0x1680  E1G60 - ok
13:36:05.0383 0x1680  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
13:36:05.0422 0x1680  EapHost - ok
13:36:05.0455 0x1680  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
13:36:05.0472 0x1680  Ecache - ok
13:36:05.0530 0x1680  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:36:05.0603 0x1680  ehRecvr - ok
13:36:05.0653 0x1680  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
13:36:05.0687 0x1680  ehSched - ok
13:36:05.0718 0x1680  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
13:36:05.0758 0x1680  ehstart - ok
13:36:05.0796 0x1680  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:36:05.0823 0x1680  elxstor - ok
13:36:05.0878 0x1680  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
13:36:05.0937 0x1680  EMDMgmt - ok
13:36:05.0975 0x1680  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:36:06.0011 0x1680  ErrDev - ok
13:36:06.0062 0x1680  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
13:36:06.0142 0x1680  EventSystem - ok
13:36:06.0210 0x1680  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:36:06.0269 0x1680  exfat - ok
13:36:06.0305 0x1680  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:36:06.0351 0x1680  fastfat - ok
13:36:06.0388 0x1680  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:36:06.0425 0x1680  fdc - ok
13:36:06.0451 0x1680  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
13:36:06.0512 0x1680  fdPHost - ok
13:36:06.0543 0x1680  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
13:36:06.0620 0x1680  FDResPub - ok
13:36:06.0654 0x1680  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:36:06.0668 0x1680  FileInfo - ok
13:36:06.0694 0x1680  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:36:06.0731 0x1680  Filetrace - ok
13:36:06.0763 0x1680  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:36:06.0816 0x1680  flpydisk - ok
13:36:06.0864 0x1680  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:36:06.0883 0x1680  FltMgr - ok
13:36:06.0977 0x1680  [ F20A97F51C104DD0A163251325460747 ] FontCache       C:\Windows\system32\FntCache.dll
13:36:07.0118 0x1680  FontCache - ok
13:36:07.0185 0x1680  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:36:07.0197 0x1680  FontCache3.0.0.0 - ok
13:36:07.0247 0x1680  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:36:07.0293 0x1680  Fs_Rec - ok
13:36:07.0327 0x1680  [ 82013CA2E66FC970F3A793384120FDEA ] funfrm          C:\Windows\system32\drivers\funfrm.sys
13:36:07.0371 0x1680  funfrm ( UnsignedFile.Multi.Generic ) - warning
13:36:07.0371 0x1680  funfrm - detected UnsignedFile.Multi.Generic (1)
13:36:07.0417 0x1680  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:36:07.0431 0x1680  gagp30kx - ok
13:36:07.0484 0x1680  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:36:07.0528 0x1680  gpsvc - ok
13:36:07.0638 0x1680  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:36:07.0651 0x1680  gupdate - ok
13:36:07.0657 0x1680  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:36:07.0668 0x1680  gupdatem - ok
13:36:07.0714 0x1680  [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:36:07.0789 0x1680  HdAudAddService - ok
13:36:07.0836 0x1680  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:36:07.0894 0x1680  HDAudBus - ok
13:36:07.0962 0x1680  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:36:08.0017 0x1680  HidBth - ok
13:36:08.0052 0x1680  [ 5F47839455D01FF6403B008D481A6F5B ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:36:08.0092 0x1680  HidIr - ok
13:36:08.0133 0x1680  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\system32\hidserv.dll
13:36:08.0177 0x1680  hidserv - ok
13:36:08.0202 0x1680  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:36:08.0229 0x1680  HidUsb - ok
13:36:08.0262 0x1680  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:36:08.0306 0x1680  hkmsvc - ok
13:36:08.0355 0x1680  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
13:36:08.0369 0x1680  HpCISSs - ok
13:36:08.0505 0x1680  [ CC8A7D8A8DC9F357B57796583CF8B85F ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:36:08.0591 0x1680  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:36:08.0591 0x1680  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:36:08.0608 0x1680  [ 4C2CA71CAAFD2CF1A673FC8DBFD219C4 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:36:08.0690 0x1680  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
13:36:08.0690 0x1680  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
13:36:08.0729 0x1680  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:36:08.0790 0x1680  HTTP - ok
13:36:08.0843 0x1680  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
13:36:08.0857 0x1680  i2omp - ok
13:36:08.0894 0x1680  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:36:08.0922 0x1680  i8042prt - ok
13:36:08.0977 0x1680  [ 07FB761600EFF44AF02C35B8B57E5863 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
13:36:08.0996 0x1680  iaStor - ok
13:36:09.0042 0x1680  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
13:36:09.0062 0x1680  iaStorV - ok
13:36:09.0156 0x1680  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:36:09.0323 0x1680  idsvc - ok
13:36:09.0649 0x1680  [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:36:10.0329 0x1680  igfx - ok
13:36:10.0417 0x1680  [ 19A31DCA2F502D778C9A2B09B863412D ] IGRS            C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
13:36:10.0462 0x1680  IGRS ( UnsignedFile.Multi.Generic ) - warning
13:36:10.0462 0x1680  IGRS - detected UnsignedFile.Multi.Generic (1)
13:36:10.0498 0x1680  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:36:10.0511 0x1680  iirsp - ok
13:36:10.0552 0x1680  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
13:36:10.0594 0x1680  IKEEXT - ok
13:36:10.0599 0x1680  IncSvc - ok
13:36:10.0685 0x1680  [ FA6355AD5F6DDC5C213E995D4939DCAE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:36:10.0791 0x1680  IntcAzAudAddService - ok
13:36:10.0870 0x1680  [ DEA2AB452B4FA773187369C4B6517320 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
13:36:10.0927 0x1680  IntcHdmiAddService - ok
13:36:11.0001 0x1680  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
13:36:11.0014 0x1680  intelide - ok
13:36:11.0059 0x1680  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:36:11.0123 0x1680  intelppm - ok
13:36:11.0224 0x1680  [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
13:36:11.0234 0x1680  IntuitUpdateServiceV4 - ok
13:36:11.0268 0x1680  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:36:11.0329 0x1680  IPBusEnum - ok
13:36:11.0363 0x1680  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:36:11.0409 0x1680  IpFilterDriver - ok
13:36:11.0447 0x1680  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:36:11.0485 0x1680  iphlpsvc - ok
13:36:11.0490 0x1680  IpInIp - ok
13:36:11.0524 0x1680  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
13:36:11.0571 0x1680  IPMIDRV - ok
13:36:11.0589 0x1680  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
13:36:11.0628 0x1680  IPNAT - ok
13:36:11.0651 0x1680  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:36:11.0704 0x1680  IRENUM - ok
13:36:11.0748 0x1680  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:36:11.0762 0x1680  isapnp - ok
13:36:11.0798 0x1680  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:36:11.0816 0x1680  iScsiPrt - ok
13:36:11.0845 0x1680  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
13:36:11.0858 0x1680  iteatapi - ok
13:36:11.0911 0x1680  [ E157D6B89D87A1B467ECDD66D280A1C2 ] itecir          C:\Windows\system32\DRIVERS\itecir.sys
13:36:11.0924 0x1680  itecir - ok
13:36:11.0949 0x1680  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
13:36:11.0962 0x1680  iteraid - ok
13:36:11.0980 0x1680  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:36:11.0994 0x1680  kbdclass - ok
13:36:12.0019 0x1680  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:36:12.0046 0x1680  kbdhid - ok
13:36:12.0078 0x1680  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
13:36:12.0120 0x1680  KeyIso - ok
13:36:12.0176 0x1680  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:36:12.0259 0x1680  KSecDD - ok
13:36:12.0301 0x1680  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:36:12.0338 0x1680  ksthunk - ok
13:36:12.0432 0x1680  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:36:12.0496 0x1680  KtmRm - ok
13:36:12.0558 0x1680  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:36:12.0622 0x1680  LanmanServer - ok
13:36:12.0666 0x1680  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:36:12.0719 0x1680  LanmanWorkstation - ok
13:36:12.0740 0x1680  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:36:12.0791 0x1680  lltdio - ok
13:36:12.0828 0x1680  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:36:12.0873 0x1680  lltdsvc - ok
13:36:12.0892 0x1680  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:36:12.0942 0x1680  lmhosts - ok
13:36:12.0977 0x1680  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:36:12.0992 0x1680  LSI_FC - ok
13:36:13.0020 0x1680  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:36:13.0035 0x1680  LSI_SAS - ok
13:36:13.0076 0x1680  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:36:13.0092 0x1680  LSI_SCSI - ok
13:36:13.0118 0x1680  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:36:13.0168 0x1680  luafv - ok
13:36:13.0337 0x1680  [ 8591F8FAB9D55B59A9F2881FEDE3312C ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
13:36:13.0589 0x1680  LVUVC64 - ok
13:36:13.0636 0x1680  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:36:13.0653 0x1680  Mcx2Svc - ok
13:36:13.0704 0x1680  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
13:36:13.0718 0x1680  megasas - ok
13:36:13.0752 0x1680  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
13:36:13.0776 0x1680  MegaSR - ok
13:36:13.0868 0x1680  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:36:13.0881 0x1680  Microsoft Office Groove Audit Service - ok
13:36:13.0927 0x1680  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
13:36:13.0972 0x1680  MMCSS - ok
13:36:13.0995 0x1680  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
13:36:14.0031 0x1680  Modem - ok
13:36:14.0056 0x1680  [ 8985460FD448348F7AC748460D0A1CF4 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
13:36:14.0107 0x1680  MODEMCSA - ok
13:36:14.0128 0x1680  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:36:14.0165 0x1680  monitor - ok
13:36:14.0173 0x1680  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:36:14.0188 0x1680  mouclass - ok
13:36:14.0210 0x1680  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:36:14.0258 0x1680  mouhid - ok
13:36:14.0274 0x1680  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
13:36:14.0288 0x1680  MountMgr - ok
13:36:14.0326 0x1680  [ FC1D590039EF06A381768710E6C07E75 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
13:36:14.0349 0x1680  MpFilter - ok
13:36:14.0385 0x1680  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:36:14.0401 0x1680  mpio - ok
13:36:14.0429 0x1680  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:36:14.0485 0x1680  mpsdrv - ok
13:36:14.0539 0x1680  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:36:14.0587 0x1680  MpsSvc - ok
13:36:14.0628 0x1680  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
13:36:14.0641 0x1680  Mraid35x - ok
13:36:14.0693 0x1680  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:36:14.0738 0x1680  MRxDAV - ok
13:36:14.0802 0x1680  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:36:14.0832 0x1680  mrxsmb - ok
13:36:14.0878 0x1680  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:36:14.0900 0x1680  mrxsmb10 - ok
13:36:14.0909 0x1680  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:36:14.0942 0x1680  mrxsmb20 - ok
13:36:14.0979 0x1680  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
13:36:14.0992 0x1680  msahci - ok
13:36:15.0020 0x1680  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:36:15.0035 0x1680  msdsm - ok
13:36:15.0060 0x1680  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
13:36:15.0100 0x1680  MSDTC - ok
13:36:15.0144 0x1680  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:36:15.0181 0x1680  Msfs - ok
13:36:15.0209 0x1680  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:36:15.0222 0x1680  msisadrv - ok
13:36:15.0262 0x1680  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:36:15.0303 0x1680  MSiSCSI - ok
13:36:15.0308 0x1680  msiserver - ok
13:36:15.0354 0x1680  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:36:15.0401 0x1680  MSKSSRV - ok
13:36:15.0476 0x1680  [ 66238063B53E51ADDA16764BAB9A3F7C ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:36:15.0492 0x1680  MsMpSvc - ok
13:36:15.0532 0x1680  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:36:15.0568 0x1680  MSPCLOCK - ok
13:36:15.0594 0x1680  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:36:15.0657 0x1680  MSPQM - ok
13:36:15.0708 0x1680  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:36:15.0730 0x1680  MsRPC - ok
13:36:15.0744 0x1680  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:36:15.0758 0x1680  mssmbios - ok
13:36:15.0812 0x1680  MSSQL$MSSMLBIZ - ok
13:36:15.0863 0x1680  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:36:15.0894 0x1680  MSSQLServerADHelper - ok
13:36:15.0913 0x1680  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:36:15.0949 0x1680  MSTEE - ok
13:36:15.0998 0x1680  [ A523D9F6AEB152C4480D754DF7FA9F7F ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
13:36:16.0024 0x1680  MTsensor - ok
13:36:16.0055 0x1680  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:36:16.0069 0x1680  Mup - ok
13:36:16.0105 0x1680  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
13:36:16.0148 0x1680  napagent - ok
13:36:16.0204 0x1680  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:36:16.0253 0x1680  NativeWifiP - ok
13:36:16.0317 0x1680  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:36:16.0354 0x1680  NDIS - ok
13:36:16.0389 0x1680  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:36:16.0427 0x1680  NdisTapi - ok
13:36:16.0464 0x1680  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:36:16.0501 0x1680  Ndisuio - ok
13:36:16.0539 0x1680  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:36:16.0570 0x1680  NdisWan - ok
13:36:16.0586 0x1680  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:36:16.0635 0x1680  NDProxy - ok
13:36:16.0693 0x1680  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:36:16.0700 0x1680  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:36:16.0700 0x1680  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:36:16.0712 0x1680  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:36:16.0772 0x1680  NetBIOS - ok
13:36:16.0820 0x1680  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
13:36:16.0853 0x1680  netbt - ok
13:36:16.0866 0x1680  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
13:36:16.0881 0x1680  Netlogon - ok
13:36:16.0911 0x1680  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
13:36:16.0970 0x1680  Netman - ok
13:36:16.0992 0x1680  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
13:36:17.0052 0x1680  netprofm - ok
13:36:17.0091 0x1680  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:36:17.0105 0x1680  NetTcpPortSharing - ok
13:36:17.0261 0x1680  [ 93915C41A0DBBD121A0FAD2835E43776 ] NETw5v64        C:\Windows\system32\DRIVERS\NETw5v64.sys
13:36:17.0586 0x1680  NETw5v64 - ok
13:36:17.0622 0x1680  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:36:17.0635 0x1680  nfrd960 - ok
13:36:17.0665 0x1680  [ 8FB3C853E886E1E4D57271672486111C ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:36:17.0684 0x1680  NisDrv - ok
13:36:17.0723 0x1680  [ 869A808253726EA11939EC4FE76346A4 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
13:36:17.0750 0x1680  NisSrv - ok
13:36:17.0775 0x1680  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:36:17.0817 0x1680  NlaSvc - ok
13:36:17.0856 0x1680  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:36:17.0893 0x1680  Npfs - ok
13:36:17.0916 0x1680  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
13:36:17.0971 0x1680  nsi - ok
13:36:17.0999 0x1680  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:36:18.0036 0x1680  nsiproxy - ok
13:36:18.0113 0x1680  [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:36:18.0176 0x1680  Ntfs - ok
13:36:18.0245 0x1680  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
13:36:18.0298 0x1680  Null - ok
13:36:18.0318 0x1680  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:36:18.0335 0x1680  nvraid - ok
13:36:18.0356 0x1680  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:36:18.0372 0x1680  nvstor - ok
13:36:18.0394 0x1680  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:36:18.0410 0x1680  nv_agp - ok
13:36:18.0415 0x1680  NwlnkFlt - ok
13:36:18.0424 0x1680  NwlnkFwd - ok
13:36:18.0532 0x1680  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:36:18.0556 0x1680  odserv - ok
13:36:18.0598 0x1680  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
13:36:18.0626 0x1680  ohci1394 - ok
13:36:18.0665 0x1680  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:36:18.0680 0x1680  ose - ok
13:36:18.0745 0x1680  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
13:36:18.0818 0x1680  p2pimsvc - ok
13:36:18.0856 0x1680  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
13:36:18.0891 0x1680  p2psvc - ok
13:36:18.0959 0x1680  [ 01907300EB52206B06FACB9608F369A9 ] PanService      C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
13:36:18.0983 0x1680  PanService - ok
13:36:19.0014 0x1680  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
13:36:19.0086 0x1680  Parport - ok
13:36:19.0141 0x1680  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:36:19.0156 0x1680  partmgr - ok
13:36:19.0190 0x1680  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:36:19.0236 0x1680  PcaSvc - ok
13:36:19.0274 0x1680  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
13:36:19.0291 0x1680  pci - ok
13:36:19.0320 0x1680  [ 8D618C829034479985A9ED56106CC732 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:36:19.0332 0x1680  pciide - ok
13:36:19.0360 0x1680  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:36:19.0378 0x1680  pcmcia - ok
13:36:19.0415 0x1680  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:36:19.0520 0x1680  PEAUTH - ok
13:36:19.0616 0x1680  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:36:19.0673 0x1680  PerfHost - ok
13:36:19.0751 0x1680  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
13:36:19.0852 0x1680  pla - ok
13:36:19.0899 0x1680  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:36:19.0934 0x1680  PlugPlay - ok
13:36:19.0982 0x1680  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:36:20.0005 0x1680  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:36:20.0005 0x1680  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:36:20.0045 0x1680  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
13:36:20.0080 0x1680  PNRPAutoReg - ok
13:36:20.0097 0x1680  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
13:36:20.0129 0x1680  PNRPsvc - ok
13:36:20.0172 0x1680  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:36:20.0249 0x1680  PolicyAgent - ok
13:36:20.0298 0x1680  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:36:20.0326 0x1680  PptpMiniport - ok
13:36:20.0357 0x1680  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
13:36:20.0417 0x1680  Processor - ok
13:36:20.0453 0x1680  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
13:36:20.0485 0x1680  ProfSvc - ok
13:36:20.0499 0x1680  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
13:36:20.0514 0x1680  ProtectedStorage - ok
13:36:20.0556 0x1680  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
13:36:20.0584 0x1680  PSched - ok
13:36:20.0647 0x1680  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:36:20.0697 0x1680  ql2300 - ok
13:36:20.0772 0x1680  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:36:20.0787 0x1680  ql40xx - ok
13:36:20.0826 0x1680  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
13:36:20.0866 0x1680  QWAVE - ok
13:36:20.0881 0x1680  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:36:20.0897 0x1680  QWAVEdrv - ok
13:36:20.0907 0x1680  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:36:20.0944 0x1680  RasAcd - ok
13:36:20.0968 0x1680  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
13:36:21.0031 0x1680  RasAuto - ok
13:36:21.0077 0x1680  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:36:21.0122 0x1680  Rasl2tp - ok
13:36:21.0141 0x1680  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
13:36:21.0178 0x1680  RasMan - ok
13:36:21.0216 0x1680  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:36:21.0245 0x1680  RasPppoe - ok
13:36:21.0284 0x1680  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:36:21.0300 0x1680  RasSstp - ok
13:36:21.0345 0x1680  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:36:21.0379 0x1680  rdbss - ok
13:36:21.0412 0x1680  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:36:21.0447 0x1680  RDPCDD - ok
13:36:21.0472 0x1680  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
13:36:21.0549 0x1680  rdpdr - ok
13:36:21.0555 0x1680  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:36:21.0614 0x1680  RDPENCDD - ok
13:36:21.0654 0x1680  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:36:21.0684 0x1680  RDPWD - ok
13:36:21.0717 0x1680  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:36:21.0782 0x1680  RemoteAccess - ok
13:36:21.0821 0x1680  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:36:21.0878 0x1680  RemoteRegistry - ok
13:36:21.0932 0x1680  [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:36:21.0963 0x1680  RFCOMM - ok
13:36:21.0994 0x1680  [ 528D70EABE8305A02F387FEC839B9A47 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmpx64.sys
13:36:22.0025 0x1680  rimmptsk - ok
13:36:22.0035 0x1680  [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk        C:\Windows\system32\DRIVERS\rimspx64.sys
13:36:22.0064 0x1680  rimsptsk - ok
13:36:22.0079 0x1680  [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp         C:\Windows\system32\DRIVERS\rixdpx64.sys
13:36:22.0108 0x1680  rismxdp - ok
13:36:22.0133 0x1680  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
13:36:22.0187 0x1680  RpcLocator - ok
13:36:22.0241 0x1680  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
13:36:22.0285 0x1680  RpcSs - ok
13:36:22.0328 0x1680  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:36:22.0366 0x1680  rspndr - ok
13:36:22.0377 0x1680  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs           C:\Windows\system32\lsass.exe
13:36:22.0393 0x1680  SamSs - ok
13:36:22.0432 0x1680  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:36:22.0445 0x1680  sbp2port - ok
13:36:22.0483 0x1680  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:36:22.0514 0x1680  SCardSvr - ok
13:36:22.0576 0x1680  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
13:36:22.0644 0x1680  Schedule - ok
13:36:22.0704 0x1680  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:36:22.0731 0x1680  SCPolicySvc - ok
13:36:22.0759 0x1680  [ BE100BC2BE2513314C717BB2C4CFFF10 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
13:36:22.0804 0x1680  sdbus - ok
13:36:22.0842 0x1680  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:36:22.0892 0x1680  SDRSVC - ok
13:36:22.0917 0x1680  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:36:22.0972 0x1680  secdrv - ok
13:36:22.0983 0x1680  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
13:36:23.0020 0x1680  seclogon - ok
13:36:23.0038 0x1680  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
13:36:23.0076 0x1680  SENS - ok
13:36:23.0100 0x1680  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:36:23.0156 0x1680  Serenum - ok
13:36:23.0174 0x1680  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
13:36:23.0248 0x1680  Serial - ok
13:36:23.0267 0x1680  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:36:23.0304 0x1680  sermouse - ok
13:36:23.0352 0x1680  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:36:23.0407 0x1680  SessionEnv - ok
13:36:23.0436 0x1680  [ 3A19C899BCF0EA24CFEC2038E6A489DB ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
13:36:23.0463 0x1680  sffdisk - ok
13:36:23.0501 0x1680  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:36:23.0549 0x1680  sffp_mmc - ok
13:36:23.0569 0x1680  [ FDCA63A2EEE528585EB66CEAC183EC22 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
13:36:23.0597 0x1680  sffp_sd - ok
13:36:23.0618 0x1680  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:36:23.0693 0x1680  sfloppy - ok
13:36:23.0731 0x1680  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:36:23.0795 0x1680  SharedAccess - ok
13:36:23.0849 0x1680  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:36:23.0902 0x1680  ShellHWDetection - ok
13:36:23.0920 0x1680  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
13:36:23.0935 0x1680  SiSRaid2 - ok
13:36:23.0970 0x1680  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:36:23.0985 0x1680  SiSRaid4 - ok
13:36:24.0040 0x1680  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:36:24.0052 0x1680  SkypeUpdate - ok
13:36:24.0148 0x1680  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
13:36:24.0371 0x1680  slsvc - ok
13:36:24.0412 0x1680  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
13:36:24.0441 0x1680  SLUINotify - ok
13:36:24.0487 0x1680  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:36:24.0516 0x1680  Smb - ok
13:36:24.0555 0x1680  [ C401CD7CCB7E5C5270C9266DE373270F ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
13:36:24.0665 0x1680  smserial - ok
13:36:24.0698 0x1680  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:36:24.0714 0x1680  SNMPTRAP - ok
13:36:24.0748 0x1680  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
13:36:24.0762 0x1680  spldr - ok
13:36:24.0803 0x1680  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
13:36:24.0843 0x1680  Spooler - ok
13:36:24.0876 0x1680  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:36:24.0892 0x1680  SQLBrowser - ok
13:36:24.0936 0x1680  [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:36:24.0950 0x1680  SQLWriter - ok
13:36:24.0996 0x1680  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:36:25.0075 0x1680  srv - ok
13:36:25.0116 0x1680  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:36:25.0162 0x1680  srv2 - ok
13:36:25.0209 0x1680  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:36:25.0226 0x1680  srvnet - ok
13:36:25.0255 0x1680  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:36:25.0297 0x1680  SSDPSRV - ok
13:36:25.0323 0x1680  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:36:25.0361 0x1680  SstpSvc - ok
13:36:25.0411 0x1680  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
13:36:25.0549 0x1680  stisvc - ok
13:36:25.0609 0x1680  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:36:25.0621 0x1680  swenum - ok
13:36:25.0694 0x1680  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
13:36:25.0762 0x1680  swprv - ok
13:36:25.0802 0x1680  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
13:36:25.0815 0x1680  Symc8xx - ok
13:36:25.0835 0x1680  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
13:36:25.0848 0x1680  Sym_hi - ok
13:36:25.0865 0x1680  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
13:36:25.0878 0x1680  Sym_u3 - ok
13:36:25.0943 0x1680  [ 1398844690A97A9F80E454A9AAA356E9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
13:36:25.0961 0x1680  SynTP - ok
13:36:26.0017 0x1680  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
13:36:26.0223 0x1680  SysMain - ok
13:36:26.0299 0x1680  [ DA59F88CBD989D41802542D1CC2A1DC7 ] System_Repair_UpdateMonitor C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
13:36:26.0475 0x1680  System_Repair_UpdateMonitor ( UnsignedFile.Multi.Generic ) - warning
13:36:26.0475 0x1680  System_Repair_UpdateMonitor - detected UnsignedFile.Multi.Generic (1)
13:36:26.0523 0x1680  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:36:26.0560 0x1680  TabletInputService - ok
13:36:26.0636 0x1680  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:36:26.0700 0x1680  TapiSrv - ok
13:36:26.0740 0x1680  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
13:36:26.0799 0x1680  TBS - ok
13:36:26.0885 0x1680  [ EA8623BDD511A1ACD18DA4883860ADDE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:36:26.0942 0x1680  Tcpip - ok
13:36:26.0974 0x1680  [ EA8623BDD511A1ACD18DA4883860ADDE ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
13:36:27.0148 0x1680  Tcpip6 - ok
13:36:27.0209 0x1680  [ 24D7686A4A0323FB987654BD228C1F39 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:36:27.0255 0x1680  tcpipreg - ok
13:36:27.0293 0x1680  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:36:27.0349 0x1680  TDPIPE - ok
13:36:27.0379 0x1680  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:36:27.0416 0x1680  TDTCP - ok
13:36:27.0456 0x1680  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:36:27.0495 0x1680  tdx - ok
13:36:27.0534 0x1680  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:36:27.0549 0x1680  TermDD - ok
13:36:27.0606 0x1680  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
13:36:27.0666 0x1680  TermService - ok
13:36:27.0705 0x1680  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
13:36:27.0724 0x1680  Themes - ok
13:36:27.0737 0x1680  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:36:27.0774 0x1680  THREADORDER - ok
13:36:27.0801 0x1680  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
13:36:27.0842 0x1680  TrkWks - ok
13:36:27.0900 0x1680  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:36:27.0941 0x1680  TrustedInstaller - ok
13:36:27.0977 0x1680  [ B2388462329ACD17AF50D8701E0C1B18 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:36:28.0008 0x1680  tssecsrv - ok
13:36:28.0055 0x1680  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
13:36:28.0092 0x1680  tunmp - ok
13:36:28.0124 0x1680  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:36:28.0149 0x1680  tunnel - ok
13:36:28.0169 0x1680  [ 03C3DAA6C16DDE7BBEAE0E46D0315D84 ] tvtumon         C:\Windows\system32\DRIVERS\tvtumon.sys
13:36:28.0181 0x1680  tvtumon - ok
13:36:28.0207 0x1680  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:36:28.0222 0x1680  uagp35 - ok
13:36:28.0268 0x1680  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:36:28.0313 0x1680  udfs - ok
13:36:28.0353 0x1680  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:36:28.0391 0x1680  UI0Detect - ok
13:36:28.0427 0x1680  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:36:28.0442 0x1680  uliagpkx - ok
13:36:28.0469 0x1680  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
13:36:28.0489 0x1680  uliahci - ok
13:36:28.0517 0x1680  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
13:36:28.0532 0x1680  UlSata - ok
13:36:28.0567 0x1680  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
13:36:28.0584 0x1680  ulsata2 - ok
13:36:28.0606 0x1680  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:36:28.0643 0x1680  umbus - ok
13:36:28.0682 0x1680  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
13:36:28.0748 0x1680  upnphost - ok
13:36:28.0792 0x1680  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:36:28.0821 0x1680  usbccgp - ok
13:36:28.0851 0x1680  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:36:28.0918 0x1680  usbcir - ok
13:36:28.0949 0x1680  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:36:28.0977 0x1680  usbehci - ok
13:36:29.0013 0x1680  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:36:29.0064 0x1680  usbhub - ok
13:36:29.0093 0x1680  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:36:29.0164 0x1680  usbohci - ok
13:36:29.0197 0x1680  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:36:29.0233 0x1680  usbprint - ok
13:36:29.0279 0x1680  [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:36:29.0323 0x1680  usbscan - ok
13:36:29.0366 0x1680  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:36:29.0406 0x1680  USBSTOR - ok
13:36:29.0419 0x1680  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:36:29.0449 0x1680  usbuhci - ok
13:36:29.0500 0x1680  [ FC33099877790D51B0927B7039059855 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:36:29.0553 0x1680  usbvideo - ok
13:36:29.0585 0x1680  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
13:36:29.0614 0x1680  UxSms - ok
13:36:29.0667 0x1680  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
13:36:29.0711 0x1680  vds - ok
13:36:29.0782 0x1680  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:36:29.0837 0x1680  vga - ok
13:36:29.0866 0x1680  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:36:29.0920 0x1680  VgaSave - ok
13:36:29.0959 0x1680  [ E1F918DDB4EE9D003F6AB6AD004CE706 ] vhidmini        C:\Windows\system32\DRIVERS\ITEhidCIR.sys
13:36:29.0986 0x1680  vhidmini - ok
13:36:30.0006 0x1680  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
13:36:30.0019 0x1680  viaide - ok
13:36:30.0035 0x1680  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:36:30.0050 0x1680  volmgr - ok
13:36:30.0102 0x1680  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:36:30.0127 0x1680  volmgrx - ok
13:36:30.0170 0x1680  [ 582F710097B46140F5A89A19A6573D4B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:36:30.0189 0x1680  volsnap - ok
13:36:30.0222 0x1680  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:36:30.0239 0x1680  vsmraid - ok
13:36:30.0312 0x1680  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
13:36:30.0389 0x1680  VSS - ok
13:36:30.0442 0x1680  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
13:36:30.0483 0x1680  W32Time - ok
13:36:30.0543 0x1680  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:36:30.0619 0x1680  WacomPen - ok
13:36:30.0669 0x1680  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:36:30.0698 0x1680  Wanarp - ok
13:36:30.0703 0x1680  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:36:30.0732 0x1680  Wanarpv6 - ok
13:36:30.0785 0x1680  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:36:30.0835 0x1680  wcncsvc - ok
13:36:30.0866 0x1680  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:36:30.0910 0x1680  WcsPlugInService - ok
13:36:30.0954 0x1680  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
13:36:30.0968 0x1680  Wd - ok
13:36:31.0029 0x1680  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:36:31.0066 0x1680  Wdf01000 - ok
13:36:31.0073 0x1680  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:36:31.0156 0x1680  WdiServiceHost - ok
13:36:31.0160 0x1680  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:36:31.0200 0x1680  WdiSystemHost - ok
13:36:31.0233 0x1680  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
13:36:31.0257 0x1680  WebClient - ok
13:36:31.0295 0x1680  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:36:31.0343 0x1680  Wecsvc - ok
13:36:31.0372 0x1680  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:36:31.0402 0x1680  wercplsupport - ok
13:36:31.0416 0x1680  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
13:36:31.0463 0x1680  WerSvc - ok
13:36:31.0496 0x1680  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
13:36:31.0512 0x1680  WimFltr - ok
13:36:31.0532 0x1680  WinDefend - ok
13:36:31.0540 0x1680  WinHttpAutoProxySvc - ok
13:36:31.0610 0x1680  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:36:31.0642 0x1680  Winmgmt - ok
13:36:31.0714 0x1680  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:36:31.0868 0x1680  WinRM - ok
13:36:31.0924 0x1680  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:36:31.0978 0x1680  Wlansvc - ok
13:36:32.0029 0x1680  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:36:32.0056 0x1680  WmiAcpi - ok
13:36:32.0097 0x1680  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:36:32.0129 0x1680  wmiApSrv - ok
13:36:32.0156 0x1680  WMPNetworkSvc - ok
13:36:32.0194 0x1680  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:36:32.0266 0x1680  WPCSvc - ok
13:36:32.0293 0x1680  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:36:32.0336 0x1680  WPDBusEnum - ok
13:36:32.0372 0x1680  [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
13:36:32.0388 0x1680  WpdUsb - ok
13:36:32.0510 0x1680  [ 2BB372F43C705D85680ADE4933C8EE3E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:36:32.0555 0x1680  WPFFontCache_v0400 - ok
13:36:32.0619 0x1680  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:36:32.0656 0x1680  ws2ifsl - ok
13:36:32.0693 0x1680  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\System32\wscsvc.dll
13:36:32.0712 0x1680  wscsvc - ok
13:36:32.0717 0x1680  WSearch - ok
13:36:32.0763 0x1680  [ ECDD6CD8D31ADF2048DDD1666B53DE5C ] WSVD            C:\Windows\system32\drivers\WSVD.sys
13:36:32.0776 0x1680  WSVD - ok
13:36:32.0877 0x1680  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:36:33.0036 0x1680  wuauserv - ok
13:36:33.0107 0x1680  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:36:33.0142 0x1680  WudfPf - ok
13:36:33.0168 0x1680  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:36:33.0206 0x1680  WUDFRd - ok
13:36:33.0242 0x1680  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:36:33.0273 0x1680  wudfsvc - ok
13:36:33.0307 0x1680  ================ Scan global ===============================
13:36:33.0339 0x1680  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
13:36:33.0393 0x1680  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
13:36:33.0414 0x1680  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
13:36:33.0472 0x1680  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
13:36:33.0477 0x1680  [Global] - ok
13:36:33.0477 0x1680  ================ Scan MBR ==================================
13:36:33.0492 0x1680  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:36:33.0851 0x1680  \Device\Harddisk0\DR0 - ok
13:36:33.0851 0x1680  ================ Scan VBR ==================================
13:36:33.0855 0x1680  [ FE76C14338BC1B9BD3F2D9912EDAB253 ] \Device\Harddisk0\DR0\Partition1
13:36:33.0859 0x1680  \Device\Harddisk0\DR0\Partition1 - ok
13:36:33.0863 0x1680  [ C531D5F310A88F031103A30EEB5F6BB9 ] \Device\Harddisk0\DR0\Partition2
13:36:33.0865 0x1680  \Device\Harddisk0\DR0\Partition2 - ok
13:36:33.0866 0x1680  ============================================================
13:36:33.0866 0x1680  Scan finished
13:36:33.0866 0x1680  ============================================================
13:36:33.0879 0x0448  Detected object count: 8
13:36:33.0879 0x0448  Actual detected object count: 8
13:37:56.0359 0x0448  ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
13:37:56.0359 0x0448  ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:37:56.0361 0x0448  funfrm ( UnsignedFile.Multi.Generic ) - skipped by user
13:37:56.0361 0x0448  funfrm ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:37:56.0364 0x0448  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:37:56.0364 0x0448  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:37:56.0367 0x0448  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:37:56.0367 0x0448  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:37:56.0372 0x0448  IGRS ( UnsignedFile.Multi.Generic ) - skipped by user
13:37:56.0372 0x0448  IGRS ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:37:56.0372 0x0448  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:37:56.0372 0x0448  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:37:56.0375 0x0448  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:37:56.0375 0x0448  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:37:56.0377 0x0448  System_Repair_UpdateMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
13:37:56.0377 0x0448  System_Repair_UpdateMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
 



#5 superia

superia
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 08 September 2013 - 12:41 PM

that was from tdskiller



#6 superia

superia
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 08 September 2013 - 12:46 PM

# AdwCleaner v3.003 - Report created 08/09/2013 at 13:43:40
# Updated 07/09/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Inna - INNA-PC
# Running from : C:\Users\Inna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HUAWXTY2\AdwCleaner[1].exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Found : C:\Users\Inna\AppData\Roaming\Mozilla\Firefox\Profiles\71d5tbq0.default\bProtector_extensions.rdf
File Found : C:\Users\Inna\AppData\Roaming\Mozilla\Firefox\Profiles\71d5tbq0.default\searchplugins\Babylon.xml
File Found : C:\Users\Inna\AppData\Roaming\Mozilla\Firefox\Profiles\71d5tbq0.default\searchplugins\delta.xml
File Found : C:\Users\Inna\AppData\Roaming\Mozilla\Firefox\Profiles\71d5tbq0.default\searchplugins\mixidj.xml
File Found : C:\Users\Inna\AppData\Roaming\Mozilla\Firefox\Profiles\71d5tbq0.default\searchplugins\spamfreesearch.xml
File Found : C:\Users\Inna\AppData\Roaming\Mozilla\Firefox\Profiles\71d5tbq0.default\user.js
File Found : C:\Windows\System32\Tasks\AmiUpdXp
File Found : C:\Windows\Tasks\AmiUpdXp.job
Folder Found : C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn
Folder Found : C:\Users\Inna\AppData\Roaming\Mozilla\Firefox\Profiles\71d5tbq0.default\Extensions\ffxtlbr@babylon.com
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Mail.Ru
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\Babylon
Folder Found C:\Users\Inna\AppData\Local\Conduit
Folder Found C:\Users\Inna\AppData\Local\DownloadTerms
Folder Found C:\Users\Inna\AppData\Local\Lucky Savings
Folder Found C:\Users\Inna\AppData\Local\Mail.Ru
Folder Found C:\Users\Inna\AppData\Local\SwvUpdater
Folder Found C:\Users\Inna\AppData\LocalLow\blekko
Folder Found C:\Users\Inna\AppData\LocalLow\Conduit
Folder Found C:\Users\Inna\AppData\LocalLow\delta
Folder Found C:\Users\Inna\AppData\LocalLow\mixidj
Folder Found C:\Users\Inna\AppData\Roaming\Babylon

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\e48f88b73fea46
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\BabylonToolbar
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\Headlight
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\PIP
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2759842
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\e48f88b73fea46
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\Software\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19453

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs] - hxxp://mixidj.delta-search.com/?affID=121149&tt=gc_&babsrc=NT_ss&mntrId=E2AA00235483741F

-\\ Mozilla Firefox v3.6.18 (en-US)

[ File : C:\Users\Inna\AppData\Roaming\Mozilla\Firefox\Profiles\71d5tbq0.default\prefs.js ]

Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.id", "e2aa336700000000000000235483741f");
Line Found : user_pref("extensions.delta.instlDay", "15749");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.10.0");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.10.02:34:48");
Line Found : user_pref("extensions.delta.vrsni", "1.8.10.0");
Line Found : user_pref("extensions.dnsbasic.init", true);
Line Found : user_pref("extensions.spamfreesearch.hmpgUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=e2aa336700000000000000235483741f");
Line Found : user_pref("extensions.spamfreesearch.keyWordUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=e2aa336700000000000000235483741f&q=");
Line Found : user_pref("extensions.spamfreesearch.prtnrId", "blekko");
Line Found : user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");
Line Found : user_pref("extensions.spamfreesearch.tlbrSrchUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=main&u=e2aa336700000000000000235483741f&q=");
Line Found : user_pref("keyword.URL", "hxxp://www.dnsbasic.com/?prt=dnsbsc50r1&sp=hxxp://www.mail.ru/&keywords=");

*************************

AdwCleaner[R0].txt - [10572 octets] - [08/09/2013 13:43:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10633 octets] ##########



#7 superia

superia
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 08 September 2013 - 12:48 PM

Farbar Service Scanner Version: 05-09-2013
Ran by Inna (administrator) on 08-09-2013 at 13:47:56
Running from "C:\Users\Inna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMNTXAZ1"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-12-04 00:22] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-17 13:23] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-08-14 18:22] - [2013-07-04 23:58] - 1417664 ____A (Microsoft Corporation) EA8623BDD511A1ACD18DA4883860ADDE

C:\Windows\System32\dnsrslvr.dll
[2011-04-14 20:52] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-12-04 00:23] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-12-04 00:22] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-12-04 00:23] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-12-04 00:21] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-12-04 00:22] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-12-04 00:23] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-12-04 00:23] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2013-08-14 18:21] - [2013-07-08 00:12] - 0174592 ____A (Microsoft Corporation) 5AAC48EAF8EACF247DB44FB61B900D89

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-12-04 00:23] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

 

**** End of log ****



#8 superia

superia
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 08 September 2013 - 12:54 PM

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Inna (administrator) on 08-09-2013 at 13:50:49
Running from "C:\Users\Inna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HUAWXTY2"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® Wireless WiFi Link 5100 = Wireless Network Connection (Connected)
Broadcom NetLink ™ Fast Ethernet = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled mldversion=version2

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Inna-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : cfl.rr.com

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Fast Ethernet
   Physical Address. . . . . . . . . : 00-23-54-83-74-1F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : cfl.rr.com
   Description . . . . . . . . . . . : Intel® Wireless WiFi Link 5100
   Physical Address. . . . . . . . . : 00-21-6B-D2-4C-72
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bd9d:18cd:c995:9a0%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, September 08, 2013 12:55:37 PM
   Lease Expires . . . . . . . . . . : Monday, September 09, 2013 12:55:37 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 268444011
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-25-25-6A-00-23-54-83-74-1F
   DNS Servers . . . . . . . . . . . : 65.32.5.111
                                       65.32.5.112
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{23A9C6DC-A202-443D-800D-47DF31F35371}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : cfl.rr.com
   Description . . . . . . . . . . . : isatap.cfl.rr.com
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:24c7:21fc:3f57:fe99(Preferred)
   Link-local IPv6 Address . . . . . : fe80::24c7:21fc:3f57:fe99%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{7EDED8F9-5CB6-44F7-AF92-62D4FE67CD7A}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns-redir-lb-01.tampabay.rr.com
Address:  65.32.5.111

Name:    google.com
Addresses:  2607:f8b0:4008:800::1007
   173.194.37.131
   173.194.37.132
   173.194.37.133
   173.194.37.134
   173.194.37.135
   173.194.37.136
   173.194.37.137
   173.194.37.142
   173.194.37.128
   173.194.37.129
   173.194.37.130

 

Pinging google.com [74.125.229.160] with 32 bytes of data:

Reply from 74.125.229.160: bytes=32 time=48ms TTL=50

Reply from 74.125.229.160: bytes=32 time=45ms TTL=50

 

Ping statistics for 74.125.229.160:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 45ms, Maximum = 48ms, Average = 46ms

Server:  dns-redir-lb-01.tampabay.rr.com
Address:  65.32.5.111

Name:    yahoo.com
Addresses:  206.190.36.45
   98.138.253.109
   98.139.183.24

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=130ms TTL=44

Reply from 206.190.36.45: bytes=32 time=87ms TTL=44

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 87ms, Maximum = 130ms, Average = 108ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 10 ...00 23 54 83 74 1f ...... Broadcom NetLink ™ Fast Ethernet
 11 ...00 21 6b d2 4c 72 ...... Intel® Wireless WiFi Link 5100
  1 ........................... Software Loopback Interface 1
 13 ...00 00 00 00 00 00 00 e0  isatap.{23A9C6DC-A202-443D-800D-47DF31F35371}
 17 ...00 00 00 00 00 00 00 e0  isatap.cfl.rr.com
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 14 ...00 00 00 00 00 00 00 e0  isatap.{7EDED8F9-5CB6-44F7-AF92-62D4FE67CD7A}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.102     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.102    281
    192.168.1.102  255.255.255.255         On-link     192.168.1.102    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.102    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.102    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.102    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     38 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     38 2001::/32                On-link
 12    286 2001:0:4137:9e76:24c7:21fc:3f57:fe99/128
                                    On-link
 11    281 fe80::/64                On-link
 12    286 fe80::/64                On-link
 12    286 fe80::24c7:21fc:3f57:fe99/128
                                    On-link
 11    281 fe80::bd9d:18cd:c995:9a0/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    286 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [44032] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/08/2013 00:42:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2013 02:30:42 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e02a1e, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3d16, exception code 0xc0000374, fault offset 0x00000000000acb17,
process id 0xcb4, application start time 0xExplorer.EXE0.

Error: (09/07/2013 02:28:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2013 11:24:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2013 01:38:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2013 07:05:17 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: d34
Start Time: 01ceaa683d3a3f50
Termination Time: 3788

Error: (09/05/2013 02:46:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2013 08:13:47 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19453, time stamp 0x51ef1692, faulting module rpbrowserrecordplugin.dll, version 1.0.1.57, time stamp 0x47d1f33b, exception code 0xc0000005, fault offset 0x00003d3c,
process id 0xcbc, application start time 0xiexplore.exe0.

Error: (09/03/2013 08:13:41 PM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6002.18005, time stamp 0x49e03333, faulting module TQUERY.DLL, version 7.0.6002.18005, time stamp 0x49e0422e, exception code 0xc0000005, fault offset 0x0000000000141be1,
process id 0xa50, application start time 0xSearchIndexer.exe0.

Error: (09/03/2013 06:37:51 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19453, time stamp 0x51ef1692, faulting module IEFRAME.dll, version 8.0.6001.19453, time stamp 0x51ef20e0, exception code 0xc0000005, fault offset 0x001a1fc9,
process id 0x1204, application start time 0xiexplore.exe0.

System errors:
=============
Error: (09/06/2013 03:28:35 AM) (Source: DCOM) (User: Inna-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Inna-PCInnaS-1-5-21-3865618270-1009007021-3218854865-1003LocalHost (Using LRPC)

Error: (09/06/2013 02:29:50 AM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/06/2013 02:29:50 AM) (Source: Service Control Manager) (User: )
Description: FsUsbExDisk%%1275

Error: (09/06/2013 02:29:47 AM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/06/2013 02:29:47 AM) (Source: Service Control Manager) (User: )
Description: FsUsbExDisk%%1275

Error: (09/06/2013 02:29:42 AM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/06/2013 02:29:42 AM) (Source: Service Control Manager) (User: )
Description: FsUsbExDisk%%1275

Error: (09/06/2013 02:29:39 AM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/06/2013 02:29:39 AM) (Source: Service Control Manager) (User: )
Description: FsUsbExDisk%%1275

Error: (09/06/2013 02:28:53 AM) (Source: Service Control Manager) (User: )
Description: FsUsbExService

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-06 02:29:50.514
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-06 02:29:50.137
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-06 02:29:47.348
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-06 02:29:46.975
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-06 02:29:42.550
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-06 02:29:42.185
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-06 02:29:39.648
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-06 02:29:39.243
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-29 17:54:23.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-29 17:54:23.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)
Broadcom Gigabit Integrated Controller (Version: 11.11.03)
Dolby Control Center (Version: 2.0.0706)
DownloadTerms (Version: 1.0)
Dropbox (Version: 2.0.26)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Deskjet All-In-One Software 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Solution Center 8.0 (Version: 8.0)
Intel® Graphics Media Accelerator Driver
Lenovo EasyCamera Driver Package v11.74.1024
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Motorola SM56 Speakerphone Modem
MyFreeCodec
Paint.NET v3.5.10 (Version: 3.60.0)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0)
Synaptics Pointing Device Driver (Version: 11.1.7.1)
Windows Driver Package - Lenovo (ACPIVPC) System  (01/03/2008 3.1.0.1) (Version: 01/03/2008 3.1.0.1)

========================= Devices: ================================

Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 4029.92 MB
Available physical RAM: 1615.36 MB
Total Pagefile: 8269.13 MB
Available Pagefile: 5808.67 MB
Total Virtual: 4095.88 MB
Available Virtual: 3995.51 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:188.94 GB) (Free:63.83 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:29.19 GB) (Free:21.02 GB) NTFS

========================= Users: ========================================

User accounts for \\INNA-PC

Administrator            Guest                    Inna                    

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

05-09-2013 21:14:16 Scheduled Checkpoint
06-09-2013 06:30:43 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Universal Serial Bus controllers
06-09-2013 06:31:20 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Ports (COM & LPT)
06-09-2013 06:32:17 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Modems
06-09-2013 06:33:19 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Universal Serial Bus controllers
06-09-2013 06:34:04 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Modems
06-09-2013 06:34:59 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Ports (COM & LPT)
06-09-2013 06:36:05 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Universal Serial Bus controllers
06-09-2013 06:36:49 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.
06-09-2013 06:37:38 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Modems
06-09-2013 06:38:25 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Network adapters
06-09-2013 06:39:11 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Ports (COM & LPT)
06-09-2013 06:40:50 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.
06-09-2013 06:41:06 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Universal Serial Bus controllers
06-09-2013 06:41:54 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Ports (COM & LPT)
06-09-2013 06:42:38 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Modems
06-09-2013 06:43:30 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Portable Devices
06-09-2013 06:44:16 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Network adapters
06-09-2013 06:45:01 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Ports (COM & LPT)
06-09-2013 06:45:49 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Network adapters
06-09-2013 06:46:40 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Ports (COM & LPT)
06-09-2013 06:47:33 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.
06-09-2013 06:48:22 Device Driver Package Install: SAMSUNG Electronics Co., Ltd. Universal Serial Bus controllers
06-09-2013 06:49:24 Device Driver Package Install: SAMSUNG Electronics Co., Ltd. Network adapters
06-09-2013 06:50:10 Device Driver Package Install: SAMSUNG Electronics Co., Ltd.  Universal Serial Bus controllers
06-09-2013 06:51:32 Device Driver Package Install: SAMSUNG Electronics Co., Ltd. Universal Serial Bus controllers
07-09-2013 18:39:54 Windows Update

**** End of log ****



#9 superia

superia
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 08 September 2013 - 12:57 PM

The only thing is i couldn't save it to desktop, it didn't give me that option. so al these programs saved somewhere... i think temporary folder. but im not sure



#10 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:38 PM

Posted 08 September 2013 - 02:14 PM

Hi

 

there is no way to keep? everything would be deleted?

- I don't understand your question. Please rephrase?

 

The only thing is i couldn't save it to desktop, it didn't give me that option. so al these programs saved somewhere... i think temporary folder. but im not sure

Ok thanks for letting us know.

 

I'm away until this Tuesday GMT, and aim to get back to you with the next steps then.


Edited by dev00790, 08 September 2013 - 02:14 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#11 superia

superia
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 08 September 2013 - 04:23 PM

ok)))thank you :bananas:



#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:38 PM

Posted 09 September 2013 - 02:48 PM

Vista

 

Hi

 

Firstly please answer my question below:

 

 

there is no way to keep? everything would be deleted?

 

- I don't understand your question. Please rephrase?

 

Then do the following next:

 

:step1:
 
Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam-download.php to your desktop.
 

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

 
If requested by MBAM, restart the computer.
 
The log can also be found here:
C:\Users\<Username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
 
 
:step2:
 
I'd like us to scan your machine with ESET Online Scanner:
 
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
 
Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
       icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 
 
:step3:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 
:step4:
 
How is the computer running now?

 

 

 

 


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#13 superia

superia
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 12 September 2013 - 06:08 PM

I meant that i have fotos in my computer, i will not have to delete them?



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.12.09

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19453
Inna :: INNA-PC [administrator]

9/12/2013 5:22:44 PM
mbam-log-2013-09-12 (17-22-44).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 391235
Time elapsed: 1 hour(s), 26 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 17
HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916} (PUP.Optional.MixiDJToolbar.A) -> Quarantined and deleted successfully.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111271159} (PUP.CrossRider) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271159} (PUP.CrossRider) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D6A9BBF-402C-4301-B1EF-28D04F71D761} (PUP.Optional.MixiDJToolbar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19} (PUP.Optional.MixiDJToolbar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|bProtectTabs (PUP.Optional.BrowserProtect.A) -> Data: http://mixidj.delta-search.com/?affID=121149&tt=gc_&babsrc=NT_ss&mntrId=E2AA00235483741F -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Inna\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

Files Detected: 5
C:\Users\Inna\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\upgrade[1].cab (Adware.OneStep) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\upgrade[1].cab (Adware.OneStep) -> Quarantined and deleted successfully.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Users\Inna\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

(end)



#14 superia

superia
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 12 September 2013 - 06:37 PM

all of the ads still showing, and the other ads that show up as header of the page and also when clicking to link sometimes its open a quibids.com site instead of the link you need :ranting:  :ranting:  :ranting:  one of the ads that appear on the side appear but not always now. but i only did 1st step from 4. just want to give an update of how it goes



#15 superia

superia
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 12 September 2013 - 11:51 PM

and now i open website and few minutes later it updates to some random ads((((






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users