Jump to content

ping.exe rootkit


Recommended Posts

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Link to post
Share on other sites

Please download DDS from either of these links

LINK 1

LINK 2

and save it to your desktop.

  • Disable any script blocking protection
  • Right-click and Run as Administrator dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt

----------

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.

aswmbrscan.jpg

Click the image to enlarge it

----------

Link to post
Share on other sites

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450

Run by andrew at 18:20:51 on 2012-12-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6293 [GMT -8:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Ventrilo\Ventrilo.exe

C:\Program Files\ESEA\ESEA Client\eseaclient.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\steam\Steam.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe

C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT3220468

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

uRun: [steam] "C:\Program Files (x86)\steam\steam.exe" -silent

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{04463E4F-B44C-49F5-87EA-56BC2329B557} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{DCD015E6-B172-4ABD-81B3-6E978143EF13} : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

FF - ExtSQL: 2012-12-13 18:15; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi

.

============= SERVICES / DRIVERS ===============

.

R3 ESEADriver2;ESEADriver2;C:\Users\andrew\AppData\Local\Temp\ESEADriver2.sys [2012-12-2 91256]

R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;C:\Windows\System32\drivers\hidusbf.sys [2012-9-22 7808]

R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-11-15 152640]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-23 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-23 57856]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-2 1255736]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]

.

=============== Created Last 30 ================

.

2012-12-15 02:07:45 -------- d-----w- C:\ProgramData\Sophos

2012-12-15 02:07:42 73728 ----a-r- C:\Users\andrew\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-12-15 02:07:42 73728 ----a-r- C:\Users\andrew\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-12-15 02:07:42 73728 ----a-r- C:\Users\andrew\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-12-15 02:07:41 -------- d-----w- C:\Program Files (x86)\Sophos

2012-12-15 01:25:41 -------- d-----w- C:\Program Files (x86)\ESET

2012-12-14 21:40:14 -------- d-----w- C:\Program Files\ESEA

2012-12-13 11:59:04 -------- d-----w- C:\Program Files (x86)\steam

2012-12-13 06:55:46 -------- d-----w- C:\Program Files (x86)\csgosteam

2012-12-12 23:58:49 86016 ----a-w- C:\Windows\unvise32.exe

2012-12-12 23:58:45 -------- d-----w- C:\Sierra

2012-12-11 15:30:27 -------- d-----w- C:\Windows\Steam

2012-12-11 13:41:30 -------- d-----w- C:\Program Files\Wireshark

2012-12-11 13:34:39 -------- d-----w- C:\Program Files (x86)\WinPcap

2012-12-04 05:25:50 -------- d-----w- C:\Users\andrew\AppData\Roaming\OBS

2012-12-04 05:25:49 -------- d-----w- C:\Program Files (x86)\OBS

2012-12-02 18:45:56 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-12-02 18:45:56 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-12-02 18:45:56 6200680 ----a-w- C:\Windows\System32\nvcpl.dll

2012-12-02 18:45:56 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-12-02 18:45:56 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-12-02 18:45:56 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-12-02 18:45:23 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2012-11-28 02:51:50 -------- d-----w- C:\Program Files (x86)\GUMA537.tmp

2012-11-24 20:10:57 973672 ----a-w- C:\Windows\System32\nvumdshimx.dll

2012-11-24 20:10:57 68928 ----a-w- C:\Windows\System32\OpenCL.dll

2012-11-24 20:10:57 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-11-24 20:10:57 364352 ----a-w- C:\Windows\System32\nvdecodemft.dll

2012-11-24 20:10:57 301376 ----a-w- C:\Windows\SysWow64\nvdecodemft.dll

2012-11-24 20:10:57 2731880 ----a-w- C:\Windows\System32\nvapi64.dll

2012-11-24 20:10:57 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll

2012-11-24 20:10:57 1466176 ----a-w- C:\Windows\System32\nvgenco64.dll

2012-11-24 20:10:57 12501352 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll

2012-11-24 03:05:06 -------- d-----w- C:\Users\andrew\AppData\Roaming\LibreOffice

2012-11-24 03:04:09 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.6

2012-11-21 07:56:25 -------- d-sh--w- C:\$RECYCLE.BIN

2012-11-21 07:49:55 98816 ----a-w- C:\Windows\sed.exe

2012-11-21 07:49:55 256000 ----a-w- C:\Windows\PEV.exe

2012-11-21 07:49:55 208896 ----a-w- C:\Windows\MBR.exe

2012-11-21 07:49:52 -------- d-----w- C:\ComboFix-W723777C

2012-11-21 07:49:24 -------- d-----w- C:\ComboFix-W7

2012-11-17 13:25:00 -------- d-----r- C:\Program Files (x86)\Skype

.

==================== Find3M ====================

.

2012-11-28 02:47:32 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-28 02:47:32 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-03 13:22:51 7808 ----a-w- C:\Windows\System32\drivers\hidusbf.sys

2012-10-24 14:26:14 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll

2012-10-24 14:26:14 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll

2012-10-19 22:56:00 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-10-19 22:55:59 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-10-03 02:12:29 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-10-03 02:12:29 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-10-03 02:12:29 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-10-02 21:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-29 05:32:08 2177688 ----a-w- C:\Windows\System32\coin92.dll

.

============= FINISH: 18:21:35.08 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/2/2012 7:04:49 PM

System Uptime: 12/13/2012 10:28:27 AM (32 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | M68MT-S2

Processor: AMD FX-4100 Quad-Core Processor | Socket M2 | 3616/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 848.289 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

µTorrent

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI

CCleaner

Core Temp 1.0 RC3

Counter-Strike

Counter-Strike: Global Offensive

DivX-Setup

ESET Online Scanner v3

FFsplit version Alpha

Google Chrome

Google Update Helper

Java 7 Update 7 (64-bit)

LibreOffice 3.6

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Silverlight

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

NVIDIA 3D Vision Controller Driver 306.97

NVIDIA 3D Vision Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA Drivers

NVIDIA Graphics Driver 306.97

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0604

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.10.8

NVIDIA Update Components

Open Broadcaster Software version 0.448a

POD-Bot 2.5

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 6.0

Sophos Virus Removal Tool

Source SDK Base 2007

SpeedFan (remove only)

Steam

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

VC80CRTRedist - 8.0.50727.6195

Ventrilo Client

VLC media player 2.0.3

WinRAR 4.20 (64-bit)

XSplit

.

==== Event Viewer Messages From Past Week ========

.

12/14/2012 9:17:39 AM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/14/2012 5:23:59 PM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).

12/13/2012 6:56:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

12/13/2012 6:56:31 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/13/2012 5:50:47 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

12/12/2012 9:58:58 PM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/12/2012 9:58:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

12/12/2012 6:25:21 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

12/12/2012 10:43:37 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/12/2012 10:40:19 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/12/2012 10:40:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/12/2012 10:39:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

12/10/2012 8:00:04 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

.

==== End Of File ===========================

TDSS

18:29:27.0167 3192 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

18:29:27.0487 3192 ============================================================

18:29:27.0487 3192 Current date / time: 2012/12/14 18:29:27.0487

18:29:27.0487 3192 SystemInfo:

18:29:27.0487 3192

18:29:27.0487 3192 OS Version: 6.1.7601 ServicePack: 1.0

18:29:27.0487 3192 Product type: Workstation

18:29:27.0487 3192 ComputerName: ANDREW-PC

18:29:27.0487 3192 UserName: andrew

18:29:27.0487 3192 Windows directory: C:\Windows

18:29:27.0487 3192 System windows directory: C:\Windows

18:29:27.0487 3192 Running under WOW64

18:29:27.0487 3192 Processor architecture: Intel x64

18:29:27.0487 3192 Number of processors: 4

18:29:27.0487 3192 Page size: 0x1000

18:29:27.0487 3192 Boot type: Normal boot

18:29:27.0487 3192 ============================================================

18:29:30.0637 3192 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

18:29:30.0647 3192 ============================================================

18:29:30.0647 3192 \Device\Harddisk0\DR0:

18:29:30.0667 3192 MBR partitions:

18:29:30.0667 3192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

18:29:30.0667 3192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800

18:29:30.0667 3192 ============================================================

18:29:30.0797 3192 C: <-> \Device\Harddisk0\DR0\Partition2

18:29:30.0797 3192 ============================================================

18:29:30.0797 3192 Initialize success

18:29:30.0797 3192 ============================================================

18:29:35.0547 2600 ============================================================

18:29:35.0547 2600 Scan started

18:29:35.0547 2600 Mode: Manual; SigCheck; TDLFS;

18:29:35.0547 2600 ============================================================

18:29:37.0007 2600 ================ Scan system memory ========================

18:29:37.0007 2600 System memory - ok

18:29:37.0007 2600 ================ Scan services =============================

18:29:38.0327 2600 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

18:29:38.0867 2600 1394ohci - ok

18:29:38.0957 2600 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

18:29:38.0987 2600 ACPI - ok

18:29:39.0087 2600 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

18:29:39.0407 2600 AcpiPmi - ok

18:29:39.0637 2600 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

18:29:39.0667 2600 AdobeARMservice - ok

18:29:39.0767 2600 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

18:29:39.0787 2600 adp94xx - ok

18:29:39.0897 2600 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

18:29:39.0927 2600 adpahci - ok

18:29:40.0017 2600 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

18:29:40.0037 2600 adpu320 - ok

18:29:40.0077 2600 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

18:29:41.0337 2600 AeLookupSvc - ok

18:29:41.0457 2600 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

18:29:41.0527 2600 AFD - ok

18:29:41.0607 2600 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

18:29:41.0617 2600 agp440 - ok

18:29:41.0677 2600 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

18:29:41.0787 2600 ALG - ok

18:29:41.0837 2600 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

18:29:41.0857 2600 aliide - ok

18:29:42.0247 2600 ALSysIO - ok

18:29:42.0327 2600 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

18:29:42.0337 2600 amdide - ok

18:29:42.0387 2600 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

18:29:42.0477 2600 AmdK8 - ok

18:29:42.0527 2600 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

18:29:42.0557 2600 AmdPPM - ok

18:29:42.0597 2600 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

18:29:42.0607 2600 amdsata - ok

18:29:42.0677 2600 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

18:29:42.0707 2600 amdsbs - ok

18:29:42.0747 2600 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

18:29:42.0757 2600 amdxata - ok

18:29:42.0867 2600 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

18:29:44.0857 2600 AppID - ok

18:29:44.0907 2600 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

18:29:44.0957 2600 AppIDSvc - ok

18:29:45.0027 2600 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

18:29:45.0067 2600 Appinfo - ok

18:29:45.0257 2600 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

18:29:45.0267 2600 arc - ok

18:29:45.0297 2600 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

18:29:45.0307 2600 arcsas - ok

18:29:45.0837 2600 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

18:29:45.0847 2600 aspnet_state - ok

18:29:45.0907 2600 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

18:29:45.0957 2600 AsyncMac - ok

18:29:46.0037 2600 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

18:29:46.0037 2600 atapi - ok

18:29:46.0217 2600 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

18:29:46.0317 2600 AudioEndpointBuilder - ok

18:29:46.0377 2600 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

18:29:46.0417 2600 AudioSrv - ok

18:29:46.0587 2600 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

18:29:46.0877 2600 AxInstSV - ok

18:29:46.0997 2600 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

18:29:47.0097 2600 b06bdrv - ok

18:29:47.0227 2600 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

18:29:47.0307 2600 b57nd60a - ok

18:29:47.0387 2600 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

18:29:47.0447 2600 BDESVC - ok

18:29:47.0537 2600 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

18:29:47.0617 2600 Beep - ok

18:29:47.0827 2600 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

18:29:47.0917 2600 BFE - ok

18:29:48.0017 2600 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

18:29:48.0107 2600 BITS - ok

18:29:48.0157 2600 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

18:29:48.0217 2600 blbdrive - ok

18:29:48.0337 2600 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

18:29:48.0367 2600 bowser - ok

18:29:48.0437 2600 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:29:48.0837 2600 BrFiltLo - ok

18:29:48.0867 2600 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:29:48.0897 2600 BrFiltUp - ok

18:29:49.0057 2600 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

18:29:49.0117 2600 BridgeMP - ok

18:29:49.0187 2600 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

18:29:49.0337 2600 Browser - ok

18:29:49.0397 2600 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

18:29:49.0537 2600 Brserid - ok

18:29:49.0597 2600 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

18:29:49.0647 2600 BrSerWdm - ok

18:29:49.0667 2600 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

18:29:49.0697 2600 BrUsbMdm - ok

18:29:49.0737 2600 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

18:29:49.0747 2600 BrUsbSer - ok

18:29:49.0777 2600 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

18:29:49.0847 2600 BTHMODEM - ok

18:29:49.0927 2600 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

18:29:49.0987 2600 bthserv - ok

18:29:50.0017 2600 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

18:29:50.0087 2600 cdfs - ok

18:29:50.0217 2600 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

18:29:50.0267 2600 cdrom - ok

18:29:50.0367 2600 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

18:29:50.0417 2600 CertPropSvc - ok

18:29:50.0557 2600 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

18:29:50.0607 2600 circlass - ok

18:29:50.0707 2600 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

18:29:50.0747 2600 CLFS - ok

18:29:51.0027 2600 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:29:51.0037 2600 clr_optimization_v2.0.50727_32 - ok

18:29:51.0177 2600 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:29:51.0177 2600 clr_optimization_v2.0.50727_64 - ok

18:29:51.0797 2600 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:29:51.0807 2600 clr_optimization_v4.0.30319_32 - ok

18:29:52.0097 2600 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:29:52.0107 2600 clr_optimization_v4.0.30319_64 - ok

18:29:52.0187 2600 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

18:29:52.0197 2600 CmBatt - ok

18:29:52.0247 2600 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

18:29:52.0277 2600 cmdide - ok

18:29:52.0427 2600 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

18:29:52.0477 2600 CNG - ok

18:29:52.0557 2600 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

18:29:52.0567 2600 Compbatt - ok

18:29:52.0637 2600 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

18:29:52.0687 2600 CompositeBus - ok

18:29:52.0727 2600 COMSysApp - ok

18:29:52.0777 2600 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

18:29:52.0787 2600 crcdisk - ok

18:29:52.0907 2600 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

18:29:52.0987 2600 CryptSvc - ok

18:29:53.0147 2600 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

18:29:53.0217 2600 DcomLaunch - ok

18:29:53.0287 2600 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

18:29:53.0367 2600 defragsvc - ok

18:29:53.0437 2600 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

18:29:53.0497 2600 DfsC - ok

18:29:53.0747 2600 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

18:29:53.0847 2600 Dhcp - ok

18:29:53.0907 2600 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

18:29:53.0967 2600 discache - ok

18:29:54.0097 2600 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

18:29:54.0107 2600 Disk - ok

18:29:54.0187 2600 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

18:29:54.0287 2600 Dnscache - ok

18:29:54.0447 2600 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

18:29:54.0517 2600 dot3svc - ok

18:29:54.0617 2600 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

18:29:54.0847 2600 DPS - ok

18:29:54.0937 2600 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

18:29:54.0967 2600 drmkaud - ok

18:29:55.0157 2600 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

18:29:55.0217 2600 DXGKrnl - ok

18:29:55.0267 2600 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

18:29:55.0357 2600 EapHost - ok

18:29:55.0957 2600 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

18:29:56.0047 2600 ebdrv - ok

18:29:56.0097 2600 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

18:29:56.0197 2600 EFS - ok

18:29:56.0677 2600 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

18:29:56.0867 2600 ehRecvr - ok

18:29:56.0937 2600 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

18:29:57.0087 2600 ehSched - ok

18:29:57.0267 2600 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

18:29:57.0307 2600 elxstor - ok

18:29:57.0347 2600 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

18:29:57.0397 2600 ErrDev - ok

18:29:57.0587 2600 [ 3A4C143CF035D324B55993070ECA9A31 ] ESEADriver2 C:\Users\andrew\AppData\Local\Temp\ESEADriver2.sys

18:29:57.0637 2600 ESEADriver2 - ok

18:29:57.0797 2600 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

18:29:57.0857 2600 EventSystem - ok

18:29:57.0947 2600 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

18:29:58.0007 2600 exfat - ok

18:29:58.0047 2600 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

18:29:58.0117 2600 fastfat - ok

18:29:58.0467 2600 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

18:29:58.0607 2600 Fax - ok

18:29:58.0697 2600 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

18:29:58.0747 2600 fdc - ok

18:29:58.0867 2600 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

18:29:58.0967 2600 fdPHost - ok

18:29:59.0047 2600 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

18:29:59.0127 2600 FDResPub - ok

18:29:59.0147 2600 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

18:29:59.0157 2600 FileInfo - ok

18:29:59.0197 2600 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

18:29:59.0307 2600 Filetrace - ok

18:29:59.0387 2600 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

18:29:59.0397 2600 flpydisk - ok

18:29:59.0557 2600 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

18:29:59.0597 2600 FltMgr - ok

18:29:59.0857 2600 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

18:30:00.0017 2600 FontCache - ok

18:30:00.0257 2600 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:30:00.0267 2600 FontCache3.0.0.0 - ok

18:30:00.0337 2600 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

18:30:00.0347 2600 FsDepends - ok

18:30:00.0387 2600 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

18:30:00.0397 2600 Fs_Rec - ok

18:30:00.0527 2600 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

18:30:00.0547 2600 fvevol - ok

18:30:00.0657 2600 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

18:30:00.0667 2600 gagp30kx - ok

18:30:00.0867 2600 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

18:30:00.0937 2600 gpsvc - ok

18:30:01.0037 2600 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:30:01.0067 2600 gupdate - ok

18:30:01.0067 2600 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:30:01.0077 2600 gupdatem - ok

18:30:01.0107 2600 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

18:30:01.0217 2600 hcw85cir - ok

18:30:01.0327 2600 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

18:30:01.0387 2600 HdAudAddService - ok

18:30:01.0427 2600 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

18:30:01.0487 2600 HDAudBus - ok

18:30:01.0527 2600 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

18:30:01.0577 2600 HidBatt - ok

18:30:01.0617 2600 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

18:30:01.0687 2600 HidBth - ok

18:30:01.0727 2600 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

18:30:01.0747 2600 HidIr - ok

18:30:01.0777 2600 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

18:30:01.0847 2600 hidserv - ok

18:30:01.0887 2600 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

18:30:01.0897 2600 HidUsb - ok

18:30:01.0987 2600 [ 96B69CEFDCDA4F6A2DB84D9DC99A864A ] hidusbf C:\Windows\system32\DRIVERS\hidusbf.sys

18:30:01.0997 2600 hidusbf - ok

18:30:02.0037 2600 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

18:30:02.0147 2600 hkmsvc - ok

18:30:02.0167 2600 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

18:30:02.0247 2600 HomeGroupListener - ok

18:30:02.0317 2600 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

18:30:02.0367 2600 HomeGroupProvider - ok

18:30:02.0417 2600 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

18:30:02.0427 2600 HpSAMD - ok

18:30:02.0567 2600 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

18:30:02.0657 2600 HTTP - ok

18:30:02.0697 2600 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

18:30:02.0707 2600 hwpolicy - ok

18:30:02.0727 2600 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

18:30:02.0737 2600 i8042prt - ok

18:30:02.0827 2600 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

18:30:02.0887 2600 iaStorV - ok

18:30:02.0997 2600 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:30:03.0017 2600 idsvc - ok

18:30:03.0087 2600 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

18:30:03.0097 2600 iirsp - ok

18:30:03.0277 2600 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

18:30:03.0397 2600 IKEEXT - ok

18:30:03.0407 2600 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

18:30:03.0417 2600 intelide - ok

18:30:03.0467 2600 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

18:30:03.0507 2600 intelppm - ok

18:30:03.0537 2600 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

18:30:03.0587 2600 IPBusEnum - ok

18:30:03.0647 2600 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:30:03.0707 2600 IpFilterDriver - ok

18:30:03.0767 2600 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

18:30:03.0857 2600 iphlpsvc - ok

18:30:03.0887 2600 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

18:30:03.0987 2600 IPMIDRV - ok

18:30:04.0027 2600 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

18:30:04.0077 2600 IPNAT - ok

18:30:04.0117 2600 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

18:30:04.0387 2600 IRENUM - ok

18:30:04.0407 2600 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

18:30:04.0417 2600 isapnp - ok

18:30:04.0467 2600 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

18:30:04.0477 2600 iScsiPrt - ok

18:30:04.0517 2600 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

18:30:04.0527 2600 kbdclass - ok

18:30:04.0557 2600 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

18:30:04.0587 2600 kbdhid - ok

18:30:04.0597 2600 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

18:30:04.0607 2600 KeyIso - ok

18:30:04.0647 2600 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

18:30:04.0667 2600 KSecDD - ok

18:30:04.0677 2600 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

18:30:04.0717 2600 KSecPkg - ok

18:30:04.0757 2600 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

18:30:04.0817 2600 ksthunk - ok

18:30:05.0017 2600 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

18:30:05.0107 2600 KtmRm - ok

18:30:05.0187 2600 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

18:30:05.0247 2600 LanmanServer - ok

18:30:05.0277 2600 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

18:30:05.0377 2600 LanmanWorkstation - ok

18:30:05.0457 2600 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

18:30:05.0497 2600 lltdio - ok

18:30:05.0577 2600 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

18:30:05.0647 2600 lltdsvc - ok

18:30:05.0677 2600 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

18:30:05.0717 2600 lmhosts - ok

18:30:05.0747 2600 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

18:30:05.0757 2600 LSI_FC - ok

18:30:05.0817 2600 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

18:30:05.0827 2600 LSI_SAS - ok

18:30:05.0877 2600 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:30:05.0967 2600 LSI_SAS2 - ok

18:30:06.0037 2600 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:30:06.0047 2600 LSI_SCSI - ok

18:30:06.0067 2600 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

18:30:06.0137 2600 luafv - ok

18:30:06.0167 2600 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

18:30:06.0227 2600 Mcx2Svc - ok

18:30:06.0237 2600 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

18:30:06.0247 2600 megasas - ok

18:30:06.0277 2600 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

18:30:06.0297 2600 MegaSR - ok

18:30:06.0327 2600 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

18:30:06.0397 2600 MMCSS - ok

18:30:06.0417 2600 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

18:30:06.0477 2600 Modem - ok

18:30:06.0517 2600 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

18:30:06.0567 2600 monitor - ok

18:30:06.0627 2600 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

18:30:06.0647 2600 mouclass - ok

18:30:06.0707 2600 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

18:30:06.0717 2600 mouhid - ok

18:30:06.0837 2600 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

18:30:06.0877 2600 mountmgr - ok

18:30:06.0957 2600 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

18:30:06.0977 2600 MozillaMaintenance - ok

18:30:07.0007 2600 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

18:30:07.0027 2600 mpio - ok

18:30:07.0077 2600 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

18:30:07.0107 2600 mpsdrv - ok

18:30:07.0147 2600 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

18:30:07.0227 2600 MpsSvc - ok

18:30:07.0297 2600 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

18:30:07.0337 2600 MRxDAV - ok

18:30:07.0387 2600 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

18:30:07.0457 2600 mrxsmb - ok

18:30:07.0477 2600 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:30:07.0527 2600 mrxsmb10 - ok

18:30:07.0547 2600 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:30:07.0567 2600 mrxsmb20 - ok

18:30:07.0587 2600 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

18:30:07.0587 2600 msahci - ok

18:30:07.0617 2600 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

18:30:07.0647 2600 msdsm - ok

18:30:07.0667 2600 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

18:30:07.0717 2600 MSDTC - ok

18:30:07.0757 2600 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

18:30:07.0787 2600 Msfs - ok

18:30:07.0817 2600 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

18:30:07.0897 2600 mshidkmdf - ok

18:30:07.0937 2600 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

18:30:07.0947 2600 msisadrv - ok

18:30:08.0007 2600 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

18:30:08.0077 2600 MSiSCSI - ok

18:30:08.0087 2600 msiserver - ok

18:30:08.0127 2600 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

18:30:08.0187 2600 MSKSSRV - ok

18:30:08.0217 2600 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

18:30:08.0257 2600 MSPCLOCK - ok

18:30:08.0297 2600 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

18:30:08.0337 2600 MSPQM - ok

18:30:08.0467 2600 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

18:30:08.0517 2600 MsRPC - ok

18:30:08.0697 2600 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

18:30:08.0707 2600 mssmbios - ok

18:30:08.0767 2600 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

18:30:08.0827 2600 MSTEE - ok

18:30:08.0877 2600 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

18:30:08.0967 2600 MTConfig - ok

18:30:09.0027 2600 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

18:30:09.0037 2600 Mup - ok

18:30:09.0117 2600 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

18:30:09.0187 2600 napagent - ok

18:30:09.0317 2600 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

18:30:09.0417 2600 NativeWifiP - ok

18:30:09.0557 2600 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

18:30:09.0597 2600 NDIS - ok

18:30:09.0637 2600 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

18:30:09.0697 2600 NdisCap - ok

18:30:09.0747 2600 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

18:30:09.0797 2600 NdisTapi - ok

18:30:09.0857 2600 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

18:30:09.0907 2600 Ndisuio - ok

18:30:09.0967 2600 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

18:30:10.0017 2600 NdisWan - ok

18:30:10.0067 2600 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

18:30:10.0097 2600 NDProxy - ok

18:30:10.0157 2600 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

18:30:10.0207 2600 NetBIOS - ok

18:30:10.0307 2600 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

18:30:10.0367 2600 NetBT - ok

18:30:10.0387 2600 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

18:30:10.0397 2600 Netlogon - ok

18:30:10.0577 2600 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

18:30:10.0677 2600 Netman - ok

18:30:10.0767 2600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:30:10.0777 2600 NetMsmqActivator - ok

18:30:10.0817 2600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:30:10.0827 2600 NetPipeActivator - ok

18:30:10.0937 2600 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

18:30:11.0057 2600 netprofm - ok

18:30:11.0147 2600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:30:11.0157 2600 NetTcpActivator - ok

18:30:11.0177 2600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:30:11.0187 2600 NetTcpPortSharing - ok

18:30:11.0267 2600 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

18:30:11.0277 2600 nfrd960 - ok

18:30:11.0407 2600 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

18:30:11.0467 2600 NlaSvc - ok

18:30:11.0487 2600 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

18:30:11.0517 2600 Npfs - ok

18:30:11.0547 2600 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

18:30:11.0647 2600 nsi - ok

18:30:11.0687 2600 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

18:30:11.0737 2600 nsiproxy - ok

18:30:11.0927 2600 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

18:30:11.0977 2600 Ntfs - ok

18:30:12.0017 2600 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

18:30:12.0077 2600 Null - ok

18:30:12.0157 2600 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys

18:30:12.0197 2600 NVENETFD - ok

18:30:12.0277 2600 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

18:30:12.0307 2600 NVHDA - ok

18:30:15.0107 2600 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

18:30:15.0507 2600 nvlddmkm - ok

18:30:15.0657 2600 [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys

18:30:15.0667 2600 NVNET - ok

18:30:15.0737 2600 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

18:30:15.0757 2600 nvraid - ok

18:30:15.0827 2600 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

18:30:15.0837 2600 nvstor - ok

18:30:16.0007 2600 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe

18:30:16.0057 2600 nvsvc - ok

18:30:16.0457 2600 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

18:30:16.0567 2600 nvUpdatusService - ok

18:30:16.0657 2600 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

18:30:16.0687 2600 nv_agp - ok

18:30:16.0727 2600 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

18:30:16.0737 2600 ohci1394 - ok

18:30:16.0887 2600 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

18:30:16.0997 2600 p2pimsvc - ok

18:30:17.0147 2600 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

18:30:17.0177 2600 p2psvc - ok

18:30:17.0247 2600 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

18:30:17.0367 2600 Parport - ok

18:30:17.0407 2600 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

18:30:17.0417 2600 partmgr - ok

18:30:17.0487 2600 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

18:30:17.0567 2600 PcaSvc - ok

18:30:17.0627 2600 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

18:30:17.0647 2600 pci - ok

18:30:17.0697 2600 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

18:30:17.0707 2600 pciide - ok

18:30:17.0787 2600 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

18:30:17.0797 2600 pcmcia - ok

18:30:17.0827 2600 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

18:30:17.0837 2600 pcw - ok

18:30:17.0967 2600 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

18:30:18.0047 2600 PEAUTH - ok

18:30:20.0497 2600 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

18:30:20.0627 2600 PerfHost - ok

18:30:20.0997 2600 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

18:30:21.0257 2600 pla - ok

18:30:21.0587 2600 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

18:30:21.0757 2600 PlugPlay - ok

18:30:21.0997 2600 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

18:30:22.0047 2600 PNRPAutoReg - ok

18:30:22.0197 2600 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

18:30:22.0207 2600 PNRPsvc - ok

18:30:22.0307 2600 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

18:30:22.0487 2600 PolicyAgent - ok

18:30:22.0637 2600 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

18:30:22.0777 2600 Power - ok

18:30:22.0867 2600 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

18:30:22.0897 2600 PptpMiniport - ok

18:30:23.0007 2600 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

18:30:23.0107 2600 Processor - ok

18:30:23.0277 2600 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

18:30:23.0487 2600 ProfSvc - ok

18:30:23.0507 2600 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

18:30:23.0517 2600 ProtectedStorage - ok

18:30:23.0757 2600 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

18:30:23.0877 2600 Psched - ok

18:30:24.0127 2600 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

18:30:24.0197 2600 ql2300 - ok

18:30:24.0287 2600 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

18:30:24.0297 2600 ql40xx - ok

18:30:24.0397 2600 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

18:30:24.0457 2600 QWAVE - ok

18:30:24.0517 2600 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

18:30:24.0537 2600 QWAVEdrv - ok

18:30:24.0567 2600 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

18:30:24.0637 2600 RasAcd - ok

18:30:24.0767 2600 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

18:30:24.0817 2600 RasAgileVpn - ok

18:30:24.0887 2600 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

18:30:25.0037 2600 RasAuto - ok

18:30:25.0147 2600 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

18:30:25.0297 2600 Rasl2tp - ok

18:30:25.0417 2600 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

18:30:25.0487 2600 RasMan - ok

18:30:25.0617 2600 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

18:30:25.0667 2600 RasPppoe - ok

18:30:25.0717 2600 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

18:30:25.0777 2600 RasSstp - ok

18:30:25.0907 2600 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

18:30:25.0977 2600 rdbss - ok

18:30:26.0007 2600 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

18:30:26.0277 2600 rdpbus - ok

18:30:26.0297 2600 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

18:30:26.0397 2600 RDPCDD - ok

18:30:26.0517 2600 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

18:30:27.0087 2600 RDPENCDD - ok

18:30:27.0157 2600 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

18:30:27.0187 2600 RDPREFMP - ok

18:30:27.0567 2600 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

18:30:27.0917 2600 RdpVideoMiniport - ok

18:30:28.0027 2600 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

18:30:28.0087 2600 RDPWD - ok

18:30:28.0167 2600 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

18:30:28.0187 2600 rdyboost - ok

18:30:28.0227 2600 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

18:30:28.0297 2600 RemoteAccess - ok

18:30:28.0387 2600 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

18:30:28.0497 2600 RemoteRegistry - ok

18:30:28.0597 2600 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

18:30:28.0737 2600 RpcEptMapper - ok

18:30:28.0787 2600 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

18:30:28.0967 2600 RpcLocator - ok

18:30:29.0117 2600 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

18:30:29.0147 2600 RpcSs - ok

18:30:29.0367 2600 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

18:30:29.0397 2600 rspndr - ok

18:30:29.0437 2600 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

18:30:29.0447 2600 SamSs - ok

18:30:29.0507 2600 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

18:30:29.0527 2600 sbp2port - ok

18:30:29.0607 2600 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

18:30:29.0637 2600 SCardSvr - ok

18:30:29.0667 2600 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

18:30:29.0717 2600 scfilter - ok

18:30:29.0877 2600 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

18:30:29.0947 2600 Schedule - ok

18:30:29.0987 2600 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

18:30:30.0017 2600 SCPolicySvc - ok

18:30:30.0097 2600 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

18:30:30.0157 2600 SDRSVC - ok

18:30:30.0247 2600 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

18:30:30.0277 2600 secdrv - ok

18:30:30.0327 2600 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

18:30:30.0367 2600 seclogon - ok

18:30:30.0457 2600 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

18:30:30.0507 2600 SENS - ok

18:30:30.0607 2600 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

18:30:30.0707 2600 SensrSvc - ok

18:30:30.0767 2600 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

18:30:30.0827 2600 Serenum - ok

18:30:30.0887 2600 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

18:30:30.0937 2600 Serial - ok

18:30:31.0007 2600 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

18:30:31.0057 2600 sermouse - ok

18:30:31.0127 2600 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

18:30:31.0237 2600 SessionEnv - ok

18:30:31.0297 2600 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

18:30:31.0367 2600 sffdisk - ok

18:30:31.0407 2600 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

18:30:32.0127 2600 sffp_mmc - ok

18:30:32.0137 2600 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

18:30:32.0177 2600 sffp_sd - ok

18:30:32.0217 2600 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

18:30:32.0217 2600 sfloppy - ok

18:30:32.0427 2600 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

18:30:32.0477 2600 SharedAccess - ok

18:30:32.0527 2600 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

18:30:32.0597 2600 ShellHWDetection - ok

18:30:32.0677 2600 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:30:32.0687 2600 SiSRaid2 - ok

18:30:32.0697 2600 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

18:30:32.0697 2600 SiSRaid4 - ok

18:30:32.0787 2600 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

18:30:32.0797 2600 SkypeUpdate - ok

18:30:32.0837 2600 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

18:30:32.0887 2600 Smb - ok

18:30:32.0947 2600 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

18:30:33.0007 2600 SNMPTRAP - ok

18:30:33.0137 2600 [ 16843898A803FA968EE294AAFF8E8208 ] SophosVirusRemovalTool C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe

18:30:33.0147 2600 SophosVirusRemovalTool - ok

18:30:33.0227 2600 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys

18:30:33.0247 2600 speedfan - ok

18:30:33.0287 2600 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

18:30:33.0287 2600 spldr - ok

18:30:33.0337 2600 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

18:30:33.0367 2600 Spooler - ok

18:30:33.0567 2600 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

18:30:33.0707 2600 sppsvc - ok

18:30:33.0747 2600 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

18:30:33.0817 2600 sppuinotify - ok

18:30:33.0877 2600 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

18:30:33.0967 2600 srv - ok

18:30:33.0997 2600 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

18:30:34.0027 2600 srv2 - ok

18:30:34.0087 2600 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

18:30:34.0107 2600 srvnet - ok

18:30:34.0177 2600 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

18:30:34.0247 2600 SSDPSRV - ok

18:30:34.0267 2600 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

18:30:34.0307 2600 SstpSvc - ok

18:30:34.0377 2600 Steam Client Service - ok

18:30:34.0487 2600 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

18:30:34.0527 2600 Stereo Service - ok

18:30:34.0567 2600 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

18:30:34.0577 2600 stexstor - ok

18:30:34.0647 2600 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

18:30:34.0687 2600 stisvc - ok

18:30:34.0697 2600 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

18:30:34.0717 2600 swenum - ok

18:30:34.0767 2600 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

18:30:34.0837 2600 swprv - ok

18:30:34.0997 2600 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

18:30:35.0087 2600 SysMain - ok

18:30:35.0127 2600 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

18:30:35.0157 2600 TabletInputService - ok

18:30:35.0217 2600 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

18:30:35.0277 2600 TapiSrv - ok

18:30:35.0297 2600 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

18:30:35.0347 2600 TBS - ok

18:30:35.0567 2600 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

18:30:35.0647 2600 Tcpip - ok

18:30:35.0737 2600 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

18:30:35.0767 2600 TCPIP6 - ok

18:30:35.0807 2600 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

18:30:35.0857 2600 tcpipreg - ok

18:30:35.0877 2600 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

18:30:35.0957 2600 TDPIPE - ok

18:30:36.0007 2600 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

18:30:36.0047 2600 TDTCP - ok

18:30:36.0117 2600 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

18:30:36.0147 2600 tdx - ok

18:30:36.0167 2600 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

18:30:36.0177 2600 TermDD - ok

18:30:36.0217 2600 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

18:30:36.0347 2600 TermService - ok

18:30:36.0427 2600 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

18:30:36.0547 2600 Themes - ok

18:30:36.0567 2600 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

18:30:36.0597 2600 THREADORDER - ok

18:30:36.0647 2600 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

18:30:36.0747 2600 TrkWks - ok

18:30:36.0807 2600 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

18:30:36.0847 2600 TrustedInstaller - ok

18:30:36.0887 2600 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

18:30:36.0937 2600 tssecsrv - ok

18:30:37.0037 2600 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

18:30:37.0087 2600 TsUsbFlt - ok

18:30:37.0157 2600 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

18:30:37.0217 2600 tunnel - ok

18:30:37.0257 2600 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

18:30:37.0267 2600 uagp35 - ok

18:30:37.0327 2600 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

18:30:37.0397 2600 udfs - ok

18:30:37.0437 2600 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

18:30:37.0457 2600 UI0Detect - ok

18:30:37.0467 2600 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

18:30:37.0477 2600 uliagpkx - ok

18:30:37.0517 2600 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

18:30:37.0557 2600 umbus - ok

18:30:37.0587 2600 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

18:30:37.0627 2600 UmPass - ok

18:30:37.0677 2600 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

18:30:37.0737 2600 upnphost - ok

18:30:37.0787 2600 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

18:30:37.0807 2600 usbaudio - ok

18:30:37.0837 2600 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

18:30:37.0897 2600 usbccgp - ok

18:30:37.0937 2600 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

18:30:37.0957 2600 usbcir - ok

18:30:37.0997 2600 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

18:30:38.0037 2600 usbehci - ok

18:30:38.0097 2600 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

18:30:38.0147 2600 usbhub - ok

18:30:38.0157 2600 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

18:30:38.0167 2600 usbohci - ok

18:30:38.0207 2600 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

18:30:38.0247 2600 usbprint - ok

18:30:38.0399 2600 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS

18:30:38.0429 2600 USBSTOR - ok

18:30:38.0449 2600 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

18:30:38.0479 2600 usbuhci - ok

18:30:38.0519 2600 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

18:30:38.0569 2600 UxSms - ok

18:30:38.0579 2600 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

18:30:38.0599 2600 VaultSvc - ok

18:30:38.0629 2600 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

18:30:38.0639 2600 vdrvroot - ok

18:30:38.0709 2600 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

18:30:38.0769 2600 vds - ok

18:30:38.0799 2600 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

18:30:38.0829 2600 vga - ok

18:30:38.0839 2600 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

18:30:38.0889 2600 VgaSave - ok

18:30:38.0929 2600 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

18:30:38.0939 2600 vhdmp - ok

18:30:38.0959 2600 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

18:30:38.0969 2600 viaide - ok

18:30:38.0989 2600 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

18:30:38.0999 2600 volmgr - ok

18:30:39.0039 2600 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

18:30:39.0079 2600 volmgrx - ok

18:30:39.0109 2600 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

18:30:39.0129 2600 volsnap - ok

18:30:39.0169 2600 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

18:30:39.0179 2600 vsmraid - ok

18:30:39.0339 2600 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

18:30:39.0429 2600 VSS - ok

18:30:39.0439 2600 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

18:30:39.0489 2600 vwifibus - ok

18:30:39.0519 2600 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

18:30:39.0575 2600 W32Time - ok

18:30:39.0611 2600 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

18:30:39.0641 2600 WacomPen - ok

18:30:39.0721 2600 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

18:30:39.0791 2600 WANARP - ok

18:30:39.0791 2600 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

18:30:39.0831 2600 Wanarpv6 - ok

18:30:39.0971 2600 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

18:30:40.0011 2600 WatAdminSvc - ok

18:30:40.0161 2600 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

18:30:40.0401 2600 wbengine - ok

18:30:40.0473 2600 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

18:30:40.0493 2600 WbioSrvc - ok

18:30:40.0573 2600 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

18:30:40.0613 2600 wcncsvc - ok

18:30:40.0633 2600 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

18:30:40.0713 2600 WcsPlugInService - ok

18:30:40.0733 2600 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

18:30:40.0743 2600 Wd - ok

18:30:40.0903 2600 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

18:30:40.0923 2600 Wdf01000 - ok

18:30:40.0943 2600 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

18:30:41.0293 2600 WdiServiceHost - ok

18:30:41.0303 2600 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

18:30:41.0343 2600 WdiSystemHost - ok

18:30:41.0393 2600 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

18:30:41.0473 2600 WebClient - ok

18:30:41.0503 2600 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

18:30:41.0563 2600 Wecsvc - ok

18:30:41.0583 2600 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

18:30:41.0673 2600 wercplsupport - ok

18:30:41.0713 2600 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

18:30:41.0793 2600 WerSvc - ok

18:30:41.0833 2600 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

18:30:41.0883 2600 WfpLwf - ok

18:30:41.0913 2600 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

18:30:41.0923 2600 WIMMount - ok

18:30:41.0953 2600 WinDefend - ok

18:30:41.0963 2600 WinHttpAutoProxySvc - ok

18:30:42.0063 2600 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

18:30:42.0133 2600 Winmgmt - ok

18:30:42.0303 2600 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

18:30:42.0383 2600 WinRM - ok

18:30:42.0533 2600 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

18:30:42.0573 2600 Wlansvc - ok

18:30:42.0613 2600 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

18:30:42.0653 2600 WmiAcpi - ok

18:30:42.0723 2600 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

18:30:42.0753 2600 wmiApSrv - ok

18:30:42.0853 2600 WMPNetworkSvc - ok

18:30:42.0893 2600 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

18:30:42.0953 2600 WPCSvc - ok

18:30:42.0993 2600 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

18:30:43.0203 2600 WPDBusEnum - ok

18:30:43.0233 2600 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

18:30:43.0283 2600 ws2ifsl - ok

18:30:43.0333 2600 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

18:30:43.0393 2600 wscsvc - ok

18:30:43.0393 2600 WSearch - ok

18:30:43.0733 2600 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

18:30:43.0813 2600 wuauserv - ok

18:30:43.0873 2600 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

18:30:43.0903 2600 WudfPf - ok

18:30:43.0973 2600 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

18:30:44.0013 2600 WUDFRd - ok

18:30:44.0063 2600 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

18:30:44.0123 2600 wudfsvc - ok

18:30:44.0183 2600 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

18:30:44.0223 2600 WwanSvc - ok

18:30:44.0253 2600 ================ Scan global ===============================

18:30:44.0313 2600 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

18:30:44.0373 2600 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

18:30:44.0463 2600 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

18:30:44.0563 2600 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

18:30:44.0723 2600 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

18:30:44.0763 2600 [Global] - ok

18:30:44.0763 2600 ================ Scan MBR ==================================

18:30:44.0773 2600 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

18:30:48.0953 2600 \Device\Harddisk0\DR0 - ok

18:30:48.0953 2600 ================ Scan VBR ==================================

18:30:48.0963 2600 [ 193D3241E3714B0C615A3ECC2DC512A5 ] \Device\Harddisk0\DR0\Partition1

18:30:48.0973 2600 \Device\Harddisk0\DR0\Partition1 - ok

18:30:49.0003 2600 [ 0A2342C6EC6CBA779CEFDC810B1806CA ] \Device\Harddisk0\DR0\Partition2

18:30:49.0013 2600 \Device\Harddisk0\DR0\Partition2 - ok

18:30:49.0013 2600 ============================================================

18:30:49.0013 2600 Scan finished

18:30:49.0013 2600 ============================================================

18:30:49.0023 1236 Detected object count: 0

18:30:49.0023 1236 Actual detected object count: 0

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-12-14 18:25:34

-----------------------------

18:25:34.859 OS Version: Windows x64 6.1.7601 Service Pack 1

18:25:34.859 Number of processors: 4 586 0x102

18:25:34.859 ComputerName: ANDREW-PC UserName: andrew

18:26:16.367 Initialize success

18:26:48.207 AVAST engine defs: 12121400

18:26:49.567 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055

18:26:49.567 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3

18:26:49.577 Disk 0 MBR read successfully

18:26:49.577 Disk 0 MBR scan

18:26:49.587 Disk 0 Windows 7 default MBR code

18:26:49.597 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

18:26:49.607 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848

18:26:49.697 Disk 0 scanning C:\Windows\system32\drivers

18:27:20.497 Service scanning

18:28:05.767 Modules scanning

18:28:05.767 Disk 0 trace - called modules:

18:28:05.777 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys

18:28:05.777 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079cc060]

18:28:05.777 3 CLASSPNP.SYS[fffff8800191143f] -> nt!IofCallDriver -> [0xfffffa800697ae40]

18:28:05.777 5 ACPI.sys[fffff88000e357a1] -> nt!IofCallDriver -> \Device\00000055[0xfffffa80069669c0]

18:28:34.277 AVAST engine scan C:\Windows

18:28:45.227 AVAST engine scan C:\Windows\system32

18:38:13.031 AVAST engine scan C:\Windows\system32\drivers

18:39:31.693 AVAST engine scan C:\Users\andrew

19:08:43.774 AVAST engine scan C:\ProgramData

19:09:14.434 Scan finished successfully

19:17:52.235 Disk 0 MBR has been saved successfully to "C:\Users\andrew\Desktop\MBR.dat"

19:17:52.245 The log file has been saved successfully to "C:\Users\andrew\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-12-14 18:25:34

-----------------------------

18:25:34.859 OS Version: Windows x64 6.1.7601 Service Pack 1

18:25:34.859 Number of processors: 4 586 0x102

18:25:34.859 ComputerName: ANDREW-PC UserName: andrew

18:26:16.367 Initialize success

18:26:48.207 AVAST engine defs: 12121400

18:26:49.567 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055

18:26:49.567 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3

18:26:49.577 Disk 0 MBR read successfully

18:26:49.577 Disk 0 MBR scan

18:26:49.587 Disk 0 Windows 7 default MBR code

18:26:49.597 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

18:26:49.607 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848

18:26:49.697 Disk 0 scanning C:\Windows\system32\drivers

18:27:20.497 Service scanning

18:28:05.767 Modules scanning

18:28:05.767 Disk 0 trace - called modules:

18:28:05.777 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys

18:28:05.777 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079cc060]

18:28:05.777 3 CLASSPNP.SYS[fffff8800191143f] -> nt!IofCallDriver -> [0xfffffa800697ae40]

18:28:05.777 5 ACPI.sys[fffff88000e357a1] -> nt!IofCallDriver -> \Device\00000055[0xfffffa80069669c0]

18:28:34.277 AVAST engine scan C:\Windows

18:28:45.227 AVAST engine scan C:\Windows\system32

18:38:13.031 AVAST engine scan C:\Windows\system32\drivers

18:39:31.693 AVAST engine scan C:\Users\andrew

19:08:43.774 AVAST engine scan C:\ProgramData

19:09:14.434 Scan finished successfully

19:17:52.235 Disk 0 MBR has been saved successfully to "C:\Users\andrew\Desktop\MBR.dat"

19:17:52.245 The log file has been saved successfully to "C:\Users\andrew\Desktop\aswMBR.txt"

19:18:10.105 Disk 0 MBR has been saved successfully to "C:\Users\andrew\Desktop\MBR.dat"

19:18:10.105 The log file has been saved successfully to "C:\Users\andrew\Desktop\ADSFASFAFASF.txt"

19:21:13.385 Disk 0 MBR has been saved successfully to "C:\Users\andrew\Desktop\MBR.dat"

19:21:13.385 The log file has been saved successfully to "C:\Users\andrew\Desktop\aswMBR.txt"

Also for some reason i cant see some of my files on my desktop (none are hidden) and i always get errros of admin priviledges.

Link to post
Share on other sites

Download Combofix from the link below, and save it to your desktop.

Link

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

----------

Link to post
Share on other sites

ComboFix 12-12-14.01 - andrew 12/14/2012 20:22:26.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6594 [GMT -8:00]

Running from: c:\users\andrew\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\WinPCap

c:\users\andrew\AppData\Roaming\Microsoft\Windows\Recent\Counter-Strike Global Offensive.url

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 )))))))))))))))))))))))))))))))

.

.

2012-12-15 04:26 . 2012-12-15 04:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-12-15 04:26 . 2012-12-15 04:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-15 04:26 . 2012-12-15 04:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-12-15 02:07 . 2012-12-15 02:07 -------- d-----w- c:\programdata\Sophos

2012-12-15 02:07 . 2012-12-15 02:07 73728 ----a-r- c:\users\andrew\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-12-15 02:07 . 2012-12-15 02:07 73728 ----a-r- c:\users\andrew\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-12-15 02:07 . 2012-12-15 02:07 73728 ----a-r- c:\users\andrew\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-12-15 02:07 . 2012-12-15 02:07 -------- d-----w- c:\program files (x86)\Sophos

2012-12-15 01:25 . 2012-12-15 01:25 -------- d-----w- c:\program files (x86)\ESET

2012-12-14 21:40 . 2012-12-14 21:40 -------- d-----w- c:\program files\ESEA

2012-12-14 02:00 . 2012-12-14 02:00 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-12-13 11:59 . 2012-12-15 04:28 -------- d-----w- c:\program files (x86)\steam

2012-12-13 06:55 . 2012-12-15 02:22 -------- d-----w- c:\program files (x86)\csgosteam

2012-12-12 23:58 . 1999-12-17 17:13 86016 ----a-w- c:\windows\unvise32.exe

2012-12-12 23:58 . 2012-12-12 23:58 -------- d-----w- C:\Sierra

2012-12-11 15:30 . 2012-12-11 15:31 -------- d-----w- c:\windows\Steam

2012-12-11 13:41 . 2012-12-15 01:24 -------- d-----w- c:\program files\Wireshark

2012-12-04 05:25 . 2012-12-04 05:25 -------- d-----w- c:\users\andrew\AppData\Roaming\OBS

2012-12-04 05:25 . 2012-12-04 05:25 -------- d-----w- c:\program files (x86)\OBS

2012-12-04 01:51 . 2012-12-04 01:51 -------- d-----w- c:\users\UpdatusUser.andrew-PC

2012-12-02 18:46 . 2012-12-04 01:52 -------- d-----w- c:\programdata\NVIDIA

2012-12-02 18:45 . 2012-10-02 19:51 3536817 ----a-w- c:\windows\system32\nvcoproc.bin

2012-12-02 18:45 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll

2012-12-02 18:45 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll

2012-12-02 18:45 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-12-02 18:45 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-12-02 18:45 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-12-02 18:45 . 2012-12-02 18:45 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-11-28 02:51 . 2012-11-28 02:52 -------- d-----w- c:\program files (x86)\Google

2012-11-28 02:51 . 2012-11-28 02:54 -------- d-----w- c:\program files (x86)\GUMA537.tmp

2012-11-24 20:10 . 2012-10-02 22:21 973672 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-11-24 20:10 . 2012-10-02 22:21 2731880 ----a-w- c:\windows\system32\nvapi64.dll

2012-11-24 20:10 . 2012-10-02 22:21 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-11-24 20:10 . 2012-10-02 22:21 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-11-24 20:10 . 2012-03-01 00:02 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-11-24 20:10 . 2012-03-01 00:02 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-11-24 20:10 . 2012-03-01 00:02 364352 ----a-w- c:\windows\system32\nvdecodemft.dll

2012-11-24 20:10 . 2012-03-01 00:02 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll

2012-11-24 20:10 . 2012-03-01 00:02 1466176 ----a-w- c:\windows\system32\nvgenco64.dll

2012-11-24 03:05 . 2012-11-24 03:05 -------- d-----w- c:\users\andrew\AppData\Roaming\LibreOffice

2012-11-24 03:04 . 2012-11-24 03:04 -------- d-----w- c:\program files (x86)\LibreOffice 3.6

2012-11-21 07:49 . 2012-11-21 07:49 -------- d-----w- C:\ComboFix-W7

2012-11-17 13:25 . 2012-11-26 05:41 -------- d-----w- c:\users\andrew\AppData\Roaming\Skype

2012-11-17 13:25 . 2012-11-17 13:25 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-11-17 13:25 . 2012-11-17 13:25 -------- d-----r- c:\program files (x86)\Skype

2012-11-17 13:24 . 2012-11-17 13:25 -------- d-----w- c:\programdata\Skype

2012-11-17 09:14 . 2005-02-06 03:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-28 02:47 . 2012-11-08 09:47 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-28 02:47 . 2012-11-08 09:47 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-03 13:22 . 2012-09-23 01:44 7808 ----a-w- c:\windows\system32\drivers\hidusbf.sys

2012-10-24 14:26 . 2012-10-24 14:26 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll

2012-10-24 14:26 . 2012-10-24 14:26 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

2012-10-19 22:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-10-19 22:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-10-12 19:06 . 2012-10-03 04:08 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-03 03:00 . 2012-10-03 03:00 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-10-03 03:00 . 2012-10-03 03:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-10-03 03:00 . 2012-10-03 03:00 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-10-03 03:00 . 2012-10-03 03:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-10-03 03:00 . 2012-10-03 03:00 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-10-03 03:00 . 2012-10-03 03:00 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-10-03 03:00 . 2012-10-03 03:00 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-10-03 03:00 . 2012-10-03 03:00 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-10-03 03:00 . 2012-10-03 03:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-10-03 03:00 . 2012-10-03 03:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-10-03 03:00 . 2012-10-03 03:00 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-10-03 03:00 . 2012-10-03 03:00 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-10-03 03:00 . 2012-10-03 03:00 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-10-03 03:00 . 2012-10-03 03:00 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-10-03 03:00 . 2012-10-03 03:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-10-03 03:00 . 2012-10-03 03:00 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-10-03 03:00 . 2012-10-03 03:00 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-10-03 03:00 . 2012-10-03 03:00 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-10-03 03:00 . 2012-10-03 03:00 816640 ----a-w- c:\windows\system32\jscript.dll

2012-10-03 03:00 . 2012-10-03 03:00 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-10-03 03:00 . 2012-10-03 03:00 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-10-03 03:00 . 2012-10-03 03:00 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-10-03 03:00 . 2012-10-03 03:00 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-10-03 03:00 . 2012-10-03 03:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-10-03 03:00 . 2012-10-03 03:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-10-03 03:00 . 2012-10-03 03:00 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-10-03 03:00 . 2012-10-03 03:00 222208 ----a-w- c:\windows\system32\msls31.dll

2012-10-03 03:00 . 2012-10-03 03:00 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-10-03 03:00 . 2012-10-03 03:00 197120 ----a-w- c:\windows\system32\msrating.dll

2012-10-03 03:00 . 2012-10-03 03:00 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-10-03 03:00 . 2012-10-03 03:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-10-03 03:00 . 2012-10-03 03:00 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-10-03 03:00 . 2012-10-03 03:00 149504 ----a-w- c:\windows\system32\occache.dll

2012-10-03 03:00 . 2012-10-03 03:00 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-10-03 03:00 . 2012-10-03 03:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-10-03 03:00 . 2012-10-03 03:00 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-10-03 03:00 . 2012-10-03 03:00 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-10-03 03:00 . 2012-10-03 03:00 12288 ----a-w- c:\windows\system32\mshta.exe

2012-10-03 03:00 . 2012-10-03 03:00 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-10-03 03:00 . 2012-10-03 03:00 114176 ----a-w- c:\windows\system32\admparse.dll

2012-10-03 03:00 . 2012-10-03 03:00 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-10-03 03:00 . 2012-10-03 03:00 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-10-03 03:00 . 2012-10-03 03:00 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-10-03 03:00 . 2012-10-03 03:00 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-10-03 03:00 . 2012-10-03 03:00 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-10-03 03:00 . 2012-10-03 03:00 82432 ----a-w- c:\windows\system32\icardie.dll

2012-10-03 03:00 . 2012-10-03 03:00 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-10-03 03:00 . 2012-10-03 03:00 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-10-03 03:00 . 2012-10-03 03:00 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-10-03 03:00 . 2012-10-03 03:00 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-10-03 03:00 . 2012-10-03 03:00 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-10-03 03:00 . 2012-10-03 03:00 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-10-03 03:00 . 2012-10-03 03:00 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-10-03 03:00 . 2012-10-03 03:00 448512 ----a-w- c:\windows\system32\html.iec

2012-10-03 03:00 . 2012-10-03 03:00 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-10-03 03:00 . 2012-10-03 03:00 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-10-03 03:00 . 2012-10-03 03:00 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-10-03 03:00 . 2012-10-03 03:00 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-10-03 03:00 . 2012-10-03 03:00 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-10-03 03:00 . 2012-10-03 03:00 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-10-03 03:00 . 2012-10-03 03:00 248320 ----a-w- c:\windows\system32\ieui.dll

2012-10-03 03:00 . 2012-10-03 03:00 237056 ----a-w- c:\windows\system32\url.dll

2012-10-03 03:00 . 2012-10-03 03:00 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-10-03 03:00 . 2012-10-03 03:00 160256 ----a-w- c:\windows\system32\wextract.exe

2012-10-03 03:00 . 2012-10-03 03:00 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-10-03 03:00 . 2012-10-03 03:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-10-03 03:00 . 2012-10-03 03:00 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-10-03 03:00 . 2012-10-03 03:00 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-10-03 03:00 . 2012-10-03 03:00 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-10-03 03:00 . 2012-10-03 03:00 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-10-03 03:00 . 2012-10-03 03:00 103936 ----a-w- c:\windows\system32\inseng.dll

2012-10-03 02:12 . 2012-10-03 02:12 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-03 02:12 . 2012-10-03 02:12 289768 ----a-w- c:\windows\system32\javaws.exe

2012-10-03 02:12 . 2012-10-03 02:12 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-03 02:12 . 2012-10-03 02:12 189416 ----a-w- c:\windows\system32\javaw.exe

2012-10-03 02:12 . 2012-10-03 02:12 188904 ----a-w- c:\windows\system32\java.exe

2012-10-03 02:12 . 2012-10-03 02:12 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2012-10-02 21:15 . 2012-10-02 21:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-09-30 02:54 . 2012-10-03 02:11 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-29 05:32 . 2012-09-29 05:32 2177688 ----a-w- c:\windows\system32\coin92.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\steam\steam.exe" [2012-12-13 1354736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"RequireSignedAppInit_DLLs"=0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ALSysIO;ALSysIO;c:\users\andrew\AppData\Local\Temp\ALSysIO64.sys [x]

R3 ESEADriver2;ESEADriver2;c:\users\andrew\AppData\Local\Temp\ESEADriver2.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-03 1255736]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\DRIVERS\hidusbf.sys [2012-11-03 7808]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-28 02:51]

.

2012-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-28 02:51]

.

.

--------- X64 Entries -----------

.

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT3220468

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=

FF - ExtSQL: 2012-12-13 18:15; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; c:\users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Steam App 730 - c:\program files (x86)\csgosteam\steam.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-14 20:31:04 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-15 04:31

ComboFix2.txt 2012-11-21 07:59

.

Pre-Run: 909,044,531,200 bytes free

Post-Run: 909,174,693,888 bytes free

.

- - End Of File - - 6C332F2A4233742A8AD20479893DBE57

Link to post
Share on other sites

AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------

Link to post
Share on other sites

# AdwCleaner v2.100 - Logfile created 12/15/2012 at 12:30:43

# Updated 09/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : andrew - ANDREW-PC

# Boot Mode : Normal

# Running from : C:\Users\andrew\Desktop\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Users\andrew\AppData\Local\Conduit

Folder Found : C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Folder Found : C:\Users\andrew\AppData\LocalLow\boost_interprocess

Folder Found : C:\Users\andrew\AppData\LocalLow\Conduit

Folder Found : C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\CT3220468

Folder Found : C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

Folder Found : C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\Smartbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?SearchSource=10&ctid=CT3220468

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default

File : C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\prefs.js

Found : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM1MzI5MDEwNiwidXVpZCI6NDA5MDU1NjE0MTQ5NTg0LCJ[...]

Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Found : user_pref("CT3220468.FirstTime", "true");

Found : user_pref("CT3220468.FirstTimeFF3", "true");

Found : user_pref("CT3220468.LoginRevertSettingsEnabled", false);

Found : user_pref("CT3220468.RevertSettingsEnabled", false);

Found : user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]

Found : user_pref("CT3220468.UserID", "UN55632563475822696");

Found : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");

Found : user_pref("CT3220468.autoDisableScopes", -1);

Found : user_pref("CT3220468.browser.search.defaultthis.engineName", true);

Found : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]

Found : user_pref("CT3220468.enableAlerts", "always");

Found : user_pref("CT3220468.enableSearchFromAddressBar", "true");

Found : user_pref("CT3220468.firstTimeDialogOpened", "true");

Found : user_pref("CT3220468.fixPageNotFoundError", "true");

Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");

Found : user_pref("CT3220468.fixUrls", true);

Found : user_pref("CT3220468.installId", "fftB932.tmp.exe");

Found : user_pref("CT3220468.installType", "XPE");

Found : user_pref("CT3220468.isCheckedStartAsHidden", true);

Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");

Found : user_pref("CT3220468.isNewTabEnabled", true);

Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");

Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Found : user_pref("CT3220468.keyword", true);

Found : user_pref("CT3220468.migrateAppsAndComponents", true);

Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]

Found : user_pref("CT3220468.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Found : user_pref("CT3220468.openThankYouPage", "true");

Found : user_pref("CT3220468.openUninstallPage", "FALSE");

Found : user_pref("CT3220468.search.searchAppId", "129813684258939747");

Found : user_pref("CT3220468.search.searchCount", "0");

Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");

Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Found : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Found : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353290104314");

Found : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1353290871233");

Found : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1353290104296");

Found : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353290104789");

Found : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1355597285538");

Found : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353290104821");

Found : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1353290103978");

Found : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1355575602073");

Found : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353290104848");

Found : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1355596217358");

Found : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1355575602118");

Found : user_pref("CT3220468.settingsINI", true);

Found : user_pref("CT3220468.shouldFirstTimeDialog", "false");

Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");

Found : user_pref("CT3220468.smartbar.Uninstall", "0");

Found : user_pref("CT3220468.smartbar.homepage", true);

Found : user_pref("CT3220468.smartbar.isHidden", true);

Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");

Found : user_pref("CT3220468.startPage", "userChanged");

Found : user_pref("CT3220468.toolbarBornServerTime", "19-11-2012");

Found : user_pref("CT3220468.toolbarCurrentServerTime", "15-12-2012");

Found : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Found : user_pref("Smartbar.ConduitHomepagesList", "");

Found : user_pref("Smartbar.ConduitSearchEngineList", "");

Found : user_pref("Smartbar.ConduitSearchUrlList", "");

Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");

Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=[...]

Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13[...]

Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Profile name : default

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lwz4vo5s.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8124 octets] - [15/12/2012 12:30:43]

########## EOF - C:\AdwCleaner[R1].txt - [8184 octets] ##########

Link to post
Share on other sites

AdwCleaner

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

----------

Link to post
Share on other sites

# AdwCleaner v2.100 - Logfile created 12/15/2012 at 18:27:19

# Updated 09/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : andrew - ANDREW-PC

# Boot Mode : Normal

# Running from : C:\Users\andrew\Desktop\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Users\andrew\AppData\Local\Conduit

Folder Found : C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Folder Found : C:\Users\andrew\AppData\LocalLow\boost_interprocess

Folder Found : C:\Users\andrew\AppData\LocalLow\Conduit

Folder Found : C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\CT3220468

Folder Found : C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

Folder Found : C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\Smartbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?SearchSource=10&ctid=CT3220468

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default

File : C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\prefs.js

Found : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM1MzI5MDEwNiwidXVpZCI6NDA5MDU1NjE0MTQ5NTg0LCJ[...]

Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Found : user_pref("CT3220468.FirstTime", "true");

Found : user_pref("CT3220468.FirstTimeFF3", "true");

Found : user_pref("CT3220468.LoginRevertSettingsEnabled", false);

Found : user_pref("CT3220468.RevertSettingsEnabled", false);

Found : user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]

Found : user_pref("CT3220468.UserID", "UN55632563475822696");

Found : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");

Found : user_pref("CT3220468.autoDisableScopes", -1);

Found : user_pref("CT3220468.browser.search.defaultthis.engineName", true);

Found : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]

Found : user_pref("CT3220468.enableAlerts", "always");

Found : user_pref("CT3220468.enableSearchFromAddressBar", "true");

Found : user_pref("CT3220468.firstTimeDialogOpened", "true");

Found : user_pref("CT3220468.fixPageNotFoundError", "true");

Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");

Found : user_pref("CT3220468.fixUrls", true);

Found : user_pref("CT3220468.installId", "fftB932.tmp.exe");

Found : user_pref("CT3220468.installType", "XPE");

Found : user_pref("CT3220468.isCheckedStartAsHidden", true);

Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");

Found : user_pref("CT3220468.isNewTabEnabled", true);

Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");

Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Found : user_pref("CT3220468.keyword", true);

Found : user_pref("CT3220468.migrateAppsAndComponents", true);

Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]

Found : user_pref("CT3220468.openThankYouPage", "true");

Found : user_pref("CT3220468.openUninstallPage", "FALSE");

Found : user_pref("CT3220468.search.searchAppId", "129813684258939747");

Found : user_pref("CT3220468.search.searchCount", "0");

Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");

Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Found : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Found : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353290104314");

Found : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1353290871233");

Found : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1353290104296");

Found : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353290104789");

Found : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1355597285538");

Found : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353290104821");

Found : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1353290103978");

Found : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1355575602073");

Found : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353290104848");

Found : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1355603417599");

Found : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1355575602118");

Found : user_pref("CT3220468.settingsINI", true);

Found : user_pref("CT3220468.shouldFirstTimeDialog", "false");

Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");

Found : user_pref("CT3220468.smartbar.Uninstall", "0");

Found : user_pref("CT3220468.smartbar.homepage", true);

Found : user_pref("CT3220468.smartbar.isHidden", true);

Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");

Found : user_pref("CT3220468.startPage", "userChanged");

Found : user_pref("CT3220468.toolbarBornServerTime", "19-11-2012");

Found : user_pref("CT3220468.toolbarCurrentServerTime", "15-12-2012");

Found : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Found : user_pref("Smartbar.ConduitHomepagesList", "");

Found : user_pref("Smartbar.ConduitSearchEngineList", "");

Found : user_pref("Smartbar.ConduitSearchUrlList", "");

Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");

Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=[...]

Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13[...]

Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Profile name : default

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lwz4vo5s.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8253 octets] - [15/12/2012 12:30:43]

AdwCleaner[R2].txt - [8091 octets] - [15/12/2012 18:27:19]

########## EOF - C:\AdwCleaner[R2].txt - [8151 octets] ##########

Link to post
Share on other sites

AdwCleaner

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

----------

Link to post
Share on other sites

# AdwCleaner v2.101 - Logfile created 12/17/2012 at 11:22:06

# Updated 16/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : andrew - ANDREW-PC

# Boot Mode : Normal

# Running from : C:\Users\andrew\Downloads\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Users\andrew\AppData\Local\Conduit

Folder Deleted : C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Folder Deleted : C:\Users\andrew\AppData\LocalLow\boost_interprocess

Folder Deleted : C:\Users\andrew\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\CT3220468

Folder Deleted : C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

Folder Deleted : C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?SearchSource=10&ctid=CT3220468 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default

File : C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ldpfuutr.default\prefs.js

Deleted : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM1MzI5MDEwNiwidXVpZCI6NDA5MDU1NjE0MTQ5NTg0LCJ[...]

Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT3220468.FirstTime", "true");

Deleted : user_pref("CT3220468.FirstTimeFF3", "true");

Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", false);

Deleted : user_pref("CT3220468.RevertSettingsEnabled", false);

Deleted : user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]

Deleted : user_pref("CT3220468.UserID", "UN55632563475822696");

Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT3220468.autoDisableScopes", -1);

Deleted : user_pref("CT3220468.browser.search.defaultthis.engineName", true);

Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT3220468.enableAlerts", "always");

Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "true");

Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");

Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");

Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT3220468.fixUrls", true);

Deleted : user_pref("CT3220468.installId", "fftB932.tmp.exe");

Deleted : user_pref("CT3220468.installType", "XPE");

Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);

Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");

Deleted : user_pref("CT3220468.isNewTabEnabled", true);

Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");

Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.keyword", true);

Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);

Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]

Deleted : user_pref("CT3220468.openThankYouPage", "true");

Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");

Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");

Deleted : user_pref("CT3220468.search.searchCount", "0");

Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353290104314");

Deleted : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1353290871233");

Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1353290104296");

Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353290104789");

Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1355751720518");

Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353290104821");

Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1353290103978");

Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1355674630355");

Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353290104848");

Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1355751720050");

Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1355674630395");

Deleted : user_pref("CT3220468.settingsINI", true);

Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");

Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");

Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");

Deleted : user_pref("CT3220468.smartbar.homepage", true);

Deleted : user_pref("CT3220468.smartbar.isHidden", true);

Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");

Deleted : user_pref("CT3220468.startPage", "userChanged");

Deleted : user_pref("CT3220468.toolbarBornServerTime", "19-11-2012");

Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "17-12-2012");

Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Deleted : user_pref("Smartbar.ConduitHomepagesList", "");

Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");

Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");

Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");

Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=[...]

Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13[...]

Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Profile name : default

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lwz4vo5s.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8253 octets] - [15/12/2012 12:30:43]

AdwCleaner[R2].txt - [8220 octets] - [15/12/2012 18:27:19]

AdwCleaner[s1].txt - [8364 octets] - [17/12/2012 11:22:06]

########## EOF - C:\AdwCleaner[s1].txt - [8424 octets] ##########

Link to post
Share on other sites

Glad it's running better...

Java

Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:

http://java.com/en/download/index.jsp

----------

See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Java Control Panel.

----------

Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.