Request for recommended course of action

[PennyS]

Greetings,

My wife's windows 7 home edition (64 bit) laptop has the winrscmde/svchost virus. She has less than 15 applications installed on the laptop and I can backup all the data files she cares about. After reading posts on this forum and others about removing this virus, the question becomes: "Should I simply rebuild the OS and the applications or go through the steps listed to remove the virus?" Thank you very much for your help and insight with my problem.

George

[Maurice Naggar]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Question for you: Have you run a full scan with your Antivirus program? What are the results?

Edited March 12, 2013 by Maurice Naggar

[PennyS]

Hello and thank you very much for your response. I do appreciate your time and work on my problem.

I am currently running MBAR and it is still running. However, it has detected 1 Malware problem.

MBAM quarantines the malware when the malware attempts to connect to the internet but will not remove.

The virus program, Norton, detected 2 Trojan horses during a full scan and stated that it removed them but the winrscmde issue was present after the removal.

As soon as MBAR run is complete, I will download DDS and run it and send you the information requested.

Again, thank you very much.

[Maurice Naggar]

I do wish you had -not- run MBAR on your own !

I would like the log from it, and from Norton if possible

While I am helping you, do not get nor run any tools on your own. Only follow my guidance, please.

And have plenty of patience. These kinds of cases are not a 1, 2, 3 & your-are-done-type.

[PennyS]

My humble apology and will follow your directions. Will send logs as soon as MBAR is complete. Thank you very much for your patience and forgiveness.

[Maurice Naggar]

OK. I am somewhat curious as to how long MBAR has been running ? and if you can see some progress on that screen ??

[PennyS]

You are more than welcome to tell me to go away and I will fully understand. To answer your question, MBAR is complete and found 5 malware occurances. Machine rebooted and the CPU issue with winrscmde is gone. Now for the bad news. I stupidly ran MBAR from a CD and there are no log files that I can find. Did a search for *mbar* and *.log with no results that look anything like mbar might have created them. And yes, I do know that you cannot fix stupid. So if you might have one last bit of pity for the stupid, what do you want me to do next aside from leave you alone. Thanks.

[Maurice Naggar]

Do as much as you can of the following, and kindly remember, Copy & paste all contents of logs directly into main body of reply box.

If you wish, you make use 1 separate reply for each log as you go along.

The watchword is infinite patience

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Press Windows-key +R key on your keyboard to get RUN option.
  
• Type in

  explorer.exe

  and press Enter to start Windows Explorer.
  

• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 5

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program.

Then copy/paste the following into your post (in order):

• the contents of C:\AdwCleaner[R1].txt;
  
• the contents of TDSSKILLER log;
  
• the contents of RKReport log;
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[PennyS]

Got it and will start soonest. You are the BEST and thank you very much.

[PennyS]

Here is the log from AdwCleaner: More to follow.

# AdwCleaner v2.114 - Logfile created 03/12/2013 at 15:56:17

# Updated 05/03/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Owner - OWNER-PC

# Boot Mode : Normal

# Running from : C:\Users\Owner\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

Found : Application Updater

Found : Partner Service

***** [Files / Folders] *****

File Found : C:\END

File Found : C:\Users\Owner\AppData\Local\Temp\Uninstall.exe

File Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\searchplugins\wiseconvert-customized-web-search.xml

Folder Found : C:\Program Files (x86)\A_Free_Ride_Games_Bar

Folder Found : C:\Program Files (x86)\Application Updater

Folder Found : C:\Program Files (x86)\askpartnernetwork

Folder Found : C:\Program Files (x86)\Common Files\spigot

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Program Files (x86)\GamesBar

Folder Found : C:\Program Files (x86)\xfin_portal

Folder Found : C:\ProgramData\~0

Folder Found : C:\ProgramData\APN

Folder Found : C:\ProgramData\askpartnernetwork

Folder Found : C:\ProgramData\Partner

Folder Found : C:\Users\Owner\AppData\Local\askpartnernetwork

Folder Found : C:\Users\Owner\AppData\Local\Conduit

Folder Found : C:\Users\Owner\AppData\Local\Temp\APN

Folder Found : C:\Users\Owner\AppData\Local\Temp\CT1320680

Folder Found : C:\Users\Owner\AppData\LocalLow\A_Free_Ride_Games_Bar

Folder Found : C:\Users\Owner\AppData\LocalLow\Conduit

Folder Found : C:\Users\Owner\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Owner\AppData\LocalLow\Search Settings

Folder Found : C:\Users\Owner\AppData\LocalLow\xfin_portal

Folder Found : C:\Users\Owner\AppData\Roaming\iWin

Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\CT3196716

Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}

Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}

Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}

Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\Smartbar

Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\xfin_portal

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\A_Free_Ride_Games_Bar

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Freecause

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\Search Settings

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\Software\xfin_portal

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F92A9FE4-2850-4198-B9D5-279880E49B16}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D110574-046A-43BB-A64C-4219E6A097DA}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F92A9FE4-2850-4198-B9D5-279880E49B16}

Key Found : HKCU\Software\Search Settings

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKLM\Software\A_Free_Ride_Games_Bar

Key Found : HKLM\Software\Application Updater

Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}

Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}

Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll

Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1320680

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D110574-046A-43BB-A64C-4219E6A097DA}

Key Found : HKLM\Software\Search Settings

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1D110574-046A-43BB-A64C-4219E6A097DA}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92A9FE4-2850-4198-B9D5-279880E49B16}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0F7505AD-C81E-43C7-AF1D-70F96E6AD369}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4EDB8F6-3749-462A-90AF-D342BE7DF580}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F92A9FE4-2850-4198-B9D5-279880E49B16}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\A_Free_Ride_Games_Bar Toolbar

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal

Key Found : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Found : HKLM\SOFTWARE\Software

Key Found : HKU\S-1-5-21-2816127553-4110278854-1277838339-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F92A9FE4-2850-4198-B9D5-279880E49B16}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F92A9FE4-2850-4198-B9D5-279880E49B16}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F92A9FE4-2850-4198-B9D5-279880E49B16}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F92A9FE4-2850-4198-B9D5-279880E49B16}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\prefs.js

Found : user_pref("CT3196716.1000082.isDisplayHidden", "true");

Found : user_pref("CT3196716.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]

Found : user_pref("CT3196716.1000234.TWC_TMP_city", "ALEXANDRIA");

Found : user_pref("CT3196716.1000234.TWC_TMP_country", "US");

Found : user_pref("CT3196716.1000234.TWC_locId", "EGXX0001");

Found : user_pref("CT3196716.1000234.TWC_location", "Alexandria, Egypt");

Found : user_pref("CT3196716.1000234.TWC_region", "US");

Found : user_pref("CT3196716.1000234.TWC_temp_dis", "f");

Found : user_pref("CT3196716.1000234.TWC_wind_dis", "mph");

Found : user_pref("CT3196716.1000234.weatherData", "{\"icon\":\"29.png\",\"temperature\":\"57°F\",\"temperat[...]

Found : user_pref("CT3196716.CBOpenMAMSettings.enc", "MA==");

Found : user_pref("CT3196716.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3196716.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Found : user_pref("CT3196716.FirstTime", "true");

Found : user_pref("CT3196716.FirstTimeFF3", "true");

Found : user_pref("CT3196716.LoginRevertSettingsEnabled", false);

Found : user_pref("CT3196716.RevertSettingsEnabled", true);

Found : user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...]

Found : user_pref("CT3196716.UserID", "UN82430597180040417");

Found : user_pref("CT3196716.addressBarTakeOverEnabledInHidden", "true");

Found : user_pref("CT3196716.browser.search.defaultthis.engineName", true);

Found : user_pref("CT3196716.cb_experience_000.enc", "Ng==");

Found : user_pref("CT3196716.cbcountry_001.enc", "VVM=");

Found : user_pref("CT3196716.cbfirsttime.enc", "V2VkIE5vdiAxNCAyMDEyIDAxOjAwOjIyIEdNVC0wNTAwIChFYXN0ZXJuIFN0[...]

Found : user_pref("CT3196716.embeddedsData", "[{\"appId\":\"129755756826636815\",\"apiPermissions\":{\"cross[...]

Found : user_pref("CT3196716.enableAlerts", "always");

Found : user_pref("CT3196716.event_data.enc", "JTVCJTVE");

Found : user_pref("CT3196716.fired_events.enc", "AA==");

Found : user_pref("CT3196716.firstTimeDialogOpened", "true");

Found : user_pref("CT3196716.fixPageNotFoundErrorInHidden", "true");

Found : user_pref("CT3196716.fixUrls", true);

Found : user_pref("CT3196716.installType", "Unknown");

Found : user_pref("CT3196716.isCheckedStartAsHidden", true);

Found : user_pref("CT3196716.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3196716.isFirstTimeToolbarLoading", "false");

Found : user_pref("CT3196716.isNewTabEnabled", true);

Found : user_pref("CT3196716.isPerformedSmartBarTransition", "true");

Found : user_pref("CT3196716.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Found : user_pref("CT3196716.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Found : user_pref("CT3196716.key_date.enc", "OA==");

Found : user_pref("CT3196716.keyword", true);

Found : user_pref("CT3196716.migrateAppsAndComponents", true);

Found : user_pref("CT3196716.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]

Found : user_pref("CT3196716.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]

Found : user_pref("CT3196716.price-gong.isManagedApp", "true");

Found : user_pref("CT3196716.search.searchAppId", "129755756826636815");

Found : user_pref("CT3196716.search.searchCount", "2");

Found : user_pref("CT3196716.searchInNewTabEnabledInHidden", "true");

Found : user_pref("CT3196716.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3196716.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Found : user_pref("CT3196716.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Found : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Found : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Found : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Found : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Found : user_pref("CT3196716.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1354604972552");

Found : user_pref("CT3196716.serviceLayer_services_appTracking_lastUpdate", "1354604972664");

Found : user_pref("CT3196716.serviceLayer_services_appsMetadata_lastUpdate", "1354925437111");

Found : user_pref("CT3196716.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1354158536301");

Found : user_pref("CT3196716.serviceLayer_services_login_10.13.40.15_lastUpdate", "1354925437740");

Found : user_pref("CT3196716.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13549[...]

Found : user_pref("CT3196716.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13549[...]

Found : user_pref("CT3196716.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1354158536301");

Found : user_pref("CT3196716.serviceLayer_services_searchAPI_lastUpdate", "1354925437833");

Found : user_pref("CT3196716.serviceLayer_services_serviceMap_lastUpdate", "1354925435764");

Found : user_pref("CT3196716.serviceLayer_services_toolbarContextMenu_lastUpdate", "1354158536300");

Found : user_pref("CT3196716.serviceLayer_services_toolbarSettings_lastUpdate", "1354925437083");

Found : user_pref("CT3196716.serviceLayer_services_translation_lastUpdate", "1354925435894");

Found : user_pref("CT3196716.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]

Found : user_pref("CT3196716.serviceLayer_services_userApps_lastUpdate", "1354668777654");

Found : user_pref("CT3196716.settingsINI", true);

Found : user_pref("CT3196716.smartbar.CTID", "CT3196716");

Found : user_pref("CT3196716.smartbar.Uninstall", "0");

Found : user_pref("CT3196716.smartbar.homepage", true);

Found : user_pref("CT3196716.smartbar.toolbarName", "WiseConvert ");

Found : user_pref("CT3196716.toolbarBornServerTime", "14-11-2012");

Found : user_pref("CT3196716.toolbarCurrentServerTime", "8-12-2012");

Found : user_pref("CT3196716.url_history0001.enc", "aHR0cDovLzAuci5tc24uY29tLz9sZD02dnNwSG1MTTlxSm84Zkp6Rno5[...]

Found : user_pref("CT3196716_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=1[...]

Found : user_pref("Smartbar.ConduitSearchEngineList", "WiseConvert Customized Web Search");

Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716[...]

Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://search.yahoo.[...]

Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3196716");

Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13[...]

Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Found : user_pref("smartbar.originalHomepage", "data:text/plain,browser.startup.homepage=hxxp://search.yahoo[...]

Found : user_pref("smartbar.originalSearchAddressUrl", "data:text/plain,keyword.URL=hxxp://search.yahoo.com/[...]

Found : user_pref("smartbar.originalSearchEngine", false);

-\\ Google Chrome v25.0.1364.152

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17919 octets] - [12/03/2013 15:56:17]

########## EOF - C:\AdwCleaner[R1].txt - [17980 octets] ##########

[PennyS]

Log From TDSSKiller, No issues found in scan:

16:01:54.0870 3384 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

16:01:55.0198 3384 ============================================================

16:01:55.0198 3384 Current date / time: 2013/03/12 16:01:55.0198

16:01:55.0198 3384 SystemInfo:

16:01:55.0198 3384

16:01:55.0199 3384 OS Version: 6.1.7601 ServicePack: 1.0

16:01:55.0199 3384 Product type: Workstation

16:01:55.0199 3384 ComputerName: OWNER-PC

16:01:55.0199 3384 UserName: Owner

16:01:55.0199 3384 Windows directory: C:\windows

16:01:55.0199 3384 System windows directory: C:\windows

16:01:55.0199 3384 Running under WOW64

16:01:55.0199 3384 Processor architecture: Intel x64

16:01:55.0199 3384 Number of processors: 1

16:01:55.0199 3384 Page size: 0x1000

16:01:55.0199 3384 Boot type: Normal boot

16:01:55.0199 3384 ============================================================

16:01:55.0675 3384 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:01:55.0680 3384 ============================================================

16:01:55.0680 3384 \Device\Harddisk0\DR0:

16:01:55.0680 3384 MBR partitions:

16:01:55.0680 3384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BCDE800

16:01:55.0680 3384 ============================================================

16:01:55.0713 3384 C: <-> \Device\Harddisk0\DR0\Partition1

16:01:55.0714 3384 ============================================================

16:01:55.0714 3384 Initialize success

16:01:55.0714 3384 ============================================================

16:02:04.0092 1012 ============================================================

16:02:04.0092 1012 Scan started

16:02:04.0092 1012 Mode: Manual;

16:02:04.0092 1012 ============================================================

16:02:04.0299 1012 ================ Scan system memory ========================

16:02:04.0299 1012 System memory - ok

16:02:04.0304 1012 ================ Scan services =============================

16:02:04.0577 1012 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

16:02:04.0581 1012 1394ohci - ok

16:02:04.0640 1012 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

16:02:04.0644 1012 ACPI - ok

16:02:04.0712 1012 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

16:02:04.0713 1012 AcpiPmi - ok

16:02:04.0880 1012 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

16:02:04.0883 1012 AdobeFlashPlayerUpdateSvc - ok

16:02:04.0994 1012 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys

16:02:05.0000 1012 adp94xx - ok

16:02:05.0042 1012 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys

16:02:05.0046 1012 adpahci - ok

16:02:05.0084 1012 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys

16:02:05.0087 1012 adpu320 - ok

16:02:05.0333 1012 [ CBFAA333EBA2E402A0439A3A0E5413F3 ] AdvancedSystemCareService6 C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe

16:02:05.0338 1012 AdvancedSystemCareService6 - ok

16:02:05.0386 1012 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

16:02:05.0387 1012 AeLookupSvc - ok

16:02:05.0489 1012 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

16:02:05.0494 1012 AFD - ok

16:02:05.0615 1012 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys

16:02:05.0628 1012 AgereSoftModem - ok

16:02:05.0704 1012 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

16:02:05.0706 1012 agp440 - ok

16:02:05.0793 1012 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

16:02:05.0795 1012 ALG - ok

16:02:05.0890 1012 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

16:02:05.0891 1012 aliide - ok

16:02:05.0924 1012 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

16:02:05.0925 1012 amdide - ok

16:02:06.0001 1012 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys

16:02:06.0003 1012 AmdK8 - ok

16:02:06.0013 1012 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys

16:02:06.0015 1012 AmdPPM - ok

16:02:06.0116 1012 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

16:02:06.0117 1012 amdsata - ok

16:02:06.0130 1012 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys

16:02:06.0133 1012 amdsbs - ok

16:02:06.0166 1012 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

16:02:06.0167 1012 amdxata - ok

16:02:06.0249 1012 [ A3AD44406CA340AB36B8C72C5D057ED5 ] AntiLog32 C:\windows\system32\drivers\AntiLog64.sys

16:02:06.0250 1012 AntiLog32 - ok

16:02:06.0375 1012 [ B0F97681E48EE0D53FD8492E19294B7D ] APNMCP C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

16:02:06.0378 1012 APNMCP - ok

16:02:06.0460 1012 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

16:02:06.0461 1012 AppID - ok

16:02:06.0512 1012 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

16:02:06.0513 1012 AppIDSvc - ok

16:02:06.0592 1012 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

16:02:06.0593 1012 Appinfo - ok

16:02:06.0722 1012 [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

16:02:06.0730 1012 Application Updater - ok

16:02:06.0805 1012 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys

16:02:06.0807 1012 arc - ok

16:02:06.0818 1012 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys

16:02:06.0820 1012 arcsas - ok

16:02:06.0891 1012 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

16:02:06.0892 1012 AsyncMac - ok

16:02:06.0946 1012 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

16:02:06.0947 1012 atapi - ok

16:02:07.0031 1012 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

16:02:07.0038 1012 AudioEndpointBuilder - ok

16:02:07.0055 1012 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

16:02:07.0059 1012 AudioSrv - ok

16:02:07.0169 1012 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

16:02:07.0171 1012 AxInstSV - ok

16:02:07.0257 1012 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys

16:02:07.0263 1012 b06bdrv - ok

16:02:07.0304 1012 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

16:02:07.0309 1012 b57nd60a - ok

16:02:07.0387 1012 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

16:02:07.0389 1012 BDESVC - ok

16:02:07.0444 1012 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

16:02:07.0444 1012 Beep - ok

16:02:07.0553 1012 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

16:02:07.0561 1012 BFE - ok

16:02:08.0018 1012 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys

16:02:08.0133 1012 BHDrvx64 - ok

16:02:08.0196 1012 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll

16:02:08.0207 1012 BITS - ok

16:02:08.0276 1012 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

16:02:08.0277 1012 blbdrive - ok

16:02:08.0381 1012 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

16:02:08.0386 1012 Bonjour Service - ok

16:02:08.0449 1012 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

16:02:08.0450 1012 bowser - ok

16:02:08.0479 1012 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys

16:02:08.0480 1012 BrFiltLo - ok

16:02:08.0510 1012 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys

16:02:08.0511 1012 BrFiltUp - ok

16:02:08.0557 1012 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll

16:02:08.0559 1012 Browser - ok

16:02:08.0592 1012 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

16:02:08.0596 1012 Brserid - ok

16:02:08.0607 1012 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

16:02:08.0608 1012 BrSerWdm - ok

16:02:08.0632 1012 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

16:02:08.0633 1012 BrUsbMdm - ok

16:02:08.0644 1012 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

16:02:08.0645 1012 BrUsbSer - ok

16:02:08.0670 1012 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys

16:02:08.0671 1012 BTHMODEM - ok

16:02:08.0755 1012 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

16:02:08.0757 1012 bthserv - ok

16:02:08.0862 1012 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys

16:02:08.0864 1012 ccSet_N360 - ok

16:02:08.0913 1012 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

16:02:08.0915 1012 cdfs - ok

16:02:08.0981 1012 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

16:02:08.0983 1012 cdrom - ok

16:02:09.0068 1012 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

16:02:09.0069 1012 CertPropSvc - ok

16:02:09.0182 1012 [ 837FF2D497880198C918E6954DBD170C ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

16:02:09.0184 1012 cfWiMAXService - ok

16:02:09.0249 1012 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys

16:02:09.0250 1012 circlass - ok

16:02:09.0305 1012 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

16:02:09.0309 1012 CLFS - ok

16:02:09.0411 1012 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:02:09.0413 1012 clr_optimization_v2.0.50727_32 - ok

16:02:09.0496 1012 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:02:09.0498 1012 clr_optimization_v2.0.50727_64 - ok

16:02:09.0586 1012 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

16:02:09.0587 1012 CmBatt - ok

16:02:09.0624 1012 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

16:02:09.0625 1012 cmdide - ok

16:02:09.0688 1012 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\windows\system32\Drivers\cng.sys

16:02:09.0694 1012 CNG - ok

16:02:09.0763 1012 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys

16:02:09.0764 1012 Compbatt - ok

16:02:09.0831 1012 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys

16:02:09.0831 1012 CompositeBus - ok

16:02:09.0856 1012 COMSysApp - ok

16:02:09.0916 1012 [ D252C53BCDFC199BBA55EEB10CDB266E ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

16:02:09.0917 1012 ConfigFree Gadget Service - ok

16:02:09.0970 1012 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

16:02:09.0971 1012 ConfigFree Service - ok

16:02:10.0013 1012 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys

16:02:10.0014 1012 crcdisk - ok

16:02:10.0107 1012 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\windows\system32\cryptsvc.dll

16:02:10.0111 1012 CryptSvc - ok

16:02:10.0191 1012 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

16:02:10.0199 1012 DcomLaunch - ok

16:02:10.0258 1012 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

16:02:10.0262 1012 defragsvc - ok

16:02:10.0329 1012 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

16:02:10.0330 1012 DfsC - ok

16:02:10.0418 1012 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

16:02:10.0422 1012 Dhcp - ok

16:02:10.0477 1012 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

16:02:10.0478 1012 discache - ok

16:02:10.0524 1012 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys

16:02:10.0527 1012 Disk - ok

16:02:10.0575 1012 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

16:02:10.0577 1012 Dnscache - ok

16:02:10.0630 1012 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

16:02:10.0634 1012 dot3svc - ok

16:02:10.0691 1012 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

16:02:10.0693 1012 DPS - ok

16:02:10.0755 1012 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

16:02:10.0756 1012 drmkaud - ok

16:02:10.0823 1012 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

16:02:10.0833 1012 DXGKrnl - ok

16:02:10.0910 1012 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

16:02:10.0911 1012 EapHost - ok

16:02:11.0022 1012 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys

16:02:11.0095 1012 ebdrv - ok

16:02:11.0214 1012 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

16:02:11.0220 1012 eeCtrl - ok

16:02:11.0260 1012 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

16:02:11.0262 1012 EFS - ok

16:02:11.0356 1012 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

16:02:11.0364 1012 ehRecvr - ok

16:02:11.0416 1012 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

16:02:11.0418 1012 ehSched - ok

16:02:11.0464 1012 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys

16:02:11.0470 1012 elxstor - ok

16:02:11.0543 1012 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

16:02:11.0545 1012 EraserUtilRebootDrv - ok

16:02:11.0583 1012 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

16:02:11.0584 1012 ErrDev - ok

16:02:11.0687 1012 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

16:02:11.0692 1012 EventSystem - ok

16:02:11.0720 1012 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

16:02:11.0723 1012 exfat - ok

16:02:11.0773 1012 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

16:02:11.0776 1012 fastfat - ok

16:02:11.0855 1012 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

16:02:11.0863 1012 Fax - ok

16:02:11.0893 1012 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys

16:02:11.0895 1012 fdc - ok

16:02:11.0970 1012 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

16:02:11.0971 1012 fdPHost - ok

16:02:11.0992 1012 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

16:02:11.0993 1012 FDResPub - ok

16:02:12.0045 1012 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

16:02:12.0046 1012 FileInfo - ok

16:02:12.0170 1012 [ 060CC45CECAE2FEAFF9C8C52D8FAFAA8 ] FileMonitor C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys

16:02:12.0171 1012 FileMonitor - ok

16:02:12.0198 1012 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

16:02:12.0199 1012 Filetrace - ok

16:02:12.0252 1012 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys

16:02:12.0253 1012 flpydisk - ok

16:02:12.0340 1012 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

16:02:12.0343 1012 FltMgr - ok

16:02:12.0422 1012 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

16:02:12.0433 1012 FontCache - ok

16:02:12.0504 1012 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:02:12.0504 1012 FontCache3.0.0.0 - ok

16:02:12.0550 1012 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

16:02:12.0551 1012 FsDepends - ok

16:02:12.0579 1012 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

16:02:12.0580 1012 Fs_Rec - ok

16:02:12.0661 1012 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

16:02:12.0664 1012 fvevol - ok

16:02:12.0708 1012 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys

16:02:12.0710 1012 gagp30kx - ok

16:02:12.0801 1012 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

16:02:12.0810 1012 gpsvc - ok

16:02:12.0918 1012 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:02:12.0919 1012 gupdate - ok

16:02:12.0948 1012 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:02:12.0949 1012 gupdatem - ok

16:02:13.0014 1012 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

16:02:13.0017 1012 gusvc - ok

16:02:13.0069 1012 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

16:02:13.0071 1012 hcw85cir - ok

16:02:13.0158 1012 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

16:02:13.0162 1012 HdAudAddService - ok

16:02:13.0213 1012 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys

16:02:13.0215 1012 HDAudBus - ok

16:02:13.0260 1012 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys

16:02:13.0261 1012 HidBatt - ok

16:02:13.0273 1012 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys

16:02:13.0274 1012 HidBth - ok

16:02:13.0291 1012 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys

16:02:13.0292 1012 HidIr - ok

16:02:13.0336 1012 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll

16:02:13.0338 1012 hidserv - ok

16:02:13.0443 1012 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

16:02:13.0444 1012 HidUsb - ok

16:02:13.0503 1012 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

16:02:13.0505 1012 hkmsvc - ok

16:02:13.0570 1012 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

16:02:13.0574 1012 HomeGroupListener - ok

16:02:13.0620 1012 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

16:02:13.0624 1012 HomeGroupProvider - ok

16:02:13.0692 1012 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

16:02:13.0694 1012 HpSAMD - ok

16:02:13.0753 1012 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

16:02:13.0761 1012 HTTP - ok

16:02:13.0813 1012 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

16:02:13.0813 1012 hwpolicy - ok

16:02:13.0888 1012 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys

16:02:13.0890 1012 i8042prt - ok

16:02:13.0979 1012 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

16:02:13.0982 1012 iaStor - ok

16:02:14.0059 1012 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

16:02:14.0065 1012 iaStorV - ok

16:02:14.0127 1012 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:02:14.0136 1012 idsvc - ok

16:02:14.0255 1012 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130309.001\IDSvia64.sys

16:02:14.0261 1012 IDSVia64 - ok

16:02:14.0339 1012 [ 28C5C4A78A3B659C1DCAE3F0CD1BC18E ] IDVaultSvc C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

16:02:14.0340 1012 IDVaultSvc - ok

16:02:14.0587 1012 [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

16:02:14.0803 1012 igfx - ok

16:02:14.0844 1012 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys

16:02:14.0845 1012 iirsp - ok

16:02:14.0920 1012 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

16:02:14.0930 1012 IKEEXT - ok

16:02:15.0059 1012 [ 8AE99EBE30E8338907361018D9030835 ] IMFservice C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

16:02:15.0068 1012 IMFservice - ok

16:02:15.0194 1012 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys

16:02:15.0213 1012 IntcAzAudAddService - ok

16:02:15.0260 1012 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

16:02:15.0261 1012 intelide - ok

16:02:15.0336 1012 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

16:02:15.0337 1012 intelppm - ok

16:02:15.0397 1012 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

16:02:15.0400 1012 IPBusEnum - ok

16:02:15.0444 1012 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

16:02:15.0446 1012 IpFilterDriver - ok

16:02:15.0504 1012 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

16:02:15.0510 1012 iphlpsvc - ok

16:02:15.0553 1012 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

16:02:15.0556 1012 IPMIDRV - ok

16:02:15.0594 1012 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

16:02:15.0596 1012 IPNAT - ok

16:02:15.0649 1012 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

16:02:15.0650 1012 IRENUM - ok

16:02:15.0694 1012 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

16:02:15.0695 1012 isapnp - ok

16:02:15.0738 1012 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

16:02:15.0741 1012 iScsiPrt - ok

16:02:15.0797 1012 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

16:02:15.0798 1012 kbdclass - ok

16:02:15.0870 1012 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys

16:02:15.0875 1012 kbdhid - ok

16:02:15.0922 1012 [ 5CF7F30E35043E779A55BC4D073F563D ] keycrypt C:\windows\system32\DRIVERS\KeyCrypt64.sys

16:02:15.0923 1012 keycrypt - ok

16:02:15.0950 1012 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

16:02:15.0952 1012 KeyIso - ok

16:02:16.0000 1012 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

16:02:16.0002 1012 KSecDD - ok

16:02:16.0023 1012 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

16:02:16.0025 1012 KSecPkg - ok

16:02:16.0095 1012 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

16:02:16.0096 1012 ksthunk - ok

16:02:16.0154 1012 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

16:02:16.0159 1012 KtmRm - ok

16:02:16.0254 1012 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll

16:02:16.0259 1012 LanmanServer - ok

16:02:16.0313 1012 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

16:02:16.0316 1012 LanmanWorkstation - ok

16:02:16.0372 1012 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

16:02:16.0373 1012 lltdio - ok

16:02:16.0426 1012 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

16:02:16.0431 1012 lltdsvc - ok

16:02:16.0458 1012 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

16:02:16.0460 1012 lmhosts - ok

16:02:16.0533 1012 [ 41E122F6D1448C94CC05196BC41D6BFB ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys

16:02:16.0534 1012 LPCFilter - ok

16:02:16.0604 1012 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys

16:02:16.0606 1012 LSI_FC - ok

16:02:16.0617 1012 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys

16:02:16.0619 1012 LSI_SAS - ok

16:02:16.0632 1012 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys

16:02:16.0633 1012 LSI_SAS2 - ok

16:02:16.0652 1012 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys

16:02:16.0654 1012 LSI_SCSI - ok

16:02:16.0693 1012 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

16:02:16.0694 1012 luafv - ok

16:02:16.0762 1012 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\windows\system32\drivers\mbam.sys

16:02:16.0763 1012 MBAMProtector - ok

16:02:16.0809 1012 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

16:02:16.0811 1012 MBAMScheduler - ok

16:02:16.0850 1012 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

16:02:16.0858 1012 MBAMService - ok

16:02:16.0904 1012 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

16:02:16.0907 1012 Mcx2Svc - ok

16:02:16.0949 1012 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys

16:02:16.0950 1012 megasas - ok

16:02:16.0964 1012 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys

16:02:16.0968 1012 MegaSR - ok

16:02:17.0035 1012 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

16:02:17.0036 1012 MMCSS - ok

16:02:17.0081 1012 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

16:02:17.0082 1012 Modem - ok

16:02:17.0134 1012 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

16:02:17.0134 1012 monitor - ok

16:02:17.0174 1012 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

16:02:17.0175 1012 mouclass - ok

16:02:17.0249 1012 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

16:02:17.0251 1012 mouhid - ok

16:02:17.0303 1012 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

16:02:17.0304 1012 mountmgr - ok

16:02:17.0384 1012 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

16:02:17.0386 1012 MozillaMaintenance - ok

16:02:17.0419 1012 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

16:02:17.0421 1012 mpio - ok

16:02:17.0473 1012 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

16:02:17.0474 1012 mpsdrv - ok

16:02:17.0541 1012 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

16:02:17.0548 1012 MpsSvc - ok

16:02:17.0590 1012 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

16:02:17.0593 1012 MRxDAV - ok

16:02:17.0643 1012 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

16:02:17.0645 1012 mrxsmb - ok

16:02:17.0703 1012 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

16:02:17.0706 1012 mrxsmb10 - ok

16:02:17.0764 1012 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

16:02:17.0766 1012 mrxsmb20 - ok

16:02:17.0784 1012 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

16:02:17.0785 1012 msahci - ok

16:02:17.0828 1012 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

16:02:17.0831 1012 msdsm - ok

16:02:17.0859 1012 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

16:02:17.0863 1012 MSDTC - ok

16:02:17.0920 1012 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

16:02:17.0921 1012 Msfs - ok

16:02:17.0968 1012 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

16:02:17.0969 1012 mshidkmdf - ok

16:02:18.0018 1012 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

16:02:18.0019 1012 msisadrv - ok

16:02:18.0064 1012 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

16:02:18.0067 1012 MSiSCSI - ok

16:02:18.0078 1012 msiserver - ok

16:02:18.0149 1012 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

16:02:18.0150 1012 MSKSSRV - ok

16:02:18.0161 1012 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

16:02:18.0163 1012 MSPCLOCK - ok

16:02:18.0179 1012 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

16:02:18.0180 1012 MSPQM - ok

16:02:18.0230 1012 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

16:02:18.0235 1012 MsRPC - ok

16:02:18.0292 1012 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys

16:02:18.0292 1012 mssmbios - ok

16:02:18.0349 1012 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

16:02:18.0350 1012 MSTEE - ok

16:02:18.0362 1012 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys

16:02:18.0363 1012 MTConfig - ok

16:02:18.0398 1012 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

16:02:18.0399 1012 Mup - ok

16:02:18.0536 1012 [ 4A9258B9597A31DB68EC9740F3A8A70B ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe

16:02:18.0537 1012 N360 - ok

16:02:18.0600 1012 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

16:02:18.0607 1012 napagent - ok

16:02:18.0701 1012 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

16:02:18.0705 1012 NativeWifiP - ok

16:02:18.0804 1012 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130312.005\ENG64.SYS

16:02:18.0805 1012 NAVENG - ok

16:02:18.0878 1012 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130312.005\EX64.SYS

16:02:18.0891 1012 NAVEX15 - ok

16:02:18.0984 1012 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys

16:02:18.0993 1012 NDIS - ok

16:02:19.0050 1012 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

16:02:19.0051 1012 NdisCap - ok

16:02:19.0104 1012 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

16:02:19.0105 1012 NdisTapi - ok

16:02:19.0172 1012 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

16:02:19.0173 1012 Ndisuio - ok

16:02:19.0222 1012 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

16:02:19.0224 1012 NdisWan - ok

16:02:19.0278 1012 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

16:02:19.0279 1012 NDProxy - ok

16:02:19.0344 1012 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

16:02:19.0346 1012 NetBIOS - ok

16:02:19.0401 1012 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

16:02:19.0404 1012 NetBT - ok

16:02:19.0451 1012 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

16:02:19.0452 1012 Netlogon - ok

16:02:19.0529 1012 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

16:02:19.0534 1012 Netman - ok

16:02:19.0550 1012 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

16:02:19.0559 1012 netprofm - ok

16:02:19.0615 1012 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:02:19.0618 1012 NetTcpPortSharing - ok

16:02:19.0658 1012 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys

16:02:19.0660 1012 nfrd960 - ok

16:02:19.0742 1012 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll

16:02:19.0746 1012 NlaSvc - ok

16:02:19.0777 1012 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

16:02:19.0779 1012 Npfs - ok

16:02:19.0834 1012 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

16:02:19.0836 1012 nsi - ok

16:02:19.0883 1012 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

16:02:19.0884 1012 nsiproxy - ok

16:02:19.0967 1012 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

16:02:19.0985 1012 Ntfs - ok

16:02:20.0029 1012 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

16:02:20.0030 1012 Null - ok

16:02:20.0104 1012 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

16:02:20.0106 1012 nvraid - ok

16:02:20.0150 1012 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

16:02:20.0152 1012 nvstor - ok

16:02:20.0199 1012 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

16:02:20.0201 1012 nv_agp - ok

16:02:20.0239 1012 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

16:02:20.0241 1012 ohci1394 - ok

16:02:20.0368 1012 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:02:20.0370 1012 ose - ok

16:02:20.0575 1012 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:02:20.0712 1012 osppsvc - ok

16:02:20.0794 1012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

16:02:20.0798 1012 p2pimsvc - ok

16:02:20.0833 1012 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

16:02:20.0839 1012 p2psvc - ok

16:02:20.0894 1012 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys

16:02:20.0896 1012 Parport - ok

16:02:20.0943 1012 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\windows\system32\drivers\partmgr.sys

16:02:20.0945 1012 partmgr - ok

16:02:21.0018 1012 [ 9665402B7FA59302D520AD845DDFC026 ] Partner Service C:\ProgramData\Partner\Partner.exe

16:02:21.0022 1012 Partner Service - ok

16:02:21.0086 1012 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

16:02:21.0090 1012 PcaSvc - ok

16:02:21.0142 1012 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

16:02:21.0145 1012 pci - ok

16:02:21.0213 1012 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys

16:02:21.0214 1012 pciide - ok

16:02:21.0263 1012 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys

16:02:21.0267 1012 pcmcia - ok

16:02:21.0293 1012 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

16:02:21.0295 1012 pcw - ok

16:02:21.0336 1012 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

16:02:21.0344 1012 PEAUTH - ok

16:02:21.0433 1012 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

16:02:21.0435 1012 PerfHost - ok

16:02:21.0527 1012 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

16:02:21.0538 1012 pla - ok

16:02:21.0605 1012 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

16:02:21.0610 1012 PlugPlay - ok

16:02:21.0663 1012 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

16:02:21.0666 1012 PNRPAutoReg - ok

16:02:21.0705 1012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

16:02:21.0708 1012 PNRPsvc - ok

16:02:21.0779 1012 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

16:02:21.0785 1012 PolicyAgent - ok

16:02:21.0840 1012 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

16:02:21.0844 1012 Power - ok

16:02:21.0919 1012 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

16:02:21.0920 1012 PptpMiniport - ok

16:02:21.0958 1012 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys

16:02:21.0959 1012 Processor - ok

16:02:22.0048 1012 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\windows\system32\profsvc.dll

16:02:22.0052 1012 ProfSvc - ok

16:02:22.0073 1012 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

16:02:22.0075 1012 ProtectedStorage - ok

16:02:22.0154 1012 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

16:02:22.0156 1012 Psched - ok

16:02:22.0207 1012 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys

16:02:22.0208 1012 PxHlpa64 - ok

16:02:22.0272 1012 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys

16:02:22.0288 1012 ql2300 - ok

16:02:22.0316 1012 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys

16:02:22.0318 1012 ql40xx - ok

16:02:22.0365 1012 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

16:02:22.0370 1012 QWAVE - ok

16:02:22.0393 1012 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

16:02:22.0395 1012 QWAVEdrv - ok

16:02:22.0436 1012 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

16:02:22.0437 1012 RasAcd - ok

16:02:22.0523 1012 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

16:02:22.0525 1012 RasAgileVpn - ok

16:02:22.0579 1012 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

16:02:22.0582 1012 RasAuto - ok

16:02:22.0658 1012 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

16:02:22.0660 1012 Rasl2tp - ok

16:02:22.0717 1012 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

16:02:22.0723 1012 RasMan - ok

16:02:22.0795 1012 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

16:02:22.0797 1012 RasPppoe - ok

16:02:22.0840 1012 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

16:02:22.0842 1012 RasSstp - ok

16:02:22.0893 1012 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

16:02:22.0896 1012 rdbss - ok

16:02:22.0942 1012 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys

16:02:22.0944 1012 rdpbus - ok

16:02:22.0970 1012 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

16:02:22.0971 1012 RDPCDD - ok

16:02:23.0015 1012 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

16:02:23.0016 1012 RDPENCDD - ok

16:02:23.0048 1012 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

16:02:23.0049 1012 RDPREFMP - ok

16:02:23.0095 1012 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\windows\system32\drivers\RDPWD.sys

16:02:23.0098 1012 RDPWD - ok

16:02:23.0184 1012 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

16:02:23.0188 1012 rdyboost - ok

16:02:23.0345 1012 [ 5F9AC3243C206EC95F32E4348AE67C13 ] RegFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys

16:02:23.0346 1012 RegFilter - ok

16:02:23.0411 1012 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

16:02:23.0413 1012 RemoteAccess - ok

16:02:23.0461 1012 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

16:02:23.0465 1012 RemoteRegistry - ok

16:02:23.0518 1012 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

16:02:23.0520 1012 RpcEptMapper - ok

16:02:23.0568 1012 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

16:02:23.0570 1012 RpcLocator - ok

16:02:23.0626 1012 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

16:02:23.0631 1012 RpcSs - ok

16:02:23.0705 1012 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

16:02:23.0707 1012 rspndr - ok

16:02:23.0802 1012 [ 8C22F21C924413D4E109995F748E18BB ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

16:02:23.0805 1012 RSUSBSTOR - ok

16:02:23.0884 1012 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

16:02:23.0887 1012 RTL8167 - ok

16:02:23.0984 1012 [ A36805E60282B1753C28001269D725E7 ] RTL8187B C:\windows\system32\DRIVERS\RTL8187B.sys

16:02:23.0990 1012 RTL8187B - ok

16:02:24.0014 1012 RtsUIR - ok

16:02:24.0040 1012 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

16:02:24.0041 1012 SamSs - ok

16:02:24.0086 1012 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

16:02:24.0088 1012 sbp2port - ok

16:02:24.0143 1012 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

16:02:24.0147 1012 SCardSvr - ok

16:02:24.0197 1012 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

16:02:24.0198 1012 scfilter - ok

16:02:24.0265 1012 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

16:02:24.0278 1012 Schedule - ok

16:02:24.0325 1012 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

16:02:24.0327 1012 SCPolicySvc - ok

16:02:24.0385 1012 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

16:02:24.0389 1012 SDRSVC - ok

16:02:24.0455 1012 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

16:02:24.0456 1012 secdrv - ok

16:02:24.0505 1012 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

16:02:24.0507 1012 seclogon - ok

16:02:24.0560 1012 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll

16:02:24.0562 1012 SENS - ok

16:02:24.0606 1012 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

16:02:24.0609 1012 SensrSvc - ok

16:02:24.0635 1012 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys

16:02:24.0636 1012 Serenum - ok

16:02:24.0694 1012 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys

16:02:24.0696 1012 Serial - ok

16:02:24.0731 1012 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys

16:02:24.0733 1012 sermouse - ok

16:02:24.0800 1012 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

16:02:24.0804 1012 SessionEnv - ok

16:02:24.0851 1012 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

16:02:24.0852 1012 sffdisk - ok

16:02:24.0880 1012 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

16:02:24.0881 1012 sffp_mmc - ok

16:02:24.0901 1012 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

16:02:24.0903 1012 sffp_sd - ok

16:02:24.0939 1012 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys

16:02:24.0941 1012 sfloppy - ok

16:02:25.0000 1012 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

16:02:25.0006 1012 SharedAccess - ok

16:02:25.0064 1012 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

16:02:25.0069 1012 ShellHWDetection - ok

16:02:25.0120 1012 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys

16:02:25.0122 1012 SiSRaid2 - ok

16:02:25.0144 1012 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys

16:02:25.0146 1012 SiSRaid4 - ok

16:02:25.0227 1012 [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\windows\system32\Drivers\SmartDefragDriver.sys

16:02:25.0228 1012 SmartDefragDriver - ok

16:02:25.0302 1012 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

16:02:25.0308 1012 Smb - ok

16:02:25.0404 1012 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

16:02:25.0406 1012 SNMPTRAP - ok

16:02:25.0430 1012 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

16:02:25.0432 1012 spldr - ok

16:02:25.0491 1012 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe

16:02:25.0498 1012 Spooler - ok

16:02:25.0655 1012 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

16:02:25.0722 1012 sppsvc - ok

16:02:25.0777 1012 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

16:02:25.0780 1012 sppuinotify - ok

16:02:25.0906 1012 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\windows\System32\Drivers\N360x64\1402000.013\SRTSP64.SYS

16:02:25.0911 1012 SRTSP - ok

16:02:25.0961 1012 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\windows\system32\drivers\N360x64\1402000.013\SRTSPX64.SYS

16:02:25.0962 1012 SRTSPX - ok

16:02:26.0031 1012 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

16:02:26.0036 1012 srv - ok

16:02:26.0100 1012 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

16:02:26.0105 1012 srv2 - ok

16:02:26.0155 1012 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

16:02:26.0157 1012 srvnet - ok

16:02:26.0230 1012 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

16:02:26.0234 1012 SSDPSRV - ok

16:02:26.0261 1012 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

16:02:26.0266 1012 SstpSvc - ok

16:02:26.0306 1012 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys

16:02:26.0307 1012 stexstor - ok

16:02:26.0402 1012 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

16:02:26.0410 1012 stisvc - ok

16:02:26.0484 1012 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

16:02:26.0486 1012 stllssvr - ok

16:02:26.0536 1012 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys

16:02:26.0536 1012 swenum - ok

16:02:26.0598 1012 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

16:02:26.0606 1012 swprv - ok

16:02:26.0690 1012 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS

16:02:26.0696 1012 SymDS - ok

16:02:26.0793 1012 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS

16:02:26.0805 1012 SymEFA - ok

16:02:26.0881 1012 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS

16:02:26.0883 1012 SymEvent - ok

16:02:26.0965 1012 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS

16:02:26.0967 1012 SymIRON - ok

16:02:27.0010 1012 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\windows\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS

16:02:27.0016 1012 SymNetS - ok

16:02:27.0097 1012 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys

16:02:27.0100 1012 SynTP - ok

16:02:27.0183 1012 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

16:02:27.0202 1012 SysMain - ok

16:02:27.0250 1012 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

16:02:27.0253 1012 TabletInputService - ok

16:02:27.0290 1012 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

16:02:27.0295 1012 TapiSrv - ok

16:02:27.0357 1012 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

16:02:27.0359 1012 TBS - ok

16:02:27.0450 1012 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\windows\system32\drivers\tcpip.sys

16:02:27.0472 1012 Tcpip - ok

16:02:27.0563 1012 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

16:02:27.0575 1012 TCPIP6 - ok

16:02:27.0634 1012 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

16:02:27.0635 1012 tcpipreg - ok

16:02:27.0689 1012 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys

16:02:27.0690 1012 tdcmdpst - ok

16:02:27.0727 1012 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

16:02:27.0728 1012 TDPIPE - ok

16:02:27.0762 1012 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

16:02:27.0763 1012 TDTCP - ok

16:02:27.0851 1012 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

16:02:27.0853 1012 tdx - ok

16:02:27.0903 1012 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys

16:02:27.0905 1012 TermDD - ok

16:02:27.0942 1012 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

16:02:27.0952 1012 TermService - ok

16:02:27.0995 1012 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

16:02:27.0998 1012 Themes - ok

16:02:28.0047 1012 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

16:02:28.0049 1012 THREADORDER - ok

16:02:28.0164 1012 [ 32577B987AE5401038451BB392CB8D89 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

16:02:28.0165 1012 TMachInfo - ok

16:02:28.0214 1012 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe

16:02:28.0217 1012 TODDSrv - ok

16:02:28.0305 1012 [ 06C61275ADC64F1E36240A2287998A5E ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

16:02:28.0310 1012 TosCoSrv - ok

16:02:28.0412 1012 [ DD58E1250F604CBBADDA04575E5E2376 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

16:02:28.0413 1012 TOSHIBA HDD SSD Alert Service - ok

16:02:28.0505 1012 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys

16:02:28.0512 1012 tos_sps64 - ok

16:02:28.0581 1012 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

16:02:28.0585 1012 TrkWks - ok

16:02:28.0669 1012 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

16:02:28.0670 1012 TrustedInstaller - ok

16:02:28.0728 1012 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

16:02:28.0729 1012 tssecsrv - ok

16:02:28.0802 1012 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

16:02:28.0803 1012 TsUsbFlt - ok

16:02:28.0882 1012 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

16:02:28.0884 1012 tunnel - ok

16:02:28.0933 1012 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS

16:02:28.0935 1012 TVALZ - ok

16:02:28.0979 1012 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys

16:02:28.0981 1012 uagp35 - ok

16:02:29.0028 1012 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

16:02:29.0033 1012 udfs - ok

16:02:29.0094 1012 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

16:02:29.0097 1012 UI0Detect - ok

16:02:29.0141 1012 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

16:02:29.0143 1012 uliagpkx - ok

16:02:29.0232 1012 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys

16:02:29.0233 1012 umbus - ok

16:02:29.0273 1012 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys

16:02:29.0274 1012 UmPass - ok

16:02:29.0327 1012 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

16:02:29.0334 1012 upnphost - ok

16:02:29.0394 1012 [ 241080F1B28E68F0D00F8F1066A3780D ] UrlFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys

16:02:29.0395 1012 UrlFilter - ok

16:02:29.0487 1012 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys

16:02:29.0489 1012 USBAAPL64 - ok

16:02:29.0545 1012 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

16:02:29.0547 1012 usbccgp - ok

16:02:29.0562 1012 USBCCID - ok

16:02:29.0622 1012 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

16:02:29.0624 1012 usbcir - ok

16:02:29.0660 1012 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

16:02:29.0663 1012 usbehci - ok

16:02:29.0740 1012 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

16:02:29.0744 1012 usbhub - ok

16:02:29.0771 1012 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys

16:02:29.0772 1012 usbohci - ok

16:02:29.0846 1012 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

16:02:29.0847 1012 usbprint - ok

16:02:29.0904 1012 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

16:02:29.0905 1012 usbscan - ok

16:02:29.0934 1012 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

16:02:29.0936 1012 USBSTOR - ok

16:02:29.0983 1012 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys

16:02:29.0984 1012 usbuhci - ok

16:02:30.0030 1012 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

16:02:30.0032 1012 UxSms - ok

16:02:30.0051 1012 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

16:02:30.0053 1012 VaultSvc - ok

16:02:30.0123 1012 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

16:02:30.0124 1012 vdrvroot - ok

16:02:30.0186 1012 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

16:02:30.0194 1012 vds - ok

16:02:30.0237 1012 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

16:02:30.0239 1012 vga - ok

16:02:30.0273 1012 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

16:02:30.0274 1012 VgaSave - ok

16:02:30.0323 1012 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

16:02:30.0327 1012 vhdmp - ok

16:02:30.0363 1012 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

16:02:30.0364 1012 viaide - ok

16:02:30.0404 1012 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

16:02:30.0405 1012 volmgr - ok

16:02:30.0463 1012 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

16:02:30.0468 1012 volmgrx - ok

16:02:30.0509 1012 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

16:02:30.0512 1012 volsnap - ok

16:02:30.0561 1012 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys

16:02:30.0563 1012 vsmraid - ok

16:02:30.0649 1012 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

16:02:30.0669 1012 VSS - ok

16:02:30.0711 1012 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\System32\drivers\vwifibus.sys

16:02:30.0713 1012 vwifibus - ok

16:02:30.0763 1012 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

16:02:30.0765 1012 vwififlt - ok

16:02:30.0835 1012 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

16:02:30.0841 1012 W32Time - ok

16:02:30.0889 1012 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys

16:02:30.0891 1012 WacomPen - ok

16:02:30.0965 1012 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

16:02:30.0966 1012 WANARP - ok

16:02:30.0978 1012 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

16:02:30.0979 1012 Wanarpv6 - ok

16:02:31.0086 1012 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

16:02:31.0099 1012 WatAdminSvc - ok

16:02:31.0179 1012 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

16:02:31.0198 1012 wbengine - ok

16:02:31.0254 1012 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

16:02:31.0259 1012 WbioSrvc - ok

16:02:31.0320 1012 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

16:02:31.0327 1012 wcncsvc - ok

16:02:31.0385 1012 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

16:02:31.0388 1012 WcsPlugInService - ok

16:02:31.0443 1012 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys

16:02:31.0445 1012 Wd - ok

16:02:31.0486 1012 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

16:02:31.0495 1012 Wdf01000 - ok

16:02:31.0529 1012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

16:02:31.0532 1012 WdiServiceHost - ok

16:02:31.0543 1012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

16:02:31.0547 1012 WdiSystemHost - ok

16:02:31.0615 1012 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

16:02:31.0620 1012 WebClient - ok

16:02:31.0676 1012 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

16:02:31.0681 1012 Wecsvc - ok

16:02:31.0706 1012 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

16:02:31.0709 1012 wercplsupport - ok

16:02:31.0775 1012 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

16:02:31.0778 1012 WerSvc - ok

16:02:31.0845 1012 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

16:02:31.0846 1012 WfpLwf - ok

16:02:31.0876 1012 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

16:02:31.0877 1012 WIMMount - ok

16:02:31.0905 1012 WinDefend - ok

16:02:31.0921 1012 WinHttpAutoProxySvc - ok

16:02:31.0986 1012 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

16:02:31.0989 1012 Winmgmt - ok

16:02:32.0093 1012 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

16:02:32.0127 1012 WinRM - ok

16:02:32.0235 1012 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

16:02:32.0237 1012 WinUsb - ok

16:02:32.0306 1012 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

16:02:32.0318 1012 Wlansvc - ok

16:02:32.0378 1012 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys

16:02:32.0379 1012 WmiAcpi - ok

16:02:32.0436 1012 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

16:02:32.0439 1012 wmiApSrv - ok

16:02:32.0496 1012 WMPNetworkSvc - ok

16:02:32.0534 1012 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

16:02:32.0537 1012 WPCSvc - ok

16:02:32.0597 1012 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

16:02:32.0600 1012 WPDBusEnum - ok

16:02:32.0649 1012 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

16:02:32.0650 1012 ws2ifsl - ok

16:02:32.0703 1012 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll

16:02:32.0706 1012 wscsvc - ok

16:02:32.0718 1012 WSearch - ok

16:02:32.0825 1012 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\windows\system32\wuaueng.dll

16:02:32.0861 1012 wuauserv - ok

16:02:32.0890 1012 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys

16:02:32.0892 1012 WudfPf - ok

16:02:32.0966 1012 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

16:02:32.0969 1012 WUDFRd - ok

16:02:33.0008 1012 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll

16:02:33.0011 1012 wudfsvc - ok

16:02:33.0068 1012 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll

16:02:33.0073 1012 WwanSvc - ok

16:02:33.0152 1012 X5XSEx - ok

16:02:33.0191 1012 [ C6B289A70A2D36242A2CCAA2715E1747 ] X5XSEx_Pr143 C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys

16:02:33.0192 1012 X5XSEx_Pr143 - ok

16:02:33.0338 1012 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

16:02:33.0342 1012 YahooAUService - ok

16:02:33.0416 1012 ================ Scan global ===============================

16:02:33.0476 1012 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

16:02:33.0532 1012 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

16:02:33.0546 1012 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

16:02:33.0591 1012 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

16:02:33.0649 1012 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

16:02:33.0654 1012 [Global] - ok

16:02:33.0658 1012 ================ Scan MBR ==================================

16:02:33.0681 1012 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0

16:02:33.0844 1012 \Device\Harddisk0\DR0 - ok

16:02:33.0848 1012 ================ Scan VBR ==================================

16:02:33.0854 1012 [ D081F37BD3D62809C092D0AEA6AD5670 ] \Device\Harddisk0\DR0\Partition1

16:02:33.0855 1012 \Device\Harddisk0\DR0\Partition1 - ok

16:02:33.0859 1012 ============================================================

16:02:33.0859 1012 Scan finished

16:02:33.0859 1012 ============================================================

16:02:33.0877 3332 Detected object count: 0

16:02:33.0877 3332 Actual detected object count: 0

[PennyS]

The log from RKReport log: Next steps will enable antivirus program and wait for your instructions.

RogueKiller V8.5.2 [Mar 9 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Owner [Admin rights]

Mode : Scan -- Date : 03/12/2013 16:08:32

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] adwcleaner.exe -- C:\Users\Owner\Desktop\adwcleaner.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Diagnostics (rundll32 "C:\Users\Owner\AppData\Local\VirtualStore\Diagnostics\jujwjn.dll",NVDisplayCoInstallW) [x] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2816127553-4110278854-1277838339-1000[...]\Run : Diagnostics (rundll32 "C:\Users\Owner\AppData\Local\VirtualStore\Diagnostics\jujwjn.dll",NVDisplayCoInstallW) [x] -> FOUND

[TASK][sUSP PATH] CandyUpdater.job : C:\Users\Owner\AppData\Local\ArcadeCandy\candyUpdater.exe [x] -> FOUND

[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [7] -> FOUND

[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [7] -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2555GSXN +++++

--- User ---

[MBR] ed17ef43126cd206539cdf84c03a56b9

[bSP] 53ee8dd87003e4453a109f701c2d1a41 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227773 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469553152 | Size: 9201 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_03122013_02d1608.txt >>

RKreport[1]_S_03122013_02d1608.txt

[Maurice Naggar]

There's a lot of adwares here, plus a trojan or two.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

• Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Please disconnect any USB flash-thumb drives or external storage drives from the computer before you run this scan!
  
• Right-Click RogueKiller and select Run as Administrator.
  
• Wait until Prescan finishes.
  
• On the RogueKiller console, click the Registry tab.
  Put a check next to all of these and uncheck the rest: (if found)
  [RUN][sUSP PATH] HKCU\[...]\Run : Diagnostics (rundll32 "C:\Users\Owner\AppData\Local\VirtualStore\Diagnostics\jujwjn.dll",NVDisplayCoInstallW) [x] -> FOUND
  [RUN][sUSP PATH] HKUS\S-1-5-21-2816127553-4110278854-1277838339-1000[...]\Run : Diagnostics (rundll32 "C:\Users\Owner\AppData\Local\VirtualStore\Diagnostics\jujwjn.dll",NVDisplayCoInstallW) [x] -> FOUND
  [TASK][sUSP PATH] CandyUpdater.job : C:\Users\Owner\AppData\Local\ArcadeCandy\candyUpdater.exe [x] -> FOUND
  [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [7] -> FOUND
  [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [7] -> FOUND
  [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
  
  
• Then click on Delete on the right hand column under Options.
  
• When done, logoff & Restart the system.
• The log will be found as RKreport
  Copy & Paste the contents into next reply.

Step 2

• Close any open documents/programs & all internet browsers you have running.
  
• Please start AdwCleaner
  
• Click on Delete button.
  
• Confirm each time with OK.
  
• Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  
• Note: You can find the logfile at C:\AdwCleaner[s1]

Step 3

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a QUICK Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Step 4

Close any open work documents, if any, saving your work.

Make sure to close any other programs that you started before.

Please download Junkware Removal Tool by Thisisu to your Desktop.

• Please close your security software to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.
  
• The tool will open and display information and disclaimer in a Command prompt window.
  
• I'd suggest you close all internet browsers at this point.
  
• Press a key on keyboard to start scanning your system.
  
• Please be very patient as this will take several minutes to complete, depending on your system's specifications.
  
• There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.
  
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.
  
• Please post the contents of JRT.txt into a new reply.
  
• Re-enable your security software.
  Re-enable your antivirus program.

Tell me, How is the system now ?

[PennyS]

Rkill results:

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/12/2013 07:49:23 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:

C:\Users\Owner\Desktop\rkill\rkill-03-12-2013-07-49-26.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Firewall (MpsSvc) is not Running.

Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.

Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 03/12/2013 07:49:38 PM

Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

[PennyS]

Rouge Killer results:

RogueKiller V8.5.2 [Mar 9 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Owner [Admin rights]

Mode : Remove -- Date : 03/12/2013 19:59:58

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Diagnostics (rundll32 "C:\Users\Owner\AppData\Local\VirtualStore\Diagnostics\jujwjn.dll",NVDisplayCoInstallW) [x] -> DELETED

[TASK][sUSP PATH] CandyUpdater.job : C:\Users\Owner\AppData\Local\ArcadeCandy\candyUpdater.exe [x] -> DELETED

[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [7] -> DELETED

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2555GSXN +++++

--- User ---

[MBR] ed17ef43126cd206539cdf84c03a56b9

[bSP] 53ee8dd87003e4453a109f701c2d1a41 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227773 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469553152 | Size: 9201 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_D_03122013_02d1959.txt >>

RKreport[1]_S_03122013_02d1608.txt ; RKreport[2]_S_03122013_02d1956.txt ; RKreport[3]_D_03122013_02d1959.txt

[PennyS]

AdwCleaner results:

# AdwCleaner v2.114 - Logfile created 03/12/2013 at 20:07:55

# Updated 05/03/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Owner - OWNER-PC

# Boot Mode : Normal

# Running from : C:\Users\Owner\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Application Updater

Stopped & Deleted : Partner Service

***** [Files / Folders] *****

File Deleted : C:\END

File Deleted : C:\Users\Owner\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\searchplugins\wiseconvert-customized-web-search.xml

Folder Deleted : C:\Program Files (x86)\Application Updater

Folder Deleted : C:\Program Files (x86)\Common Files\spigot

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\GamesBar

Folder Deleted : C:\Program Files (x86)\xfin_portal

Folder Deleted : C:\ProgramData\~0

Folder Deleted : C:\ProgramData\APN

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\Users\Owner\AppData\Local\Conduit

Folder Deleted : C:\Users\Owner\AppData\Local\Temp\APN

Folder Deleted : C:\Users\Owner\AppData\Local\Temp\CT1320680

Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Owner\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\Owner\AppData\LocalLow\xfin_portal

Folder Deleted : C:\Users\Owner\AppData\Roaming\iWin

Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\CT3196716

Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}

Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}

Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}

Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\Smartbar

Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\xfin_portal

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Search Settings

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKLM\Software\Application Updater

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll

Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1320680

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\Software\Search Settings

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKLM\SOFTWARE\Software

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [unable to get version]

File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\prefs.js

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecvuprts.default\user.js ... Deleted !

Deleted : user_pref("CT3196716.1000082.isDisplayHidden", "true");

Deleted : user_pref("CT3196716.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]

Deleted : user_pref("CT3196716.1000234.TWC_TMP_city", "ALEXANDRIA");

Deleted : user_pref("CT3196716.1000234.TWC_TMP_country", "US");

Deleted : user_pref("CT3196716.1000234.TWC_locId", "EGXX0001");

Deleted : user_pref("CT3196716.1000234.TWC_location", "Alexandria, Egypt");

Deleted : user_pref("CT3196716.1000234.TWC_region", "US");

Deleted : user_pref("CT3196716.1000234.TWC_temp_dis", "f");

Deleted : user_pref("CT3196716.1000234.TWC_wind_dis", "mph");

Deleted : user_pref("CT3196716.1000234.weatherData", "{\"icon\":\"29.png\",\"temperature\":\"57°F\",\"temperat[...]

Deleted : user_pref("CT3196716.CBOpenMAMSettings.enc", "MA==");

Deleted : user_pref("CT3196716.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3196716.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT3196716.FirstTime", "true");

Deleted : user_pref("CT3196716.FirstTimeFF3", "true");

Deleted : user_pref("CT3196716.LoginRevertSettingsEnabled", false);

Deleted : user_pref("CT3196716.RevertSettingsEnabled", true);

Deleted : user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...]

Deleted : user_pref("CT3196716.UserID", "UN82430597180040417");

Deleted : user_pref("CT3196716.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT3196716.browser.search.defaultthis.engineName", true);

Deleted : user_pref("CT3196716.cb_experience_000.enc", "Ng==");

Deleted : user_pref("CT3196716.cbcountry_001.enc", "VVM=");

Deleted : user_pref("CT3196716.cbfirsttime.enc", "V2VkIE5vdiAxNCAyMDEyIDAxOjAwOjIyIEdNVC0wNTAwIChFYXN0ZXJuIFN0[...]

Deleted : user_pref("CT3196716.embeddedsData", "[{\"appId\":\"129755756826636815\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT3196716.enableAlerts", "always");

Deleted : user_pref("CT3196716.event_data.enc", "JTVCJTVE");

Deleted : user_pref("CT3196716.fired_events.enc", "AA==");

Deleted : user_pref("CT3196716.firstTimeDialogOpened", "true");

Deleted : user_pref("CT3196716.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT3196716.fixUrls", true);

Deleted : user_pref("CT3196716.installType", "Unknown");

Deleted : user_pref("CT3196716.isCheckedStartAsHidden", true);

Deleted : user_pref("CT3196716.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3196716.isFirstTimeToolbarLoading", "false");

Deleted : user_pref("CT3196716.isNewTabEnabled", true);

Deleted : user_pref("CT3196716.isPerformedSmartBarTransition", "true");

Deleted : user_pref("CT3196716.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT3196716.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Deleted : user_pref("CT3196716.key_date.enc", "OA==");

Deleted : user_pref("CT3196716.keyword", true);

Deleted : user_pref("CT3196716.migrateAppsAndComponents", true);

Deleted : user_pref("CT3196716.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]

Deleted : user_pref("CT3196716.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]

Deleted : user_pref("CT3196716.price-gong.isManagedApp", "true");

Deleted : user_pref("CT3196716.search.searchAppId", "129755756826636815");

Deleted : user_pref("CT3196716.search.searchCount", "2");

Deleted : user_pref("CT3196716.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT3196716.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3196716.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT3196716.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT3196716.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1354604972552");

Deleted : user_pref("CT3196716.serviceLayer_services_appTracking_lastUpdate", "1354604972664");

Deleted : user_pref("CT3196716.serviceLayer_services_appsMetadata_lastUpdate", "1354925437111");

Deleted : user_pref("CT3196716.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1354158536301");

Deleted : user_pref("CT3196716.serviceLayer_services_login_10.13.40.15_lastUpdate", "1354925437740");

Deleted : user_pref("CT3196716.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13549[...]

Deleted : user_pref("CT3196716.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13549[...]

Deleted : user_pref("CT3196716.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1354158536301");

Deleted : user_pref("CT3196716.serviceLayer_services_searchAPI_lastUpdate", "1354925437833");

Deleted : user_pref("CT3196716.serviceLayer_services_serviceMap_lastUpdate", "1354925435764");

Deleted : user_pref("CT3196716.serviceLayer_services_toolbarContextMenu_lastUpdate", "1354158536300");

Deleted : user_pref("CT3196716.serviceLayer_services_toolbarSettings_lastUpdate", "1354925437083");

Deleted : user_pref("CT3196716.serviceLayer_services_translation_lastUpdate", "1354925435894");

Deleted : user_pref("CT3196716.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]

Deleted : user_pref("CT3196716.serviceLayer_services_userApps_lastUpdate", "1354668777654");

Deleted : user_pref("CT3196716.settingsINI", true);

Deleted : user_pref("CT3196716.smartbar.CTID", "CT3196716");

Deleted : user_pref("CT3196716.smartbar.Uninstall", "0");

Deleted : user_pref("CT3196716.smartbar.homepage", true);

Deleted : user_pref("CT3196716.smartbar.toolbarName", "WiseConvert ");

Deleted : user_pref("CT3196716.toolbarBornServerTime", "14-11-2012");

Deleted : user_pref("CT3196716.toolbarCurrentServerTime", "8-12-2012");

Deleted : user_pref("CT3196716.url_history0001.enc", "aHR0cDovLzAuci5tc24uY29tLz9sZD02dnNwSG1MTTlxSm84Zkp6Rno5[...]

Deleted : user_pref("CT3196716_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=1[...]

Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WiseConvert Customized Web Search");

Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716[...]

Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://search.yahoo.[...]

Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3196716");

Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13[...]

Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Deleted : user_pref("smartbar.originalHomepage", "data:text/plain,browser.startup.homepage=hxxp://search.yahoo[...]

Deleted : user_pref("smartbar.originalSearchAddressUrl", "data:text/plain,keyword.URL=hxxp://search.yahoo.com/[...]

Deleted : user_pref("smartbar.originalSearchEngine", false);

-\\ Google Chrome v25.0.1364.152

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [18032 octets] - [12/03/2013 15:56:17]

AdwCleaner[s1].txt - [16157 octets] - [12/03/2013 20:07:55]

########## EOF - C:\AdwCleaner[s1].txt - [16218 octets] ##########

[PennyS]

MBAM results:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.13.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

Protection: Disabled

3/12/2013 8:17:53 PM

mbam-log-2013-03-12 (20-17-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230070

Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[PennyS]

Junkware removal Tool results:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.7.1 (03.12.2013:1)

OS: Windows 7 Home Premium x64

Ran by Owner on Tue 03/12/2013 at 20:35:30.49

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{f92a9fe4-2850-4198-b9d5-279880e49b16}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{f92a9fe4-2850-4198-b9d5-279880e49b16}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin

Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"

Successfully deleted: [Folder] "C:\ProgramData\pc1data"

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\drivercure"

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\speedypc software"

Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\best buy pc app"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\free ride games"

Successfully deleted: [Folder] "C:\Program Files (x86)\gamesbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\speedypc software"

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\speedypc software"

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\microsoft\windows\start menu\programs\speedypc software"

~~~ Chrome

Dumping contents of C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default

C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\aadfgfgbdjdjdidadbdfgggcdegdgbdj

C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\aadfgfgbdjdjdidadbdfgggcdegdgbdj\background.js

C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\aadfgfgbdjdjdidadbdfgggcdegdgbdj\manifest.json

Successfully deleted: [Folder] C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 03/12/2013 at 20:49:31.95

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[PennyS]

And the answer to the question about how is the system now is: WONDERFUL.

Please accept my thanks to you for your outstanding work and your valuable time. I do appreciate all that the information, advice, guidance and most importantly your patience with me. I know that stupid cannot be fixed, but you did an outstanding job in overcoming my stupidity. Thank you very much and know that I do appreciate everything.

[Maurice Naggar]

Very good.

Stick with me, as we will do cleanups after I give the all clear.

Do this next, for my review.

Download Security Check by screen317 from here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

[PennyS]

Sorry for not responding sooner, was out most of the day today. Wife went to visit friends and took the machine. Will have it back tomorrow (03/14/2013) and do the Security Check and the rest of your instructions. Again my apology for not reading and responding sooner.

[Maurice Naggar]

ok. Just please stick with me.

Next time you are on this thread, Look at upper right of topic display on forum screen.

Click on Follow this Topic button

and select Immediate notification.

[PennyS]

Computer will be here this afternoon and I will follow your instructions. Thanks again for all of your work, time and support.

[Maurice Naggar]

OK

Take your time. Thanks for letting me know.

[PennyS]

And the results are:

Results of screen317's Security Check version 0.99.61

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Norton Security Suite

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 14

Java version out of Date!

Adobe Flash Player 11.6.602.171

Adobe Reader 9 Adobe Reader out of Date!

Google Chrome 25.0.1364.152

Google Chrome 25.0.1364.97

Google Chrome CommonDotNET.dll..

Google Chrome IdVaultCore.dll..

Google Chrome IdVaultCore.XmlSerializers.dll.

Google Chrome Microsoft.mshtml.dll.

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````