Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant BSOD and Trojans and other "infections" appearing with every new scan.


  • This topic is locked This topic is locked
40 replies to this topic

#1 ProdigyX

ProdigyX

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 22 April 2013 - 03:18 AM

Hello there, I was hoping to receive some help from this awesome forum with my computer issues. My computer is my livelihood and my ability to complete school(finals coming up in <2 weeks).

 

I followed http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ so I hope this is the correct way to ask!

 

I work online and need to go through random generated links. Me being an idiot I did not use sandboxie for work and thought I would be protected enough with malwarebytes/MSE/CCleaner.

 

Randomly MSE started picking up some weird things so I ran a full scan of MSE and CCleaner, cleaned my registry and ran a full scan of Malwarebytes(don't have the flash scan ability). MSE cleaned up various trojans and I decided to run it again because it picked up some more stuff after I had just cleaned it. Randomly the MSE lagged a bit and I reopened it and I was prompted to download the "offline version"(which is malware I assume). In the middle of the scan I received a BSOD "-irql-not-less-or-equal" I decided to do a system restore to april 14th. When I logged back in I received the same BSOD instantly. I booted back up in safemode+networking and ran a full scan once again with Microsoft Security Essentials + MWB + CCleaner. MSE found another 8 or so hits (I had not logged on the internet at all in this time btw) and mwb found nothing. I was able to work a little bit and got word from a friend to try AVG Free scan and rkill. I ran both of these in safemode, in safemode AVG told me that there were multiple 'locked' files it could not access and thus scan such as the appdata folders and some C:// Documents folders. It found more trojans and malicious software on my computer. After the scan I tried booting back up. Instant BSOD again. So I booted back up normally and spammed rkill and it didn't say it found any malicious processes that it stopped but it did stop some random processes but I did not receive a BSOD this time around.

 

At this point I had found combofixer(silly me ><) and I decided to run it in hopes to get it fixed. I left my room and came back and my computer had restarted, I booted back up normally and my computer was doing good last night. I ran a full AVG scan and ONCE AGAIN it found and removed multiple trojans.

 

I ran combofixer again because I was not sure if it had actually fixed anything and in the middle of it I received a different type of BSOD(I'm sorry I'm not quite sure what type this is, I keep trying to catch it but it goes away quickly, it collects data to the dump files then reboots).

 

Today I rebooted in normal mode and got the IRQL bsod. Then I rebooted in Safe Mode and actually got a BSOD-the other type(which has never happened). Then rebooted in safemode+networking and got it again. Rebooted + rkill and nothing happened. Tried my luck with a regular reboots and got the IRQL bsod then rebooted normally and got the other type of BSOD. This happened multiple times and it would crash in the middle of an rkill process as well. On one try I was able to stay on with rkill(I think it was the cause). And I started trying to back up some files I didn't want to lose. I tried to run a cmnd prompt and opened up sandboxie and got the IRQL BSOD instantly. I then rebooted into safemode+networking(which I'm currently in) and nothing has happened thus far-I could even finish my paper and am currently on google chrome typing this. I got a ddos file thus far as well and was able to download that program. I was hoping to find out the cause of my inability to run a regular process of windows and also why I get the BSOD during any activity or certain processes in safemode. I was also hoping to find out if I did some damage to my computer running combofixer(which I wasn't aware shouldn't be run without specific instruction til I came here).

 

It is currently 3 AM as I type this and I want to thank you guys kindly ahead of time for possibly assisting me. I definitely want to avoid completely reformatting my computer as I have ran into multiple problems doing so when windows 7 came out and spent several weeks fixing BSOD and black screens, but these problems that I'm getting now are like nothing I've seen before.

 

cliffs;

I can basically only run stuff in safemode+networking without getting an insta-bsod.

 

here are the DDOS and a random Rkill report;

 

DDOS;

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.9.2
Run by Jorge at 2:48:51 on 2013-04-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8150.5128 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\syswow64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\Notepad.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG\AVG2013\avgscana.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, enhanced for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
uProxyServer = :80
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
uURLSearchHooks: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>
mURLSearchHooks: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: MSN Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll
uRun: [GoogleChromeAutoLaunch_E49DF4312688D5EC27314F6D6DF8F149] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [MRIPEUndo] "e:\MRI.EXE" /undopeboot
mRun: [Arctosa] "C:\Program Files (x86)\Razer\Arctosa\razerhid.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe" /hide
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{6BEFA00E-8A4C-4393-BA36-E7F11AC1A886}\4496A7A79744565627 : DHCPNameServer = 68.87.72.134 68.87.77.134 192.168.1.1
TCP: Interfaces\{6EDDD8B0-BC4D-45F0-92C7-7485153285FF} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Jorge\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-03-15 21:52; {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}; C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
FF - ExtSQL: 2013-03-31 01:30; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-04-19 20:23; {01026ece-a8a1-11e2-8274-b8ac6f996f26}; C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\extensions\{01026ece-a8a1-11e2-8274-b8ac6f996f26}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-12-17 19264]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-2-14 239416]
R3 Arctosa;Arctosa Keyboard;C:\Windows\System32\drivers\Arctosa.sys [2010-10-11 19840]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-12-16 65152]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2012-12-16 88832]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-12-17 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-12-17 789824]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-12-17 110744]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
S1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-12-16 21616]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-2-26 246072]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-25 203264]
S2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2009-9-10 20376]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-7-15 116240]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\System32\drivers\CamDrL64.sys [2007-2-3 955680]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-19 48488]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-12-16 30528]
S3 LVcKap64;Logitech AEC Driver;C:\Windows\System32\drivers\LVCKap64.sys [2007-2-6 1013024]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-2-3 58528]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-12-11 702976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-30 19456]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-30 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-12-17 2206352]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=C:\PROGRA~2\MICROS~2\Office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-04-22 04:15:35 -------- d-----w- C:\Users\Jorge\AppData\Local\ElevatedDiagnostics
2013-04-22 02:45:44 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9FEF54AF-6695-4543-9225-B2934F29076F}\mpengine.dll
2013-04-21 21:27:52 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-04-21 21:27:52 6398240 ----a-w- C:\Windows\System32\nvcpl.dll
2013-04-21 21:27:52 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-04-21 21:27:52 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-04-21 21:27:52 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-04-21 21:27:52 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-04-21 21:26:25 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-04-21 06:00:19 -------- d-----r- C:\Sandbox
2013-04-21 05:55:28 -------- d-sh--w- C:\$RECYCLE.BIN
2013-04-21 05:44:49 -------- d-s---w- C:\ComboFix
2013-04-21 02:14:26 98816 ----a-w- C:\Windows\sed.exe
2013-04-21 02:14:26 256000 ----a-w- C:\Windows\PEV.exe
2013-04-21 02:14:26 208896 ----a-w- C:\Windows\MBR.exe
2013-04-21 02:10:17 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-21 00:12:10 -------- d-----w- C:\Users\Jorge\AppData\Roaming\AVG2013
2013-04-21 00:08:28 -------- d-----w- C:\Users\Jorge\AppData\Roaming\TuneUp Software
2013-04-21 00:07:57 -------- d--h--w- C:\$AVG
2013-04-21 00:07:57 -------- d-----w- C:\ProgramData\AVG2013
2013-04-21 00:06:00 -------- d--h--w- C:\ProgramData\Common Files
2013-04-21 00:06:00 -------- d-----w- C:\Users\Jorge\AppData\Local\MFAData
2013-04-21 00:06:00 -------- d-----w- C:\Users\Jorge\AppData\Local\Avg2013
2013-04-21 00:06:00 -------- d-----w- C:\ProgramData\MFAData
2013-04-20 02:55:11 -------- d-----w- C:\Program Files\Sandboxie
2013-04-19 03:51:13 -------- d-sh--w- C:\Users\Jorge\AppData\Roaming\msnmsg
2013-04-19 03:27:15 -------- d-----w- C:\Users\Jorge\AppData\Local\CrashDumps
2013-04-10 01:32:51 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 01:32:50 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 01:32:40 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 01:32:36 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 01:32:35 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 01:32:34 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 01:32:32 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-10 01:32:32 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 01:32:32 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-05 02:58:53 -------- d-----w- C:\Users\Jorge\AppData\Local\{EB982FAC-9536-4330-A09C-DB115D6AF72C}
2013-04-04 05:00:58 -------- d-----w- C:\Users\Jorge\AppData\Local\{8CB15A95-0258-4B49-A0F1-93189684DC22}
2013-04-02 13:22:39 -------- d-----w- C:\Users\Jorge\AppData\Roaming\OpenOffice.org
2013-03-31 06:33:23 -------- d-----w- C:\Program Files (x86)\ConvertHelper
2013-03-31 06:31:48 -------- d-----w- C:\Users\Jorge\dwhelper
2013-03-31 04:51:40 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2013-03-31 04:18:06 -------- d-----w- C:\ProgramData\Applications
2013-03-30 02:04:06 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2013-03-26 19:21:51 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60A5C557-4394-428E-9B82-AB5D0A1EA1C3}\gapaengine.dll
2013-03-26 19:18:38 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
.
==================== Find3M  ====================
.
2013-04-05 03:27:34 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-05 03:27:33 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-26 19:13:46 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-03-15 03:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-03-09 04:15:14 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-03-09 04:15:12 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-03-09 04:15:12 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-02-27 04:40:46 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-14 08:52:46 239416 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-08 09:37:56 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-02-08 09:37:54 311096 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-02-08 09:37:50 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-02-08 09:37:42 206136 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-02-08 09:37:40 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-09-26 22:37:11 69924 ----a-w- C:\Program Files (x86)\cc_20110926_173705.reg
2010-11-21 08:37:16 1124864 ----a-w- C:\Program Files\MacroEdit.exe
2010-11-16 21:25:54 110102 ----a-w- C:\Program Files (x86)\ccbackup.reg
2010-10-09 22:08:20 110412 ----a-w- C:\Program Files (x86)\cc_20101009_170737.reg
.
============= FINISH:  2:53:14.81 ===============
 

RKILL;

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/22/2013 12:04:01 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
 
Program finished at: 04/22/2013 12:04:22 AM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)
 
 
THANK YOU KINDLY!! I really need this computer to be functioning properly before I toss it out the window(kind of serious)
 
~Rob

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:21 AM

Posted 22 April 2013 - 03:27 AM


Hello ProdigyX

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


FIRST remove AVG

:multiple Anti Virus programs:
  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:


    AV: AVG AntiVirus Free Edition 2013
    AV: Microsoft Security Essentials




    Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

    Please remove all but one of them.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ProdigyX

ProdigyX
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 22 April 2013 - 03:32 AM

Thanks for the speedy response Gringo!! Wow, that was fast. I am going to implement this right now but would you prefer me to keep MSE or AVG? I will delete MSE like you said unless AVG is better.



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:21 AM

Posted 22 April 2013 - 03:40 AM

I would remove AVG and keep MSE I may be gone soon but will check on you in a couple of hours

Edited by gringo_pr, 22 April 2013 - 03:41 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ProdigyX

ProdigyX
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 22 April 2013 - 04:24 AM

I was unable to uninstall any AV in safemode+networking unfortunately but I followed the other steps. After the adware reboot my computer rebooted normally and I instantly got the "


A problem has been detected and Windows has been shut down to prevent damage to your computer" ... *** STOP: 0x0000007e (0x80000003, 0x805c49b8, 0xf7a172b4, 0xf7a16fb0) ... blue screen" - which is the same one I have been getting separate from the IRQL.

 

My computer froze during roguekiller but I will attempt to retry it and post it here afterwards. If it is absolutely essential to delete AVG I will use everything in my power to do so and rerun the security check.

 

SECURITY CHECK;

 

 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
Microsoft Security Essentials     
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 29  
 Java 7 Update 9  
 Java™ 6 Update 3  
 Java™ 6 Update 5  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader XI  
 Mozilla Firefox 19.0.2 Firefox out of Date!  
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 

ADWcleaner;

 

# AdwCleaner v2.201 - Logfile created 04/22/2013 at 03:39:33
# Updated 21/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jorge - JORGE-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Jorge\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : Viewpoint Manager Service
 
***** [Files / Folders] *****
 
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Jorge\AppData\Local\Conduit
Folder Deleted : C:\Users\Jorge\AppData\Local\PackageAware
Folder Deleted : C:\Users\Jorge\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jorge\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Jorge\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\Conduit
Folder Deleted : C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\ConduitCommon
Folder Deleted : C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\CT2504091
Folder Deleted : C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Folder Deleted : C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\jetpack
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DVDVideoSoftTB
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A753C344-6F92-464A-A09F-D85156C9221C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC7081FF-A044-4D53-9391-7ECE4C0F90EE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v19.0.2 (en-US)
 
File : C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\prefs.js
 
C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\user.js ... Deleted !
 
Deleted : user_pref("CT2269050..clientLogIsEnabled", true);
Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.AppTrackingLastCheckTime", "Wed Mar 14 2012 20:25:40 GMT-0500 (Central Daylight[...]
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "15-3-2012");
Deleted : user_pref("CT2269050.DSInstall", false);
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Wed Mar 14 2012 20:25:30 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Wed Mar 14 2012 20:31:22 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2269050.FirstServerDate", "27-2-2012");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.HPInstall", false);
Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);
Deleted : user_pref("CT2269050.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2269050.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Sun Feb 26 2012 20:39:07 GMT-0600 (Central Standard Time)");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsAlertDBUpdated", true);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsInitSetupIni", true);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Mar 14 2012 20:25:30 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_3.10.0.1", "Wed Mar 14 2012 20:25:30 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2269050.LatestVersion", "3.10.0.1");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2269050.OriginalFirstVersion", "3.10.0.1");
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Wed Mar 14 2012 20:25:30 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("CT2269050.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Mar 14 2012 20:25:30 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchProtectorEnabled", false);
Deleted : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Wed Mar 14 2012 20:25:30 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Wed Mar 14 2012 20:25:29 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1330959769");
Deleted : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Feb 26 2012 20:39:06 GMT-0600 (Central Sta[...]
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2269050.UserID", "UN70575544745134986");
Deleted : user_pref("CT2269050.ValidationData_Toolbar", 0);
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Wed Mar 14 2012 20:25:31 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2269050.WeatherUnit", "F");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.autoDisableScopes", -1);
Deleted : user_pref("CT2269050.backendstorage.cbfirsttime", "53756E2046656220323620323031322032303A33393A31392[...]
Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "4D6F6E204D617220313920323031322032303A[...]
Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Deleted : user_pref("CT2269050.backendstorage.url_history0001", "687474703A2F2F7777772E676F6F676C652E636F6D2F7[...]
Deleted : user_pref("CT2269050.components.129466585399606892", false);
Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Thu Mar 08 2012 23:54:45 GMT-0600 (Central [...]
Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.initDone", true);
Deleted : user_pref("CT2269050.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2269050.isFirstRadioInstallation", false);
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,111,129466585399606892,129[...]
Deleted : user_pref("CT2269050.revertSettingsEnabled", false);
Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.testingCtid", "");
Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Wed Mar 14 2012 20:25:30 GMT-0500 (Central D[...]
Deleted : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Wed Mar 14 2012 20:25:30 GMT-0500 (Central D[...]
Deleted : user_pref("CT2269050.usagesFlag", 2);
Deleted : user_pref("CT2504091..clientLogIsEnabled", false);
Deleted : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2504091.AppTrackingLastCheckTime", "Wed Mar 14 2012 20:25:40 GMT-0500 (Central Daylight[...]
Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_129990558296257215", true);
Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_1359634298000", true);
Deleted : user_pref("CT2504091.CTID", "CT2504091");
Deleted : user_pref("CT2504091.CurrentServerDate", "22-4-2013");
Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2504091.DialogsGetterLastCheckTime", "Mon Apr 15 2013 00:42:08 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Mon Aug 01 2011 22:42:13 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 12);
Deleted : user_pref("CT2504091.FeedPollDate128891351169457140", "Wed Apr 03 2013 17:45:47 GMT-0500 (Central Da[...]
Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Mon Aug 01 2011 22:42:13 GMT-0500 (Central Da[...]
Deleted : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Deleted : user_pref("CT2504091.FirstServerDate", "6-8-2010");
Deleted : user_pref("CT2504091.FirstTime", true);
Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Deleted : user_pref("CT2504091.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2504091.HasUserGlobalKeys", true);
Deleted : user_pref("CT2504091.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2504091.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT2504091.Initialize", true);
Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2504091.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2504091.InstalledDate", "Thu Aug 05 2010 18:58:24 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2504091.IsAlertDBUpdated", true);
Deleted : user_pref("CT2504091.IsGrouping", false);
Deleted : user_pref("CT2504091.IsMulticommunity", false);
Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Sat Apr 20 2013 21:04:01 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2504091.LastLogin_2.7.1.3", "Wed Apr 13 2011 20:49:13 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2504091.LastLogin_3.12.0.7", "Tue Jun 26 2012 22:49:19 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2504091.LastLogin_3.13.0.6", "Wed Jul 18 2012 00:28:39 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2504091.LastLogin_3.14.1.0", "Wed Aug 29 2012 00:07:48 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2504091.LastLogin_3.15.1.0", "Mon Dec 17 2012 02:16:28 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT2504091.LastLogin_3.16.0.100", "Sun Feb 10 2013 23:55:49 GMT-0600 (Central Standard Tim[...]
Deleted : user_pref("CT2504091.LastLogin_3.16.0.3", "Sat Dec 22 2012 20:01:32 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT2504091.LastLogin_3.18.0.7", "Sun Apr 21 2013 16:10:42 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2504091.LastLogin_3.3.3.2", "Thu Nov 10 2011 18:31:36 GMT-0600 (Central Standard Time)"[...]
Deleted : user_pref("CT2504091.LastLogin_3.8.0.8", "Wed Mar 14 2012 20:25:30 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2504091.LatestVersion", "3.18.0.7");
Deleted : user_pref("CT2504091.Locale", "en-us");
Deleted : user_pref("CT2504091.LoginCache", 4);
Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2504091.MCDetectTooltipShow", false);
Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2504091.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2504091.SearchBoxWidth", 151);
Deleted : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2504091.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Sat Apr 20 2013 21:04:00 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2504091.SearchProtectorEnabled", false);
Deleted : user_pref("CT2504091.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2504091.ServiceMapLastCheckTime", "Sat Apr 20 2013 21:04:01 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Sun Apr 21 2013 16:10:39 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2504091.SettingsLastUpdate", "1366537715");
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Wed Apr 03 2013 17:45:46 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Deleted : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2504091.UserID", "UN60332819402534321");
Deleted : user_pref("CT2504091.ValidationData_Search", 2);
Deleted : user_pref("CT2504091.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2504091.alertChannelId", "897164");
Deleted : user_pref("CT2504091.approveUntrustedApps", false);
Deleted : user_pref("CT2504091.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e06cg5el8:", "6E6D6C726D6D736D7170");
Deleted : user_pref("CT2504091.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737278737379737776242F4B4947[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e31;cj7fk;kg#8qkef)til", "247E61393F236B25737476742A212C6E4[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT2504091.backendstorage./9b-0?3g>d", "6A673D696F7170407A42437375207D76797825794F4E242A28[...]
Deleted : user_pref("CT2504091.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT2504091.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Deleted : user_pref("CT2504091.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Deleted : user_pref("CT2504091.backendstorage./9b/556,bi5a>g", "6E6D6970706B73727672717774");
Deleted : user_pref("CT2504091.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Deleted : user_pref("CT2504091.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D464[...]
Deleted : user_pref("CT2504091.backendstorage./9b5ba==9cjag", "396A6F6F3F3F43707A787146497A79487D4D4C7A4D");
Deleted : user_pref("CT2504091.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C726D6D736D7074707876");
Deleted : user_pref("CT2504091.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT2504091.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Deleted : user_pref("CT2504091.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT2504091.backendstorage./9b<:222h64<l8daj", "6D70707076737579766F2A7973727878752179");
Deleted : user_pref("CT2504091.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT2504091.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT2504091.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT2504091.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT2504091.backendstorage.cb_experience_000", "313733");
Deleted : user_pref("CT2504091.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT2504091.backendstorage.cb_user_id_000", "43423137303038373037343032385F46697265666F78")[...]
Deleted : user_pref("CT2504091.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT2504091.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT2504091.backendstorage.cbfirsttime", "4D6F6E204A616E20313620323031322032313A30333A31362[...]
Deleted : user_pref("CT2504091.backendstorage.cbopenmamsettings", "30");
Deleted : user_pref("CT2504091.backendstorage.for_aoi", "31333132363136333634");
Deleted : user_pref("CT2504091.backendstorage.for_ccid", "486F66666D616E2045737461746573");
Deleted : user_pref("CT2504091.backendstorage.for_cdtr5", "31333132363136333634");
Deleted : user_pref("CT2504091.backendstorage.for_cdtr6", "31333135393632383231");
Deleted : user_pref("CT2504091.backendstorage.for_cid", "5553");
Deleted : user_pref("CT2504091.backendstorage.for_ip", "32342E31352E3233342E313030");
Deleted : user_pref("CT2504091.backendstorage.for_lcut", "31333133383833393939");
Deleted : user_pref("CT2504091.backendstorage.for_pid", "31303231");
Deleted : user_pref("CT2504091.backendstorage.for_rid", "494C");
Deleted : user_pref("CT2504091.backendstorage.for_zoneid", "3130313537");
Deleted : user_pref("CT2504091.backendstorage.pg_enable", "66616C7365");
Deleted : user_pref("CT2504091.backendstorage.searchappstate", "33");
Deleted : user_pref("CT2504091.backendstorage.searchapptracking", "31");
Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk.exipres", "467269204F637420313220323031322032313A[...]
Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Deleted : user_pref("CT2504091.backendstorage.url_history0001", "687474703A2F2F6D6F6E65792D6D696E647365742E6E6[...]
Deleted : user_pref("CT2504091.clientLogIsEnabled", false);
Deleted : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2504091.components.1000034", false);
Deleted : user_pref("CT2504091.components.1000080", false);
Deleted : user_pref("CT2504091.components.129079840422182852", false);
Deleted : user_pref("CT2504091.components.129079840422339107", false);
Deleted : user_pref("CT2504091.components.129079840422964131", false);
Deleted : user_pref("CT2504091.components.129079849636241789", false);
Deleted : user_pref("CT2504091.components.129566938558801595", false);
Deleted : user_pref("CT2504091.components.129707804829376918", false);
Deleted : user_pref("CT2504091.components.129974830244070075", false);
Deleted : user_pref("CT2504091.components.129975529526495326", false);
Deleted : user_pref("CT2504091.components.129990558296257215", false);
Deleted : user_pref("CT2504091.components.1359634298000", false);
Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Sat Apr 20 2013 21:04:01 GMT-0500 (Central [...]
Deleted : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2504091.initDone", true);
Deleted : user_pref("CT2504091.isAppTrackingManagerOn", false);
Deleted : user_pref("CT2504091.myStuffEnabled", true);
Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2504091.oldAppsList", "129079840421557838,129079840422026594,111,129079849636241789,129[...]
Deleted : user_pref("CT2504091.revertSettingsEnabled", false);
Deleted : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2504091.testingCtid", "");
Deleted : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Sat Apr 20 2013 21:04:01 GMT-0500 (Central D[...]
Deleted : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Tue Apr 09 2013 16:26:56 GMT-0500 (Central D[...]
Deleted : user_pref("CT2504091.undefined", "Thu Apr 14 2011 19:24:45 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2504091.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2504091&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"15c[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{ba14329e-9550-4989-b3f2-9732e92d17cc}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "vuze_remote");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jorge\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/91/250/CT2504091/Gadgets/[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.mochigames.com/conduit/app/?utm_source=co[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2504091");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ba14329e-9550-4989-b3f2-9732e92d17cc}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "vuze_remote");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://us.yhs.search.yahoo.com/avg/searc[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091,CT2269050");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091,CT2269050");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Jun 25 2011 20:05:13 GMT-05[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Nov 09 2011 22:35:10 GMT-0600 (Centr[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Nov 09 2011 22:34:59 GMT-0600 (Central S[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "268d829e-b085-4e93-a637-74e26ad2b466");
Deleted : user_pref("CommunityToolbar.globalUserId", "713d74dd-f910-412b-a9fe-9897403b1305");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Apr 20 2013 21:04:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Apr 20 2013 21:04:10 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Apr 20 2013 21:04:01 GMT-0500 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "58057fb5-5a86-4dd5-ba2a-a683383d8117");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&Sea[...]
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [42440 octets] - [22/04/2013 03:39:33]
 
########## EOF - C:\AdwCleaner[S1].txt - [42501 octets] ##########
 

 

 

waiting on roguekiller

 

thanks again!



#6 ProdigyX

ProdigyX
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 22 April 2013 - 04:28 AM

ROGUEKILLER!
 

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Jorge [Admin rights]
Mode : Remove -- Date : 04/22/2013 04:27:28
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [x] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 4 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:80) -> NOT REMOVED, USE PROXYFIX
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
::1             localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST3750528AS ATA Device +++++
--- User ---
[MBR] 382241943b4baf1c71ae238bf0c86dd8
[BSP] 9b2fa04b091330df73bd208cd567160e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 63 | Size: 10244 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20980890 | Size: 286165 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 607048155 | Size: 418992 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] a8616ca63407bd228c34dc6b3b338415
[BSP] 9b2fa04b091330df73bd208cd567160e : Windows 7/8 MBR Code
Partition table:
1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 63 | Size: 10244 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20980890 | Size: 286165 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 607048155 | Size: 418992 Mo
 
Finished : << RKreport[3]_D_04222013_02d0427.txt >>
RKreport[1]_S_04222013_02d0356.txt ; RKreport[2]_S_04222013_02d0426.txt ; RKreport[3]_D_04222013_02d0427.txt
 
 
 

went smoothly this time.



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:21 AM

Posted 22 April 2013 - 07:03 AM


Hello ProdigyX

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ProdigyX

ProdigyX
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 22 April 2013 - 07:46 PM

Hello gringo, I uninstalled AVG and rebooted my computer 5 times(got the IRQL bsod 5 times when it booted normally) and deleted all files corresponding to "AVG" because everytime I ran the combofixer it said my AVG was active. I've done a search on my computer and there's no AVG in the control panel either yet it still pops up on my combofixer.. After the combofixer I ran securitycheck again and it also found AVG, I'm simply baffled at what is going on with this machine.

 

Combofixer log;

 

ComboFix 13-04-22.01 - Jorge 04/22/2013  19:33:46.3.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8150.6766 [GMT -5:00]
Running from: c:\users\Jorge\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\86A5.tmp
c:\programdata\Microsoft\Windows\DRM\86C7.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-23 to 2013-04-23  )))))))))))))))))))))))))))))))
.
.
2013-04-23 00:40 . 2013-04-23 00:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-23 00:40 . 2013-04-23 00:40 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-04-23 00:40 . 2013-04-23 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-22 04:15 . 2013-04-22 04:15 -------- d-----w- c:\users\Jorge\AppData\Local\ElevatedDiagnostics
2013-04-22 02:45 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FEF54AF-6695-4543-9225-B2934F29076F}\mpengine.dll
2013-04-21 21:32 . 2013-04-21 21:32 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-04-21 21:31 . 2013-04-22 09:20 -------- d-----w- c:\users\UpdatusUser
2013-04-21 21:27 . 2013-03-15 04:16 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-04-21 21:27 . 2013-03-15 04:16 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-04-21 21:27 . 2013-03-15 04:16 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-04-21 21:27 . 2013-03-15 04:16 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-04-21 21:27 . 2013-03-15 04:16 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-04-21 21:27 . 2013-03-13 16:24 3065455 ----a-w- c:\windows\system32\nvcoproc.bin
2013-04-21 21:26 . 2013-04-21 21:26 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-04-21 06:00 . 2013-04-21 06:00 -------- d-----r- C:\Sandbox
2013-04-21 02:10 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-21 00:08 . 2013-04-21 00:08 -------- d-----w- c:\users\Jorge\AppData\Roaming\TuneUp Software
2013-04-21 00:07 . 2013-04-22 23:55 -------- d-----w- c:\programdata\AVG2013
2013-04-21 00:06 . 2013-04-22 23:55 -------- d-----w- c:\programdata\MFAData
2013-04-21 00:06 . 2013-04-21 00:06 -------- d--h--w- c:\programdata\Common Files
2013-04-21 00:06 . 2013-04-21 00:06 -------- d-----w- c:\users\Jorge\AppData\Local\MFAData
2013-04-20 02:55 . 2013-04-22 23:51 -------- d-----w- c:\program files\Sandboxie
2013-04-19 03:51 . 2013-04-19 03:51 -------- d-sh--w- c:\users\Jorge\AppData\Roaming\msnmsg
2013-04-19 03:27 . 2013-04-22 08:53 -------- d-----w- c:\users\Jorge\AppData\Local\CrashDumps
2013-04-10 06:45 . 2013-04-10 06:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-10 04:00 . 2013-02-21 10:14 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-04-10 04:00 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-04-10 01:32 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 01:32 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 01:32 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 01:32 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 01:32 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 01:32 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 01:32 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 01:32 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 01:32 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-06 06:40 . 2013-02-17 06:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-04-02 13:22 . 2013-04-20 01:39 -------- d-----w- c:\users\Jorge\AppData\Roaming\OpenOffice.org
2013-03-31 06:33 . 2013-03-31 06:33 -------- d-----w- c:\program files (x86)\ConvertHelper
2013-03-31 06:31 . 2013-03-31 06:32 -------- d-----w- c:\users\Jorge\dwhelper
2013-03-31 04:51 . 2013-03-31 04:51 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2013-03-31 04:18 . 2013-03-31 04:18 -------- d-----w- c:\programdata\Applications
2013-03-30 02:04 . 2013-03-30 02:04 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-03-26 19:21 . 2012-12-17 00:52 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60A5C557-4394-428E-9B82-AB5D0A1EA1C3}\gapaengine.dll
2013-03-26 19:18 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 04:01 . 2010-01-12 23:22 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-05 03:27 . 2012-10-30 03:58 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-05 03:27 . 2012-10-30 03:58 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-02 10:34 . 2009-12-02 20:40 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-26 19:13 . 2010-10-12 04:52 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-03-15 03:07 . 2013-03-15 03:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-03-09 04:15 . 2013-03-09 04:15 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-09 04:15 . 2013-03-09 04:15 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-09 04:15 . 2013-03-09 04:15 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-09 04:15 . 2013-03-09 04:15 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-09 04:15 . 2013-03-09 04:15 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-09 04:15 . 2013-03-09 04:15 188320 ----a-w- c:\windows\system32\java.exe
2013-02-12 05:45 . 2013-03-13 23:49 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 23:49 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 23:49 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-13 23:49 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-13 23:49 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 23:49 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-09-26 22:37 . 2011-09-26 22:37 69924 ----a-w- c:\program files (x86)\cc_20110926_173705.reg
2010-11-21 08:37 . 2010-10-01 01:34 1124864 ----a-w- c:\program files\MacroEdit.exe
2010-11-16 21:25 . 2010-11-16 21:25 110102 ----a-w- c:\program files (x86)\ccbackup.reg
2010-10-09 22:08 . 2010-10-09 22:08 110412 ----a-w- c:\program files (x86)\cc_20101009_170737.reg
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_E49DF4312688D5EC27314F6D6DF8F149"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MRIPEUndo"="e:\MRI.EXE" [BU]
"Arctosa"="c:\program files (x86)\Razer\Arctosa\razerhid.exe" [2009-08-19 232960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LogitechCommunicationsManager"="c:\program files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files (x86)\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-09 87600]
R1 MpKsl5984c879;MpKsl5984c879;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62484A87-427B-4DC9-8A13-55140A5D6943}\MpKsl5984c879.sys [x]
R1 MpKsl64b72465;MpKsl64b72465;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62484A87-427B-4DC9-8A13-55140A5D6943}\MpKsl64b72465.sys [x]
R1 MpKslf20b810a;MpKslf20b810a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62484A87-427B-4DC9-8A13-55140A5D6943}\MpKslf20b810a.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 203264]
R2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-09-10 20376]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
R2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 173344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-15 383264]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-08-03 27792]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [2007-02-03 955680]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-12-17 30528]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [2007-02-06 1013024]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-02-03 58528]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-20 702976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-10-12 19952]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-08-03 2206352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
S3 Arctosa;Arctosa Keyboard;c:\windows\system32\drivers\Arctosa.sys [2009-08-19 19840]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-08-07 65152]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-08-07 88832]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-07-19 110744]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 21:11 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2913236317-814230174-4002188810-1000Core.job
- c:\users\Jorge\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-08 21:11]
.
2013-04-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2913236317-814230174-4002188810-1000UA.job
- c:\users\Jorge\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-08 21:11]
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 02:05]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 02:05]
.
2013-04-21 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-04-21 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-04-12 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
2013-04-21 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-06-20 13:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 2114376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
Trusted Zone: logmeinrescue.com\secure
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
FF - ProfilePath - c:\users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - ExtSQL: 2013-03-15 21:52; {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}; c:\users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
FF - ExtSQL: 2013-03-31 01:30; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-04-19 20:23; {01026ece-a8a1-11e2-8274-b8ac6f996f26}; c:\users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\meazmnzm.default\extensions\{01026ece-a8a1-11e2-8274-b8ac6f996f26}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-{34E84391-ECF5-4165-A82F-AF87D0E7D09E} - c:\programdata\{103A2E8E-975A-4047-A8D1-221492ECDAEE}\prc-student-setup.exe
AddRemove-{7CD6B202-CDCC-48CF-9B96-268A94BD97FB} - c:\programdata\{590548D5-2A97-4BA8-9027-807D9222F023}\Hawkes Update Service Manager.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2913236317-814230174-4002188810-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2913236317-814230174-4002188810-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-22  19:42:41
ComboFix-quarantined-files.txt  2013-04-23 00:42
ComboFix2.txt  2011-03-23 05:28
.
Pre-Run: 48,971,845,632 bytes free
Post-Run: 48,575,852,544 bytes free
.
- - End Of File - - 2EBF58689C4701FE0831B6274DF7498D
 

 

 

 

Securitycheck#2;

 

 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
Microsoft Security Essentials     
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 29  
 Java 7 Update 9  
 Java™ 6 Update 3  
 Java™ 6 Update 5  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader XI  
 Mozilla Firefox 19.0.2 Firefox out of Date!  
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 

 

 

thanks!



#9 ProdigyX

ProdigyX
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 22 April 2013 - 07:49 PM

May I also add to the backstory; I realized that when I was working (toward the collapse of the computer) I was getting a google redirect on all the querys that were searched. I don't know if that helps at all, I'm sure the various scans have removed it.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:21 AM

Posted 22 April 2013 - 08:41 PM



Hello ProdigyX


I would like to know how things are working at this time


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ProdigyX

ProdigyX
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 22 April 2013 - 09:19 PM

Gringo;

 

after I selected load modules(safemode+networking) the computer rebooted into normal and blue screened again. Then I rebooted into safemode+networking and reopened the TDSSKiller and the loaded modules was unchecked. I rechecked again and it rebooted and I went into safemode+networking and reopened it once again(it did not auto launch again) and the loaded modules is once again unchecked. Know what the issue could be?



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:21 AM

Posted 22 April 2013 - 09:35 PM

move to the next programs
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ProdigyX

ProdigyX
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 22 April 2013 - 10:07 PM

move to the next programs

 

After my last post I selected the module again and my computer rebooted. System Repair booted and asked if I wanted to start from a restore point. I selected no. 15 minutes later it told me that startup repair failed. Restarted the computer and booted into normal mode. The computer lagged its startup but the TDSSkiller popped up and ran succesfully with all 4 checkmarks somehow! There were 5 different entries(one last one ran once again after the restart after I pressed "cure" on the rootkit. Here is the log from what I believe is the correct one;

 

trying to copy and paste the log but it's timing out, not quite sure how to get it attached. It found 15 items that it quarantined and one rootkit that was(hopefully) removed. Currently running the mbar! working on posting the log here tho

 

I am currently in normal boot mode btw, should I return to safemode+networking to continue?


Edited by ProdigyX, 22 April 2013 - 10:08 PM.


#14 ProdigyX

ProdigyX
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 22 April 2013 - 10:10 PM

21:40:58.0496 1072  ============================================================

21:40:58.0496 1072  Scan finished
21:40:58.0496 1072  ============================================================
21:40:58.0496 2736  Detected object count: 1
21:40:58.0496 2736  Actual detected object count: 1
21:41:26.0514 2736  \Device\Harddisk0\DR0\# - copied to quarantine
21:41:26.0529 2736  \Device\Harddisk0\DR0 - copied to quarantine
21:41:26.0561 2736  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:41:26.0561 2736  \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
21:41:26.0576 2736  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:41:26.0685 2736  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:41:26.0701 2736  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:41:26.0701 2736  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:41:26.0701 2736  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:41:26.0701 2736  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:41:26.0701 2736  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:41:26.0701 2736  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:41:26.0717 2736  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:41:26.0717 2736  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:41:26.0717 2736  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:41:26.0748 2736  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:41:26.0748 2736  \Device\Harddisk0\DR0 - ok
21:41:26.0748 2736  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 
21:41:39.0914 3628  Deinitialize success


#15 ProdigyX

ProdigyX
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 22 April 2013 - 10:11 PM


21:40:30.0900 3680  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:40:31.0258 3680  ============================================================
21:40:31.0258 3680  Current date / time: 2013/04/22 21:40:31.0258
21:40:31.0258 3680  SystemInfo:
21:40:31.0258 3680  
21:40:31.0258 3680  OS Version: 6.1.7601 ServicePack: 1.0
21:40:31.0258 3680  Product type: Workstation
21:40:31.0258 3680  ComputerName: JORGE-PC
21:40:31.0258 3680  UserName: Jorge
21:40:31.0258 3680  Windows directory: C:\Windows
21:40:31.0258 3680  System windows directory: C:\Windows
21:40:31.0258 3680  Running under WOW64
21:40:31.0258 3680  Processor architecture: Intel x64
21:40:31.0258 3680  Number of processors: 4
21:40:31.0258 3680  Page size: 0x1000
21:40:31.0258 3680  Boot type: Normal boot
21:40:31.0258 3680  ============================================================
21:40:31.0882 3680  BG loaded
21:40:32.0116 3680  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:40:32.0116 3680  ============================================================
21:40:32.0116 3680  \Device\Harddisk0\DR0:
21:40:32.0116 3680  MBR partitions:
21:40:32.0116 3680  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x140249A, BlocksNum 0x22EEAD41
21:40:32.0116 3680  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x242ED1DB, BlocksNum 0x33258126
21:40:32.0116 3680  ============================================================
21:40:32.0132 3680  C: <-> \Device\Harddisk0\DR0\Partition1
21:40:32.0241 3680  D: <-> \Device\Harddisk0\DR0\Partition2
21:40:32.0241 3680  ============================================================
21:40:32.0241 3680  Initialize success
21:40:32.0241 3680  ============================================================
21:40:34.0831 1072  ============================================================
21:40:34.0831 1072  Scan started
21:40:34.0831 1072  Mode: Manual; 
21:40:34.0831 1072  ============================================================
21:40:36.0172 1072  ================ Scan system memory ========================
21:40:36.0172 1072  System memory - ok
21:40:36.0172 1072  ================ Scan services =============================
21:40:36.0328 1072  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:40:36.0328 1072  1394ohci - ok
21:40:36.0360 1072  81065947 - ok
21:40:36.0391 1072  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:40:36.0391 1072  ACPI - ok
21:40:36.0422 1072  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:40:36.0422 1072  AcpiPmi - ok
21:40:36.0516 1072  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:40:36.0516 1072  AdobeARMservice - ok
21:40:36.0547 1072  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:40:36.0562 1072  adp94xx - ok
21:40:36.0578 1072  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:40:36.0578 1072  adpahci - ok
21:40:36.0594 1072  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:40:36.0594 1072  adpu320 - ok
21:40:36.0640 1072  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:40:36.0640 1072  AeLookupSvc - ok
21:40:36.0672 1072  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:40:36.0672 1072  AFD - ok
21:40:36.0687 1072  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:40:36.0687 1072  agp440 - ok
21:40:36.0703 1072  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:40:36.0703 1072  ALG - ok
21:40:36.0718 1072  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:40:36.0718 1072  aliide - ok
21:40:36.0750 1072  [ 5C8C9AAB596582AFFD94939917D8FB13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:40:36.0750 1072  AMD External Events Utility - ok
21:40:36.0765 1072  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:40:36.0765 1072  amdide - ok
21:40:36.0796 1072  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:40:36.0796 1072  AmdK8 - ok
21:40:36.0921 1072  [ 538B0A6E89ACA1929668F9EB95D3C0BC ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:40:37.0046 1072  amdkmdag - ok
21:40:37.0077 1072  [ 977286B382FE0920F379A69C351A7AF4 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:40:37.0077 1072  amdkmdap - ok
21:40:37.0093 1072  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:40:37.0093 1072  AmdPPM - ok
21:40:37.0108 1072  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:40:37.0108 1072  amdsata - ok
21:40:37.0124 1072  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:40:37.0124 1072  amdsbs - ok
21:40:37.0140 1072  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:40:37.0140 1072  amdxata - ok
21:40:37.0171 1072  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:40:37.0171 1072  AppID - ok
21:40:37.0186 1072  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:40:37.0186 1072  AppIDSvc - ok
21:40:37.0233 1072  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:40:37.0233 1072  Appinfo - ok
21:40:37.0280 1072  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:40:37.0280 1072  Apple Mobile Device - ok
21:40:37.0311 1072  [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
21:40:37.0311 1072  AppleCharger - ok
21:40:37.0342 1072  [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
21:40:37.0358 1072  AppleChargerSrv - ok
21:40:37.0389 1072  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:40:37.0389 1072  arc - ok
21:40:37.0405 1072  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:40:37.0405 1072  arcsas - ok
21:40:37.0436 1072  [ 2B0E02250A4FF9EF8C68020A7315D27B ] Arctosa         C:\Windows\system32\drivers\Arctosa.sys
21:40:37.0795 1072  Arctosa - ok
21:40:37.0873 1072  [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
21:40:37.0873 1072  AsIO - ok
21:40:37.0888 1072  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:40:37.0888 1072  AsyncMac - ok
21:40:37.0904 1072  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:40:37.0904 1072  atapi - ok
21:40:37.0935 1072  [ 124345E35EDB104135FDBA8D0C39EFAC ] atashost        C:\Windows\SysWOW64\atashost.exe
21:40:37.0935 1072  atashost - ok
21:40:37.0982 1072  [ CBE5F8B3E54198F5DFE403A55A95DE08 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:40:37.0982 1072  AtiHDAudioService - ok
21:40:38.0029 1072  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:40:38.0029 1072  AudioEndpointBuilder - ok
21:40:38.0044 1072  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:40:38.0044 1072  AudioSrv - ok
21:40:38.0107 1072  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:40:38.0107 1072  AxInstSV - ok
21:40:38.0154 1072  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:40:38.0185 1072  b06bdrv - ok
21:40:38.0278 1072  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:40:38.0310 1072  b57nd60a - ok
21:40:38.0434 1072  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:40:38.0434 1072  BcmSqlStartupSvc - ok
21:40:38.0497 1072  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:40:38.0512 1072  BDESVC - ok
21:40:38.0559 1072  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:40:38.0559 1072  Beep - ok
21:40:38.0700 1072  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:40:38.0700 1072  BFE - ok
21:40:38.0778 1072  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
21:40:38.0809 1072  BITS - ok
21:40:38.0840 1072  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:40:38.0840 1072  blbdrive - ok
21:40:38.0871 1072  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:40:38.0871 1072  bowser - ok
21:40:38.0902 1072  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:40:38.0934 1072  BrFiltLo - ok
21:40:38.0965 1072  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:40:38.0980 1072  BrFiltUp - ok
21:40:39.0074 1072  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:40:39.0074 1072  BridgeMP - ok
21:40:39.0168 1072  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:40:39.0168 1072  Browser - ok
21:40:39.0230 1072  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:40:39.0277 1072  Brserid - ok
21:40:39.0308 1072  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:40:39.0324 1072  BrSerWdm - ok
21:40:39.0339 1072  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:40:39.0370 1072  BrUsbMdm - ok
21:40:39.0386 1072  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:40:39.0417 1072  BrUsbSer - ok
21:40:39.0448 1072  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:40:39.0464 1072  BTHMODEM - ok
21:40:39.0558 1072  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:40:39.0573 1072  bthserv - ok
21:40:39.0729 1072  [ 6E1641724439E18CE55ADEE2D347AA19 ] CamDrL64        C:\Windows\system32\DRIVERS\CamDrL64.sys
21:40:39.0745 1072  CamDrL64 - ok
21:40:39.0838 1072  catchme - ok
21:40:39.0854 1072  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:40:39.0870 1072  cdfs - ok
21:40:39.0948 1072  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:40:39.0948 1072  cdrom - ok
21:40:40.0041 1072  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:40:40.0041 1072  CertPropSvc - ok
21:40:40.0104 1072  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:40:40.0104 1072  circlass - ok
21:40:40.0182 1072  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:40:40.0197 1072  CLFS - ok
21:40:40.0384 1072  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:40:40.0447 1072  clr_optimization_v2.0.50727_32 - ok
21:40:40.0587 1072  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:40:40.0665 1072  clr_optimization_v2.0.50727_64 - ok
21:40:40.0899 1072  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:40:41.0149 1072  clr_optimization_v4.0.30319_32 - ok
21:40:41.0305 1072  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:40:41.0414 1072  clr_optimization_v4.0.30319_64 - ok
21:40:41.0445 1072  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:40:41.0461 1072  CmBatt - ok
21:40:41.0508 1072  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:40:41.0523 1072  cmdide - ok
21:40:41.0586 1072  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
21:40:41.0601 1072  CNG - ok
21:40:41.0632 1072  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:40:41.0632 1072  Compbatt - ok
21:40:41.0664 1072  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:40:41.0664 1072  CompositeBus - ok
21:40:41.0679 1072  COMSysApp - ok
21:40:41.0710 1072  [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:40:41.0710 1072  cphs - ok
21:40:41.0726 1072  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:40:41.0726 1072  crcdisk - ok
21:40:41.0757 1072  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:40:41.0773 1072  CryptSvc - ok
21:40:41.0820 1072  [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
21:40:41.0820 1072  ctxusbm - ok
21:40:41.0882 1072  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:40:41.0882 1072  DcomLaunch - ok
21:40:41.0913 1072  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:40:41.0929 1072  defragsvc - ok
21:40:41.0960 1072  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:40:41.0960 1072  DfsC - ok
21:40:42.0022 1072  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:40:42.0022 1072  Dhcp - ok
21:40:42.0022 1072  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:40:42.0022 1072  discache - ok
21:40:42.0054 1072  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:40:42.0054 1072  Disk - ok
21:40:42.0085 1072  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:40:42.0085 1072  Dnscache - ok
21:40:42.0116 1072  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:40:42.0116 1072  dot3svc - ok
21:40:42.0163 1072  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:40:42.0163 1072  DPS - ok
21:40:42.0178 1072  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:40:42.0178 1072  drmkaud - ok
21:40:42.0225 1072  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:40:42.0241 1072  DXGKrnl - ok
21:40:42.0272 1072  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:40:42.0272 1072  EapHost - ok
21:40:42.0334 1072  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:40:42.0397 1072  ebdrv - ok
21:40:42.0428 1072  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:40:42.0428 1072  EFS - ok
21:40:42.0475 1072  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:40:42.0490 1072  ehRecvr - ok
21:40:42.0522 1072  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:40:42.0522 1072  ehSched - ok
21:40:42.0553 1072  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:40:42.0553 1072  elxstor - ok
21:40:42.0584 1072  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:40:42.0584 1072  ErrDev - ok
21:40:42.0615 1072  [ 3DBC10CBC436288801FAEE66DE91AE47 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
21:40:42.0615 1072  EtronHub3 - ok
21:40:42.0631 1072  [ DE261095A2220D400D9603E1E42D4185 ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
21:40:42.0631 1072  EtronXHCI - ok
21:40:42.0662 1072  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:40:42.0662 1072  EventSystem - ok
21:40:42.0678 1072  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:40:42.0693 1072  exfat - ok
21:40:42.0709 1072  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:40:42.0709 1072  fastfat - ok
21:40:42.0756 1072  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:40:42.0771 1072  Fax - ok
21:40:42.0787 1072  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:40:42.0802 1072  fdc - ok
21:40:42.0834 1072  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:40:42.0865 1072  fdPHost - ok
21:40:42.0912 1072  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:40:42.0912 1072  FDResPub - ok
21:40:42.0927 1072  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:40:42.0927 1072  FileInfo - ok
21:40:42.0943 1072  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:40:42.0943 1072  Filetrace - ok
21:40:42.0958 1072  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:40:42.0974 1072  flpydisk - ok
21:40:43.0005 1072  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:40:43.0005 1072  FltMgr - ok
21:40:43.0083 1072  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
21:40:43.0099 1072  FontCache - ok
21:40:43.0239 1072  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:40:43.0239 1072  FontCache3.0.0.0 - ok
21:40:43.0255 1072  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:40:43.0255 1072  FsDepends - ok
21:40:43.0317 1072  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
21:40:43.0333 1072  fssfltr - ok
21:40:43.0458 1072  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:40:43.0489 1072  fsssvc - ok
21:40:43.0520 1072  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:40:43.0520 1072  Fs_Rec - ok
21:40:43.0567 1072  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:40:43.0583 1072  fvevol - ok
21:40:43.0629 1072  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:40:43.0629 1072  gagp30kx - ok
21:40:43.0692 1072  [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv            C:\Windows\gdrv.sys
21:40:43.0707 1072  gdrv - ok
21:40:43.0739 1072  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:40:43.0739 1072  GEARAspiWDM - ok
21:40:43.0926 1072  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:40:43.0926 1072  gpsvc - ok
21:40:44.0066 1072  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:40:44.0066 1072  gupdate - ok
21:40:44.0097 1072  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:40:44.0097 1072  gupdatem - ok
21:40:44.0144 1072  [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64        C:\Windows\GVTDrv64.sys
21:40:44.0144 1072  GVTDrv64 - ok
21:40:44.0160 1072  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:40:44.0160 1072  hcw85cir - ok
21:40:44.0191 1072  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:40:44.0191 1072  HdAudAddService - ok
21:40:44.0222 1072  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:40:44.0222 1072  HDAudBus - ok
21:40:44.0238 1072  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:40:44.0238 1072  HidBatt - ok
21:40:44.0253 1072  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:40:44.0253 1072  HidBth - ok
21:40:44.0269 1072  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:40:44.0269 1072  HidIr - ok
21:40:44.0316 1072  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
21:40:44.0316 1072  hidserv - ok
21:40:44.0347 1072  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:40:44.0363 1072  HidUsb - ok
21:40:44.0394 1072  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:40:44.0394 1072  hkmsvc - ok
21:40:44.0425 1072  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:40:44.0441 1072  HomeGroupListener - ok
21:40:44.0472 1072  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:40:44.0472 1072  HomeGroupProvider - ok
21:40:44.0503 1072  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:40:44.0503 1072  HpSAMD - ok
21:40:44.0550 1072  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:40:44.0550 1072  HTTP - ok
21:40:44.0597 1072  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:40:44.0597 1072  hwpolicy - ok
21:40:44.0643 1072  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:40:44.0643 1072  i8042prt - ok
21:40:44.0675 1072  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:40:44.0690 1072  iaStorV - ok
21:40:44.0768 1072  [ 33D4D4A24791587E83F7EE05A446FB7E ] ICCS            C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
21:40:44.0768 1072  ICCS - ok
21:40:44.0846 1072  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:40:44.0862 1072  IDriverT - ok
21:40:44.0940 1072  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:40:44.0955 1072  idsvc - ok
21:40:45.0065 1072  [ A1CF07D24EDCDC6870535471654D957C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:40:45.0143 1072  igfx - ok
21:40:45.0174 1072  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:40:45.0174 1072  iirsp - ok
21:40:45.0205 1072  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:40:45.0205 1072  IKEEXT - ok
21:40:45.0221 1072  IntcAzAudAddService - ok
21:40:45.0283 1072  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:40:45.0283 1072  Intel® Capability Licensing Service Interface - ok
21:40:45.0299 1072  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:40:45.0299 1072  intelide - ok
21:40:45.0314 1072  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:40:45.0314 1072  intelppm - ok
21:40:45.0345 1072  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:40:45.0345 1072  IPBusEnum - ok
21:40:45.0392 1072  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:40:45.0392 1072  IpFilterDriver - ok
21:40:45.0423 1072  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:40:45.0439 1072  iphlpsvc - ok
21:40:45.0455 1072  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:40:45.0455 1072  IPMIDRV - ok
21:40:45.0470 1072  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:40:45.0470 1072  IPNAT - ok
21:40:45.0486 1072  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:40:45.0486 1072  IRENUM - ok
21:40:45.0501 1072  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:40:45.0501 1072  isapnp - ok
21:40:45.0517 1072  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:40:45.0533 1072  iScsiPrt - ok
21:40:45.0548 1072  [ D596D915CF091DA1F8CE4BD38BB5D509 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
21:40:45.0548 1072  iusb3hcs - ok
21:40:45.0595 1072  [ 023896E23B61543A15A230EED996D911 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
21:40:45.0595 1072  iusb3hub - ok
21:40:45.0642 1072  [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
21:40:45.0642 1072  iusb3xhc - ok
21:40:45.0704 1072  [ 78ABBE558F57144047F10A0F50FE4B2F ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
21:40:45.0704 1072  jhi_service - ok
21:40:45.0720 1072  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:40:45.0720 1072  kbdclass - ok
21:40:45.0735 1072  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:40:45.0735 1072  kbdhid - ok
21:40:45.0751 1072  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:40:45.0751 1072  KeyIso - ok
21:40:45.0767 1072  kl1 - ok
21:40:45.0798 1072  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:40:45.0798 1072  KSecDD - ok
21:40:45.0829 1072  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:40:45.0829 1072  KSecPkg - ok
21:40:45.0845 1072  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:40:45.0845 1072  ksthunk - ok
21:40:45.0876 1072  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:40:45.0891 1072  KtmRm - ok
21:40:45.0907 1072  [ A43A9920D2409BB9DA747D2FD20A2E61 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
21:40:45.0907 1072  L1C - ok
21:40:45.0969 1072  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:40:45.0969 1072  LanmanServer - ok
21:40:46.0001 1072  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:40:46.0016 1072  LanmanWorkstation - ok
21:40:46.0094 1072  [ 7447F069CE66633DAFA0B2DEEE7AF5BA ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
21:40:46.0110 1072  LBTServ - ok
21:40:46.0157 1072  [ 0A7D6ED578D85F0C35353424EE3F5245 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:40:46.0157 1072  LHidFilt - ok
21:40:46.0203 1072  [ 06DC2FDC6282F0D68910417B1150C848 ] LinksysUpdater  C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
21:40:46.0203 1072  LinksysUpdater - ok
21:40:46.0235 1072  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:40:46.0235 1072  lltdio - ok
21:40:46.0250 1072  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:40:46.0250 1072  lltdsvc - ok
21:40:46.0266 1072  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:40:46.0266 1072  lmhosts - ok
21:40:46.0266 1072  [ 6542E2E6DB58118FBB1B82A68CE3AFF9 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:40:46.0266 1072  LMouFilt - ok
21:40:46.0313 1072  [ 2C24DC448DBE8DB9BE1441B824C57E79 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:40:46.0313 1072  LMS - ok
21:40:46.0344 1072  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:40:46.0344 1072  LSI_FC - ok
21:40:46.0375 1072  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:40:46.0375 1072  LSI_SAS - ok
21:40:46.0391 1072  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:40:46.0391 1072  LSI_SAS2 - ok
21:40:46.0422 1072  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:40:46.0422 1072  LSI_SCSI - ok
21:40:46.0437 1072  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:40:46.0437 1072  luafv - ok
21:40:46.0500 1072  [ 3C7A54AE999841F30E4648E0DE9E4B46 ] LVcKap64        C:\Windows\system32\DRIVERS\LVcKap64.sys
21:40:46.0515 1072  LVcKap64 - ok
21:40:46.0578 1072  [ D621D1C9650A5ADD39C64047FCF860A5 ] LVMVDrv         C:\Windows\system32\DRIVERS\LVMVDrv.sys
21:40:46.0593 1072  LVMVDrv - ok
21:40:46.0609 1072  LVPr2M64 - ok
21:40:46.0656 1072  [ E379CB87BF2DC0787D825D4CB91C27A8 ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:40:46.0656 1072  LVPr2Mon - ok
21:40:46.0687 1072  [ DF8B20BBEC546D94CECF75C48A596AEC ] LVPrcS64        c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
21:40:46.0703 1072  LVPrcS64 - ok
21:40:46.0718 1072  [ 65E0EC0338C9ADE32D044A8CC18C147B ] LVSrvLauncher   C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
21:40:46.0734 1072  LVSrvLauncher - ok
21:40:46.0765 1072  [ 9761370FFB533CF6E4A7176F4BAA3BA9 ] LVUSBS64        C:\Windows\system32\drivers\LVUSBS64.sys
21:40:46.0765 1072  LVUSBS64 - ok
21:40:46.0812 1072  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:40:46.0812 1072  Mcx2Svc - ok
21:40:46.0827 1072  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:40:46.0827 1072  megasas - ok
21:40:46.0843 1072  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:40:46.0843 1072  MegaSR - ok
21:40:46.0859 1072  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
21:40:46.0859 1072  MEIx64 - ok
21:40:46.0905 1072  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:40:46.0905 1072  MMCSS - ok
21:40:46.0921 1072  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:40:46.0921 1072  Modem - ok
21:40:46.0983 1072  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:40:46.0983 1072  monitor - ok
21:40:47.0030 1072  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:40:47.0030 1072  mouclass - ok
21:40:47.0046 1072  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:40:47.0046 1072  mouhid - ok
21:40:47.0093 1072  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:40:47.0093 1072  mountmgr - ok
21:40:47.0186 1072  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:40:47.0186 1072  MozillaMaintenance - ok
21:40:47.0233 1072  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
21:40:47.0233 1072  MpFilter - ok
21:40:47.0249 1072  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:40:47.0264 1072  mpio - ok
21:40:47.0342 1072  MpKsl5984c879 - ok
21:40:47.0373 1072  MpKsl64b72465 - ok
21:40:47.0373 1072  MpKslf20b810a - ok
21:40:47.0420 1072  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:40:47.0420 1072  mpsdrv - ok
21:40:47.0467 1072  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:40:47.0467 1072  MpsSvc - ok
21:40:47.0498 1072  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:40:47.0498 1072  MRxDAV - ok
21:40:47.0529 1072  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:40:47.0529 1072  mrxsmb - ok
21:40:47.0561 1072  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:40:47.0561 1072  mrxsmb10 - ok
21:40:47.0592 1072  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:40:47.0592 1072  mrxsmb20 - ok
21:40:47.0623 1072  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:40:47.0623 1072  msahci - ok
21:40:47.0639 1072  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:40:47.0639 1072  msdsm - ok
21:40:47.0685 1072  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:40:47.0685 1072  MSDTC - ok
21:40:47.0717 1072  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:40:47.0717 1072  Msfs - ok
21:40:47.0717 1072  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:40:47.0717 1072  mshidkmdf - ok
21:40:47.0732 1072  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:40:47.0732 1072  msisadrv - ok
21:40:47.0748 1072  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:40:47.0763 1072  MSiSCSI - ok
21:40:47.0763 1072  msiserver - ok
21:40:47.0779 1072  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:40:47.0779 1072  MSKSSRV - ok
21:40:47.0841 1072  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:40:47.0841 1072  MsMpSvc - ok
21:40:47.0857 1072  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:40:47.0857 1072  MSPCLOCK - ok
21:40:47.0873 1072  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:40:47.0873 1072  MSPQM - ok
21:40:47.0904 1072  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:40:47.0919 1072  MsRPC - ok
21:40:47.0935 1072  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:40:47.0935 1072  mssmbios - ok
21:40:47.0982 1072  MSSQL$MSSMLBIZ - ok
21:40:48.0044 1072  [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:40:48.0044 1072  MSSQLServerADHelper - ok
21:40:48.0044 1072  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:40:48.0044 1072  MSTEE - ok
21:40:48.0060 1072  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:40:48.0060 1072  MTConfig - ok
21:40:48.0091 1072  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
21:40:48.0091 1072  MTsensor - ok
21:40:48.0107 1072  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:40:48.0107 1072  Mup - ok
21:40:48.0153 1072  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:40:48.0153 1072  napagent - ok
21:40:48.0247 1072  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:40:48.0247 1072  NativeWifiP - ok
21:40:48.0434 1072  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:40:48.0481 1072  NDIS - ok
21:40:48.0512 1072  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:40:48.0528 1072  NdisCap - ok
21:40:48.0590 1072  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:40:48.0590 1072  NdisTapi - ok
21:40:48.0668 1072  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:40:48.0668 1072  Ndisuio - ok
21:40:48.0731 1072  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:40:48.0731 1072  NdisWan - ok
21:40:48.0793 1072  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:40:48.0793 1072  NDProxy - ok
21:40:48.0809 1072  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:40:48.0809 1072  NetBIOS - ok
21:40:48.0871 1072  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:40:48.0871 1072  NetBT - ok
21:40:48.0887 1072  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:40:48.0887 1072  Netlogon - ok
21:40:48.0949 1072  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:40:48.0949 1072  Netman - ok
21:40:49.0027 1072  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:40:49.0043 1072  netprofm - ok
21:40:49.0074 1072  [ 44D4BD55191624C82A2745296BA42814 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
21:40:49.0089 1072  netr28x - ok
21:40:49.0121 1072  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:40:49.0136 1072  NetTcpPortSharing - ok
21:40:49.0152 1072  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:40:49.0152 1072  nfrd960 - ok
21:40:49.0214 1072  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:40:49.0214 1072  NisDrv - ok
21:40:49.0245 1072  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
21:40:49.0245 1072  NisSrv - ok
21:40:49.0292 1072  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:40:49.0292 1072  NlaSvc - ok
21:40:49.0308 1072  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:40:49.0308 1072  Npfs - ok
21:40:49.0323 1072  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:40:49.0323 1072  nsi - ok
21:40:49.0339 1072  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:40:49.0339 1072  nsiproxy - ok
21:40:49.0370 1072  [ B8965FB53551B5455630A4B804D0791F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:40:49.0401 1072  Ntfs - ok
21:40:49.0417 1072  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:40:49.0417 1072  Null - ok
21:40:49.0448 1072  [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
21:40:49.0448 1072  NVHDA - ok
21:40:49.0651 1072  [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:40:49.0682 1072  nvlddmkm - ok
21:40:49.0713 1072  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:40:49.0713 1072  nvraid - ok
21:40:49.0745 1072  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:40:49.0745 1072  nvstor - ok
21:40:49.0776 1072  [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:40:49.0791 1072  nvsvc - ok
21:40:49.0854 1072  [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:40:49.0885 1072  nvUpdatusService - ok
21:40:49.0901 1072  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:40:49.0916 1072  nv_agp - ok
21:40:49.0947 1072  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:40:49.0947 1072  ohci1394 - ok
21:40:49.0963 1072  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:40:49.0979 1072  p2pimsvc - ok
21:40:49.0994 1072  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:40:49.0994 1072  p2psvc - ok
21:40:50.0010 1072  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:40:50.0025 1072  Parport - ok
21:40:50.0072 1072  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:40:50.0072 1072  partmgr - ok
21:40:50.0088 1072  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:40:50.0088 1072  PcaSvc - ok
21:40:50.0135 1072  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:40:50.0135 1072  pci - ok
21:40:50.0150 1072  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:40:50.0150 1072  pciide - ok
21:40:50.0166 1072  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:40:50.0166 1072  pcmcia - ok
21:40:50.0181 1072  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:40:50.0181 1072  pcw - ok
21:40:50.0197 1072  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:40:50.0197 1072  PEAUTH - ok
21:40:50.0275 1072  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:40:50.0291 1072  PerfHost - ok
21:40:50.0337 1072  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:40:50.0384 1072  pla - ok
21:40:50.0415 1072  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:40:50.0415 1072  PlugPlay - ok
21:40:50.0415 1072  pnarp - ok
21:40:50.0431 1072  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:40:50.0431 1072  PNRPAutoReg - ok
21:40:50.0447 1072  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:40:50.0447 1072  PNRPsvc - ok
21:40:50.0493 1072  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:40:50.0509 1072  PolicyAgent - ok
21:40:50.0540 1072  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:40:50.0540 1072  Power - ok
21:40:50.0587 1072  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:40:50.0587 1072  PptpMiniport - ok
21:40:50.0587 1072  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:40:50.0603 1072  Processor - ok
21:40:50.0634 1072  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:40:50.0649 1072  ProfSvc - ok
21:40:50.0649 1072  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:40:50.0665 1072  ProtectedStorage - ok
21:40:50.0696 1072  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:40:50.0696 1072  Psched - ok
21:40:50.0696 1072  purendis - ok
21:40:50.0743 1072  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:40:50.0774 1072  ql2300 - ok
21:40:50.0790 1072  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:40:50.0805 1072  ql40xx - ok
21:40:50.0837 1072  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:40:50.0837 1072  QWAVE - ok
21:40:50.0852 1072  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:40:50.0852 1072  QWAVEdrv - ok
21:40:50.0852 1072  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:40:50.0852 1072  RasAcd - ok
21:40:50.0899 1072  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:40:50.0899 1072  RasAgileVpn - ok
21:40:50.0899 1072  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:40:50.0915 1072  RasAuto - ok
21:40:50.0915 1072  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:40:50.0915 1072  Rasl2tp - ok
21:40:50.0961 1072  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:40:50.0961 1072  RasMan - ok
21:40:50.0977 1072  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:40:50.0993 1072  RasPppoe - ok
21:40:50.0993 1072  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:40:50.0993 1072  RasSstp - ok
21:40:51.0008 1072  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:40:51.0008 1072  rdbss - ok
21:40:51.0024 1072  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:40:51.0024 1072  rdpbus - ok
21:40:51.0039 1072  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:40:51.0039 1072  RDPCDD - ok
21:40:51.0055 1072  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:40:51.0055 1072  RDPENCDD - ok
21:40:51.0071 1072  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:40:51.0071 1072  RDPREFMP - ok
21:40:51.0117 1072  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:40:51.0117 1072  RdpVideoMiniport - ok
21:40:51.0149 1072  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:40:51.0164 1072  RDPWD - ok
21:40:51.0195 1072  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:40:51.0195 1072  rdyboost - ok
21:40:51.0242 1072  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:40:51.0242 1072  RemoteAccess - ok
21:40:51.0258 1072  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:40:51.0258 1072  RemoteRegistry - ok
21:40:51.0320 1072  [ A10B40CF9EB57D24E44717A2D38A00F4 ] RivaTuner64     C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
21:40:51.0320 1072  RivaTuner64 - ok
21:40:51.0336 1072  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:40:51.0336 1072  RpcEptMapper - ok
21:40:51.0367 1072  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:40:51.0383 1072  RpcLocator - ok
21:40:51.0429 1072  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:40:51.0429 1072  RpcSs - ok
21:40:51.0445 1072  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:40:51.0445 1072  rspndr - ok
21:40:51.0492 1072  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:40:51.0492 1072  RTL8167 - ok
21:40:51.0539 1072  [ D53C84EC99AB4D78A90001E5CE5386EC ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
21:40:51.0539 1072  RTL8169 - ok
21:40:51.0570 1072  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:40:51.0570 1072  SamSs - ok
21:40:51.0663 1072  [ CCBF62280DAF6D94A4C73E391CDAC68C ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
21:40:51.0663 1072  SbieDrv - ok
21:40:51.0726 1072  [ 8A1F63C6EC01C56C9EC4C681E593FE34 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
21:40:51.0726 1072  SbieSvc - ok
21:40:51.0757 1072  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:40:51.0757 1072  sbp2port - ok
21:40:51.0773 1072  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:40:51.0773 1072  SCardSvr - ok
21:40:51.0819 1072  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:40:51.0819 1072  scfilter - ok
21:40:51.0835 1072  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:40:51.0851 1072  Schedule - ok
21:40:51.0882 1072  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:40:51.0882 1072  SCPolicySvc - ok
21:40:51.0897 1072  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:40:51.0897 1072  SDRSVC - ok
21:40:51.0960 1072  [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:40:51.0960 1072  SeaPort - ok
21:40:52.0007 1072  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:40:52.0007 1072  secdrv - ok
21:40:52.0053 1072  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:40:52.0053 1072  seclogon - ok
21:40:52.0069 1072  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
21:40:52.0069 1072  SENS - ok
21:40:52.0085 1072  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:40:52.0085 1072  SensrSvc - ok
21:40:52.0116 1072  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:40:52.0116 1072  Serenum - ok
21:40:52.0131 1072  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:40:52.0131 1072  Serial - ok
21:40:52.0163 1072  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:40:52.0163 1072  sermouse - ok
21:40:52.0209 1072  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:40:52.0209 1072  SessionEnv - ok
21:40:52.0241 1072  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:40:52.0241 1072  sffdisk - ok
21:40:52.0241 1072  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:40:52.0241 1072  sffp_mmc - ok
21:40:52.0256 1072  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:40:52.0256 1072  sffp_sd - ok
21:40:52.0272 1072  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:40:52.0272 1072  sfloppy - ok
21:40:52.0287 1072  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:40:52.0287 1072  SharedAccess - ok
21:40:52.0334 1072  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:40:52.0334 1072  ShellHWDetection - ok
21:40:52.0350 1072  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:40:52.0350 1072  SiSRaid2 - ok
21:40:52.0365 1072  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:40:52.0365 1072  SiSRaid4 - ok
21:40:52.0459 1072  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:40:52.0459 1072  SkypeUpdate - ok
21:40:52.0475 1072  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:40:52.0475 1072  Smb - ok
21:40:52.0506 1072  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:40:52.0506 1072  SNMPTRAP - ok
21:40:52.0506 1072  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:40:52.0506 1072  spldr - ok
21:40:52.0553 1072  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:40:52.0553 1072  Spooler - ok
21:40:52.0662 1072  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:40:52.0724 1072  sppsvc - ok
21:40:52.0740 1072  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:40:52.0755 1072  sppuinotify - ok
21:40:52.0818 1072  [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:40:52.0818 1072  SQLBrowser - ok
21:40:52.0865 1072  [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:40:52.0865 1072  SQLWriter - ok
21:40:52.0880 1072  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:40:52.0896 1072  srv - ok
21:40:52.0896 1072  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:40:52.0911 1072  srv2 - ok
21:40:52.0911 1072  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:40:52.0911 1072  srvnet - ok
21:40:52.0943 1072  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:40:52.0943 1072  SSDPSRV - ok
21:40:52.0958 1072  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:40:52.0958 1072  SstpSvc - ok
21:40:52.0989 1072  Steam Client Service - ok
21:40:53.0052 1072  [ 81F177C1954453AF407604160BD149CB ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:40:53.0052 1072  Stereo Service - ok
21:40:53.0067 1072  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:40:53.0067 1072  stexstor - ok
21:40:53.0114 1072  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:40:53.0130 1072  stisvc - ok
21:40:53.0145 1072  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:40:53.0145 1072  swenum - ok
21:40:53.0161 1072  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:40:53.0161 1072  swprv - ok
21:40:53.0223 1072  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:40:53.0239 1072  SysMain - ok
21:40:53.0270 1072  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:40:53.0286 1072  TabletInputService - ok
21:40:53.0333 1072  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:40:53.0333 1072  TapiSrv - ok
21:40:53.0379 1072  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:40:53.0395 1072  TBS - ok
21:40:53.0442 1072  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:40:53.0473 1072  Tcpip - ok
21:40:53.0535 1072  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:40:53.0535 1072  TCPIP6 - ok
21:40:53.0582 1072  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:40:53.0582 1072  tcpipreg - ok
21:40:53.0598 1072  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:40:53.0598 1072  TDPIPE - ok
21:40:53.0629 1072  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:40:53.0629 1072  TDTCP - ok
21:40:53.0691 1072  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:40:53.0691 1072  tdx - ok
21:40:53.0691 1072  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:40:53.0691 1072  TermDD - ok
21:40:53.0723 1072  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:40:53.0738 1072  TermService - ok
21:40:53.0754 1072  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:40:53.0754 1072  Themes - ok
21:40:53.0785 1072  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:40:53.0801 1072  THREADORDER - ok
21:40:53.0816 1072  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:40:53.0816 1072  TrkWks - ok
21:40:53.0879 1072  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:40:53.0879 1072  TrustedInstaller - ok
21:40:53.0925 1072  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:40:53.0925 1072  tssecsrv - ok
21:40:53.0957 1072  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:40:53.0957 1072  TsUsbFlt - ok
21:40:54.0003 1072  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:40:54.0003 1072  tunnel - ok
21:40:54.0019 1072  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:40:54.0019 1072  uagp35 - ok
21:40:54.0066 1072  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:40:54.0066 1072  udfs - ok
21:40:54.0081 1072  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:40:54.0081 1072  UI0Detect - ok
21:40:54.0113 1072  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:40:54.0128 1072  uliagpkx - ok
21:40:54.0159 1072  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
21:40:54.0159 1072  umbus - ok
21:40:54.0175 1072  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:40:54.0175 1072  UmPass - ok
21:40:54.0269 1072  [ E1A119AD21F5AFE22EB516C549306D3D ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:40:54.0269 1072  UNS - ok
21:40:54.0284 1072  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:40:54.0300 1072  upnphost - ok
21:40:54.0331 1072  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
21:40:54.0347 1072  USBAAPL64 - ok
21:40:54.0378 1072  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:40:54.0378 1072  usbaudio - ok
21:40:54.0425 1072  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:40:54.0425 1072  usbccgp - ok
21:40:54.0456 1072  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:40:54.0456 1072  usbcir - ok
21:40:54.0487 1072  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:40:54.0487 1072  usbehci - ok
21:40:54.0503 1072  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:40:54.0503 1072  usbhub - ok
21:40:54.0518 1072  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:40:54.0518 1072  usbohci - ok
21:40:54.0534 1072  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:40:54.0534 1072  usbprint - ok
21:40:54.0581 1072  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:40:54.0581 1072  usbscan - ok
21:40:54.0596 1072  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:40:54.0596 1072  USBSTOR - ok
21:40:54.0612 1072  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:40:54.0612 1072  usbuhci - ok
21:40:54.0627 1072  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:40:54.0627 1072  UxSms - ok
21:40:54.0627 1072  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:40:54.0643 1072  VaultSvc - ok
21:40:54.0659 1072  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:40:54.0659 1072  vdrvroot - ok
21:40:54.0705 1072  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:40:54.0721 1072  vds - ok
21:40:54.0721 1072  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:40:54.0737 1072  vga - ok
21:40:54.0752 1072  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:40:54.0752 1072  VgaSave - ok
21:40:54.0768 1072  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:40:54.0768 1072  vhdmp - ok
21:40:54.0846 1072  [ 3CCC0D9607419AC28B4216C18F6FA5E9 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
21:40:54.0861 1072  VIAHdAudAddService - ok
21:40:54.0877 1072  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:40:54.0893 1072  viaide - ok
21:40:54.0908 1072  [ 888450E821E7A66CB8A4E5B7A01BA5C5 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
21:40:54.0908 1072  VIAKaraokeService - ok
21:40:54.0924 1072  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:40:54.0924 1072  volmgr - ok
21:40:54.0971 1072  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:40:54.0971 1072  volmgrx - ok
21:40:54.0986 1072  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:40:54.0986 1072  volsnap - ok
21:40:55.0002 1072  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:40:55.0017 1072  vsmraid - ok
21:40:55.0064 1072  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:40:55.0095 1072  VSS - ok
21:40:55.0142 1072  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:40:55.0142 1072  vwifibus - ok
21:40:55.0158 1072  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:40:55.0173 1072  vwififlt - ok
21:40:55.0189 1072  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:40:55.0189 1072  vwifimp - ok
21:40:55.0236 1072  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:40:55.0236 1072  W32Time - ok
21:40:55.0267 1072  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:40:55.0267 1072  WacomPen - ok
21:40:55.0298 1072  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:40:55.0298 1072  WANARP - ok
21:40:55.0298 1072  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:40:55.0298 1072  Wanarpv6 - ok
21:40:55.0361 1072  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:40:55.0392 1072  WatAdminSvc - ok
21:40:55.0439 1072  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:40:55.0470 1072  wbengine - ok
21:40:55.0501 1072  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:40:55.0501 1072  WbioSrvc - ok
21:40:55.0548 1072  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:40:55.0548 1072  wcncsvc - ok
21:40:55.0563 1072  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:40:55.0563 1072  WcsPlugInService - ok
21:40:55.0579 1072  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:40:55.0579 1072  Wd - ok
21:40:55.0610 1072  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
21:40:55.0610 1072  WDC_SAM - ok
21:40:55.0657 1072  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:40:55.0657 1072  Wdf01000 - ok
21:40:55.0673 1072  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:40:55.0673 1072  WdiServiceHost - ok
21:40:55.0673 1072  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:40:55.0688 1072  WdiSystemHost - ok
21:40:55.0719 1072  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:40:55.0735 1072  WebClient - ok
21:40:55.0751 1072  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:40:55.0751 1072  Wecsvc - ok
21:40:55.0766 1072  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:40:55.0766 1072  wercplsupport - ok
21:40:55.0782 1072  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:40:55.0782 1072  WerSvc - ok
21:40:55.0797 1072  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:40:55.0813 1072  WfpLwf - ok
21:40:55.0829 1072  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:40:55.0829 1072  WIMMount - ok
21:40:55.0860 1072  WinDefend - ok
21:40:55.0860 1072  WinHttpAutoProxySvc - ok
21:40:55.0938 1072  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:40:55.0953 1072  Winmgmt - ok
21:40:56.0016 1072  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:40:56.0031 1072  WinRM - ok
21:40:56.0063 1072  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:40:56.0063 1072  WinUsb - ok
21:40:56.0078 1072  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:40:56.0094 1072  Wlansvc - ok
21:40:56.0156 1072  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:40:56.0172 1072  wlcrasvc - ok
21:40:56.0281 1072  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:40:56.0297 1072  wlidsvc - ok
21:40:56.0312 1072  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:40:56.0312 1072  WmiAcpi - ok
21:40:56.0328 1072  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:40:56.0328 1072  wmiApSrv - ok
21:40:56.0328 1072  WMPNetworkSvc - ok
21:40:56.0343 1072  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:40:56.0343 1072  WPCSvc - ok
21:40:56.0375 1072  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:40:56.0390 1072  WPDBusEnum - ok
21:40:56.0437 1072  WPRO_40_1340 - ok
21:40:56.0468 1072  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:40:56.0468 1072  ws2ifsl - ok
21:40:56.0484 1072  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
21:40:56.0484 1072  wscsvc - ok
21:40:56.0484 1072  WSearch - ok
21:40:56.0562 1072  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:40:56.0609 1072  wuauserv - ok
21:40:56.0655 1072  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:40:56.0655 1072  WudfPf - ok
21:40:56.0671 1072  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:40:56.0671 1072  WUDFRd - ok
21:40:56.0687 1072  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:40:56.0687 1072  wudfsvc - ok
21:40:56.0718 1072  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:40:56.0733 1072  WwanSvc - ok
21:40:56.0765 1072  ================ Scan global ===============================
21:40:56.0796 1072  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:40:56.0827 1072  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:40:56.0843 1072  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:40:56.0874 1072  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:40:56.0905 1072  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:40:56.0905 1072  [Global] - ok
21:40:56.0905 1072  ================ Scan MBR ==================================
21:40:56.0921 1072  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:40:56.0921 1072  Suspicious mbr (Forged): \Device\Harddisk0\DR0
21:40:56.0983 1072  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:40:56.0983 1072  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:40:56.0983 1072  ================ Scan VBR ==================================
21:40:56.0983 1072  [ B9B96F218A67A7933065E35976FAC728 ] \Device\Harddisk0\DR0\Partition1
21:40:56.0983 1072  \Device\Harddisk0\DR0\Partition1 - ok
21:40:57.0014 1072  [ 7513BC5E47C8EE5D81E2AACA41B0E29C ] \Device\Harddisk0\DR0\Partition2
21:40:57.0014 1072  \Device\Harddisk0\DR0\Partition2 - ok
21:40:57.0014 1072  ================ Scan active images ========================
21:40:57.0014 1072  [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
21:40:57.0014 1072  C:\Windows\System32\drivers\crashdmp.sys - ok
21:40:57.0014 1072  [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
21:40:57.0014 1072  C:\Windows\System32\drivers\Dumpata.sys - ok
21:40:57.0014 1072  [ 02062C0B390B7729EDC9E69C680A6F3C ] C:\Windows\System32\drivers\atapi.sys
21:40:57.0014 1072  C:\Windows\System32\drivers\atapi.sys - ok
21:40:57.0030 1072  [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
21:40:57.0030 1072  C:\Windows\System32\drivers\dumpfve.sys - ok
21:40:57.0030 1072  [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
21:40:57.0030 1072  C:\Windows\System32\drivers\cdrom.sys - ok
21:40:57.0030 1072  [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
21:40:57.0030 1072  C:\Windows\System32\drivers\beep.sys - ok
21:40:57.0030 1072  [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
21:40:57.0030 1072  C:\Windows\System32\drivers\null.sys - ok
21:40:57.0045 1072  [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
21:40:57.0045 1072  C:\Windows\System32\drivers\videoprt.sys - ok
21:40:57.0045 1072  [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
21:40:57.0045 1072  C:\Windows\System32\drivers\watchdog.sys - ok
21:40:57.0045 1072  [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
21:40:57.0045 1072  C:\Windows\System32\drivers\RDPCDD.sys - ok
21:40:57.0045 1072  [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
21:40:57.0045 1072  C:\Windows\System32\drivers\vga.sys - ok
21:40:57.0061 1072  [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
21:40:57.0061 1072  C:\Windows\System32\drivers\RDPENCDD.sys - ok
21:40:57.0061 1072  [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
21:40:57.0061 1072  C:\Windows\System32\drivers\RDPREFMP.sys - ok
21:40:57.0061 1072  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
21:40:57.0061 1072  C:\Windows\System32\drivers\msfs.sys - ok
21:40:57.0061 1072  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
21:40:57.0061 1072  C:\Windows\System32\drivers\npfs.sys - ok
21:40:57.0061 1072  [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
21:40:57.0061 1072  C:\Windows\System32\drivers\tdi.sys - ok
21:40:57.0061 1072  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
21:40:57.0061 1072  C:\Windows\System32\drivers\tdx.sys - ok
21:40:57.0061 1072  [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
21:40:57.0061 1072  C:\Windows\System32\drivers\netbt.sys - ok
21:40:57.0061 1072  [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
21:40:57.0061 1072  C:\Windows\System32\drivers\afd.sys - ok
21:40:57.0077 1072  [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
21:40:57.0077 1072  C:\Windows\System32\drivers\ws2ifsl.sys - ok
21:40:57.0077 1072  [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
21:40:57.0077 1072  C:\Windows\System32\drivers\wfplwf.sys - ok
21:40:57.0077 1072  [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
21:40:57.0077 1072  C:\Windows\System32\drivers\pacer.sys - ok
21:40:57.0077 1072  [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
21:40:57.0077 1072  C:\Windows\System32\drivers\vwififlt.sys - ok
21:40:57.0077 1072  [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
21:40:57.0077 1072  C:\Windows\System32\drivers\netbios.sys - ok
21:40:57.0077 1072  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] C:\Windows\System32\drivers\serial.sys
21:40:57.0077 1072  C:\Windows\System32\drivers\serial.sys - ok
21:40:57.0077 1072  [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
21:40:57.0077 1072  C:\Windows\System32\drivers\wanarp.sys - ok
21:40:57.0077 1072  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
21:40:57.0077 1072  C:\Windows\System32\drivers\termdd.sys - ok
21:40:57.0092 1072  [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
21:40:57.0092 1072  C:\Windows\System32\drivers\rdbss.sys - ok
21:40:57.0092 1072  [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
21:40:57.0092 1072  C:\Windows\System32\drivers\nsiproxy.sys - ok
21:40:57.0092 1072  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
21:40:57.0092 1072  C:\Windows\System32\drivers\mssmbios.sys - ok
21:40:57.0092 1072  [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
21:40:57.0092 1072  C:\Windows\System32\drivers\discache.sys - ok
21:40:57.0092 1072  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
21:40:57.0092 1072  C:\Windows\System32\drivers\dfsc.sys - ok
21:40:57.0092 1072  [ BA8E5B2291C01EF71CA80E25F0C79D55 ] C:\Windows\System32\drivers\ctxusbm.sys
21:40:57.0092 1072  C:\Windows\System32\drivers\ctxusbm.sys - ok
21:40:57.0092 1072  [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
21:40:57.0092 1072  C:\Windows\System32\drivers\blbdrive.sys - ok
21:40:57.0092 1072  [ A82C01606DC27D05D9D3BFB6BB807E32 ] C:\Windows\SysWOW64\drivers\AsIO.sys
21:40:57.0092 1072  C:\Windows\SysWOW64\drivers\AsIO.sys - ok
21:40:57.0108 1072  [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] C:\Windows\System32\drivers\AppleCharger.sys
21:40:57.0108 1072  C:\Windows\System32\drivers\AppleCharger.sys - ok
21:40:57.0108 1072  [ F0371DE302FFFF8F086661611BE60848 ] C:\Windows\System32\smss.exe
21:40:57.0108 1072  C:\Windows\System32\smss.exe - ok
21:40:57.0108 1072  [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
21:40:57.0108 1072  C:\Windows\System32\ntdll.dll - ok
21:40:57.0108 1072  [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
21:40:57.0108 1072  C:\Windows\System32\autochk.exe - ok
21:40:57.0108 1072  [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
21:40:57.0108 1072  C:\Windows\System32\gdi32.dll - ok
21:40:57.0108 1072  [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
21:40:57.0108 1072  C:\Windows\System32\rpcrt4.dll - ok
21:40:57.0108 1072  [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
21:40:57.0108 1072  C:\Windows\System32\imm32.dll - ok
21:40:57.0108 1072  [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
21:40:57.0108 1072  C:\Windows\System32\kernel32.dll - ok
21:40:57.0108 1072  [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
21:40:57.0108 1072  C:\Windows\System32\shell32.dll - ok
21:40:57.0123 1072  [ 4EE399576F76D38C04745DB739BBC8C7 ] C:\Windows\System32\drivers\nvlddmkm.sys
21:40:57.0123 1072  C:\Windows\System32\drivers\nvlddmkm.sys - ok
21:40:57.0123 1072  [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
21:40:57.0123 1072  C:\Windows\System32\drivers\dxgkrnl.sys - ok
21:40:57.0123 1072  [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
21:40:57.0123 1072  C:\Windows\System32\drivers\dxgmms1.sys - ok
21:40:57.0123 1072  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
21:40:57.0123 1072  C:\Windows\System32\drivers\hdaudbus.sys - ok
21:40:57.0123 1072  [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E ] C:\Windows\System32\drivers\iusb3xhc.sys
21:40:57.0123 1072  C:\Windows\System32\drivers\iusb3xhc.sys - ok
21:40:57.0123 1072  [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
21:40:57.0123 1072  C:\Windows\System32\drivers\usbd.sys - ok
21:40:57.0123 1072  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] C:\Windows\System32\drivers\HECIx64.sys
21:40:57.0123 1072  C:\Windows\System32\drivers\HECIx64.sys - ok
21:40:57.0123 1072  [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
21:40:57.0123 1072  C:\Windows\System32\drivers\usbehci.sys - ok
21:40:57.0139 1072  [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
21:40:57.0139 1072  C:\Windows\System32\drivers\usbport.sys - ok
21:40:57.0139 1072  [ A43A9920D2409BB9DA747D2FD20A2E61 ] C:\Windows\System32\drivers\L1C62x64.sys
21:40:57.0139 1072  C:\Windows\System32\drivers\L1C62x64.sys - ok
21:40:57.0139 1072  [ DE261095A2220D400D9603E1E42D4185 ] C:\Windows\System32\drivers\EtronXHCI.sys
21:40:57.0139 1072  C:\Windows\System32\drivers\EtronXHCI.sys - ok
21:40:57.0139 1072  [ CB624C0035412AF0DEBEC78C41F5CA1B ] C:\Windows\System32\drivers\serenum.sys
21:40:57.0139 1072  C:\Windows\System32\drivers\serenum.sys - ok
21:40:57.0139 1072  [ E403AACF8C7BB11375122D2464560311 ] C:\Windows\System32\drivers\GEARAspiWDM.sys
21:40:57.0139 1072  C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
21:40:57.0139 1072  [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
21:40:57.0139 1072  C:\Windows\System32\difxapi.dll - ok
21:40:57.0139 1072  [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
21:40:57.0139 1072  C:\Windows\System32\drivers\intelppm.sys - ok
21:40:57.0139 1072  [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
21:40:57.0139 1072  C:\Windows\System32\drivers\CompositeBus.sys - ok
21:40:57.0155 1072  [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
21:40:57.0155 1072  C:\Windows\System32\imagehlp.dll - ok
21:40:57.0155 1072  [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
21:40:57.0155 1072  C:\Windows\System32\msvcrt.dll - ok
21:40:57.0155 1072  [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
21:40:57.0155 1072  C:\Windows\System32\drivers\agilevpn.sys - ok
21:40:57.0155 1072  [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
21:40:57.0155 1072  C:\Windows\System32\drivers\rasl2tp.sys - ok
21:40:57.0155 1072  [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
21:40:57.0155 1072  C:\Windows\System32\advapi32.dll - ok
21:40:57.0155 1072  [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
21:40:57.0155 1072  C:\Windows\System32\drivers\ndistapi.sys - ok
21:40:57.0170 1072  [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
21:40:57.0170 1072  C:\Windows\System32\drivers\ndiswan.sys - ok
21:40:57.0170 1072  [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
21:40:57.0170 1072  C:\Windows\System32\msctf.dll - ok
21:40:57.0170 1072  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
21:40:57.0170 1072  C:\Windows\System32\drivers\raspppoe.sys - ok
21:40:57.0170 1072  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
21:40:57.0170 1072  C:\Windows\System32\drivers\raspptp.sys - ok
21:40:57.0170 1072  [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
21:40:57.0170 1072  C:\Windows\System32\shlwapi.dll - ok
21:40:57.0170 1072  [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
21:40:57.0170 1072  C:\Windows\System32\drivers\rassstp.sys - ok
21:40:57.0170 1072  [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
21:40:57.0170 1072  C:\Windows\System32\clbcatq.dll - ok
21:40:57.0170 1072  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
21:40:57.0170 1072  C:\Windows\System32\drivers\kbdclass.sys - ok
21:40:57.0186 1072  [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
21:40:57.0186 1072  C:\Windows\System32\drivers\mouclass.sys - ok
21:40:57.0186 1072  [ 29812E9971077BE3F8B9DC225CF9D454 ] C:\Windows\System32\urlmon.dll
21:40:57.0186 1072  C:\Windows\System32\urlmon.dll - ok
21:40:57.0186 1072  [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
21:40:57.0186 1072  C:\Windows\System32\drivers\ks.sys - ok
21:40:57.0186 1072  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
21:40:57.0186 1072  C:\Windows\System32\drivers\swenum.sys - ok
21:40:57.0186 1072  [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
21:40:57.0186 1072  C:\Windows\System32\drivers\umbus.sys - ok
21:40:57.0186 1072  [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
21:40:57.0186 1072  C:\Windows\System32\psapi.dll - ok
21:40:57.0186 1072  [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
21:40:57.0186 1072  C:\Windows\System32\sechost.dll - ok
21:40:57.0186 1072  [ 85F1FE2D5EDBFD26066F5ABB9504A69C ] C:\Windows\System32\iertutil.dll
21:40:57.0186 1072  C:\Windows\System32\iertutil.dll - ok
21:40:57.0186 1072  [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
21:40:57.0186 1072  C:\Windows\System32\nsi.dll - ok
21:40:57.0201 1072  [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
21:40:57.0201 1072  C:\Windows\System32\user32.dll - ok
21:40:57.0201 1072  [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
21:40:57.0201 1072  C:\Windows\System32\Wldap32.dll - ok
21:40:57.0201 1072  [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
21:40:57.0201 1072  C:\Windows\System32\oleaut32.dll - ok
21:40:57.0201 1072  [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
21:40:57.0201 1072  C:\Windows\System32\drivers\usbhub.sys - ok
21:40:57.0201 1072  [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
21:40:57.0201 1072  C:\Windows\System32\ws2_32.dll - ok
21:40:57.0201 1072  [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
21:40:57.0201 1072  C:\Windows\System32\normaliz.dll - ok
21:40:57.0201 1072  [ 753C0848AE7872A3F59663078A517293 ] C:\Windows\System32\wininet.dll
21:40:57.0201 1072  C:\Windows\System32\wininet.dll - ok
21:40:57.0201 1072  [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
21:40:57.0201 1072  C:\Windows\System32\comdlg32.dll - ok
21:40:57.0217 1072  [ 3DBC10CBC436288801FAEE66DE91AE47 ] C:\Windows\System32\drivers\EtronHub3.sys
21:40:57.0217 1072  C:\Windows\System32\drivers\EtronHub3.sys - ok
21:40:57.0217 1072  [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
21:40:57.0217 1072  C:\Windows\System32\lpk.dll - ok
21:40:57.0217 1072  [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
21:40:57.0217 1072  C:\Windows\System32\usp10.dll - ok
21:40:57.0217 1072  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
21:40:57.0217 1072  C:\Windows\System32\drivers\ndproxy.sys - ok
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users