Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected? - Random web page openings - Wizard 101, classmates.com, etc


  • Please log in to reply
15 replies to this topic

#1 aemidnight

aemidnight

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 11 August 2013 - 11:29 AM

Must be infected with something, already ran anti-malwarebyte, thought was fixed but not.  search protect? files deleted.

Still having random tabs in chrome opening up to random annoying websites.

 

would like to get this cleared up.

 

please help

 

thanks.



BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 AM

Posted 11 August 2013 - 01:56 PM

:welcome:

 

:step1: Install and run MBAM

===================================================

 

:step2:  Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run.
  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================

 

:step3: ESET Online Scanner

 

Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.

 

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 aemidnight

aemidnight
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 11 August 2013 - 09:24 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.10.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Home :: HOME-HP [administrator]
 
8/11/2013 3:19:21 PM
mbam-log-2013-08-11 (15-19-21).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 530316
Time elapsed: 1 hour(s), 51 minute(s), 24 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

 

 

17:16:59.0452 4352  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:17:00.0629 4352  ============================================================
17:17:00.0629 4352  Current date / time: 2013/08/11 17:17:00.0629
17:17:00.0629 4352  SystemInfo:
17:17:00.0629 4352  
17:17:00.0629 4352  OS Version: 6.1.7601 ServicePack: 1.0
17:17:00.0629 4352  Product type: Workstation
17:17:00.0629 4352  ComputerName: HOME-HP
17:17:00.0630 4352  UserName: Home
17:17:00.0630 4352  Windows directory: C:\Windows
17:17:00.0630 4352  System windows directory: C:\Windows
17:17:00.0630 4352  Running under WOW64
17:17:00.0630 4352  Processor architecture: Intel x64
17:17:00.0630 4352  Number of processors: 2
17:17:00.0630 4352  Page size: 0x1000
17:17:00.0630 4352  Boot type: Normal boot
17:17:00.0630 4352  ============================================================
17:17:02.0534 4352  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:17:02.0567 4352  Drive \Device\Harddisk1\DR1 - Size: 0x746EC00000 (465.73 Gb), SectorSize: 0x200, Cylinders: 0xED7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:17:02.0951 4352  Drive \Device\Harddisk2\DR2 - Size: 0x75400000 (1.83 Gb), SectorSize: 0x200, Cylinders: 0xEF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:17:02.0968 4352  ============================================================
17:17:02.0968 4352  \Device\Harddisk0\DR0:
17:17:03.0001 4352  MBR partitions:
17:17:03.0001 4352  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:17:03.0001 4352  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72F3F800
17:17:03.0001 4352  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72F72000, BlocksNum 0x1794000
17:17:03.0001 4352  \Device\Harddisk1\DR1:
17:17:03.0002 4352  MBR partitions:
17:17:03.0002 4352  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A375800
17:17:03.0002 4352  \Device\Harddisk2\DR2:
17:17:03.0004 4352  MBR partitions:
17:17:03.0004 4352  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x89, BlocksNum 0x3A9F77
17:17:03.0004 4352  ============================================================
17:17:03.0111 4352  C: <-> \Device\Harddisk0\DR0\Partition2
17:17:03.0246 4352  D: <-> \Device\Harddisk0\DR0\Partition3
17:17:03.0314 4352  H: <-> \Device\Harddisk1\DR1\Partition1
17:17:03.0459 4352  ============================================================
17:17:03.0459 4352  Initialize success
17:17:03.0459 4352  ============================================================
17:17:47.0177 5968  ============================================================
17:17:47.0177 5968  Scan started
17:17:47.0177 5968  Mode: Manual; TDLFS; 
17:17:47.0177 5968  ============================================================
17:17:48.0089 5968  ================ Scan system memory ========================
17:17:48.0089 5968  System memory - ok
17:17:48.0096 5968  ================ Scan services =============================
17:17:48.0291 5968  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:17:48.0295 5968  1394ohci - ok
17:17:48.0414 5968  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:17:48.0436 5968  ACDaemon - ok
17:17:48.0464 5968  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:17:48.0489 5968  ACPI - ok
17:17:48.0512 5968  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:17:48.0515 5968  AcpiPmi - ok
17:17:48.0659 5968  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:17:48.0663 5968  AdobeARMservice - ok
17:17:48.0814 5968  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:17:48.0834 5968  AdobeFlashPlayerUpdateSvc - ok
17:17:48.0873 5968  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:17:48.0891 5968  adp94xx - ok
17:17:48.0940 5968  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:17:48.0946 5968  adpahci - ok
17:17:48.0958 5968  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:17:48.0962 5968  adpu320 - ok
17:17:48.0987 5968  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:17:48.0998 5968  AeLookupSvc - ok
17:17:49.0062 5968  [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
17:17:49.0065 5968  Afc - ok
17:17:49.0116 5968  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:17:49.0134 5968  AFD - ok
17:17:49.0164 5968  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:17:49.0166 5968  agp440 - ok
17:17:49.0181 5968  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:17:49.0184 5968  ALG - ok
17:17:49.0231 5968  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:17:49.0235 5968  aliide - ok
17:17:49.0280 5968  [ A592CA3EC9A5AF7F74D5169D556B976F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:17:49.0286 5968  AMD External Events Utility - ok
17:17:49.0317 5968  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:17:49.0319 5968  amdide - ok
17:17:49.0345 5968  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:17:49.0348 5968  AmdK8 - ok
17:17:49.0560 5968  [ 1512CEEDC3657082F396A0818528B5E8 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:17:49.0714 5968  amdkmdag - ok
17:17:49.0758 5968  [ 3D00276750E2D6F35228E12868CF1A46 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:17:49.0765 5968  amdkmdap - ok
17:17:49.0809 5968  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:17:49.0812 5968  AmdPPM - ok
17:17:49.0839 5968  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:17:49.0842 5968  amdsata - ok
17:17:49.0857 5968  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:17:49.0862 5968  amdsbs - ok
17:17:49.0880 5968  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:17:49.0882 5968  amdxata - ok
17:17:49.0921 5968  [ 352476C98EF3952563A14F767491BBA9 ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
17:17:49.0923 5968  amd_sata - ok
17:17:49.0989 5968  [ F4805C309FE48D6939147FE5CCDB1AD4 ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
17:17:49.0991 5968  amd_xata - ok
17:17:50.0024 5968  [ EFD1765905491B742C531FF6C38E9EC7 ] andnetadb       C:\Windows\system32\Drivers\lgandnetadb.sys
17:17:50.0026 5968  andnetadb - ok
17:17:50.0059 5968  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:17:50.0061 5968  AppID - ok
17:17:50.0086 5968  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:17:50.0088 5968  AppIDSvc - ok
17:17:50.0129 5968  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
17:17:50.0130 5968  Appinfo - ok
17:17:50.0222 5968  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:17:50.0225 5968  Apple Mobile Device - ok
17:17:50.0251 5968  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
17:17:50.0254 5968  arc - ok
17:17:50.0270 5968  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:17:50.0273 5968  arcsas - ok
17:17:50.0368 5968  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:17:50.0411 5968  aspnet_state - ok
17:17:50.0436 5968  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:17:50.0438 5968  AsyncMac - ok
17:17:50.0465 5968  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:17:50.0467 5968  atapi - ok
17:17:50.0504 5968  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:17:50.0513 5968  AudioEndpointBuilder - ok
17:17:50.0531 5968  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:17:50.0538 5968  AudioSrv - ok
17:17:50.0559 5968  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:17:50.0561 5968  AxInstSV - ok
17:17:50.0590 5968  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:17:50.0596 5968  b06bdrv - ok
17:17:50.0614 5968  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:17:50.0619 5968  b57nd60a - ok
17:17:50.0635 5968  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:17:50.0637 5968  BDESVC - ok
17:17:50.0660 5968  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:17:50.0661 5968  Beep - ok
17:17:50.0693 5968  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:17:50.0701 5968  BFE - ok
17:17:50.0949 5968  [ 6E10DB69DB1AA96207F4B14B18FF12F8 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys
17:17:50.0972 5968  BHDrvx64 - ok
17:17:51.0011 5968  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:17:51.0020 5968  BITS - ok
17:17:51.0039 5968  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:17:51.0042 5968  blbdrive - ok
17:17:51.0107 5968  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:17:51.0112 5968  Bonjour Service - ok
17:17:51.0154 5968  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:17:51.0157 5968  bowser - ok
17:17:51.0170 5968  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:17:51.0171 5968  BrFiltLo - ok
17:17:51.0186 5968  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:17:51.0187 5968  BrFiltUp - ok
17:17:51.0228 5968  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:17:51.0249 5968  Browser - ok
17:17:51.0288 5968  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:17:51.0296 5968  Brserid - ok
17:17:51.0314 5968  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:17:51.0317 5968  BrSerWdm - ok
17:17:51.0333 5968  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:17:51.0335 5968  BrUsbMdm - ok
17:17:51.0348 5968  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:17:51.0350 5968  BrUsbSer - ok
17:17:51.0367 5968  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:17:51.0370 5968  BTHMODEM - ok
17:17:51.0405 5968  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:17:51.0408 5968  bthserv - ok
17:17:51.0509 5968  [ 56685951208AC81CF923B9B08BEDF3B7 ] ccSet_N360      C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys
17:17:51.0515 5968  ccSet_N360 - ok
17:17:51.0549 5968  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:17:51.0567 5968  cdfs - ok
17:17:51.0603 5968  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:17:51.0607 5968  cdrom - ok
17:17:51.0623 5968  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:17:51.0624 5968  CertPropSvc - ok
17:17:51.0646 5968  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
17:17:51.0648 5968  circlass - ok
17:17:51.0666 5968  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:17:51.0672 5968  CLFS - ok
17:17:51.0716 5968  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:17:51.0719 5968  clr_optimization_v2.0.50727_32 - ok
17:17:51.0759 5968  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:17:51.0761 5968  clr_optimization_v2.0.50727_64 - ok
17:17:51.0825 5968  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:17:51.0852 5968  clr_optimization_v4.0.30319_32 - ok
17:17:51.0871 5968  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:17:51.0879 5968  clr_optimization_v4.0.30319_64 - ok
17:17:51.0931 5968  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
17:17:51.0934 5968  CmBatt - ok
17:17:51.0959 5968  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:17:51.0961 5968  cmdide - ok
17:17:52.0009 5968  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
17:17:52.0029 5968  CNG - ok
17:17:52.0059 5968  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:17:52.0061 5968  Compbatt - ok
17:17:52.0072 5968  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:17:52.0074 5968  CompositeBus - ok
17:17:52.0081 5968  COMSysApp - ok
17:17:52.0095 5968  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:17:52.0097 5968  crcdisk - ok
17:17:52.0138 5968  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:17:52.0140 5968  CryptSvc - ok
17:17:52.0185 5968  [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
17:17:52.0187 5968  ctxusbm - ok
17:17:52.0311 5968  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:17:52.0330 5968  cvhsvc - ok
17:17:52.0375 5968  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:17:52.0385 5968  DcomLaunch - ok
17:17:52.0415 5968  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:17:52.0419 5968  defragsvc - ok
17:17:52.0442 5968  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:17:52.0445 5968  DfsC - ok
17:17:52.0465 5968  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:17:52.0470 5968  Dhcp - ok
17:17:52.0482 5968  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:17:52.0484 5968  discache - ok
17:17:52.0509 5968  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
17:17:52.0511 5968  Disk - ok
17:17:52.0541 5968  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:17:52.0544 5968  Dnscache - ok
17:17:52.0562 5968  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:17:52.0566 5968  dot3svc - ok
17:17:52.0582 5968  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:17:52.0585 5968  DPS - ok
17:17:52.0608 5968  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:17:52.0610 5968  drmkaud - ok
17:17:52.0702 5968  [ B409A377922A515C50995F8E32078E4C ] DTSRVC          C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
17:17:52.0705 5968  DTSRVC - ok
17:17:52.0749 5968  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:17:52.0771 5968  DXGKrnl - ok
17:17:52.0805 5968  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:17:52.0808 5968  EapHost - ok
17:17:52.0939 5968  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:17:53.0022 5968  ebdrv - ok
17:17:53.0065 5968  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:17:53.0072 5968  eeCtrl - ok
17:17:53.0114 5968  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:17:53.0134 5968  EFS - ok
17:17:53.0197 5968  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:17:53.0213 5968  ehRecvr - ok
17:17:53.0239 5968  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:17:53.0242 5968  ehSched - ok
17:17:53.0277 5968  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:17:53.0295 5968  elxstor - ok
17:17:53.0341 5968  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:17:53.0343 5968  EraserUtilRebootDrv - ok
17:17:53.0358 5968  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:17:53.0360 5968  ErrDev - ok
17:17:53.0388 5968  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:17:53.0393 5968  EventSystem - ok
17:17:53.0412 5968  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:17:53.0415 5968  exfat - ok
17:17:53.0431 5968  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:17:53.0434 5968  fastfat - ok
17:17:53.0462 5968  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:17:53.0470 5968  Fax - ok
17:17:53.0526 5968  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
17:17:53.0527 5968  fdc - ok
17:17:53.0548 5968  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:17:53.0549 5968  fdPHost - ok
17:17:53.0561 5968  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:17:53.0562 5968  FDResPub - ok
17:17:53.0574 5968  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:17:53.0580 5968  FileInfo - ok
17:17:53.0595 5968  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:17:53.0597 5968  Filetrace - ok
17:17:53.0607 5968  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:17:53.0609 5968  flpydisk - ok
17:17:53.0631 5968  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:17:53.0635 5968  FltMgr - ok
17:17:53.0697 5968  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
17:17:53.0729 5968  FontCache - ok
17:17:53.0798 5968  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:17:53.0814 5968  FontCache3.0.0.0 - ok
17:17:53.0847 5968  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:17:53.0849 5968  FsDepends - ok
17:17:53.0917 5968  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
17:17:53.0923 5968  fssfltr - ok
17:17:54.0106 5968  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:17:54.0137 5968  fsssvc - ok
17:17:54.0172 5968  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:17:54.0187 5968  Fs_Rec - ok
17:17:54.0237 5968  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:17:54.0256 5968  fvevol - ok
17:17:54.0297 5968  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:17:54.0300 5968  gagp30kx - ok
17:17:54.0353 5968  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:17:54.0358 5968  GamesAppService - ok
17:17:54.0406 5968  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:17:54.0408 5968  GEARAspiWDM - ok
17:17:54.0441 5968  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:17:54.0458 5968  gpsvc - ok
17:17:54.0586 5968  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:17:54.0607 5968  gupdate - ok
17:17:54.0618 5968  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:17:54.0621 5968  gupdatem - ok
17:17:54.0651 5968  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:17:54.0654 5968  hcw85cir - ok
17:17:54.0677 5968  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:17:54.0684 5968  HdAudAddService - ok
17:17:54.0701 5968  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:17:54.0704 5968  HDAudBus - ok
17:17:54.0722 5968  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:17:54.0724 5968  HidBatt - ok
17:17:54.0738 5968  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:17:54.0740 5968  HidBth - ok
17:17:54.0757 5968  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:17:54.0759 5968  HidIr - ok
17:17:54.0776 5968  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:17:54.0778 5968  hidserv - ok
17:17:54.0803 5968  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:17:54.0804 5968  HidUsb - ok
17:17:54.0826 5968  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:17:54.0828 5968  hkmsvc - ok
17:17:54.0844 5968  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:17:54.0848 5968  HomeGroupListener - ok
17:17:54.0875 5968  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:17:54.0880 5968  HomeGroupProvider - ok
17:17:55.0010 5968  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:17:55.0027 5968  HP Support Assistant Service - ok
17:17:55.0076 5968  [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
17:17:55.0096 5968  HPClientSvc - ok
17:17:55.0175 5968  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:17:55.0198 5968  hpqwmiex - ok
17:17:55.0235 5968  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:17:55.0238 5968  HpSAMD - ok
17:17:55.0275 5968  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:17:55.0287 5968  HTTP - ok
17:17:55.0303 5968  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:17:55.0305 5968  hwpolicy - ok
17:17:55.0332 5968  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:17:55.0335 5968  i8042prt - ok
17:17:55.0355 5968  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:17:55.0361 5968  iaStorV - ok
17:17:55.0425 5968  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:17:55.0428 5968  IDriverT - ok
17:17:55.0480 5968  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:17:55.0501 5968  idsvc - ok
17:17:55.0646 5968  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130809.001\IDSvia64.sys
17:17:55.0666 5968  IDSVia64 - ok
17:17:55.0835 5968  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:17:55.0962 5968  igfx - ok
17:17:55.0997 5968  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:17:55.0999 5968  iirsp - ok
17:17:56.0046 5968  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:17:56.0056 5968  IKEEXT - ok
17:17:56.0255 5968  [ 91ED47813243B455E2D81115A8255F0E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:17:56.0342 5968  IntcAzAudAddService - ok
17:17:56.0369 5968  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:17:56.0370 5968  intelide - ok
17:17:56.0392 5968  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
17:17:56.0395 5968  intelppm - ok
17:17:56.0407 5968  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:17:56.0410 5968  IPBusEnum - ok
17:17:56.0422 5968  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:17:56.0424 5968  IpFilterDriver - ok
17:17:56.0466 5968  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:17:56.0473 5968  iphlpsvc - ok
17:17:56.0483 5968  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:17:56.0486 5968  IPMIDRV - ok
17:17:56.0495 5968  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:17:56.0497 5968  IPNAT - ok
17:17:56.0577 5968  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:17:56.0590 5968  iPod Service - ok
17:17:56.0609 5968  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:17:56.0611 5968  IRENUM - ok
17:17:56.0633 5968  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:17:56.0634 5968  isapnp - ok
17:17:56.0667 5968  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:17:56.0672 5968  iScsiPrt - ok
17:17:56.0696 5968  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:17:56.0699 5968  kbdclass - ok
17:17:56.0720 5968  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:17:56.0722 5968  kbdhid - ok
17:17:56.0728 5968  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:17:56.0730 5968  KeyIso - ok
17:17:56.0820 5968  [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
17:17:56.0827 5968  Kodak AiO Network Discovery Service - ok
17:17:56.0873 5968  [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
17:17:56.0886 5968  Kodak AiO Status Monitor Service - ok
17:17:56.0928 5968  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:17:56.0930 5968  KSecDD - ok
17:17:56.0974 5968  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:17:56.0978 5968  KSecPkg - ok
17:17:57.0009 5968  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:17:57.0011 5968  ksthunk - ok
17:17:57.0036 5968  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:17:57.0045 5968  KtmRm - ok
17:17:57.0075 5968  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:17:57.0082 5968  LanmanServer - ok
17:17:57.0102 5968  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:17:57.0107 5968  LanmanWorkstation - ok
17:17:57.0131 5968  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:17:57.0133 5968  lltdio - ok
17:17:57.0153 5968  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:17:57.0157 5968  lltdsvc - ok
17:17:57.0174 5968  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:17:57.0176 5968  lmhosts - ok
17:17:57.0200 5968  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:17:57.0203 5968  LSI_FC - ok
17:17:57.0219 5968  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:17:57.0221 5968  LSI_SAS - ok
17:17:57.0240 5968  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:17:57.0242 5968  LSI_SAS2 - ok
17:17:57.0257 5968  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:17:57.0260 5968  LSI_SCSI - ok
17:17:57.0276 5968  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:17:57.0279 5968  luafv - ok
17:17:57.0294 5968  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:17:57.0296 5968  Mcx2Svc - ok
17:17:57.0323 5968  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:17:57.0325 5968  megasas - ok
17:17:57.0348 5968  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:17:57.0352 5968  MegaSR - ok
17:17:57.0413 5968  Microsoft SharePoint Workspace Audit Service - ok
17:17:57.0452 5968  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:17:57.0455 5968  MMCSS - ok
17:17:57.0479 5968  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:17:57.0483 5968  Modem - ok
17:17:57.0530 5968  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:17:57.0532 5968  monitor - ok
17:17:57.0561 5968  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:17:57.0563 5968  mouclass - ok
17:17:57.0583 5968  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:17:57.0585 5968  mouhid - ok
17:17:57.0605 5968  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:17:57.0611 5968  mountmgr - ok
17:17:57.0681 5968  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:17:57.0686 5968  MozillaMaintenance - ok
17:17:57.0709 5968  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:17:57.0713 5968  mpio - ok
17:17:57.0740 5968  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:17:57.0743 5968  mpsdrv - ok
17:17:57.0771 5968  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:17:57.0786 5968  MpsSvc - ok
17:17:57.0801 5968  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:17:57.0804 5968  MRxDAV - ok
17:17:57.0827 5968  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:17:57.0829 5968  mrxsmb - ok
17:17:57.0873 5968  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:17:57.0878 5968  mrxsmb10 - ok
17:17:57.0922 5968  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:17:57.0927 5968  mrxsmb20 - ok
17:17:57.0950 5968  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:17:57.0952 5968  msahci - ok
17:17:58.0012 5968  [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
17:17:58.0017 5968  MSCamSvc - ok
17:17:58.0037 5968  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:17:58.0042 5968  msdsm - ok
17:17:58.0056 5968  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:17:58.0060 5968  MSDTC - ok
17:17:58.0083 5968  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:17:58.0085 5968  Msfs - ok
17:17:58.0097 5968  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:17:58.0099 5968  mshidkmdf - ok
17:17:58.0109 5968  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:17:58.0111 5968  msisadrv - ok
17:17:58.0134 5968  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:17:58.0137 5968  MSiSCSI - ok
17:17:58.0143 5968  msiserver - ok
17:17:58.0163 5968  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:17:58.0164 5968  MSKSSRV - ok
17:17:58.0176 5968  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:17:58.0177 5968  MSPCLOCK - ok
17:17:58.0190 5968  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:17:58.0192 5968  MSPQM - ok
17:17:58.0207 5968  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:17:58.0212 5968  MsRPC - ok
17:17:58.0225 5968  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:17:58.0227 5968  mssmbios - ok
17:17:58.0243 5968  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:17:58.0244 5968  MSTEE - ok
17:17:58.0256 5968  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:17:58.0258 5968  MTConfig - ok
17:17:58.0270 5968  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:17:58.0272 5968  Mup - ok
17:17:58.0437 5968  [ 1BF9D6476061B31CD7FC2BF848529A56 ] N360            C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
17:17:58.0440 5968  N360 - ok
17:17:58.0482 5968  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:17:58.0493 5968  napagent - ok
17:17:58.0526 5968  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:17:58.0531 5968  NativeWifiP - ok
17:17:58.0586 5968  [ 56540E526B46E379A476FB5BC381B290 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130811.006\ENG64.SYS
17:17:58.0592 5968  NAVENG - ok
17:17:58.0652 5968  [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130811.006\EX64.SYS
17:17:58.0682 5968  NAVEX15 - ok
17:17:58.0752 5968  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:17:58.0767 5968  NDIS - ok
17:17:58.0787 5968  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:17:58.0789 5968  NdisCap - ok
17:17:58.0807 5968  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:17:58.0808 5968  NdisTapi - ok
17:17:58.0821 5968  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:17:58.0823 5968  Ndisuio - ok
17:17:58.0840 5968  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:17:58.0842 5968  NdisWan - ok
17:17:58.0853 5968  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:17:58.0855 5968  NDProxy - ok
17:17:58.0865 5968  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:17:58.0867 5968  NetBIOS - ok
17:17:58.0924 5968  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:17:58.0931 5968  NetBT - ok
17:17:58.0947 5968  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:17:58.0949 5968  Netlogon - ok
17:17:58.0978 5968  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:17:58.0984 5968  Netman - ok
17:17:59.0029 5968  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:59.0039 5968  NetMsmqActivator - ok
17:17:59.0045 5968  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:59.0046 5968  NetPipeActivator - ok
17:17:59.0064 5968  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:17:59.0071 5968  netprofm - ok
17:17:59.0143 5968  [ 2EED549279D7FBD10B846B5397573967 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
17:17:59.0172 5968  netr28x - ok
17:17:59.0183 5968  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:59.0184 5968  NetTcpActivator - ok
17:17:59.0189 5968  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:59.0190 5968  NetTcpPortSharing - ok
17:17:59.0218 5968  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:17:59.0220 5968  nfrd960 - ok
17:17:59.0244 5968  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:17:59.0248 5968  NlaSvc - ok
17:17:59.0332 5968  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
17:17:59.0361 5968  NOBU - ok
17:17:59.0379 5968  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:17:59.0381 5968  Npfs - ok
17:17:59.0401 5968  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:17:59.0402 5968  nsi - ok
17:17:59.0414 5968  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:17:59.0416 5968  nsiproxy - ok
17:17:59.0473 5968  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:17:59.0490 5968  Ntfs - ok
17:17:59.0496 5968  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:17:59.0498 5968  Null - ok
17:17:59.0520 5968  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:17:59.0523 5968  nvraid - ok
17:17:59.0533 5968  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:17:59.0536 5968  nvstor - ok
17:17:59.0562 5968  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:17:59.0564 5968  nv_agp - ok
17:17:59.0578 5968  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:17:59.0580 5968  ohci1394 - ok
17:17:59.0635 5968  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:17:59.0640 5968  ose - ok
17:17:59.0773 5968  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:17:59.0821 5968  osppsvc - ok
17:17:59.0853 5968  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:17:59.0858 5968  p2pimsvc - ok
17:17:59.0879 5968  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:17:59.0901 5968  p2psvc - ok
17:17:59.0944 5968  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
17:17:59.0947 5968  Parport - ok
17:17:59.0979 5968  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:17:59.0981 5968  partmgr - ok
17:17:59.0998 5968  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:18:00.0002 5968  PcaSvc - ok
17:18:00.0020 5968  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:18:00.0023 5968  pci - ok
17:18:00.0043 5968  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:18:00.0044 5968  pciide - ok
17:18:00.0060 5968  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:18:00.0063 5968  pcmcia - ok
17:18:00.0075 5968  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:18:00.0077 5968  pcw - ok
17:18:00.0104 5968  pdfcDispatcher - ok
17:18:00.0148 5968  [ 0DEC4CD11A67D05C3D4330B89E66DAA2 ] PdiService      C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
17:18:00.0151 5968  PdiService - ok
17:18:00.0187 5968  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:18:00.0197 5968  PEAUTH - ok
17:18:00.0271 5968  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:18:00.0274 5968  PerfHost - ok
17:18:00.0335 5968  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:18:00.0356 5968  pla - ok
17:18:00.0406 5968  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:18:00.0413 5968  PlugPlay - ok
17:18:00.0424 5968  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:18:00.0427 5968  PNRPAutoReg - ok
17:18:00.0445 5968  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:18:00.0449 5968  PNRPsvc - ok
17:18:00.0495 5968  [ 34A8FAE065249F85A67A3215FF5ECB34 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
17:18:00.0497 5968  Point64 - ok
17:18:00.0525 5968  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:18:00.0532 5968  PolicyAgent - ok
17:18:00.0556 5968  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:18:00.0560 5968  Power - ok
17:18:00.0592 5968  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:18:00.0595 5968  PptpMiniport - ok
17:18:00.0609 5968  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
17:18:00.0611 5968  Processor - ok
17:18:00.0666 5968  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:18:00.0671 5968  ProfSvc - ok
17:18:00.0688 5968  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:18:00.0691 5968  ProtectedStorage - ok
17:18:00.0714 5968  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:18:00.0718 5968  Psched - ok
17:18:00.0767 5968  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:18:00.0784 5968  ql2300 - ok
17:18:00.0798 5968  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:18:00.0801 5968  ql40xx - ok
17:18:00.0825 5968  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:18:00.0829 5968  QWAVE - ok
17:18:00.0844 5968  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:18:00.0846 5968  QWAVEdrv - ok
17:18:00.0863 5968  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:18:00.0865 5968  RasAcd - ok
17:18:00.0886 5968  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:18:00.0887 5968  RasAgileVpn - ok
17:18:00.0905 5968  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:18:00.0908 5968  RasAuto - ok
17:18:00.0921 5968  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:18:00.0923 5968  Rasl2tp - ok
17:18:00.0938 5968  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:18:00.0943 5968  RasMan - ok
17:18:00.0952 5968  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:18:00.0954 5968  RasPppoe - ok
17:18:00.0978 5968  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:18:00.0980 5968  RasSstp - ok
17:18:00.0997 5968  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:18:01.0001 5968  rdbss - ok
17:18:01.0006 5968  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
17:18:01.0008 5968  rdpbus - ok
17:18:01.0020 5968  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:18:01.0022 5968  RDPCDD - ok
17:18:01.0044 5968  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:18:01.0045 5968  RDPENCDD - ok
17:18:01.0053 5968  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:18:01.0054 5968  RDPREFMP - ok
17:18:01.0095 5968  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:18:01.0097 5968  RdpVideoMiniport - ok
17:18:01.0138 5968  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:18:01.0143 5968  RDPWD - ok
17:18:01.0169 5968  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:18:01.0174 5968  rdyboost - ok
17:18:01.0208 5968  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:18:01.0211 5968  RemoteAccess - ok
17:18:01.0233 5968  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:18:01.0236 5968  RemoteRegistry - ok
17:18:01.0272 5968  [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
17:18:01.0276 5968  RoxioNow Service - ok
17:18:01.0293 5968  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:18:01.0296 5968  RpcEptMapper - ok
17:18:01.0306 5968  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:18:01.0308 5968  RpcLocator - ok
17:18:01.0323 5968  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:18:01.0328 5968  RpcSs - ok
17:18:01.0348 5968  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:18:01.0351 5968  rspndr - ok
17:18:01.0405 5968  [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:18:01.0418 5968  RTL8167 - ok
17:18:01.0447 5968  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:18:01.0448 5968  SamSs - ok
17:18:01.0469 5968  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:18:01.0475 5968  sbp2port - ok
17:18:01.0500 5968  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:18:01.0505 5968  SCardSvr - ok
17:18:01.0565 5968  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:18:01.0567 5968  scfilter - ok
17:18:01.0595 5968  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:18:01.0607 5968  Schedule - ok
17:18:01.0630 5968  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:18:01.0632 5968  SCPolicySvc - ok
17:18:01.0655 5968  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
17:18:01.0658 5968  sdbus - ok
17:18:01.0673 5968  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:18:01.0677 5968  SDRSVC - ok
17:18:01.0691 5968  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:18:01.0694 5968  secdrv - ok
17:18:01.0704 5968  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:18:01.0706 5968  seclogon - ok
17:18:01.0713 5968  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:18:01.0715 5968  SENS - ok
17:18:01.0730 5968  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:18:01.0732 5968  SensrSvc - ok
17:18:01.0749 5968  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:18:01.0751 5968  Serenum - ok
17:18:01.0769 5968  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
17:18:01.0772 5968  Serial - ok
17:18:01.0785 5968  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:18:01.0787 5968  sermouse - ok
17:18:01.0812 5968  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:18:01.0820 5968  SessionEnv - ok
17:18:01.0832 5968  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:18:01.0834 5968  sffdisk - ok
17:18:01.0848 5968  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:18:01.0849 5968  sffp_mmc - ok
17:18:01.0857 5968  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:18:01.0858 5968  sffp_sd - ok
17:18:01.0869 5968  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:18:01.0877 5968  sfloppy - ok
17:18:01.0923 5968  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
17:18:01.0931 5968  Sftfs - ok
17:18:02.0026 5968  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:18:02.0037 5968  sftlist - ok
17:18:02.0069 5968  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:18:02.0074 5968  Sftplay - ok
17:18:02.0123 5968  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:18:02.0127 5968  Sftredir - ok
17:18:02.0155 5968  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
17:18:02.0160 5968  Sftvol - ok
17:18:02.0216 5968  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:18:02.0221 5968  sftvsa - ok
17:18:02.0251 5968  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:18:02.0258 5968  SharedAccess - ok
17:18:02.0284 5968  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:18:02.0289 5968  ShellHWDetection - ok
17:18:02.0314 5968  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:18:02.0316 5968  SiSRaid2 - ok
17:18:02.0338 5968  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:18:02.0340 5968  SiSRaid4 - ok
17:18:02.0398 5968  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:18:02.0403 5968  SkypeUpdate - ok
17:18:02.0431 5968  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:18:02.0435 5968  Smb - ok
17:18:02.0469 5968  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:18:02.0473 5968  SNMPTRAP - ok
17:18:02.0504 5968  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:18:02.0506 5968  spldr - ok
17:18:02.0551 5968  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:18:02.0558 5968  Spooler - ok
17:18:02.0639 5968  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:18:02.0688 5968  sppsvc - ok
17:18:02.0705 5968  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:18:02.0707 5968  sppuinotify - ok
17:18:02.0799 5968  [ 2FD9346F9D76CB4192D37329CFA47A82 ] SRTSP           C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS
17:18:02.0814 5968  SRTSP - ok
17:18:02.0829 5968  [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX          C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS
17:18:02.0831 5968  SRTSPX - ok
17:18:02.0861 5968  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:18:02.0866 5968  srv - ok
17:18:02.0886 5968  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:18:02.0903 5968  srv2 - ok
17:18:02.0925 5968  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:18:02.0928 5968  srvnet - ok
17:18:02.0955 5968  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:18:02.0958 5968  SSDPSRV - ok
17:18:02.0973 5968  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:18:02.0975 5968  SstpSvc - ok
17:18:02.0991 5968  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:18:02.0993 5968  stexstor - ok
17:18:03.0033 5968  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
17:18:03.0034 5968  StillCam - ok
17:18:03.0071 5968  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:18:03.0078 5968  stisvc - ok
17:18:03.0087 5968  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:18:03.0089 5968  swenum - ok
17:18:03.0195 5968  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:18:03.0207 5968  SwitchBoard - ok
17:18:03.0239 5968  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:18:03.0249 5968  swprv - ok
17:18:03.0288 5968  [ 52DC0048D667757A8A2E4C87182890AC ] SymDS           C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS
17:18:03.0295 5968  SymDS - ok
17:18:03.0344 5968  [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA          C:\Windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS
17:18:03.0356 5968  SymEFA - ok
17:18:03.0389 5968  [ F19E5E37ED8134B9E5F6287F2D3A75D7 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:18:03.0392 5968  SymEvent - ok
17:18:03.0408 5968  [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON         C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS
17:18:03.0411 5968  SymIRON - ok
17:18:03.0439 5968  [ 9CDCA70485BD6B9D230365F67C31F132 ] SymNetS         C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS
17:18:03.0444 5968  SymNetS - ok
17:18:03.0498 5968  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:18:03.0517 5968  SysMain - ok
17:18:03.0535 5968  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:18:03.0538 5968  TabletInputService - ok
17:18:03.0583 5968  [ E12E9D992DC2FB5BCB1616936BD03E1C ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
17:18:03.0584 5968  taphss6 - ok
17:18:03.0603 5968  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:18:03.0608 5968  TapiSrv - ok
17:18:03.0618 5968  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:18:03.0621 5968  TBS - ok
17:18:03.0703 5968  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:18:03.0728 5968  Tcpip - ok
17:18:03.0771 5968  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:18:03.0782 5968  TCPIP6 - ok
17:18:03.0823 5968  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:18:03.0825 5968  tcpipreg - ok
17:18:03.0849 5968  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:18:03.0852 5968  TDPIPE - ok
17:18:03.0894 5968  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:18:03.0897 5968  TDTCP - ok
17:18:03.0920 5968  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:18:03.0923 5968  tdx - ok
17:18:03.0949 5968  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:18:03.0951 5968  TermDD - ok
17:18:03.0980 5968  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:18:03.0989 5968  TermService - ok
17:18:03.0998 5968  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:18:04.0000 5968  Themes - ok
17:18:04.0026 5968  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:18:04.0028 5968  THREADORDER - ok
17:18:04.0039 5968  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:18:04.0042 5968  TrkWks - ok
17:18:04.0069 5968  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:18:04.0071 5968  TrustedInstaller - ok
17:18:04.0087 5968  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:18:04.0089 5968  tssecsrv - ok
17:18:04.0128 5968  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:18:04.0129 5968  TsUsbFlt - ok
17:18:04.0168 5968  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:18:04.0171 5968  TsUsbGD - ok
17:18:04.0191 5968  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:18:04.0196 5968  tunnel - ok
17:18:04.0223 5968  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:18:04.0226 5968  uagp35 - ok
17:18:04.0255 5968  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:18:04.0259 5968  udfs - ok
17:18:04.0288 5968  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:18:04.0290 5968  UI0Detect - ok
17:18:04.0306 5968  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:18:04.0308 5968  uliagpkx - ok
17:18:04.0328 5968  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:18:04.0330 5968  umbus - ok
17:18:04.0345 5968  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:18:04.0347 5968  UmPass - ok
17:18:04.0362 5968  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:18:04.0367 5968  upnphost - ok
17:18:04.0391 5968  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
17:18:04.0393 5968  USBAAPL64 - ok
17:18:04.0413 5968  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:18:04.0415 5968  usbaudio - ok
17:18:04.0429 5968  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:18:04.0431 5968  usbccgp - ok
17:18:04.0445 5968  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:18:04.0447 5968  usbcir - ok
17:18:04.0459 5968  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:18:04.0461 5968  usbehci - ok
17:18:04.0471 5968  [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter       C:\Windows\system32\drivers\usbfilter.sys
17:18:04.0473 5968  usbfilter - ok
17:18:04.0486 5968  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
17:18:04.0491 5968  usbhub - ok
17:18:04.0504 5968  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:18:04.0506 5968  usbohci - ok
17:18:04.0518 5968  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
17:18:04.0520 5968  usbprint - ok
17:18:04.0535 5968  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:18:04.0538 5968  USBSTOR - ok
17:18:04.0551 5968  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:18:04.0552 5968  usbuhci - ok
17:18:04.0573 5968  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:18:04.0575 5968  UxSms - ok
17:18:04.0580 5968  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:18:04.0581 5968  VaultSvc - ok
17:18:04.0591 5968  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:18:04.0593 5968  vdrvroot - ok
17:18:04.0612 5968  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:18:04.0618 5968  vds - ok
17:18:04.0640 5968  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:18:04.0641 5968  vga - ok
17:18:04.0658 5968  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:18:04.0660 5968  VgaSave - ok
17:18:04.0688 5968  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:18:04.0691 5968  vhdmp - ok
17:18:04.0705 5968  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:18:04.0706 5968  viaide - ok
17:18:04.0722 5968  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:18:04.0724 5968  volmgr - ok
17:18:04.0743 5968  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:18:04.0748 5968  volmgrx - ok
17:18:04.0763 5968  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:18:04.0767 5968  volsnap - ok
17:18:04.0812 5968  [ CAAFA2333B428A12BFA97ECD389F59C5 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
17:18:04.0819 5968  vpnagent - ok
17:18:04.0854 5968  [ E526A69D932538AE8BC96B3F4A5A90B1 ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
17:18:04.0856 5968  vpnva - ok
17:18:04.0882 5968  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:18:04.0885 5968  vsmraid - ok
17:18:04.0929 5968  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:18:04.0948 5968  VSS - ok
17:18:04.0973 5968  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:18:04.0975 5968  vwifibus - ok
17:18:04.0981 5968  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:18:04.0983 5968  vwififlt - ok
17:18:05.0037 5968  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:18:05.0039 5968  vwifimp - ok
17:18:05.0142 5968  [ C366AE91D2CC2C1C25380061D235C36B ] VX3000          C:\Windows\system32\DRIVERS\VX3000.sys
17:18:05.0169 5968  VX3000 - ok
17:18:05.0179 5968  vzandnetadb - ok
17:18:05.0195 5968  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:18:05.0201 5968  W32Time - ok
17:18:05.0218 5968  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:18:05.0220 5968  WacomPen - ok
17:18:05.0244 5968  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:18:05.0246 5968  WANARP - ok
17:18:05.0251 5968  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:18:05.0252 5968  Wanarpv6 - ok
17:18:05.0332 5968  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:18:05.0350 5968  WatAdminSvc - ok
17:18:05.0396 5968  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:18:05.0414 5968  wbengine - ok
17:18:05.0424 5968  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:18:05.0428 5968  WbioSrvc - ok
17:18:05.0447 5968  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:18:05.0452 5968  wcncsvc - ok
17:18:05.0466 5968  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:18:05.0468 5968  WcsPlugInService - ok
17:18:05.0491 5968  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
17:18:05.0492 5968  Wd - ok
17:18:05.0535 5968  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
17:18:05.0537 5968  WDC_SAM - ok
17:18:05.0618 5968  [ 7DEDECC376B29A973A0F3384D135F2DA ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
17:18:05.0625 5968  WDDMService - ok
17:18:05.0678 5968  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:18:05.0691 5968  Wdf01000 - ok
17:18:05.0774 5968  [ 8E798F577A684A5F1E464D954C6C7F1E ] WDFMEService    C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
17:18:05.0799 5968  WDFMEService - ok
17:18:05.0815 5968  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:18:05.0818 5968  WdiServiceHost - ok
17:18:05.0822 5968  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:18:05.0824 5968  WdiSystemHost - ok
17:18:05.0869 5968  [ 65D571576E366067C22F22B3E919EF8C ] WDRulesService  C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
17:18:05.0883 5968  WDRulesService - ok
17:18:05.0901 5968  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:18:05.0905 5968  WebClient - ok
17:18:05.0918 5968  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:18:05.0922 5968  Wecsvc - ok
17:18:05.0939 5968  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:18:05.0942 5968  wercplsupport - ok
17:18:05.0963 5968  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:18:05.0965 5968  WerSvc - ok
17:18:05.0996 5968  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:18:05.0998 5968  WfpLwf - ok
17:18:06.0008 5968  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:18:06.0009 5968  WIMMount - ok
17:18:06.0031 5968  WinDefend - ok
17:18:06.0042 5968  WinHttpAutoProxySvc - ok
17:18:06.0086 5968  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:18:06.0090 5968  Winmgmt - ok
17:18:06.0136 5968  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:18:06.0160 5968  WinRM - ok
17:18:06.0192 5968  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:18:06.0194 5968  WinUsb - ok
17:18:06.0220 5968  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:18:06.0230 5968  Wlansvc - ok
17:18:06.0266 5968  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:18:06.0269 5968  wlcrasvc - ok
17:18:06.0347 5968  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:18:06.0383 5968  wlidsvc - ok
17:18:06.0398 5968  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:18:06.0400 5968  WmiAcpi - ok
17:18:06.0426 5968  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:18:06.0429 5968  wmiApSrv - ok
17:18:06.0453 5968  WMPNetworkSvc - ok
17:18:06.0479 5968  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:18:06.0482 5968  WPCSvc - ok
17:18:06.0491 5968  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:18:06.0493 5968  WPDBusEnum - ok
17:18:06.0518 5968  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:18:06.0520 5968  ws2ifsl - ok
17:18:06.0532 5968  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:18:06.0535 5968  wscsvc - ok
17:18:06.0576 5968  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
17:18:06.0578 5968  WSDPrintDevice - ok
17:18:06.0588 5968  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
17:18:06.0589 5968  WSDScan - ok
17:18:06.0594 5968  WSearch - ok
17:18:06.0682 5968  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:18:06.0712 5968  wuauserv - ok
17:18:06.0744 5968  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:18:06.0746 5968  WudfPf - ok
17:18:06.0778 5968  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:18:06.0781 5968  WUDFRd - ok
17:18:06.0791 5968  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:18:06.0794 5968  wudfsvc - ok
17:18:06.0832 5968  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:18:06.0841 5968  WwanSvc - ok
17:18:06.0914 5968  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:18:06.0923 5968  YahooAUService - ok
17:18:06.0955 5968  ================ Scan global ===============================
17:18:06.0971 5968  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:18:07.0006 5968  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:18:07.0017 5968  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:18:07.0041 5968  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:18:07.0060 5968  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:18:07.0066 5968  [Global] - ok
17:18:07.0066 5968  ================ Scan MBR ==================================
17:18:07.0074 5968  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:18:07.0577 5968  \Device\Harddisk0\DR0 - ok
17:18:07.0586 5968  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:18:08.0000 5968  \Device\Harddisk1\DR1 - ok
17:18:08.0011 5968  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
17:18:08.0185 5968  \Device\Harddisk2\DR2 - ok
17:18:08.0186 5968  ================ Scan VBR ==================================
17:18:08.0194 5968  [ 1A2274C872A1769FEA799692EA11AEE1 ] \Device\Harddisk0\DR0\Partition1
17:18:08.0197 5968  \Device\Harddisk0\DR0\Partition1 - ok
17:18:08.0215 5968  [ 539438188D9C48C901366CEA126C9BBB ] \Device\Harddisk0\DR0\Partition2
17:18:08.0217 5968  \Device\Harddisk0\DR0\Partition2 - ok
17:18:08.0271 5968  [ FCB75B07E4CF71E73C1EDD646F554A50 ] \Device\Harddisk0\DR0\Partition3
17:18:08.0302 5968  \Device\Harddisk0\DR0\Partition3 - ok
17:18:08.0310 5968  [ 70B4B2BDAB8248E42672030E3555D37D ] \Device\Harddisk1\DR1\Partition1
17:18:08.0317 5968  \Device\Harddisk1\DR1\Partition1 - ok
17:18:08.0326 5968  [ E62C737D6AE0B9D1B641469441AA7235 ] \Device\Harddisk2\DR2\Partition1
17:18:08.0329 5968  \Device\Harddisk2\DR2\Partition1 - ok
17:18:08.0331 5968  ============================================================
17:18:08.0331 5968  Scan finished
17:18:08.0331 5968  ============================================================
17:18:08.0349 4212  Detected object count: 0
17:18:08.0349 4212  Actual detected object count: 0
17:19:14.0991 0328  Deinitialize success
 
C:\torrent.exe NSIS/TrojanDownloader.Agent.NLH trojan
C:\MGtools\Process.exe Win32/PrcView application
C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect.A application
C:\Users\Home\Documents\Downloads\cnet_Backyard_exe (1).exe a variant of Win32/InstallCore.D application
C:\Users\Home\Documents\Downloads\cnet_Backyard_exe (2).exe a variant of Win32/InstallCore.D application
C:\Users\Home\Documents\Downloads\cnet_Backyard_exe (3).exe a variant of Win32/InstallCore.D application
C:\Users\Home\Documents\Downloads\cnet_Backyard_exe (4).exe a variant of Win32/InstallCore.D application
C:\Users\Home\Documents\Downloads\cnet_Backyard_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Home\Downloads\ADLSoft_UnCompressor_v2_3 (1).exe a variant of Win32/InstallCore.AG application
C:\Users\Home\Downloads\ADLSoft_UnCompressor_v2_3.exe a variant of Win32/InstallCore.AG application
C:\Users\Home\Downloads\bakery_story_hack_no_survey_downloader_us_257 (1).exe a variant of Win32/YourFileDownloader.B application
C:\Users\Home\Downloads\bakery_story_hack_no_survey_downloader_us_257.exe a variant of Win32/YourFileDownloader.B application
C:\Users\Home\Downloads\cbsidlm-tr1_13-Age_of_Empires_II_The_Age_of_Kings-ORG-10034651.exe Win32/DownloadAdmin.G application
C:\Users\Home\Downloads\cbsidlm-tr1_13-XPlane-ORG-10034826.exe Win32/DownloadAdmin.G application
C:\Users\Home\Downloads\fileviewer.exe a variant of Win32/InstallIQ application
C:\Users\Home\Downloads\FoxitReader543.0920_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Home\Downloads\FreeMP4VideoConverter.exe Win32/OpenCandy application
C:\Users\Home\Downloads\infoatoms_d3811980.exe a variant of Win32/InstallIQ.A application
C:\Users\Home\Downloads\unlock_games.exe a variant of Win32/OpenInstall application
C:\Users\Home\Downloads\WinZip175.exe a variant of Win32/OpenInstall application


#4 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 AM

Posted 12 August 2013 - 03:16 AM

:step1: Remove all the files that have been found by ESET and clean the recycle bin. If it's too difficult just run the scan again and check "Remove found threats".

 

:step2: Use AdwCleaner 

 

       http://www.bleepingcomputer.com/download/adwcleaner/

       

    Note: Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable/DisableAskDetections before using AdwCleaner.

 

  • Using AdwCleaner is very simple. Simply download the program and run it.  You will then be presented with a screen that contains a Search and Delete button.  The Search button will cause AdwCleaner to search your computer for unwanted programs and then display a log showing the various files, folders, and registry entries used by these programs.
     
  • To delete these unwanted programs simply click on the Delete button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing.  On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed.

Post the log.


Edited by GodfatherKing, 12 August 2013 - 03:17 AM.

If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#5 aemidnight

aemidnight
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 12 August 2013 - 10:00 PM

Dont think it is working.

 

ESET scan works for awhile and then stops saying user stopped search.

 

last time it found three files

 

C:\torrent.exe NSIS/TrojanDownloader.Agent.NLH trojan
C:\MGtools\Process.exe Win32/PrcView application
C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect.A application
 

which i tried to remove manually, and are gone

 

adwcleaner

 

# AdwCleaner v2.306 - Logfile created 08/12/2013 at 22:45:30
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Home - HOME-HP
# Boot Mode : Normal
# Running from : C:\Users\Home\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\ProgramData\Browser Manager
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v22.0 (en-US)
 
File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\wzkpj17c.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [6166 octets] - [10/08/2013 18:00:50]
AdwCleaner[S1].txt - [6063 octets] - [10/08/2013 18:01:43]
AdwCleaner[S2].txt - [1229 octets] - [10/08/2013 18:08:09]
AdwCleaner[S3].txt - [1171 octets] - [12/08/2013 22:36:56]
AdwCleaner[S4].txt - [1098 octets] - [12/08/2013 22:45:30]
 
########## EOF - C:\AdwCleaner[S4].txt - [1158 octets] ##########
 

 

but still not working, stuff still popping up in google chrome, ie looks fine.

 

 



#6 aemidnight

aemidnight
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 12 August 2013 - 10:00 PM

Dont think it is working.

 

ESET scan works for awhile and then stops saying user stopped search.

 

last time it found three files

 

C:\torrent.exe NSIS/TrojanDownloader.Agent.NLH trojan
C:\MGtools\Process.exe Win32/PrcView application
C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect.A application
 

which i tried to remove manually, and are gone

 

adwcleaner

 

# AdwCleaner v2.306 - Logfile created 08/12/2013 at 22:45:30
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Home - HOME-HP
# Boot Mode : Normal
# Running from : C:\Users\Home\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\ProgramData\Browser Manager
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v22.0 (en-US)
 
File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\wzkpj17c.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [6166 octets] - [10/08/2013 18:00:50]
AdwCleaner[S1].txt - [6063 octets] - [10/08/2013 18:01:43]
AdwCleaner[S2].txt - [1229 octets] - [10/08/2013 18:08:09]
AdwCleaner[S3].txt - [1171 octets] - [12/08/2013 22:36:56]
AdwCleaner[S4].txt - [1098 octets] - [12/08/2013 22:45:30]
 
########## EOF - C:\AdwCleaner[S4].txt - [1158 octets] ##########
 

 

but still not working, stuff still popping up in google chrome, ie looks fine.

 

 



#7 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 AM

Posted 13 August 2013 - 02:21 AM

Download Malwarebytes Anti-Rootkit from HERE to your Desktop.

  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#8 aemidnight

aemidnight
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 13 August 2013 - 07:56 PM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
Someone may have hit cleanup while i was at work, 
 
still have same problem, but here are the two logs, 
 
if you need me to rerun and repost let me know.
 
thanks for your assistance
 
 
Internet Explorer version: 10.0.9200.16635
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, H:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.695000 GHz
Memory total: 3744272384, free: 2198548480
 
Downloaded database version: v2013.08.13.01
Initializing...
------------ Kernel report ------------
     08/13/2013 07:09:28
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\amd_sata.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\ccSetx64.sys
\SystemRoot\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS
\SystemRoot\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS
\SystemRoot\system32\drivers\N360x64\1404000.028\Ironx64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\drivers\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\usbohci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbfilter.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\drivers\amdppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\wdcsam64.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\VX3000.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130812.016\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130812.016\ENG64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130810.001\IDSvia64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\kernel32.dll
\Windows\System32\psapi.dll
\Windows\System32\shell32.dll
\Windows\System32\imm32.dll
\Windows\System32\normaliz.dll
\Windows\System32\ws2_32.dll
\Windows\System32\user32.dll
\Windows\System32\ole32.dll
\Windows\System32\usp10.dll
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\msctf.dll
\Windows\System32\shlwapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\oleaut32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\urlmon.dll
\Windows\System32\iertutil.dll
\Windows\System32\msvcrt.dll
\Windows\System32\gdi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\nsi.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8006a89060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa8006a56b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8004f79790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xfffffa8004f717a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004600530
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006a\
Lower Device Object: 0xfffffa80043a1060
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004600530, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004601040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004600530, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80043a5040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80043a1060, DeviceName: \Device\0000006a\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F01B3A9D
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1928591360
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1928798208  Numsec = 24723456
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8004f79790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006653b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004f79790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004f717a0, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 64C746C5
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 976705536
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500074283008 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8006a89060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006a57040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006a89060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006a56b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
 
Partition information:
 
    Partition 0 type is Other (0x6)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 137  Numsec = 3841911
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1967128576 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_r.mbam...
Removal finished
 
 
Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org
 
Database version: v2013.08.13.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Home :: HOME-HP [administrator]
 
8/13/2013 7:09:34 AM
mbar-log-2013-08-13 (07-09-34).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 282499
Time elapsed: 31 minute(s), 42 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 

 



#9 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 AM

Posted 14 August 2013 - 01:37 AM

:step1: Use AdwCleaner 

 

       http://www.bleepingcomputer.com/download/adwcleaner/

       

    Note: Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable/DisableAskDetections before using AdwCleaner.

 

  • Using AdwCleaner is very simple. Simply download the program and run it.  You will then be presented with a screen that contains a Search and Delete button.  The Search button will cause AdwCleaner to search your computer for unwanted programs and then display a log showing the various files, folders, and registry entries used by these programs.
     
  • To delete these unwanted programs simply click on the Delete button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing.  On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed.

Post the log.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#10 aemidnight

aemidnight
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 14 August 2013 - 08:43 PM

# AdwCleaner v2.306 - Logfile created 08/14/2013 at 21:41:21
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Home - HOME-HP
# Boot Mode : Normal
# Running from : C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JC3G24JE\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\wzkpj17c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Found : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\wzkpj17c.default\searchplugins\Conduit.xml
File Found : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\wzkpj17c.default\searchplugins\SweetIm.xml
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\MixiDJ_V37
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files\Updater By SweetPacks
Folder Found : C:\Users\Home\AppData\Local\Conduit
Folder Found : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Folder Found : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Folder Found : C:\Users\Home\AppData\Local\Temp\CT3298573
Folder Found : C:\Users\Home\AppData\LocalLow\Conduit
Folder Found : C:\Users\Home\AppData\LocalLow\MixiDJ_V37
Folder Found : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\wzkpj17c.default\CT3298573
Folder Found : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\wzkpj17c.default\extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
Folder Found : C:\Windows\SysWOW64\jmdp
Folder Found : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKCU\Software\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298573
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKU\S-1-5-21-2080427697-1060776681-3116509840-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={5E6DECE1-054A-11E3-9293-386077413078}
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={5E6DECE1-054A-11E3-9293-386077413078}

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\wzkpj17c.default\prefs.js

Found : user_pref("CT3298573.FF19Solved", "true");
Found : user_pref("CT3298573.UserID", "UN24735006465403601");
Found : user_pref("CT3298573.browser.search.defaultthis.engineName", "true");
Found : user_pref("CT3298573.fullUserID", "UN24735006465403601.IN.20130814212657");
Found : user_pref("CT3298573.installDate", "14/08/2013 21:26:57");
Found : user_pref("CT3298573.installSessionId", "{8AE59145-4785-4453-A85E-DC6B1EE8805B}");
Found : user_pref("CT3298573.installSp", "TRUE");
Found : user_pref("CT3298573.installerVersion", "1.5.4.5");
Found : user_pref("CT3298573.keyword", "true");
Found : user_pref("CT3298573.originalHomepage", "about:home");
Found : user_pref("CT3298573.originalSearchAddressUrl", "");
Found : user_pref("CT3298573.originalSearchEngine", "");
Found : user_pref("CT3298573.originalSearchEngineName", "");
Found : user_pref("CT3298573.searchRevert", "false");
Found : user_pref("CT3298573.searchUserMode", "2");
Found : user_pref("CT3298573.smartbar.homepage", "true");
Found : user_pref("CT3298573.versionFromInstaller", "10.16.9.6");
Found : user_pref("CT3298573.xpeMode", "0");
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("browser.search.defaultthis.engineName", "MixiDJ V37 Customized Web Search");
Found : user_pref("browser.startup.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045[...]
Found : user_pref("keyword.URL", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10045&barid={5E6DEC[...]
Found : user_pref("smartbar.addressBarOwnerCTID", "CT3298573");
Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN247350064[...]
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298573");
Found : user_pref("smartbar.homePageOwnerCTID", "CT3298573");
Found : user_pref("smartbar.machineId", "PIVUQ/69+6ZVYRAUPY6HQ0VN3PNZLCREG6S7NJHMQQVCEVBRBPAIU7ZL6PILDL+UBXE[...]
Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN247350064654[...]
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT32[...]
Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MixiDJ V37 Customized Web Se[...]
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MixiDJ V37 Customized Web Searc[...]
Found : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.52] : icon_url = "hxxp://search.conduit.com/fav.ico",
Found [l.55] : keyword = "search.conduit.com",
Found [l.59] : search_url = "hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={5E6DECE1-054A-11E3-9293-386077413078}&crg=3.5000006.10045&st=23",
Found [l.60] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN93008809223052241&UM=2"
Found [l.2288] : homepage = "hxxp://search.conduit.com/?ctid=CT3298573&SearchSource=48&CUI=UN93008809223052241&UM=2",

*************************

AdwCleaner[R1].txt - [6166 octets] - [10/08/2013 18:00:50]
AdwCleaner[R2].txt - [12412 octets] - [14/08/2013 21:33:27]
AdwCleaner[R3].txt - [7286 octets] - [14/08/2013 21:41:21]
AdwCleaner[S1].txt - [6063 octets] - [10/08/2013 18:01:43]
AdwCleaner[S2].txt - [1229 octets] - [10/08/2013 18:08:09]
AdwCleaner[S3].txt - [1171 octets] - [12/08/2013 22:36:56]
AdwCleaner[S4].txt - [1227 octets] - [12/08/2013 22:45:30]

########## EOF - C:\AdwCleaner[R3].txt - [7586 octets] ##########



#11 aemidnight

aemidnight
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 14 August 2013 - 08:49 PM

# AdwCleaner v2.306 - Logfile created 08/14/2013 at 21:43:05
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Home - HOME-HP
# Boot Mode : Normal
# Running from : C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JC3G24JE\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
File Deleted : C:\END
File Deleted : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\wzkpj17c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\wzkpj17c.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\wzkpj17c.default\searchplugins\SweetIm.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MixiDJ_V37
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\Users\Home\AppData\Local\Conduit
Folder Deleted : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Folder Deleted : C:\Users\Home\AppData\Local\Temp\CT3298573
Folder Deleted : C:\Users\Home\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Home\AppData\LocalLow\MixiDJ_V37
Folder Deleted : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\wzkpj17c.default\CT3298573
Folder Deleted : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\wzkpj17c.default\extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={5E6DECE1-054A-11E3-9293-386077413078} --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\wzkpj17c.default\prefs.js

Deleted : user_pref("CT3298573.FF19Solved", "true");
Deleted : user_pref("CT3298573.UserID", "UN24735006465403601");
Deleted : user_pref("CT3298573.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3298573.fullUserID", "UN24735006465403601.IN.20130814212657");
Deleted : user_pref("CT3298573.installDate", "14/08/2013 21:26:57");
Deleted : user_pref("CT3298573.installSessionId", "{8AE59145-4785-4453-A85E-DC6B1EE8805B}");
Deleted : user_pref("CT3298573.installSp", "TRUE");
Deleted : user_pref("CT3298573.installerVersion", "1.5.4.5");
Deleted : user_pref("CT3298573.keyword", "true");
Deleted : user_pref("CT3298573.originalHomepage", "about:home");
Deleted : user_pref("CT3298573.originalSearchAddressUrl", "");
Deleted : user_pref("CT3298573.originalSearchEngine", "");
Deleted : user_pref("CT3298573.originalSearchEngineName", "");
Deleted : user_pref("CT3298573.searchRevert", "false");
Deleted : user_pref("CT3298573.searchUserMode", "2");
Deleted : user_pref("CT3298573.smartbar.homepage", "true");
Deleted : user_pref("CT3298573.versionFromInstaller", "10.16.9.6");
Deleted : user_pref("CT3298573.xpeMode", "0");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V37 Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045[...]
Deleted : user_pref("keyword.URL", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10045&barid={5E6DEC[...]
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298573");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN247350064[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298573");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298573");
Deleted : user_pref("smartbar.machineId", "PIVUQ/69+6ZVYRAUPY6HQ0VN3PNZLCREG6S7NJHMQQVCEVBRBPAIU7ZL6PILDL+UBXE[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN247350064654[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT32[...]
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MixiDJ V37 Customized Web Se[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MixiDJ V37 Customized Web Searc[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.52] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.55] : keyword = "search.conduit.com",
Deleted [l.59] : search_url = "hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={5E6DECE1-054A-11E3-929[...]
Deleted [l.60] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=U[...]
Deleted [l.2288] : homepage = "hxxp://search.conduit.com/?ctid=CT3298573&SearchSource=48&CUI=UN93008809223052241&UM[...]

*************************

AdwCleaner[R1].txt - [6166 octets] - [10/08/2013 18:00:50]
AdwCleaner[R2].txt - [12412 octets] - [14/08/2013 21:33:27]
AdwCleaner[R3].txt - [7653 octets] - [14/08/2013 21:41:21]
AdwCleaner[S1].txt - [6063 octets] - [10/08/2013 18:01:43]
AdwCleaner[S2].txt - [1229 octets] - [10/08/2013 18:08:09]
AdwCleaner[S3].txt - [1171 octets] - [12/08/2013 22:36:56]
AdwCleaner[S4].txt - [1227 octets] - [12/08/2013 22:45:30]
AdwCleaner[S5].txt - [7207 octets] - [14/08/2013 21:43:05]

########## EOF - C:\AdwCleaner[S5].txt - [7267 octets] ##########



#12 aemidnight

aemidnight
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 14 August 2013 - 08:51 PM

also error message came up on start up

 

there was a problem starting c:\program files (x86)\conduit\ct3298573\plugins\tbverifier.dll

 

the specific module could not be found



#13 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 AM

Posted 17 August 2013 - 04:04 AM

Restart the computer, does the issue reoccur? 


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#14 aemidnight

aemidnight
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 17 August 2013 - 08:28 AM

yes, the same issue occurs



#15 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 AM

Posted 17 August 2013 - 09:01 AM

:step1: Download AutoRuns

    ==> http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

 

:step2: Run autoruns en search for tbverifier.dll and uncheck the checkbox.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users