Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware - saveshare virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 kobe700

kobe700

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 06 September 2013 - 04:32 PM

Hi,

 

I installed a program with this virus and have been unsuccessful in trying to remove it manually. There a lots of popup ads and hyperlink ads when viewing websites. Thanks for your help.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by SPRINT at 14:26:57 on 2013-09-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3543.1579 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN24180104031784425&UM=2&ctid=CT3289847
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\sprint\appdata\roaming\flashgetbho\FlashGetBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [LiveSupport] "c:\program files\livesupport\LiveSupport.exe" /noshow /log
uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgetallurl.htm
IE: Download all videos by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgetallflvurl.htm
IE: Download by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgeturl.htm
IE: Download current video by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgetflvurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.60.222 192.168.60.4 207.182.98.2 198.6.100.25 198.6.100.38
TCP: Interfaces\{005CA9A5-B8F6-42E4-8410-A712FA9FE828} : DHCPNameServer = 192.168.60.222 192.168.60.4 207.182.98.2 198.6.100.25 198.6.100.38
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sprint\appdata\roaming\mozilla\firefox\profiles\3fx54uhp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN32065231314256744&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke New Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-08-19 12:21; {02450914-cdd9-410f-b1da-db004e18c671}; c:\users\sprint\appdata\roaming\mozilla\firefox\profiles\3fx54uhp.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi
FF - ExtSQL: 2013-08-21 17:15; support@lastpass.com; c:\users\sprint\appdata\roaming\mozilla\firefox\profiles\3fx54uhp.default\extensions\support@lastpass.com
FF - ExtSQL: 2013-08-29 09:47; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; c:\users\sprint\appdata\roaming\mozilla\firefox\profiles\3fx54uhp.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF - ExtSQL: 2013-09-03 14:24; {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}; c:\users\sprint\appdata\roaming\mozilla\firefox\profiles\3fx54uhp.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - ExtSQL: 2013-09-04 13:15; gg2fs1@hqetwq.edu; c:\users\sprint\appdata\roaming\mozilla\firefox\profiles\3fx54uhp.default\extensions\gg2fs1@hqetwq.edu
FF - ExtSQL: 2013-09-04 13:17; {739df940-c5ee-4bab-9d7e-270894ae687a}; c:\users\sprint\appdata\roaming\mozilla\firefox\profiles\3fx54uhp.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
FF - ExtSQL: 2013-09-04 15:16; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\sprint\appdata\roaming\mozilla\firefox\profiles\3fx54uhp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-5-5 266408]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-6-20 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-6-20 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-6-20 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-6-7 1343400]
.
=============== Created Last 30 ================
.
2013-09-06 20:48:33    7166848    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{e38fc508-1c96-4705-b399-5ab4d8ff6991}\mpengine.dll
2013-09-05 19:04:56    --------    d-----w-    C:\Downloads
2013-09-05 19:04:14    --------    d-----w-    c:\users\sprint\appdata\roaming\FlashgetSetup
2013-09-05 19:04:14    --------    d-----w-    c:\users\sprint\appdata\roaming\BITS
2013-09-05 19:04:09    --------    d-----w-    c:\users\sprint\appdata\roaming\FlashGetBHO
2013-09-05 19:04:05    --------    d-----w-    c:\users\sprint\appdata\roaming\FlashGet
2013-09-05 19:04:05    --------    d-----w-    c:\program files\FlashGet Network
2013-09-05 16:27:07    --------    d-----w-    c:\users\sprint\.ScreamingFrogSEOSpider
2013-09-05 16:26:58    --------    d-----w-    c:\program files\Screaming Frog SEO Spider
2013-09-04 20:17:43    --------    d-----w-    c:\users\sprint\appdata\local\CRE
2013-09-04 20:17:32    --------    d-----w-    c:\program files\Conduit
2013-09-04 20:17:17    --------    d-----w-    c:\users\sprint\appdata\local\Conduit
2013-09-04 20:17:00    --------    d-----w-    c:\programdata\SummerSoft
2013-09-04 20:15:54    --------    d-----w-    c:\program files\Optimizer Pro
2013-09-04 20:15:33    --------    d-----w-    c:\program files\SaveShare
2013-09-04 20:15:25    --------    d-----w-    c:\programdata\savenshoare
2013-09-04 20:14:10    --------    d-----w-    c:\programdata\InstallMate
2013-09-03 19:19:31    --------    d-----w-    c:\program files\Market Samurai
2013-09-03 19:11:23    --------    d-----w-    c:\users\sprint\appdata\roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2013-09-03 19:11:23    --------    d-----w-    c:\users\sprint\appdata\roaming\MarketSamurai
2013-08-31 00:26:22    --------    d-----w-    c:\programdata\u2bviews
2013-08-31 00:26:21    --------    d-----w-    c:\users\sprint\appdata\local\Geckofx
2013-08-30 23:51:45    --------    d-----w-    c:\program files\U2bviews
2013-08-30 17:55:07    --------    d-----w-    c:\users\sprint\appdata\local\gtk-2.0
2013-08-30 17:55:04    --------    d-----w-    c:\users\sprint\.thumbnails
2013-08-29 16:35:16    --------    d-----w-    c:\users\sprint\appdata\local\gegl-0.2
2013-08-29 16:35:16    --------    d-----w-    c:\users\sprint\.gimp-2.8
2013-08-29 16:29:45    --------    d-----w-    c:\program files\GIMP 2
2013-08-29 16:29:44    --------    d-----w-    c:\users\sprint\appdata\local\Programs
2013-08-28 23:43:02    --------    d-----w-    c:\program files\Tube Increaser
2013-08-19 18:36:49    --------    d-----w-    c:\users\sprint\appdata\local\Macromedia
2013-08-19 18:34:35    --------    d-----w-    c:\users\sprint\appdata\local\Mozilla
2013-08-19 18:19:54    --------    d-----w-    c:\users\sprint\appdata\local\Google
2013-08-19 18:19:46    --------    d-----w-    c:\users\sprint\appdata\local\Deployment
2013-08-19 18:19:46    --------    d-----w-    c:\users\sprint\appdata\local\Apps
2013-08-14 10:38:18    652800    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-14 10:38:17    1166848    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 10:38:16    175104    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 10:38:16    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 10:38:16    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-14 10:38:12    3968960    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-14 10:38:12    3913664    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-14 10:38:12    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-14 10:38:11    1293760    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-14 10:38:10    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-14 10:38:05    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-14 10:38:03    31232    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
.
==================== Find3M  ====================
.
2013-08-20 21:35:22    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 21:35:22    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-02 23:59:03    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-08-02 23:59:00    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-08-02 23:59:00    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-26 03:13:24    1767936    ----a-w-    c:\windows\system32\wininet.dll
2013-07-26 03:12:04    2877440    ----a-w-    c:\windows\system32\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-07-26 02:49:14    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-07-26 01:59:38    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-06-18 10:02:26    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
============= FINISH: 14:27:20.66 ===============
 

 

Attached Files


Edited by kobe700, 06 September 2013 - 04:33 PM.


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:29 PM

Posted 10 September 2013 - 12:18 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 
81mYIKe.jpgAdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 kobe700

kobe700
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 10 September 2013 - 02:13 PM

12:12:53.0064 3492  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:12:53.0625 3492  ============================================================
12:12:53.0625 3492  Current date / time: 2013/09/10 12:12:53.0625
12:12:53.0625 3492  SystemInfo:
12:12:53.0625 3492  
12:12:53.0625 3492  OS Version: 6.1.7601 ServicePack: 1.0
12:12:53.0625 3492  Product type: Workstation
12:12:53.0625 3492  ComputerName: SPRINT-PC
12:12:53.0625 3492  UserName: SPRINT
12:12:53.0625 3492  Windows directory: C:\Windows
12:12:53.0625 3492  System windows directory: C:\Windows
12:12:53.0625 3492  Processor architecture: Intel x86
12:12:53.0625 3492  Number of processors: 2
12:12:53.0625 3492  Page size: 0x1000
12:12:53.0626 3492  Boot type: Normal boot
12:12:53.0626 3492  ============================================================
12:12:55.0517 3492  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:12:55.0626 3492  ============================================================
12:12:55.0626 3492  \Device\Harddisk0\DR0:
12:12:55.0626 3492  MBR partitions:
12:12:55.0626 3492  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE800
12:12:55.0626 3492  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF000, BlocksNum 0x129F6800
12:12:55.0626 3492  ============================================================
12:12:55.0628 3492  C: <-> \Device\Harddisk0\DR0\Partition2
12:12:55.0628 3492  ============================================================
12:12:55.0628 3492  Initialize success
12:12:55.0628 3492  ============================================================
12:12:58.0076 5292  ============================================================
12:12:58.0076 5292  Scan started
12:12:58.0076 5292  Mode: Manual;
12:12:58.0076 5292  ============================================================
12:12:58.0893 5292  ================ Scan system memory ========================
12:12:58.0893 5292  System memory - ok
12:12:58.0893 5292  ================ Scan services =============================
12:12:59.0061 5292  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:12:59.0063 5292  1394ohci - ok
12:12:59.0193 5292  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:12:59.0224 5292  ACPI - ok
12:12:59.0248 5292  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:12:59.0249 5292  AcpiPmi - ok
12:12:59.0282 5292  [ 6C61BCEB60C2C187E6F96001FD69493E ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
12:12:59.0287 5292  ADIHdAudAddService - ok
12:12:59.0398 5292  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:12:59.0399 5292  AdobeARMservice - ok
12:12:59.0452 5292  [ 3109B16A0939BA11696EEB04F345D099 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:12:59.0454 5292  AdobeFlashPlayerUpdateSvc - ok
12:12:59.0516 5292  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:12:59.0531 5292  adp94xx - ok
12:12:59.0550 5292  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:12:59.0554 5292  adpahci - ok
12:12:59.0582 5292  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:12:59.0586 5292  adpu320 - ok
12:12:59.0620 5292  [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
12:12:59.0622 5292  AEADIFilters - ok
12:12:59.0647 5292  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:12:59.0648 5292  AeLookupSvc - ok
12:12:59.0702 5292  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
12:12:59.0706 5292  AFD - ok
12:12:59.0728 5292  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:12:59.0729 5292  agp440 - ok
12:12:59.0760 5292  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
12:12:59.0762 5292  aic78xx - ok
12:12:59.0779 5292  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
12:12:59.0781 5292  ALG - ok
12:12:59.0814 5292  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:12:59.0815 5292  aliide - ok
12:12:59.0832 5292  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:12:59.0834 5292  amdagp - ok
12:12:59.0852 5292  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:12:59.0853 5292  amdide - ok
12:12:59.0875 5292  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:12:59.0877 5292  AmdK8 - ok
12:12:59.0892 5292  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:12:59.0894 5292  AmdPPM - ok
12:12:59.0928 5292  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:12:59.0930 5292  amdsata - ok
12:12:59.0946 5292  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:12:59.0963 5292  amdsbs - ok
12:12:59.0975 5292  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:12:59.0975 5292  amdxata - ok
12:12:59.0996 5292  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
12:12:59.0998 5292  AppID - ok
12:13:00.0029 5292  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:13:00.0031 5292  AppIDSvc - ok
12:13:00.0056 5292  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
12:13:00.0058 5292  Appinfo - ok
12:13:00.0082 5292  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
12:13:00.0085 5292  arc - ok
12:13:00.0100 5292  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:13:00.0102 5292  arcsas - ok
12:13:00.0203 5292  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:13:00.0214 5292  aspnet_state - ok
12:13:00.0270 5292  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:13:00.0272 5292  AsyncMac - ok
12:13:00.0290 5292  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
12:13:00.0291 5292  atapi - ok
12:13:00.0328 5292  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:13:00.0334 5292  AudioEndpointBuilder - ok
12:13:00.0344 5292  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:13:00.0347 5292  Audiosrv - ok
12:13:00.0369 5292  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:13:00.0371 5292  AxInstSV - ok
12:13:00.0396 5292  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
12:13:00.0403 5292  b06bdrv - ok
12:13:00.0431 5292  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:13:00.0434 5292  b57nd60x - ok
12:13:00.0451 5292  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:13:00.0454 5292  BDESVC - ok
12:13:00.0467 5292  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:13:00.0468 5292  Beep - ok
12:13:00.0493 5292  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
12:13:00.0499 5292  BFE - ok
12:13:00.0534 5292  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
12:13:00.0551 5292  BITS - ok
12:13:00.0582 5292  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:13:00.0584 5292  blbdrive - ok
12:13:00.0613 5292  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:13:00.0615 5292  bowser - ok
12:13:00.0639 5292  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:13:00.0640 5292  BrFiltLo - ok
12:13:00.0654 5292  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:13:00.0655 5292  BrFiltUp - ok
12:13:00.0684 5292  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
12:13:00.0687 5292  Browser - ok
12:13:00.0701 5292  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:13:00.0706 5292  Brserid - ok
12:13:00.0735 5292  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:13:00.0737 5292  BrSerWdm - ok
12:13:00.0766 5292  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:13:00.0767 5292  BrUsbMdm - ok
12:13:00.0780 5292  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:13:00.0781 5292  BrUsbSer - ok
12:13:00.0798 5292  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:13:00.0799 5292  BTHMODEM - ok
12:13:00.0830 5292  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
12:13:00.0832 5292  bthserv - ok
12:13:00.0862 5292  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:13:00.0864 5292  cdfs - ok
12:13:00.0884 5292  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:13:00.0886 5292  cdrom - ok
12:13:00.0902 5292  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:13:00.0903 5292  CertPropSvc - ok
12:13:00.0914 5292  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:13:00.0915 5292  circlass - ok
12:13:00.0931 5292  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
12:13:00.0934 5292  CLFS - ok
12:13:00.0986 5292  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:13:00.0990 5292  clr_optimization_v2.0.50727_32 - ok
12:13:01.0033 5292  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:13:01.0050 5292  clr_optimization_v4.0.30319_32 - ok
12:13:01.0067 5292  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:13:01.0068 5292  CmBatt - ok
12:13:01.0098 5292  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:13:01.0099 5292  cmdide - ok
12:13:01.0155 5292  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
12:13:01.0159 5292  CNG - ok
12:13:01.0181 5292  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:13:01.0182 5292  Compbatt - ok
12:13:01.0213 5292  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:13:01.0215 5292  CompositeBus - ok
12:13:01.0223 5292  COMSysApp - ok
12:13:01.0241 5292  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:13:01.0243 5292  crcdisk - ok
12:13:01.0283 5292  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:13:01.0285 5292  CryptSvc - ok
12:13:01.0308 5292  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:13:01.0316 5292  DcomLaunch - ok
12:13:01.0345 5292  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:13:01.0348 5292  defragsvc - ok
12:13:01.0377 5292  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:13:01.0378 5292  DfsC - ok
12:13:01.0404 5292  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:13:01.0408 5292  Dhcp - ok
12:13:01.0425 5292  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
12:13:01.0427 5292  discache - ok
12:13:01.0467 5292  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
12:13:01.0469 5292  Disk - ok
12:13:01.0508 5292  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:13:01.0510 5292  Dnscache - ok
12:13:01.0540 5292  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:13:01.0545 5292  dot3svc - ok
12:13:01.0552 5292  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
12:13:01.0555 5292  DPS - ok
12:13:01.0585 5292  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:13:01.0590 5292  drmkaud - ok
12:13:01.0627 5292  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:13:01.0642 5292  DXGKrnl - ok
12:13:01.0691 5292  [ 20C70A4226C9A066D2EAD0C814083A95 ] e1kexpress      C:\Windows\system32\DRIVERS\e1k6232.sys
12:13:01.0695 5292  e1kexpress - ok
12:13:01.0712 5292  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
12:13:01.0714 5292  EapHost - ok
12:13:01.0808 5292  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
12:13:01.0877 5292  ebdrv - ok
12:13:01.0904 5292  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
12:13:01.0906 5292  EFS - ok
12:13:01.0959 5292  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:13:01.0974 5292  ehRecvr - ok
12:13:01.0986 5292  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
12:13:01.0989 5292  ehSched - ok
12:13:02.0021 5292  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:13:02.0036 5292  elxstor - ok
12:13:02.0060 5292  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:13:02.0061 5292  ErrDev - ok
12:13:02.0104 5292  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
12:13:02.0108 5292  EventSystem - ok
12:13:02.0130 5292  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
12:13:02.0132 5292  exfat - ok
12:13:02.0138 5292  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:13:02.0142 5292  fastfat - ok
12:13:02.0175 5292  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
12:13:02.0190 5292  Fax - ok
12:13:02.0215 5292  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:13:02.0216 5292  fdc - ok
12:13:02.0223 5292  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
12:13:02.0225 5292  fdPHost - ok
12:13:02.0236 5292  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
12:13:02.0238 5292  FDResPub - ok
12:13:02.0253 5292  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:13:02.0254 5292  FileInfo - ok
12:13:02.0268 5292  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:13:02.0269 5292  Filetrace - ok
12:13:02.0292 5292  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:13:02.0293 5292  flpydisk - ok
12:13:02.0310 5292  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:13:02.0313 5292  FltMgr - ok
12:13:02.0373 5292  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
12:13:02.0391 5292  FontCache - ok
12:13:02.0445 5292  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:13:02.0447 5292  FontCache3.0.0.0 - ok
12:13:02.0456 5292  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:13:02.0458 5292  FsDepends - ok
12:13:02.0489 5292  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:13:02.0493 5292  Fs_Rec - ok
12:13:02.0527 5292  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:13:02.0530 5292  fvevol - ok
12:13:02.0547 5292  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:13:02.0549 5292  gagp30kx - ok
12:13:02.0575 5292  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:13:02.0598 5292  gpsvc - ok
12:13:02.0653 5292  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:13:02.0655 5292  gupdate - ok
12:13:02.0666 5292  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:13:02.0668 5292  gupdatem - ok
12:13:02.0684 5292  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:13:02.0687 5292  hcw85cir - ok
12:13:02.0708 5292  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:13:02.0711 5292  HdAudAddService - ok
12:13:02.0740 5292  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:13:02.0742 5292  HDAudBus - ok
12:13:02.0748 5292  [ 88A67C34E37186665E916FD347B50D19 ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
12:13:02.0750 5292  HECI - ok
12:13:02.0760 5292  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:13:02.0761 5292  HidBatt - ok
12:13:02.0783 5292  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:13:02.0786 5292  HidBth - ok
12:13:02.0811 5292  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:13:02.0812 5292  HidIr - ok
12:13:02.0839 5292  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
12:13:02.0842 5292  hidserv - ok
12:13:02.0883 5292  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:13:02.0885 5292  HidUsb - ok
12:13:02.0908 5292  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:13:02.0911 5292  hkmsvc - ok
12:13:02.0927 5292  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:13:02.0930 5292  HomeGroupListener - ok
12:13:02.0947 5292  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:13:02.0952 5292  HomeGroupProvider - ok
12:13:03.0008 5292  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:13:03.0036 5292  HpSAMD - ok
12:13:03.0140 5292  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:13:03.0146 5292  HTTP - ok
12:13:03.0188 5292  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:13:03.0189 5292  hwpolicy - ok
12:13:03.0213 5292  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:13:03.0215 5292  i8042prt - ok
12:13:03.0262 5292  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:13:03.0266 5292  iaStorV - ok
12:13:03.0305 5292  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:13:03.0323 5292  idsvc - ok
12:13:03.0503 5292  [ DCE0B53570703CCE580D066F89EF58CD ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
12:13:03.0649 5292  igfx - ok
12:13:03.0687 5292  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:13:03.0690 5292  iirsp - ok
12:13:03.0746 5292  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:13:03.0763 5292  IKEEXT - ok
12:13:03.0785 5292  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:13:03.0790 5292  intelide - ok
12:13:03.0815 5292  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:13:03.0822 5292  intelppm - ok
12:13:03.0854 5292  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:13:03.0856 5292  IPBusEnum - ok
12:13:03.0880 5292  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:13:03.0884 5292  IpFilterDriver - ok
12:13:03.0928 5292  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:13:03.0943 5292  iphlpsvc - ok
12:13:03.0955 5292  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:13:03.0959 5292  IPMIDRV - ok
12:13:03.0965 5292  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:13:03.0968 5292  IPNAT - ok
12:13:03.0992 5292  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:13:03.0994 5292  IRENUM - ok
12:13:04.0021 5292  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:13:04.0051 5292  isapnp - ok
12:13:04.0070 5292  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:13:04.0087 5292  iScsiPrt - ok
12:13:04.0128 5292  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:13:04.0133 5292  kbdclass - ok
12:13:04.0149 5292  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:13:04.0155 5292  kbdhid - ok
12:13:04.0172 5292  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
12:13:04.0173 5292  KeyIso - ok
12:13:04.0207 5292  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:13:04.0208 5292  KSecDD - ok
12:13:04.0290 5292  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:13:04.0307 5292  KSecPkg - ok
12:13:04.0459 5292  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:13:04.0464 5292  KtmRm - ok
12:13:04.0498 5292  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:13:04.0502 5292  LanmanServer - ok
12:13:04.0520 5292  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:13:04.0524 5292  LanmanWorkstation - ok
12:13:04.0553 5292  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:13:04.0554 5292  lltdio - ok
12:13:04.0574 5292  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:13:04.0577 5292  lltdsvc - ok
12:13:04.0589 5292  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:13:04.0591 5292  lmhosts - ok
12:13:04.0617 5292  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:13:04.0619 5292  LSI_FC - ok
12:13:04.0650 5292  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:13:04.0651 5292  LSI_SAS - ok
12:13:04.0666 5292  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:13:04.0667 5292  LSI_SAS2 - ok
12:13:04.0686 5292  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:13:04.0689 5292  LSI_SCSI - ok
12:13:04.0712 5292  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
12:13:04.0713 5292  luafv - ok
12:13:04.0740 5292  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:13:04.0743 5292  Mcx2Svc - ok
12:13:04.0756 5292  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:13:04.0758 5292  megasas - ok
12:13:04.0785 5292  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:13:04.0788 5292  MegaSR - ok
12:13:04.0811 5292  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
12:13:04.0813 5292  MMCSS - ok
12:13:04.0827 5292  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
12:13:04.0828 5292  Modem - ok
12:13:04.0863 5292  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:13:04.0864 5292  monitor - ok
12:13:04.0914 5292  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:13:04.0915 5292  mouclass - ok
12:13:04.0945 5292  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:13:04.0946 5292  mouhid - ok
12:13:04.0961 5292  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:13:04.0963 5292  mountmgr - ok
12:13:05.0000 5292  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:13:05.0002 5292  MozillaMaintenance - ok
12:13:05.0045 5292  [ 7E34BFA1A7B60BBA1DA03D677F16CD63 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
12:13:05.0046 5292  MpFilter - ok
12:13:05.0067 5292  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:13:05.0069 5292  mpio - ok
12:13:05.0195 5292  [ A69630D039C38018689190234F866D77 ] MpKslaab6f95b   c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE8485C6-22C3-485F-98B2-FF3601D57149}\MpKslaab6f95b.sys
12:13:05.0195 5292  MpKslaab6f95b - ok
12:13:05.0237 5292  [ F32E2D6A1640A469A9ED4F1929A4A861 ] MpNWMon         C:\Windows\system32\DRIVERS\MpNWMon.sys
12:13:05.0238 5292  MpNWMon - ok
12:13:05.0258 5292  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:13:05.0260 5292  mpsdrv - ok
12:13:05.0293 5292  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:13:05.0308 5292  MpsSvc - ok
12:13:05.0341 5292  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:13:05.0343 5292  MRxDAV - ok
12:13:05.0378 5292  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:13:05.0379 5292  mrxsmb - ok
12:13:05.0392 5292  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:13:05.0395 5292  mrxsmb10 - ok
12:13:05.0426 5292  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:13:05.0428 5292  mrxsmb20 - ok
12:13:05.0444 5292  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
12:13:05.0445 5292  msahci - ok
12:13:05.0461 5292  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:13:05.0463 5292  msdsm - ok
12:13:05.0492 5292  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
12:13:05.0496 5292  MSDTC - ok
12:13:05.0550 5292  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:13:05.0551 5292  Msfs - ok
12:13:05.0563 5292  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:13:05.0568 5292  mshidkmdf - ok
12:13:05.0588 5292  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:13:05.0588 5292  msisadrv - ok
12:13:05.0621 5292  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:13:05.0624 5292  MSiSCSI - ok
12:13:05.0631 5292  msiserver - ok
12:13:05.0679 5292  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:13:05.0680 5292  MSKSSRV - ok
12:13:05.0760 5292  [ 90DC23D940551DB35367FB1E40575B25 ] MsMpSvc         c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
12:13:05.0760 5292  MsMpSvc - ok
12:13:05.0764 5292  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:13:05.0766 5292  MSPCLOCK - ok
12:13:05.0770 5292  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:13:05.0772 5292  MSPQM - ok
12:13:05.0816 5292  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:13:05.0818 5292  MsRPC - ok
12:13:05.0826 5292  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:13:05.0828 5292  mssmbios - ok
12:13:05.0835 5292  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:13:05.0836 5292  MSTEE - ok
12:13:05.0868 5292  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:13:05.0869 5292  MTConfig - ok
12:13:05.0884 5292  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:13:05.0885 5292  Mup - ok
12:13:05.0910 5292  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
12:13:05.0916 5292  napagent - ok
12:13:05.0939 5292  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:13:05.0943 5292  NativeWifiP - ok
12:13:05.0987 5292  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:13:06.0002 5292  NDIS - ok
12:13:06.0012 5292  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:13:06.0014 5292  NdisCap - ok
12:13:06.0029 5292  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:13:06.0030 5292  NdisTapi - ok
12:13:06.0040 5292  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:13:06.0042 5292  Ndisuio - ok
12:13:06.0057 5292  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:13:06.0059 5292  NdisWan - ok
12:13:06.0075 5292  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:13:06.0076 5292  NDProxy - ok
12:13:06.0090 5292  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:13:06.0091 5292  NetBIOS - ok
12:13:06.0105 5292  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:13:06.0107 5292  NetBT - ok
12:13:06.0121 5292  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
12:13:06.0123 5292  Netlogon - ok
12:13:06.0168 5292  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
12:13:06.0173 5292  Netman - ok
12:13:06.0201 5292  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:13:06.0203 5292  NetMsmqActivator - ok
12:13:06.0215 5292  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:13:06.0217 5292  NetPipeActivator - ok
12:13:06.0233 5292  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
12:13:06.0239 5292  netprofm - ok
12:13:06.0244 5292  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:13:06.0245 5292  NetTcpActivator - ok
12:13:06.0249 5292  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:13:06.0250 5292  NetTcpPortSharing - ok
12:13:06.0281 5292  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:13:06.0282 5292  nfrd960 - ok
12:13:06.0307 5292  [ 17E2C08C5ECFBE94A7C67B1C275EE9D9 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:13:06.0308 5292  NisDrv - ok
12:13:06.0340 5292  [ C73DE53197AC0C4DB60B80588F0D54DF ] NisSrv          c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
12:13:06.0343 5292  NisSrv - ok
12:13:06.0377 5292  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:13:06.0382 5292  NlaSvc - ok
12:13:06.0401 5292  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:13:06.0402 5292  Npfs - ok
12:13:06.0420 5292  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
12:13:06.0423 5292  nsi - ok
12:13:06.0431 5292  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:13:06.0432 5292  nsiproxy - ok
12:13:06.0475 5292  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:13:06.0503 5292  Ntfs - ok
12:13:06.0531 5292  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
12:13:06.0532 5292  Null - ok
12:13:06.0554 5292  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:13:06.0557 5292  nvraid - ok
12:13:06.0594 5292  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:13:06.0596 5292  nvstor - ok
12:13:06.0617 5292  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:13:06.0619 5292  nv_agp - ok
12:13:06.0687 5292  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:13:06.0700 5292  odserv - ok
12:13:06.0735 5292  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:13:06.0736 5292  ohci1394 - ok
12:13:06.0778 5292  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:13:06.0780 5292  ose - ok
12:13:06.0811 5292  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:13:06.0816 5292  p2pimsvc - ok
12:13:06.0856 5292  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:13:06.0861 5292  p2psvc - ok
12:13:06.0894 5292  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\drivers\parport.sys
12:13:06.0896 5292  Parport - ok
12:13:06.0922 5292  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:13:06.0923 5292  partmgr - ok
12:13:06.0939 5292  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
12:13:06.0940 5292  Parvdm - ok
12:13:06.0957 5292  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:13:06.0961 5292  PcaSvc - ok
12:13:06.0971 5292  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
12:13:06.0972 5292  pci - ok
12:13:06.0983 5292  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
12:13:06.0983 5292  pciide - ok
12:13:07.0011 5292  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:13:07.0014 5292  pcmcia - ok
12:13:07.0041 5292  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
12:13:07.0042 5292  pcw - ok
12:13:07.0070 5292  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:13:07.0084 5292  PEAUTH - ok
12:13:07.0164 5292  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
12:13:07.0192 5292  pla - ok
12:13:07.0258 5292  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:13:07.0272 5292  PlugPlay - ok
12:13:07.0306 5292  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:13:07.0309 5292  PNRPAutoReg - ok
12:13:07.0328 5292  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:13:07.0331 5292  PNRPsvc - ok
12:13:07.0358 5292  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:13:07.0363 5292  PolicyAgent - ok
12:13:07.0420 5292  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
12:13:07.0424 5292  Power - ok
12:13:07.0444 5292  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:13:07.0445 5292  PptpMiniport - ok
12:13:07.0465 5292  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
12:13:07.0466 5292  Processor - ok
12:13:07.0496 5292  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
12:13:07.0499 5292  ProfSvc - ok
12:13:07.0513 5292  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:13:07.0515 5292  ProtectedStorage - ok
12:13:07.0543 5292  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:13:07.0545 5292  Psched - ok
12:13:07.0602 5292  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:13:07.0628 5292  ql2300 - ok
12:13:07.0678 5292  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:13:07.0681 5292  ql40xx - ok
12:13:07.0696 5292  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
12:13:07.0701 5292  QWAVE - ok
12:13:07.0722 5292  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:13:07.0723 5292  QWAVEdrv - ok
12:13:07.0734 5292  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:13:07.0736 5292  RasAcd - ok
12:13:07.0771 5292  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:13:07.0772 5292  RasAgileVpn - ok
12:13:07.0782 5292  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
12:13:07.0786 5292  RasAuto - ok
12:13:07.0796 5292  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:13:07.0797 5292  Rasl2tp - ok
12:13:07.0815 5292  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
12:13:07.0820 5292  RasMan - ok
12:13:07.0830 5292  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:13:07.0831 5292  RasPppoe - ok
12:13:07.0858 5292  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:13:07.0859 5292  RasSstp - ok
12:13:07.0873 5292  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:13:07.0876 5292  rdbss - ok
12:13:07.0897 5292  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
12:13:07.0898 5292  rdpbus - ok
12:13:07.0912 5292  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:13:07.0913 5292  RDPCDD - ok
12:13:07.0933 5292  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:13:07.0934 5292  RDPENCDD - ok
12:13:07.0951 5292  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:13:07.0951 5292  RDPREFMP - ok
12:13:07.0982 5292  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:13:07.0983 5292  RdpVideoMiniport - ok
12:13:08.0015 5292  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:13:08.0017 5292  RDPWD - ok
12:13:08.0045 5292  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:13:08.0047 5292  rdyboost - ok
12:13:08.0069 5292  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:13:08.0072 5292  RemoteAccess - ok
12:13:08.0089 5292  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:13:08.0093 5292  RemoteRegistry - ok
12:13:08.0113 5292  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:13:08.0116 5292  RpcEptMapper - ok
12:13:08.0138 5292  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
12:13:08.0141 5292  RpcLocator - ok
12:13:08.0159 5292  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
12:13:08.0163 5292  RpcSs - ok
12:13:08.0184 5292  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:13:08.0185 5292  rspndr - ok
12:13:08.0230 5292  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
12:13:08.0231 5292  SamSs - ok
12:13:08.0252 5292  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:13:08.0254 5292  sbp2port - ok
12:13:08.0269 5292  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:13:08.0273 5292  SCardSvr - ok
12:13:08.0280 5292  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:13:08.0281 5292  scfilter - ok
12:13:08.0306 5292  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
12:13:08.0324 5292  Schedule - ok
12:13:08.0335 5292  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:13:08.0336 5292  SCPolicySvc - ok
12:13:08.0350 5292  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:13:08.0355 5292  SDRSVC - ok
12:13:08.0388 5292  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:13:08.0389 5292  secdrv - ok
12:13:08.0399 5292  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
12:13:08.0402 5292  seclogon - ok
12:13:08.0418 5292  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
12:13:08.0421 5292  SENS - ok
12:13:08.0435 5292  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:13:08.0437 5292  SensrSvc - ok
12:13:08.0472 5292  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:13:08.0473 5292  Serenum - ok
12:13:08.0501 5292  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:13:08.0503 5292  Serial - ok
12:13:08.0527 5292  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:13:08.0529 5292  sermouse - ok
12:13:08.0584 5292  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:13:08.0588 5292  SessionEnv - ok
12:13:08.0598 5292  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:13:08.0599 5292  sffdisk - ok
12:13:08.0626 5292  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:13:08.0627 5292  sffp_mmc - ok
12:13:08.0653 5292  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:13:08.0654 5292  sffp_sd - ok
12:13:08.0667 5292  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:13:08.0669 5292  sfloppy - ok
12:13:08.0694 5292  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:13:08.0699 5292  SharedAccess - ok
12:13:08.0725 5292  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:13:08.0732 5292  ShellHWDetection - ok
12:13:08.0769 5292  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:13:08.0770 5292  sisagp - ok
12:13:08.0793 5292  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:13:08.0794 5292  SiSRaid2 - ok
12:13:08.0821 5292  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:13:08.0823 5292  SiSRaid4 - ok
12:13:08.0852 5292  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:13:08.0853 5292  Smb - ok
12:13:08.0879 5292  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:13:08.0882 5292  SNMPTRAP - ok
12:13:08.0888 5292  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:13:08.0889 5292  spldr - ok
12:13:08.0926 5292  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
12:13:08.0933 5292  Spooler - ok
12:13:09.0032 5292  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:13:09.0112 5292  sppsvc - ok
12:13:09.0125 5292  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:13:09.0128 5292  sppuinotify - ok
12:13:09.0168 5292  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:13:09.0171 5292  srv - ok
12:13:09.0190 5292  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:13:09.0193 5292  srv2 - ok
12:13:09.0227 5292  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:13:09.0229 5292  srvnet - ok
12:13:09.0238 5292  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:13:09.0242 5292  SSDPSRV - ok
12:13:09.0255 5292  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:13:09.0259 5292  SstpSvc - ok
12:13:09.0281 5292  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:13:09.0282 5292  stexstor - ok
12:13:09.0308 5292  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:13:09.0325 5292  StiSvc - ok
12:13:09.0338 5292  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:13:09.0339 5292  swenum - ok
12:13:09.0356 5292  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
12:13:09.0370 5292  swprv - ok
12:13:09.0397 5292  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
12:13:09.0424 5292  SysMain - ok
12:13:09.0445 5292  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:13:09.0477 5292  TabletInputService - ok
12:13:09.0493 5292  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:13:09.0498 5292  TapiSrv - ok
12:13:09.0509 5292  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
12:13:09.0515 5292  TBS - ok
12:13:09.0574 5292  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:13:09.0600 5292  Tcpip - ok
12:13:09.0637 5292  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:13:09.0644 5292  TCPIP6 - ok
12:13:09.0674 5292  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:13:09.0675 5292  tcpipreg - ok
12:13:09.0701 5292  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:13:09.0703 5292  TDPIPE - ok
12:13:09.0731 5292  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:13:09.0733 5292  TDTCP - ok
12:13:09.0744 5292  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:13:09.0746 5292  tdx - ok
12:13:09.0764 5292  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:13:09.0765 5292  TermDD - ok
12:13:09.0789 5292  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
12:13:09.0805 5292  TermService - ok
12:13:09.0817 5292  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
12:13:09.0820 5292  Themes - ok
12:13:09.0835 5292  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
12:13:09.0836 5292  THREADORDER - ok
12:13:09.0863 5292  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM             C:\Windows\system32\drivers\tpm.sys
12:13:09.0864 5292  TPM - ok
12:13:09.0876 5292  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
12:13:09.0880 5292  TrkWks - ok
12:13:09.0929 5292  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:13:09.0932 5292  TrustedInstaller - ok
12:13:09.0964 5292  [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:13:09.0965 5292  tssecsrv - ok
12:13:10.0002 5292  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:13:10.0004 5292  TsUsbFlt - ok
12:13:10.0028 5292  [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:13:10.0029 5292  TsUsbGD - ok
12:13:10.0066 5292  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:13:10.0068 5292  tunnel - ok
12:13:10.0083 5292  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:13:10.0084 5292  uagp35 - ok
12:13:10.0104 5292  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:13:10.0107 5292  udfs - ok
12:13:10.0135 5292  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:13:10.0139 5292  UI0Detect - ok
12:13:10.0167 5292  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:13:10.0168 5292  uliagpkx - ok
12:13:10.0203 5292  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:13:10.0205 5292  umbus - ok
12:13:10.0234 5292  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:13:10.0235 5292  UmPass - ok
12:13:10.0255 5292  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
12:13:10.0271 5292  upnphost - ok
12:13:10.0294 5292  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:13:10.0296 5292  usbccgp - ok
12:13:10.0315 5292  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:13:10.0317 5292  usbcir - ok
12:13:10.0345 5292  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:13:10.0347 5292  usbehci - ok
12:13:10.0374 5292  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:13:10.0378 5292  usbhub - ok
12:13:10.0401 5292  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:13:10.0403 5292  usbohci - ok
12:13:10.0413 5292  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
12:13:10.0415 5292  usbprint - ok
12:13:10.0438 5292  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
12:13:10.0444 5292  USBSTOR - ok
12:13:10.0455 5292  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:13:10.0456 5292  usbuhci - ok
12:13:10.0478 5292  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
12:13:10.0482 5292  UxSms - ok
12:13:10.0496 5292  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
12:13:10.0498 5292  VaultSvc - ok
12:13:10.0522 5292  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:13:10.0523 5292  vdrvroot - ok
12:13:10.0557 5292  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
12:13:10.0572 5292  vds - ok
12:13:10.0619 5292  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:13:10.0620 5292  vga - ok
12:13:10.0640 5292  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:13:10.0641 5292  VgaSave - ok
12:13:10.0664 5292  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:13:10.0667 5292  vhdmp - ok
12:13:10.0696 5292  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:13:10.0697 5292  viaagp - ok
12:13:10.0712 5292  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
12:13:10.0714 5292  ViaC7 - ok
12:13:10.0735 5292  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
12:13:10.0736 5292  viaide - ok
12:13:10.0762 5292  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:13:10.0763 5292  volmgr - ok
12:13:10.0778 5292  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:13:10.0782 5292  volmgrx - ok
12:13:10.0836 5292  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:13:10.0839 5292  volsnap - ok
12:13:10.0860 5292  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:13:10.0862 5292  vsmraid - ok
12:13:10.0898 5292  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
12:13:10.0923 5292  VSS - ok
12:13:10.0938 5292  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:13:10.0940 5292  vwifibus - ok
12:13:10.0960 5292  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
12:13:10.0976 5292  W32Time - ok
12:13:11.0012 5292  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:13:11.0014 5292  WacomPen - ok
12:13:11.0034 5292  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:13:11.0036 5292  WANARP - ok
12:13:11.0041 5292  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:13:11.0042 5292  Wanarpv6 - ok
12:13:11.0104 5292  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:13:11.0130 5292  WatAdminSvc - ok
12:13:11.0172 5292  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
12:13:11.0197 5292  wbengine - ok
12:13:11.0212 5292  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:13:11.0228 5292  WbioSrvc - ok
12:13:11.0248 5292  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:13:11.0255 5292  wcncsvc - ok
12:13:11.0267 5292  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:13:11.0271 5292  WcsPlugInService - ok
12:13:11.0287 5292  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
12:13:11.0289 5292  Wd - ok
12:13:11.0322 5292  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:13:11.0335 5292  Wdf01000 - ok
12:13:11.0347 5292  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:13:11.0351 5292  WdiServiceHost - ok
12:13:11.0354 5292  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:13:11.0357 5292  WdiSystemHost - ok
12:13:11.0378 5292  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
12:13:11.0383 5292  WebClient - ok
12:13:11.0393 5292  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:13:11.0398 5292  Wecsvc - ok
12:13:11.0411 5292  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:13:11.0414 5292  wercplsupport - ok
12:13:11.0435 5292  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:13:11.0439 5292  WerSvc - ok
12:13:11.0468 5292  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:13:11.0469 5292  WfpLwf - ok
12:13:11.0484 5292  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:13:11.0485 5292  WIMMount - ok
12:13:11.0532 5292  [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:13:11.0546 5292  WinDefend - ok
12:13:11.0564 5292  WinHttpAutoProxySvc - ok
12:13:11.0608 5292  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:13:11.0610 5292  Winmgmt - ok
12:13:11.0647 5292  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
12:13:11.0673 5292  WinRM - ok
12:13:11.0712 5292  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:13:11.0730 5292  Wlansvc - ok
12:13:11.0741 5292  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:13:11.0742 5292  WmiAcpi - ok
12:13:11.0776 5292  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:13:11.0779 5292  wmiApSrv - ok
12:13:11.0838 5292  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:13:11.0864 5292  WMPNetworkSvc - ok
12:13:11.0881 5292  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:13:11.0886 5292  WPCSvc - ok
12:13:11.0898 5292  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:13:11.0903 5292  WPDBusEnum - ok
12:13:11.0919 5292  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:13:11.0920 5292  ws2ifsl - ok
12:13:11.0937 5292  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:13:11.0941 5292  wscsvc - ok
12:13:11.0945 5292  WSearch - ok
12:13:12.0002 5292  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
12:13:12.0036 5292  wuauserv - ok
12:13:12.0069 5292  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:13:12.0074 5292  WudfPf - ok
12:13:12.0107 5292  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:13:12.0110 5292  WUDFRd - ok
12:13:12.0152 5292  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:13:12.0156 5292  wudfsvc - ok
12:13:12.0188 5292  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:13:12.0193 5292  WwanSvc - ok
12:13:12.0209 5292  ================ Scan global ===============================
12:13:12.0229 5292  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:13:12.0259 5292  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:13:12.0275 5292  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:13:12.0299 5292  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:13:12.0329 5292  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:13:12.0334 5292  [Global] - ok
12:13:12.0335 5292  ================ Scan MBR ==================================
12:13:12.0341 5292  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:13:12.0542 5292  \Device\Harddisk0\DR0 - ok
12:13:12.0543 5292  ================ Scan VBR ==================================
12:13:12.0546 5292  [ 783D6AB616C564E8B3FEE5A20F292BE0 ] \Device\Harddisk0\DR0\Partition1
12:13:12.0547 5292  \Device\Harddisk0\DR0\Partition1 - ok
12:13:12.0574 5292  [ 2DA42E67B1FC7EC1BF7691720D223361 ] \Device\Harddisk0\DR0\Partition2
12:13:12.0575 5292  \Device\Harddisk0\DR0\Partition2 - ok
12:13:12.0575 5292  ============================================================
12:13:12.0576 5292  Scan finished
12:13:12.0576 5292  ============================================================
12:13:12.0588 5036  Detected object count: 0
12:13:12.0588 5036  Actual detected object count: 0
 



#4 kobe700

kobe700
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 10 September 2013 - 02:18 PM

# AdwCleaner v3.003 - Report created 10/09/2013 at 12:16:21
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : SPRINT - SPRINT-PC
# Running from : C:\Users\SPRINT\Desktop\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
Folder Found : C:\Users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\optimizer pro
Folder Found C:\ProgramData\savenshoare
Folder Found C:\Users\SPRINT\AppData\Local\Conduit
Folder Found C:\Users\SPRINT\AppData\Local\cre
Folder Found C:\Users\SPRINT\AppData\Local\Temp\CT3289847
Folder Found C:\Users\SPRINT\AppData\LocalLow\Conduit
Folder Found C:\Users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\CT3289847

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116BA71C-8187-4F15-9A1F-C9D6289155D1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{116BA71C-8187-4F15-9A1F-C9D6289155D1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com?SearchSource=10&CUI=UN24180104031784425&UM=2&ctid=CT3289847

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\prefs.js ]

Line Found : user_pref("CT3289847.FF19Solved", "true");
Line Found : user_pref("CT3289847.UserID", "UN32065231314256744");
Line Found : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3289847.fullUserID", "UN32065231314256744.IN.20130904131739");
Line Found : user_pref("CT3289847.installDate", "04/09/2013 13:17:54");
Line Found : user_pref("CT3289847.installSessionId", "{05DF3A81-25AE-4658-95D7-D1368E6AFD02}");
Line Found : user_pref("CT3289847.installSp", "false");
Line Found : user_pref("CT3289847.installerVersion", "1.6.1.2");
Line Found : user_pref("CT3289847.keyword", "true");
Line Found : user_pref("CT3289847.originalHomepage", "about:home");
Line Found : user_pref("CT3289847.originalSearchAddressUrl", "");
Line Found : user_pref("CT3289847.originalSearchEngine", "");
Line Found : user_pref("CT3289847.originalSearchEngineName", "");
Line Found : user_pref("CT3289847.searchRevert", "true");
Line Found : user_pref("CT3289847.searchUserMode", "2");
Line Found : user_pref("CT3289847.smartbar.homepage", "true");
Line Found : user_pref("CT3289847.versionFromInstaller", "10.19.2.5");
Line Found : user_pref("CT3289847.xpeMode", "0");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("browser.search.defaultenginename", "WhiteSmoke New Customized Web Search");
Line Found : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN32065231314256744&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("extensions.qh8gmvt.scode", "if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=740[...]
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN32065231314256744&UM=2&SearchSource=13");
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN32065231314256744&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3289847");
Line Found : user_pref("smartbar.machineId", "T+8PNQRDJX3/BXB2EV/H1R0UIQJ7NQP4M0KEKNEMPOWFGARGHISYWT+C2JMCO0T/K3JFFZMGKEJRS4RJ7TUPWG");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\SPRINT\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [6080 octets] - [10/09/2013 12:16:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6140 octets] ##########
 



#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:29 PM

Posted 10 September 2013 - 02:20 PM

81mYIKe.jpgAdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

----------
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#6 kobe700

kobe700
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 10 September 2013 - 02:26 PM

# AdwCleaner v3.003 - Report created 10/09/2013 at 12:23:28
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : SPRINT - SPRINT-PC
# Running from : C:\Users\SPRINT\Desktop\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\savenshoare
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\optimizer pro
Folder Deleted : C:\Users\SPRINT\AppData\Local\Conduit
Folder Deleted : C:\Users\SPRINT\AppData\Local\cre
Folder Deleted : C:\Users\SPRINT\AppData\Local\Temp\CT3289847
Folder Deleted : C:\Users\SPRINT\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\CT3289847
Folder Deleted : C:\Users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{116BA71C-8187-4F15-9A1F-C9D6289155D1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116BA71C-8187-4F15-9A1F-C9D6289155D1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\prefs.js ]

Line Deleted : user_pref("CT3289847.FF19Solved", "true");
Line Deleted : user_pref("CT3289847.UserID", "UN32065231314256744");
Line Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3289847.fullUserID", "UN32065231314256744.IN.20130904131739");
Line Deleted : user_pref("CT3289847.installDate", "04/09/2013 13:17:54");
Line Deleted : user_pref("CT3289847.installSessionId", "{05DF3A81-25AE-4658-95D7-D1368E6AFD02}");
Line Deleted : user_pref("CT3289847.installSp", "false");
Line Deleted : user_pref("CT3289847.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3289847.keyword", "true");
Line Deleted : user_pref("CT3289847.originalHomepage", "about:home");
Line Deleted : user_pref("CT3289847.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3289847.originalSearchEngine", "");
Line Deleted : user_pref("CT3289847.originalSearchEngineName", "");
Line Deleted : user_pref("CT3289847.searchRevert", "true");
Line Deleted : user_pref("CT3289847.searchUserMode", "2");
Line Deleted : user_pref("CT3289847.smartbar.homepage", "true");
Line Deleted : user_pref("CT3289847.versionFromInstaller", "10.19.2.5");
Line Deleted : user_pref("CT3289847.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename", "WhiteSmoke New Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN32065231314256744&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.qh8gmvt.scode", "if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=740[...]
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN32065231314256744&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN32065231314256744&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3289847");
Line Deleted : user_pref("smartbar.machineId", "T+8PNQRDJX3/BXB2EV/H1R0UIQJ7NQP4M0KEKNEMPOWFGARGHISYWT+C2JMCO0T/K3JFFZMGKEJRS4RJ7TUPWG");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\SPRINT\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [6220 octets] - [10/09/2013 12:16:21]
AdwCleaner[R1].txt - [6280 octets] - [10/09/2013 12:22:45]
AdwCleaner[S0].txt - [6194 octets] - [10/09/2013 12:23:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6254 octets] ##########
 



#7 kobe700

kobe700
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 10 September 2013 - 02:40 PM

ComboFix 13-09-10.03 - SPRINT 09/10/2013  12:32:24.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3543.2507 [GMT -7:00]
Running from: c:\users\SPRINT\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SaveShare
c:\users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\extensions\gg2fs1@hqetwq.edu
c:\users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\extensions\gg2fs1@hqetwq.edu\bootstrap.js
c:\users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\extensions\gg2fs1@hqetwq.edu\chrome.manifest
c:\users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\extensions\gg2fs1@hqetwq.edu\content\bg.js
c:\users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\extensions\gg2fs1@hqetwq.edu\install.rdf
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-10 to 2013-09-10  )))))))))))))))))))))))))))))))
.
.
2013-09-10 19:36 . 2013-09-10 19:36    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-10 19:16 . 2013-09-10 19:23    --------    d-----w-    C:\AdwCleaner
2013-09-09 20:48 . 2013-08-06 07:28    7166848    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE8485C6-22C3-485F-98B2-FF3601D57149}\mpengine.dll
2013-09-05 19:04 . 2013-09-05 19:12    --------    d-----w-    C:\Downloads
2013-09-05 19:04 . 2013-09-05 19:13    --------    d-----w-    c:\users\SPRINT\AppData\Roaming\BITS
2013-09-05 19:04 . 2013-09-05 19:04    --------    d-----w-    c:\users\SPRINT\AppData\Roaming\FlashgetSetup
2013-09-05 19:04 . 2013-09-05 19:13    --------    d-----w-    c:\users\SPRINT\AppData\Roaming\FlashGet
2013-09-05 19:04 . 2013-09-05 19:04    --------    d-----w-    c:\program files\FlashGet Network
2013-09-05 16:27 . 2013-09-06 00:07    --------    d-----w-    c:\users\SPRINT\.ScreamingFrogSEOSpider
2013-09-05 16:26 . 2013-09-05 16:26    --------    d-----w-    c:\program files\Screaming Frog SEO Spider
2013-09-04 20:17 . 2013-09-04 20:17    --------    d-----w-    c:\programdata\SummerSoft
2013-09-04 20:14 . 2013-09-04 20:19    --------    d-----w-    c:\programdata\InstallMate
2013-09-03 19:19 . 2013-09-03 19:19    --------    d-----w-    c:\program files\Market Samurai
2013-09-03 19:11 . 2013-09-03 19:11    --------    d-----w-    c:\users\SPRINT\AppData\Roaming\MarketSamurai
2013-09-03 19:10 . 2013-09-03 19:10    --------    d-----w-    c:\program files\Common Files\Adobe AIR
2013-08-31 00:26 . 2013-08-31 00:26    --------    d-----w-    c:\programdata\u2bviews
2013-08-31 00:26 . 2013-08-31 00:26    --------    d-----w-    c:\users\SPRINT\AppData\Local\Geckofx
2013-08-30 23:51 . 2013-08-30 23:51    --------    d-----w-    c:\program files\U2bviews
2013-08-30 23:46 . 2013-08-30 23:46    --------    d-----w-    c:\program files\7-Zip
2013-08-30 17:55 . 2013-08-30 17:55    --------    d-----w-    c:\users\SPRINT\AppData\Local\gtk-2.0
2013-08-30 17:55 . 2013-08-30 17:55    --------    d-----w-    c:\users\SPRINT\.thumbnails
2013-08-29 16:35 . 2013-08-30 21:12    --------    d-----w-    c:\users\SPRINT\.gimp-2.8
2013-08-29 16:35 . 2013-08-29 16:35    --------    d-----w-    c:\users\SPRINT\AppData\Local\gegl-0.2
2013-08-29 16:29 . 2013-08-29 16:31    --------    d-----w-    c:\program files\GIMP 2
2013-08-29 16:29 . 2013-08-29 16:29    --------    d-----w-    c:\users\SPRINT\AppData\Local\Programs
2013-08-28 23:43 . 2013-08-30 21:36    --------    d-----w-    c:\program files\Tube Increaser
2013-08-19 18:36 . 2013-08-19 18:36    --------    d-----w-    c:\users\SPRINT\AppData\Local\Macromedia
2013-08-19 18:34 . 2013-08-19 18:34    --------    d-----w-    c:\users\SPRINT\AppData\Local\Mozilla
2013-08-19 18:33 . 2013-08-19 18:33    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-08-19 18:20 . 2013-08-19 18:20    --------    d-----w-    c:\program files\Google
2013-08-19 18:19 . 2013-08-19 18:21    --------    d-----w-    c:\users\SPRINT\AppData\Local\Google
2013-08-19 18:19 . 2013-08-19 18:19    --------    d-----w-    c:\users\SPRINT\AppData\Local\Deployment
2013-08-19 18:19 . 2013-08-19 18:19    --------    d-----w-    c:\users\SPRINT\AppData\Local\Apps
2013-08-14 10:38 . 2013-07-09 04:50    652800    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-14 10:38 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 10:38 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 10:38 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 10:38 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-14 10:38 . 2013-07-09 05:03    3968960    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-14 10:38 . 2013-07-09 05:03    3913664    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-14 10:38 . 2013-07-09 04:53    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-14 10:38 . 2013-07-06 05:05    1293760    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-14 10:38 . 2013-07-25 08:57    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-14 10:38 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-14 10:38 . 2013-06-15 03:38    31232    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-10 18:35 . 2013-06-05 18:00    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-10 18:35 . 2013-06-05 18:00    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-06 07:28 . 2013-06-07 10:34    7166848    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-02 23:59 . 2013-08-02 23:59    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-08-02 23:59 . 2013-06-05 18:04    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-08-02 23:59 . 2013-06-05 18:04    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-06-21 22:20 . 2013-06-21 22:21    740840    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A93A3874-09EB-49B3-B13C-91AB905ADEDE}\gapaengine.dll
2013-06-18 10:03 . 2013-06-18 10:03    745472    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-18 10:03 . 2013-06-18 10:03    185344    ----a-w-    c:\windows\system32\elshyph.dll
2013-06-18 10:03 . 2013-06-18 10:03    523264    ----a-w-    c:\windows\system32\vbscript.dll
2013-06-18 10:03 . 2013-06-18 10:03    38400    ----a-w-    c:\windows\system32\imgutil.dll
2013-06-18 10:03 . 2013-06-18 10:03    158720    ----a-w-    c:\windows\system32\msls31.dll
2013-06-18 10:03 . 2013-06-18 10:03    150528    ----a-w-    c:\windows\system32\iexpress.exe
2013-06-18 10:03 . 2013-06-18 10:03    138752    ----a-w-    c:\windows\system32\wextract.exe
2013-06-18 10:03 . 2013-06-18 10:03    137216    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-06-18 10:03 . 2013-06-18 10:03    12800    ----a-w-    c:\windows\system32\mshta.exe
2013-06-18 10:03 . 2013-06-18 10:03    73728    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-06-18 10:03 . 2013-06-18 10:03    719360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-06-18 10:03 . 2013-06-18 10:03    61952    ----a-w-    c:\windows\system32\tdc.ocx
2013-06-18 10:03 . 2013-06-18 10:03    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-06-18 10:03 . 2013-06-18 10:03    361984    ----a-w-    c:\windows\system32\html.iec
2013-06-18 10:03 . 2013-06-18 10:03    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-06-18 10:03 . 2013-06-18 10:03    1441280    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-06-18 10:03 . 2013-06-18 10:03    23040    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-18 10:02 . 2013-06-18 10:02    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-18 10:02 . 2013-06-18 10:02    906240    ----a-w-    c:\windows\system32\FntCache.dll
2013-06-18 10:02 . 2013-06-18 10:02    604160    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-06-18 10:02 . 2013-06-18 10:02    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-18 10:02 . 2013-06-18 10:02    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-18 10:02 . 2013-06-18 10:02    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-06-18 10:02 . 2013-06-18 10:02    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-18 10:02 . 2013-06-18 10:02    364544    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-06-18 10:02 . 2013-06-18 10:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-18 10:02 . 2013-06-18 10:02    3419136    ----a-w-    c:\windows\system32\d2d1.dll
2013-06-18 10:02 . 2013-06-18 10:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-18 10:02 . 2013-06-18 10:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-18 10:02 . 2013-06-18 10:02    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-18 10:02 . 2013-06-18 10:02    249856    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-06-18 10:02 . 2013-06-18 10:02    2284544    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-06-18 10:02 . 2013-06-18 10:02    220160    ----a-w-    c:\windows\system32\d3d10core.dll
2013-06-18 10:02 . 2013-06-18 10:02    207872    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-06-18 10:02 . 2013-06-18 10:02    1988096    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-06-18 10:02 . 2013-06-18 10:02    161792    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-06-18 10:02 . 2013-06-18 10:02    1158144    ----a-w-    c:\windows\system32\XpsPrint.dll
2013-06-18 10:02 . 2013-06-18 10:02    1080832    ----a-w-    c:\windows\system32\d3d10.dll
2013-06-18 10:02 . 2013-06-18 10:02    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-18 10:02 . 2013-06-18 10:02    293376    ----a-w-    c:\windows\system32\dxgi.dll
2013-06-18 10:02 . 2013-06-18 10:02    187392    ----a-w-    c:\windows\system32\UIAnimation.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe" [2013-04-18 3377256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-06-07 1343400]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2011-05-05 266408]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 01:25    1177552    ----a-w-    c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-05 18:35]
.
2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-19 18:20]
.
2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-19 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: Download all links by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
IE: Download all videos by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm
IE: Download by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
IE: Download current video by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.60.222 192.168.60.4 207.182.98.2 198.6.100.25 198.6.100.38
FF - ProfilePath - c:\users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com
FF - ExtSQL: 2013-08-19 12:21; {02450914-cdd9-410f-b1da-db004e18c671}; c:\users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi
FF - ExtSQL: 2013-08-21 17:15; support@lastpass.com; c:\users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\extensions\support@lastpass.com
FF - ExtSQL: 2013-08-29 09:47; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; c:\users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF - ExtSQL: 2013-09-03 14:24; {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}; c:\users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - ExtSQL: 2013-09-04 13:15; gg2fs1@hqetwq.edu; c:\users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\extensions\gg2fs1@hqetwq.edu
FF - ExtSQL: 2013-09-04 15:16; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-LiveSupport - c:\program files\LiveSupport\LiveSupport.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-10  12:39:03
ComboFix-quarantined-files.txt  2013-09-10 19:39
.
Pre-Run: 130,070,663,168 bytes free
Post-Run: 130,280,185,856 bytes free
.
- - End Of File - - 180E4AFC3FCB784D4187567E32EFF3BC
A36C5E4F47E84449FF07ED3517B43A31
 



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:29 PM

Posted 10 September 2013 - 02:45 PM

How is your system behaving now?  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 kobe700

kobe700
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 10 September 2013 - 02:58 PM

the popups and hyperlinks are now gone. its seems to be working much better now.



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:29 PM

Posted 10 September 2013 - 03:00 PM

Good to hear!   :)  Let's check and be sure there is nothing else hiding in there....
 
GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.
     
          A3npGzM.jpg
       
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

The log can also be found here:
 
Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
 
Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
 
ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 kobe700

kobe700
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 10 September 2013 - 05:56 PM

C:\AdwCleaner\Quarantine\C\ProgramData\savenshoare\fkOoa.dll.vir    a variant of Win32/Adware.MultiPlug.I application
C:\Qoobox\Quarantine\C\Users\SPRINT\AppData\Roaming\Mozilla\Firefox\Profiles\3fx54uhp.default\extensions\gg2fs1@hqetwq.edu\content\bg.js.vir    Win32/Adware.MultiPlug.H application
 



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.10.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
SPRINT :: SPRINT-PC [administrator]

9/10/2013 3:51:50 PM
mbam-log-2013-09-10 (15-51-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208838
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF12B875-6228-E077-20B0-338EF0AC169D} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\ProgramData\InstallMate\{ADD68216-05CA-47B6-A55D-4DE87635A0E0}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{ADD68216-05CA-47B6-A55D-4DE87635A0E0}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

(end)
 



#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:29 PM

Posted 10 September 2013 - 09:22 PM

Looks good....what was found by ESET is already quarantined so that will be removed soon.

 

How is your system running?  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 kobe700

kobe700
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 11 September 2013 - 10:57 AM

everything seems to be running great!



#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:29 PM

Posted 11 September 2013 - 01:50 PM

Providing there are no other malware related problems...
 
IT APPEARS THAT THE LOGS WE HAVE NOW ARE NOW CLEAN!  GREAT JOB!!  
 
This infection appears to have been cleared, but I can not give you any absolute guarantees.  As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------
 
 The following will implement some cleanup procedures as well as reset System Restore points:
 
Press the Windows key + R and this will open the Run text box.  Copy/paste the following text into the Run box as shown and click OK.
  Combofix /Uninstall
  (Note: There is a space between the ..X and the /U that needs to be there.)
 
jEuYelX.jpg
----------

 

81mYIKe.jpg AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

--------------

 

 
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop. If you did not have Malwarebytes Antimalware before, I would keep it and run it weekly.
----------
 
Here are some tips to reduce the potential for spyware infection in the future:
 
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
NoScript
AdBlock Plus 
 
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free
 
5. Make sure you keep your Windows OS current.  Windows XP users can visit Windows update  regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
 
6. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
 
7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware.
 
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
----------
 

 
 


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:29 PM

Posted 12 September 2013 - 11:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users