Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Storage Conduit Infection


  • Please log in to reply
8 replies to this topic

#1 VonZapper

VonZapper

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 16 October 2013 - 08:36 PM

First off this is a family member's PC so I have no idea what sites they go to but as of last wednesday I installed AVG and MBam, cleaning 5 trojans from it.  Today I found what looks like a redirect of some type called Storage Conduit - found in the C:\users\appdata/locallow/Conduit sub folders.  I read the combofix user guide so I know I shouldn't be using it alone.

 

I have no idea what garbage they have on the PC all I know is that it comes up clean when scanned but detects a lot of problems from these subfolders whenever I go online.

 

Thanks.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:33 PM

Posted 16 October 2013 - 09:08 PM

Hello VonZapper we may not need it.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • [/list]

Edited by boopme, 25 January 2015 - 05:04 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 VonZapper

VonZapper
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 21 October 2013 - 03:38 PM

Ok so I ran all the programs you asked and they didn't show any "problems" except it deleted one Virtual Toolbar.  ESET didn't give me an option for a log so I'm guessing it didn't find a problem.

 

MiniToolBox Results

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by robert (administrator) on 20-10-2013 at 20:21:46
Running from "C:\Users\robert\Desktop\Malware Scan\MiniToolBox"
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : robert-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Linksys

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : Linksys
   Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC
   Physical Address. . . . . . . . . : 00-26-18-3E-CB-DA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::151c:a699:2110:96cd%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.104(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : October-20-13 8:09:47 PM
   Lease Expires . . . . . . . . . . : October-21-13 8:09:46 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 64.71.255.204
                                       64.71.255.198
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.Linksys
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  64.71.255.204

Name:    google.com
Addresses:  2607:f8b0:400b:80a::1001
      66.185.84.24
      66.185.84.50
      66.185.84.39
      66.185.84.59
      66.185.84.34
      66.185.84.30
      66.185.84.40
      66.185.84.44
      66.185.84.29
      66.185.84.49
      66.185.84.55
      66.185.84.54
      66.185.84.45
      66.185.84.35
      66.185.84.20
      66.185.84.25



Pinging google.com [64.71.249.98] with 32 bytes of data:

Reply from 64.71.249.98: bytes=32 time=48ms TTL=58

Reply from 64.71.249.98: bytes=32 time=49ms TTL=58



Ping statistics for 64.71.249.98:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 48ms, Maximum = 49ms, Average = 48ms

Server:  UnKnown
Address:  64.71.255.204

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=102ms TTL=51

Reply from 206.190.36.45: bytes=32 time=92ms TTL=51



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 92ms, Maximum = 102ms, Average = 97ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 10 ...00 26 18 3e cb da ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC
  1 ........................... Software Loopback Interface 1
 16 ...00 00 00 00 00 00 00 e0  isatap.Linksys
 11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.104     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.104    276
    192.168.1.104  255.255.255.255         On-link     192.168.1.104    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.104    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.104    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.104    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    276 fe80::/64                On-link
 10    276 fe80::151c:a699:2110:96cd/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/20/2013 08:11:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 02:09:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 09:13:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 06:45:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 08:40:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 07:17:16 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/19/2013 07:17:16 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/19/2013 07:17:03 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/19/2013 07:17:03 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/19/2013 07:17:02 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (10/20/2013 08:12:50 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: 0x80070032

Error: (10/20/2013 08:11:09 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (10/20/2013 08:11:09 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (10/20/2013 08:11:09 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (10/20/2013 08:09:47 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (10/20/2013 02:09:38 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: 0x80070032

Error: (10/20/2013 02:09:36 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (10/20/2013 02:09:36 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (10/20/2013 02:09:36 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (10/20/2013 02:08:32 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos


Microsoft Office Sessions:
=========================
Error: (10/20/2013 08:11:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 02:09:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 09:13:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 06:45:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 08:40:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 07:17:16 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/19/2013 07:17:16 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/19/2013 07:17:03 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/19/2013 07:17:03 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/19/2013 07:17:02 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


CodeIntegrity Errors:
===================================
  Date: 2013-10-18 19:38:27.266
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SET4C25.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-18 19:38:27.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SET4C25.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-18 19:38:27.015
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SET4C25.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-18 19:38:26.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SET4C25.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-18 19:38:26.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SET488B.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-18 19:38:26.166
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SET488B.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-18 19:38:26.055
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SET488B.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-18 19:38:25.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SET488B.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-18 19:38:15.331
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG2014\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-18 19:38:14.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG2014\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Apple Mobile Device Support (Version: 5.1.1.4)
AVG 2014 (Version: 14.0.3614)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
Bonjour (Version: 3.0.0.10)
Canon MX420 series MP Drivers
Hardware Diagnostic Tools (Version: 5.1.5144.16)
HP MediaSmart SmartMenu (Version: 2.1.12)
HP Remote Software (Version: 1.0.5.0)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 10.6.1.7)
McAfee Security Scan Plus (Version: 3.8.130.8)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Home and Student 60 day trial
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Symantec Endpoint Protection (Version: 11.0.5002.333)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 8181.33 MB
Available physical RAM: 6017.18 MB
Total Pagefile: 16413.7 MB
Available Pagefile: 14320.68 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.6 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:582.19 GB) (Free:467.9 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.98 GB) (Free:1.98 GB) NTFS
3 Drive e: (SetupWizard) (CDROM) (Total:0.19 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\ROBERT-PC

Administrator            Guest                    robert                   
Sarah                    


**** End of log ****
 

 

 

 

 

Task Killer Results

 

20:29:45.0829 5292  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
20:29:47.0611 5292  ============================================================
20:29:47.0611 5292  Current date / time: 2013/10/20 20:29:47.0611
20:29:47.0611 5292  SystemInfo:
20:29:47.0611 5292  
20:29:47.0611 5292  OS Version: 6.0.6001 ServicePack: 1.0
20:29:47.0611 5292  Product type: Workstation
20:29:47.0611 5292  ComputerName: ROBERT-PC
20:29:47.0615 5292  UserName: robert
20:29:47.0615 5292  Windows directory: C:\Windows
20:29:47.0615 5292  System windows directory: C:\Windows
20:29:47.0615 5292  Running under WOW64
20:29:47.0615 5292  Processor architecture: Intel x64
20:29:47.0615 5292  Number of processors: 2
20:29:47.0615 5292  Page size: 0x1000
20:29:47.0615 5292  Boot type: Normal boot
20:29:47.0616 5292  ============================================================
20:29:48.0392 5292  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:29:48.0414 5292  ============================================================
20:29:48.0414 5292  \Device\Harddisk0\DR0:
20:29:48.0414 5292  MBR partitions:
20:29:48.0414 5292  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48C610A1
20:29:48.0414 5292  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48C610E0, BlocksNum 0x1BF5DE1
20:29:48.0414 5292  ============================================================
20:29:48.0431 5292  C: <-> \Device\Harddisk0\DR0\Partition1
20:29:48.0489 5292  D: <-> \Device\Harddisk0\DR0\Partition2
20:29:48.0489 5292  ============================================================
20:29:48.0489 5292  Initialize success
20:29:48.0489 5292  ============================================================
20:29:53.0968 5656  ============================================================
20:29:53.0968 5656  Scan started
20:29:53.0968 5656  Mode: Manual;
20:29:53.0968 5656  ============================================================
20:29:54.0398 5656  ================ Scan system memory ========================
20:29:54.0398 5656  System memory - ok
20:29:54.0399 5656  ================ Scan services =============================
20:29:54.0538 5656  [ 375243251C24028DA6C9761645B43F21 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:29:54.0541 5656  ACPI - ok
20:29:54.0666 5656  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:29:54.0668 5656  AdobeARMservice - ok
20:29:54.0706 5656  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:29:54.0740 5656  adp94xx - ok
20:29:54.0775 5656  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:29:54.0811 5656  adpahci - ok
20:29:54.0831 5656  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:29:54.0849 5656  adpu160m - ok
20:29:54.0889 5656  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:29:54.0911 5656  adpu320 - ok
20:29:54.0972 5656  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:29:54.0973 5656  AeLookupSvc - ok
20:29:55.0007 5656  [ 9BB97042FA331A0FB4BDD98B9280A50A ] AFD             C:\Windows\system32\drivers\afd.sys
20:29:55.0024 5656  AFD - ok
20:29:55.0055 5656  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:29:55.0070 5656  agp440 - ok
20:29:55.0116 5656  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:29:55.0133 5656  aic78xx - ok
20:29:55.0161 5656  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
20:29:55.0163 5656  ALG - ok
20:29:55.0197 5656  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:29:55.0211 5656  aliide - ok
20:29:55.0239 5656  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
20:29:55.0253 5656  amdide - ok
20:29:55.0271 5656  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:29:55.0301 5656  AmdK8 - ok
20:29:55.0336 5656  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
20:29:55.0338 5656  Appinfo - ok
20:29:55.0412 5656  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:29:55.0415 5656  Apple Mobile Device - ok
20:29:55.0440 5656  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
20:29:55.0456 5656  arc - ok
20:29:55.0508 5656  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:29:55.0525 5656  arcsas - ok
20:29:55.0579 5656  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:29:55.0603 5656  AsyncMac - ok
20:29:55.0628 5656  [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi           C:\Windows\system32\drivers\atapi.sys
20:29:55.0643 5656  atapi - ok
20:29:55.0671 5656  [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:29:55.0676 5656  AudioEndpointBuilder - ok
20:29:55.0696 5656  [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:29:55.0701 5656  AudioSrv - ok
20:29:55.0754 5656  [ 0D75C5C4EBF3D8197448189A2F153116 ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys
20:29:55.0756 5656  Avgdiska - ok
20:29:55.0978 5656  [ 332AEB8F6F9595C8886A7AA7A62322DC ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
20:29:56.0012 5656  AVGIDSAgent - ok
20:29:56.0047 5656  [ 06963A6DE8B1C8F15A8E1053AE9505A4 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:29:56.0051 5656  AVGIDSDriver - ok
20:29:56.0099 5656  [ E4F5607D1437FFDEE33CADA40D256D4F ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
20:29:56.0102 5656  AVGIDSHA - ok
20:29:56.0136 5656  [ B010FF7C984FFFFFF019F2CF162F1DE8 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
20:29:56.0139 5656  Avgldx64 - ok
20:29:56.0190 5656  [ F05BF4010D3F0E8C2D8CBFE45D7CFCE1 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
20:29:56.0194 5656  Avgloga - ok
20:29:56.0261 5656  [ 4B459C2FCF22ECE548766B2FCF46F62C ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
20:29:56.0263 5656  Avgmfx64 - ok
20:29:56.0284 5656  [ 66D00CC6F7D148980071F55F9056D450 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
20:29:56.0286 5656  Avgrkx64 - ok
20:29:56.0306 5656  [ 4E364FABBD147F59E5D524C9EA86D772 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
20:29:56.0309 5656  Avgtdia - ok
20:29:56.0362 5656  [ A1F53D2A00E64679A1D81B61D2333D06 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
20:29:56.0364 5656  avgtp - ok
20:29:56.0409 5656  [ 07646F5F37F18F1F978CE3B0378EF1C9 ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
20:29:56.0413 5656  avgwd - ok
20:29:56.0495 5656  [ D896A0D43F8AB81ECB1FC6C24DECFD58 ] BITS            C:\Windows\System32\qmgr.dll
20:29:56.0507 5656  BITS - ok
20:29:56.0535 5656  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:29:56.0557 5656  blbdrive - ok
20:29:56.0641 5656  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:29:56.0646 5656  Bonjour Service - ok
20:29:56.0712 5656  [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:29:56.0714 5656  bowser - ok
20:29:56.0741 5656  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:29:56.0763 5656  BrFiltLo - ok
20:29:56.0795 5656  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:29:56.0824 5656  BrFiltUp - ok
20:29:56.0850 5656  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
20:29:56.0852 5656  Browser - ok
20:29:56.0873 5656  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:29:56.0894 5656  Brserid - ok
20:29:56.0912 5656  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:29:56.0931 5656  BrSerWdm - ok
20:29:56.0959 5656  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:29:56.0978 5656  BrUsbMdm - ok
20:29:56.0997 5656  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:29:57.0016 5656  BrUsbSer - ok
20:29:57.0036 5656  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:29:57.0055 5656  BTHMODEM - ok
20:29:57.0123 5656  [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
20:29:57.0125 5656  ccEvtMgr - ok
20:29:57.0130 5656  [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
20:29:57.0132 5656  ccSetMgr - ok
20:29:57.0156 5656  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:29:57.0158 5656  cdfs - ok
20:29:57.0168 5656  [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:29:57.0170 5656  cdrom - ok
20:29:57.0196 5656  [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:29:57.0198 5656  CertPropSvc - ok
20:29:57.0220 5656  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:29:57.0248 5656  circlass - ok
20:29:57.0277 5656  [ 319E4E9A68303F60CBC813EF19F3CF84 ] CLFS            C:\Windows\system32\CLFS.sys
20:29:57.0281 5656  CLFS - ok
20:29:57.0350 5656  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:29:57.0404 5656  clr_optimization_v2.0.50727_32 - ok
20:29:57.0447 5656  [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:29:57.0463 5656  clr_optimization_v2.0.50727_64 - ok
20:29:57.0550 5656  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:29:57.0553 5656  clr_optimization_v4.0.30319_32 - ok
20:29:57.0576 5656  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:29:57.0579 5656  clr_optimization_v4.0.30319_64 - ok
20:29:57.0594 5656  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:29:57.0608 5656  cmdide - ok
20:29:57.0632 5656  [ E2A019A8CEF1B9184F72BF8FA74AD20C ] COH_Mon         C:\Windows\system32\Drivers\COH_Mon.sys
20:29:57.0633 5656  COH_Mon - ok
20:29:57.0652 5656  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:29:57.0666 5656  Compbatt - ok
20:29:57.0672 5656  COMSysApp - ok
20:29:57.0703 5656  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:29:57.0705 5656  crcdisk - ok
20:29:57.0737 5656  [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:29:57.0740 5656  CryptSvc - ok
20:29:57.0781 5656  [ 52CDADE8289FF21F1F2215FF51A5F36C ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:29:57.0790 5656  DcomLaunch - ok
20:29:57.0808 5656  [ 3725C43C9E90731ECA651D506CC599A3 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:29:57.0810 5656  DfsC - ok
20:29:57.0923 5656  [ 1781F99840979EE7B126C9073C377FD0 ] DFSR            C:\Windows\system32\DFSR.exe
20:29:58.0037 5656  DFSR - ok
20:29:58.0093 5656  [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:29:58.0097 5656  Dhcp - ok
20:29:58.0122 5656  [ 2DC415FC05FB8A079F896CBBACB19324 ] disk            C:\Windows\system32\drivers\disk.sys
20:29:58.0124 5656  disk - ok
20:29:58.0179 5656  [ DAF05293C1264E251D3A25E7E24B2DDF ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:29:58.0181 5656  Dnscache - ok
20:29:58.0192 5656  [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:29:58.0196 5656  dot3svc - ok
20:29:58.0228 5656  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
20:29:58.0232 5656  DPS - ok
20:29:58.0269 5656  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:29:58.0297 5656  drmkaud - ok
20:29:58.0338 5656  [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:29:58.0347 5656  DXGKrnl - ok
20:29:58.0391 5656  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
20:29:58.0436 5656  E1G60 - ok
20:29:58.0462 5656  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
20:29:58.0465 5656  EapHost - ok
20:29:58.0488 5656  [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:29:58.0491 5656  Ecache - ok
20:29:58.0545 5656  [ A2DA3D8E0B336E13F7A155B5789B58CF ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:29:58.0550 5656  eeCtrl - ok
20:29:58.0607 5656  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:29:58.0611 5656  ehRecvr - ok
20:29:58.0632 5656  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
20:29:58.0634 5656  ehSched - ok
20:29:58.0659 5656  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
20:29:58.0660 5656  ehstart - ok
20:29:58.0702 5656  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:29:58.0733 5656  elxstor - ok
20:29:58.0773 5656  [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:29:58.0778 5656  EMDMgmt - ok
20:29:58.0816 5656  [ 23C3061D2F7F8BCB6140A098447035B4 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:29:58.0818 5656  EraserUtilRebootDrv - ok
20:29:58.0832 5656  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:29:58.0845 5656  ErrDev - ok
20:29:58.0913 5656  [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem     C:\Windows\system32\es.dll
20:29:58.0917 5656  EventSystem - ok
20:29:58.0952 5656  [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:29:58.0988 5656  exfat - ok
20:29:59.0027 5656  [ FE731D345ED9EEABBC72A59B35941834 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:29:59.0056 5656  fastfat - ok
20:29:59.0079 5656  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:29:59.0106 5656  fdc - ok
20:29:59.0129 5656  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
20:29:59.0131 5656  fdPHost - ok
20:29:59.0146 5656  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
20:29:59.0149 5656  FDResPub - ok
20:29:59.0159 5656  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:29:59.0160 5656  FileInfo - ok
20:29:59.0177 5656  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:29:59.0207 5656  Filetrace - ok
20:29:59.0215 5656  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:29:59.0238 5656  flpydisk - ok
20:29:59.0252 5656  [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:29:59.0254 5656  FltMgr - ok
20:29:59.0304 5656  [ 73D0F1D32EDAE3DCC4E84468BF910ADD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:29:59.0305 5656  FontCache3.0.0.0 - ok
20:29:59.0318 5656  [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:29:59.0319 5656  Fs_Rec - ok
20:29:59.0346 5656  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:29:59.0358 5656  gagp30kx - ok
20:29:59.0414 5656  [ DB3D8979064CE299927CC1DA57E9A659 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:29:59.0440 5656  GameConsoleService - ok
20:29:59.0493 5656  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:29:59.0495 5656  GEARAspiWDM - ok
20:29:59.0516 5656  [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc           C:\Windows\System32\gpsvc.dll
20:29:59.0523 5656  gpsvc - ok
20:29:59.0650 5656  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:29:59.0653 5656  gupdate - ok
20:29:59.0675 5656  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:29:59.0677 5656  gupdatem - ok
20:29:59.0744 5656  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:29:59.0779 5656  gusvc - ok
20:29:59.0792 5656  [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:29:59.0794 5656  HDAudBus - ok
20:29:59.0816 5656  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:29:59.0843 5656  HidBth - ok
20:29:59.0866 5656  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:29:59.0889 5656  HidIr - ok
20:29:59.0912 5656  [ 0AA154538544E988429DA2D5AA803A6C ] hidserv         C:\Windows\system32\hidserv.dll
20:29:59.0914 5656  hidserv - ok
20:29:59.0933 5656  [ 128E2DA8483FDD4DD0C7B3F9ABD6F323 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:29:59.0935 5656  HidUsb - ok
20:29:59.0951 5656  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:29:59.0953 5656  hkmsvc - ok
20:29:59.0986 5656  [ AA9EF0B395097F24D289F64445B2FD2E ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:29:59.0988 5656  HP Health Check Service - ok
20:30:00.0025 5656  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:30:00.0041 5656  HpCISSs - ok
20:30:00.0082 5656  [ E690736DA6C543F5D99C8FA27BEA31DB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:30:00.0088 5656  HTTP - ok
20:30:00.0110 5656  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:30:00.0125 5656  i2omp - ok
20:30:00.0148 5656  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:30:00.0150 5656  i8042prt - ok
20:30:00.0217 5656  [ F79525634B192F5A18DE503568F94EF3 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:30:00.0221 5656  IAANTMON - ok
20:30:00.0260 5656  [ 8EACF469269FB1509561961A3188F670 ] iaStor          C:\Windows\system32\drivers\iastor.sys
20:30:00.0264 5656  iaStor - ok
20:30:00.0296 5656  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:30:00.0329 5656  iaStorV - ok
20:30:00.0406 5656  [ 76EA63CDB2D88DAE7209691D089BEF1D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:30:00.0460 5656  idsvc - ok
20:30:00.0677 5656  [ A124C87CD0B39C9E510E138534468383 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:30:00.0859 5656  igfx - ok
20:30:00.0878 5656  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:30:00.0893 5656  iirsp - ok
20:30:00.0938 5656  [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:30:00.0944 5656  IKEEXT - ok
20:30:01.0006 5656  [ 1EDAB7F9B9DE4424BECCDEF950CE2FF0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:30:01.0022 5656  IntcAzAudAddService - ok
20:30:01.0048 5656  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
20:30:01.0062 5656  intelide - ok
20:30:01.0080 5656  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:30:01.0081 5656  intelppm - ok
20:30:01.0097 5656  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:30:01.0100 5656  IPBusEnum - ok
20:30:01.0126 5656  [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:30:01.0152 5656  IpFilterDriver - ok
20:30:01.0158 5656  IpInIp - ok
20:30:01.0186 5656  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:30:01.0211 5656  IPMIDRV - ok
20:30:01.0233 5656  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:30:01.0262 5656  IPNAT - ok
20:30:01.0304 5656  [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:30:01.0313 5656  iPod Service - ok
20:30:01.0328 5656  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:30:01.0351 5656  IRENUM - ok
20:30:01.0386 5656  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:30:01.0399 5656  isapnp - ok
20:30:01.0433 5656  [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:30:01.0436 5656  iScsiPrt - ok
20:30:01.0454 5656  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:30:01.0469 5656  iteatapi - ok
20:30:01.0497 5656  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:30:01.0512 5656  iteraid - ok
20:30:01.0532 5656  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:30:01.0546 5656  kbdclass - ok
20:30:01.0559 5656  [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:30:01.0560 5656  kbdhid - ok
20:30:01.0587 5656  [ 80F4593E92FF960E4763380D3168E498 ] KeyIso          C:\Windows\system32\lsass.exe
20:30:01.0589 5656  KeyIso - ok
20:30:01.0611 5656  [ CCDCCE6224E1E207E953AF826B98A9D9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:30:01.0617 5656  KSecDD - ok
20:30:01.0624 5656  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:30:01.0625 5656  ksthunk - ok
20:30:01.0664 5656  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:30:01.0669 5656  KtmRm - ok
20:30:01.0734 5656  [ 3F27C9CDAE606D74431E3AB39571A7F3 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:30:01.0738 5656  LanmanServer - ok
20:30:01.0772 5656  [ 6E25FFC6FEAD6544C6E9F1D23329570C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:30:01.0777 5656  LanmanWorkstation - ok
20:30:01.0809 5656  [ DFEFF67508D3A9AEB1A85D7B0F513B24 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:30:01.0811 5656  LightScribeService - ok
20:30:01.0909 5656  [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate      C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
20:30:02.0048 5656  LiveUpdate - ok
20:30:02.0065 5656  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:30:02.0067 5656  lltdio - ok
20:30:02.0105 5656  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:30:02.0141 5656  lltdsvc - ok
20:30:02.0165 5656  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:30:02.0167 5656  lmhosts - ok
20:30:02.0201 5656  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:30:02.0217 5656  LSI_FC - ok
20:30:02.0235 5656  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:30:02.0252 5656  LSI_SAS - ok
20:30:02.0271 5656  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:30:02.0289 5656  LSI_SCSI - ok
20:30:02.0317 5656  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:30:02.0319 5656  luafv - ok
20:30:02.0448 5656  [ 968BFF74AEB683C962960ECE0CAE4135 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
20:30:02.0477 5656  McComponentHostService - ok
20:30:02.0513 5656  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:30:02.0535 5656  Mcx2Svc - ok
20:30:02.0551 5656  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
20:30:02.0566 5656  megasas - ok
20:30:02.0598 5656  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
20:30:02.0631 5656  MegaSR - ok
20:30:02.0667 5656  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
20:30:02.0670 5656  MMCSS - ok
20:30:02.0686 5656  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
20:30:02.0713 5656  Modem - ok
20:30:02.0746 5656  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:30:02.0747 5656  monitor - ok
20:30:02.0762 5656  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:30:02.0764 5656  mouclass - ok
20:30:02.0778 5656  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:30:02.0790 5656  mouhid - ok
20:30:02.0798 5656  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:30:02.0799 5656  MountMgr - ok
20:30:02.0888 5656  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:30:02.0919 5656  MozillaMaintenance - ok
20:30:02.0968 5656  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:30:02.0996 5656  mpio - ok
20:30:03.0034 5656  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:30:03.0060 5656  mpsdrv - ok
20:30:03.0073 5656  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:30:03.0088 5656  Mraid35x - ok
20:30:03.0098 5656  [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:30:03.0100 5656  MRxDAV - ok
20:30:03.0127 5656  [ B698EB9ACC7ECD4927D99D268918F912 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:30:03.0129 5656  mrxsmb - ok
20:30:03.0186 5656  [ 9A797E27FD28500EE13D43000C931435 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:30:03.0189 5656  mrxsmb10 - ok
20:30:03.0198 5656  [ F9425D610712533107A264E2D5B2154B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:30:03.0199 5656  mrxsmb20 - ok
20:30:03.0221 5656  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
20:30:03.0232 5656  msahci - ok
20:30:03.0258 5656  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:30:03.0271 5656  msdsm - ok
20:30:03.0300 5656  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
20:30:03.0320 5656  MSDTC - ok
20:30:03.0345 5656  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:30:03.0346 5656  Msfs - ok
20:30:03.0374 5656  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:30:03.0375 5656  msisadrv - ok
20:30:03.0413 5656  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:30:03.0441 5656  MSiSCSI - ok
20:30:03.0446 5656  msiserver - ok
20:30:03.0481 5656  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:30:03.0498 5656  MSKSSRV - ok
20:30:03.0514 5656  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:30:03.0532 5656  MSPCLOCK - ok
20:30:03.0557 5656  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:30:03.0575 5656  MSPQM - ok
20:30:03.0597 5656  [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:30:03.0600 5656  MsRPC - ok
20:30:03.0612 5656  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:30:03.0613 5656  mssmbios - ok
20:30:03.0638 5656  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:30:03.0657 5656  MSTEE - ok
20:30:03.0663 5656  [ DDF133501F68D6988A0F55DFA88637B4 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:30:03.0665 5656  Mup - ok
20:30:03.0695 5656  [ C25022CDD18980846973B598900915F8 ] napagent        C:\Windows\system32\qagentRT.dll
20:30:03.0700 5656  napagent - ok
20:30:03.0733 5656  [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:30:03.0748 5656  NativeWifiP - ok
20:30:03.0867 5656  [ 702E07EC32F96ACDB873E9A5465D4401 ] NAVENG          C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131019.005\ENG64.SYS
20:30:03.0869 5656  NAVENG - ok
20:30:03.0938 5656  [ 302EA314A1AF0D7CEF0A3D0195F79561 ] NAVEX15         C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131019.005\EX64.SYS
20:30:03.0957 5656  NAVEX15 - ok
20:30:03.0994 5656  [ 2A2EE457AF36C5C9A6808C768BD3A12B ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:30:04.0002 5656  NDIS - ok
20:30:04.0017 5656  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:30:04.0039 5656  NdisTapi - ok
20:30:04.0061 5656  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:30:04.0084 5656  Ndisuio - ok
20:30:04.0101 5656  [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:30:04.0105 5656  NdisWan - ok
20:30:04.0125 5656  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:30:04.0127 5656  NDProxy - ok
20:30:04.0141 5656  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:30:04.0142 5656  NetBIOS - ok
20:30:04.0159 5656  [ 7A29CA243A629230799754162D80120F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:30:04.0163 5656  netbt - ok
20:30:04.0178 5656  [ 80F4593E92FF960E4763380D3168E498 ] Netlogon        C:\Windows\system32\lsass.exe
20:30:04.0180 5656  Netlogon - ok
20:30:04.0210 5656  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
20:30:04.0215 5656  Netman - ok
20:30:04.0227 5656  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
20:30:04.0231 5656  netprofm - ok
20:30:04.0269 5656  [ B84613B469B98E09F50A748C1D02E132 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:30:04.0282 5656  NetTcpPortSharing - ok
20:30:04.0317 5656  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:30:04.0328 5656  nfrd960 - ok
20:30:04.0347 5656  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:30:04.0351 5656  NlaSvc - ok
20:30:04.0356 5656  [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:30:04.0358 5656  Npfs - ok
20:30:04.0367 5656  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
20:30:04.0369 5656  nsi - ok
20:30:04.0376 5656  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:30:04.0378 5656  nsiproxy - ok
20:30:04.0419 5656  [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:30:04.0431 5656  Ntfs - ok
20:30:04.0440 5656  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
20:30:04.0441 5656  Null - ok
20:30:04.0469 5656  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:30:04.0484 5656  nvraid - ok
20:30:04.0505 5656  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:30:04.0518 5656  nvstor - ok
20:30:04.0543 5656  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:30:04.0560 5656  nv_agp - ok
20:30:04.0566 5656  NwlnkFlt - ok
20:30:04.0574 5656  NwlnkFwd - ok
20:30:04.0611 5656  [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:30:04.0612 5656  ohci1394 - ok
20:30:04.0640 5656  [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:30:04.0652 5656  p2pimsvc - ok
20:30:04.0690 5656  [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc          C:\Windows\system32\p2psvc.dll
20:30:04.0700 5656  p2psvc - ok
20:30:04.0725 5656  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
20:30:04.0751 5656  Parport - ok
20:30:04.0774 5656  [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:30:04.0775 5656  partmgr - ok
20:30:04.0889 5656  [ 51209FBDB13A46E05C1B0077A9310264 ] PCDSRVC{F36B3A4C-F95654BD-06000000}_0 c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
20:30:04.0920 5656  PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
20:30:04.0967 5656  [ 2A5B2A51559066EA84742909B5B2CD69 ] pci             C:\Windows\system32\drivers\pci.sys
20:30:04.0969 5656  pci - ok
20:30:04.0996 5656  [ 8D618C829034479985A9ED56106CC732 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:30:05.0012 5656  pciide - ok
20:30:05.0039 5656  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:30:05.0058 5656  pcmcia - ok
20:30:05.0092 5656  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:30:05.0100 5656  PEAUTH - ok
20:30:05.0172 5656  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:30:05.0173 5656  PerfHost - ok
20:30:05.0236 5656  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
20:30:05.0248 5656  pla - ok
20:30:05.0271 5656  [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:30:05.0276 5656  PlugPlay - ok
20:30:05.0313 5656  [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:30:05.0320 5656  PNRPAutoReg - ok
20:30:05.0338 5656  [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:30:05.0344 5656  PNRPsvc - ok
20:30:05.0357 5656  [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:30:05.0370 5656  PptpMiniport - ok
20:30:05.0410 5656  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
20:30:05.0430 5656  Processor - ok
20:30:05.0457 5656  [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:30:05.0459 5656  ProfSvc - ok
20:30:05.0486 5656  [ 80F4593E92FF960E4763380D3168E498 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:30:05.0488 5656  ProtectedStorage - ok
20:30:05.0512 5656  [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:30:05.0514 5656  PSched - ok
20:30:05.0558 5656  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:30:05.0626 5656  ql2300 - ok
20:30:05.0658 5656  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:30:05.0668 5656  ql40xx - ok
20:30:05.0687 5656  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
20:30:05.0690 5656  QWAVE - ok
20:30:05.0704 5656  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:30:05.0705 5656  QWAVEdrv - ok
20:30:05.0761 5656  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:30:05.0762 5656  RasAcd - ok
20:30:05.0788 5656  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
20:30:05.0790 5656  RasAuto - ok
20:30:05.0801 5656  [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:30:05.0810 5656  Rasl2tp - ok
20:30:05.0824 5656  [ 2A63D46B01685FD4BE9778CA3C231C2D ] RasMan          C:\Windows\System32\rasmans.dll
20:30:05.0827 5656  RasMan - ok
20:30:05.0870 5656  [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:30:05.0879 5656  RasPppoe - ok
20:30:05.0892 5656  [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:30:05.0902 5656  RasSstp - ok
20:30:05.0915 5656  [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:30:05.0919 5656  rdbss - ok
20:30:05.0932 5656  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:30:05.0933 5656  RDPCDD - ok
20:30:05.0964 5656  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:30:05.0996 5656  rdpdr - ok
20:30:06.0000 5656  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:30:06.0001 5656  RDPENCDD - ok
20:30:06.0038 5656  [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:30:06.0061 5656  RDPWD - ok
20:30:06.0074 5656  [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:30:06.0077 5656  RemoteRegistry - ok
20:30:06.0100 5656  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
20:30:06.0102 5656  RpcLocator - ok
20:30:06.0195 5656  [ 52CDADE8289FF21F1F2215FF51A5F36C ] RpcSs           C:\Windows\system32\rpcss.dll
20:30:06.0201 5656  RpcSs - ok
20:30:06.0214 5656  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:30:06.0215 5656  rspndr - ok
20:30:06.0295 5656  [ D53C84EC99AB4D78A90001E5CE5386EC ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
20:30:06.0298 5656  RTL8169 - ok
20:30:06.0311 5656  [ 80F4593E92FF960E4763380D3168E498 ] SamSs           C:\Windows\system32\lsass.exe
20:30:06.0313 5656  SamSs - ok
20:30:06.0341 5656  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:30:06.0352 5656  sbp2port - ok
20:30:06.0378 5656  [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:30:06.0380 5656  SCardSvr - ok
20:30:06.0473 5656  [ CE75D26E0A1106129F4D156851E298ED ] Schedule        C:\Windows\system32\schedsvc.dll
20:30:06.0483 5656  Schedule - ok
20:30:06.0503 5656  [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:30:06.0504 5656  SCPolicySvc - ok
20:30:06.0516 5656  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:30:06.0518 5656  SDRSVC - ok
20:30:06.0532 5656  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:30:06.0533 5656  secdrv - ok
20:30:06.0546 5656  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
20:30:06.0549 5656  seclogon - ok
20:30:06.0564 5656  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
20:30:06.0567 5656  SENS - ok
20:30:06.0585 5656  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:30:06.0604 5656  Serenum - ok
20:30:06.0633 5656  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
20:30:06.0652 5656  Serial - ok
20:30:06.0688 5656  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:30:06.0704 5656  sermouse - ok
20:30:06.0743 5656  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:30:06.0745 5656  SessionEnv - ok
20:30:06.0763 5656  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:30:06.0778 5656  sffdisk - ok
20:30:06.0795 5656  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:30:06.0813 5656  sffp_mmc - ok
20:30:06.0821 5656  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:30:06.0839 5656  sffp_sd - ok
20:30:06.0878 5656  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:30:06.0892 5656  sfloppy - ok
20:30:06.0945 5656  [ 9235EC680D3DB17464B39C7C7DECB4DD ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:30:06.0948 5656  ShellHWDetection - ok
20:30:06.0962 5656  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:30:06.0971 5656  SiSRaid2 - ok
20:30:06.0992 5656  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:30:07.0001 5656  SiSRaid4 - ok
20:30:07.0056 5656  [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc           C:\Windows\system32\SLsvc.exe
20:30:07.0069 5656  slsvc - ok
20:30:07.0082 5656  [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:30:07.0084 5656  SLUINotify - ok
20:30:07.0096 5656  [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:30:07.0098 5656  Smb - ok
20:30:07.0212 5656  [ AD97B711074CF27DA0C00F2C26E1A62C ] SmcService      C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
20:30:07.0229 5656  SmcService - ok
20:30:07.0266 5656  [ 91BD8E268D93AAF5F59AAC9DE84A25BB ] SNAC            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
20:30:07.0292 5656  SNAC - ok
20:30:07.0307 5656  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:30:07.0309 5656  SNMPTRAP - ok
20:30:07.0315 5656  [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:30:07.0316 5656  spldr - ok
20:30:07.0360 5656  [ 92E6738D25C2123BE9515C0EAC0776CD ] Spooler         C:\Windows\System32\spoolsv.exe
20:30:07.0364 5656  Spooler - ok
20:30:07.0376 5656  [ 32900AC9CFDC578531279886CA16A4DF ] SRTSP           C:\Windows\system32\Drivers\SRTSP64.SYS
20:30:07.0389 5656  SRTSP - ok
20:30:07.0412 5656  [ 8929566D1F14685FD78EAF25BEE3ECC7 ] SRTSPL          C:\Windows\system32\Drivers\SRTSPL64.SYS
20:30:07.0441 5656  SRTSPL - ok
20:30:07.0457 5656  [ CB2FDF47EE67F8CCA5362ED9B94FE955 ] SRTSPX          C:\Windows\system32\Drivers\SRTSPX64.SYS
20:30:07.0459 5656  SRTSPX - ok
20:30:07.0509 5656  [ A8ABD7D0D907B45CF3831F4DD8644349 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:30:07.0513 5656  srv - ok
20:30:07.0536 5656  [ 6C72EEA39E1C37B436A6D1532999F9EC ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:30:07.0537 5656  srv2 - ok
20:30:07.0554 5656  [ 7F69BCF9E6FA3D93C82EE6B87812666D ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:30:07.0556 5656  srvnet - ok
20:30:07.0569 5656  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:30:07.0573 5656  SSDPSRV - ok
20:30:07.0595 5656  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:30:07.0598 5656  SstpSvc - ok
20:30:07.0629 5656  [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc          C:\Windows\System32\wiaservc.dll
20:30:07.0637 5656  stisvc - ok
20:30:07.0656 5656  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:30:07.0657 5656  swenum - ok
20:30:07.0678 5656  [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv           C:\Windows\System32\swprv.dll
20:30:07.0683 5656  swprv - ok
20:30:07.0738 5656  [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
20:30:07.0756 5656  Symantec AntiVirus - ok
20:30:07.0777 5656  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:30:07.0789 5656  Symc8xx - ok
20:30:07.0810 5656  [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:30:07.0821 5656  SymEvent - ok
20:30:07.0851 5656  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:30:07.0862 5656  Sym_hi - ok
20:30:07.0875 5656  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:30:07.0887 5656  Sym_u3 - ok
20:30:07.0918 5656  [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain         C:\Windows\system32\sysmain.dll
20:30:07.0925 5656  SysMain - ok
20:30:07.0934 5656  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:30:07.0936 5656  TabletInputService - ok
20:30:07.0953 5656  [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:30:07.0957 5656  TapiSrv - ok
20:30:07.0968 5656  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
20:30:07.0970 5656  TBS - ok
20:30:08.0035 5656  [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:30:08.0046 5656  Tcpip - ok
20:30:08.0078 5656  [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:30:08.0088 5656  Tcpip6 - ok
20:30:08.0104 5656  [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:30:08.0105 5656  tcpipreg - ok
20:30:08.0125 5656  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:30:08.0144 5656  TDPIPE - ok
20:30:08.0169 5656  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:30:08.0187 5656  TDTCP - ok
20:30:08.0217 5656  [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:30:08.0219 5656  tdx - ok
20:30:08.0237 5656  [ 13657DC475DE564247745BF4DA23207C ] Teefer2         C:\Windows\system32\DRIVERS\teefer2.sys
20:30:08.0238 5656  Teefer2 - ok
20:30:08.0251 5656  [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:30:08.0252 5656  TermDD - ok
20:30:08.0265 5656  [ F870A5589D6A94B426EFB13689023946 ] TermService     C:\Windows\System32\termsrv.dll
20:30:08.0271 5656  TermService - ok
20:30:08.0287 5656  [ 9235EC680D3DB17464B39C7C7DECB4DD ] Themes          C:\Windows\system32\shsvcs.dll
20:30:08.0291 5656  Themes - ok
20:30:08.0317 5656  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:30:08.0319 5656  THREADORDER - ok
20:30:08.0329 5656  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
20:30:08.0332 5656  TrkWks - ok
20:30:08.0372 5656  [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:30:08.0373 5656  TrustedInstaller - ok
20:30:08.0392 5656  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:30:08.0412 5656  tssecsrv - ok
20:30:08.0440 5656  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
20:30:08.0451 5656  tunmp - ok
20:30:08.0494 5656  [ 2DC2C423572946E9A3131425BDA73CB6 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:30:08.0509 5656  tunnel - ok
20:30:08.0533 5656  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:30:08.0546 5656  uagp35 - ok
20:30:08.0598 5656  [ 655156D84EC37559EE230B888A4F23C5 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:30:08.0617 5656  udfs - ok
20:30:08.0655 5656  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:30:08.0658 5656  UI0Detect - ok
20:30:08.0679 5656  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:30:08.0692 5656  uliagpkx - ok
20:30:08.0725 5656  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:30:08.0750 5656  uliahci - ok
20:30:08.0767 5656  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:30:08.0779 5656  UlSata - ok
20:30:08.0804 5656  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:30:08.0816 5656  ulsata2 - ok
20:30:08.0854 5656  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:30:08.0861 5656  umbus - ok
20:30:08.0881 5656  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
20:30:08.0884 5656  upnphost - ok
20:30:08.0947 5656  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:30:08.0956 5656  USBAAPL64 - ok
20:30:09.0009 5656  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:30:09.0016 5656  usbccgp - ok
20:30:09.0091 5656  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:30:09.0110 5656  usbcir - ok
20:30:09.0132 5656  [ DA6D8D8ED0A53C63AC6F4BD40FE83FBE ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:30:09.0134 5656  usbehci - ok
20:30:09.0146 5656  [ 99045369AE3216216573D0775FD7ED56 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:30:09.0151 5656  usbhub - ok
20:30:09.0167 5656  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:30:09.0181 5656  usbohci - ok
20:30:09.0199 5656  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:30:09.0207 5656  usbprint - ok
20:30:09.0244 5656  [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:30:09.0261 5656  usbscan - ok
20:30:09.0295 5656  [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:30:09.0304 5656  USBSTOR - ok
20:30:09.0311 5656  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:30:09.0320 5656  usbuhci - ok
20:30:09.0335 5656  [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms           C:\Windows\System32\uxsms.dll
20:30:09.0337 5656  UxSms - ok
20:30:09.0352 5656  [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds             C:\Windows\System32\vds.exe
20:30:09.0356 5656  vds - ok
20:30:09.0373 5656  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:30:09.0390 5656  vga - ok
20:30:09.0395 5656  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:30:09.0396 5656  VgaSave - ok
20:30:09.0415 5656  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
20:30:09.0424 5656  viaide - ok
20:30:09.0438 5656  [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:30:09.0439 5656  volmgr - ok
20:30:09.0459 5656  [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:30:09.0462 5656  volmgrx - ok
20:30:09.0492 5656  [ DE4307412D98050239026E56A7DFF3C0 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:30:09.0494 5656  volsnap - ok
20:30:09.0524 5656  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:30:09.0535 5656  vsmraid - ok
20:30:09.0581 5656  [ 186BD53F8A408AD20F5A056C05678629 ] VSS             C:\Windows\system32\vssvc.exe
20:30:09.0591 5656  VSS - ok
20:30:09.0700 5656  [ E4650A5D381FF79711FCA554167E0931 ] vToolbarUpdater17.0.12 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
20:30:09.0711 5656  vToolbarUpdater17.0.12 - ok
20:30:09.0745 5656  [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time         C:\Windows\system32\w32time.dll
20:30:09.0749 5656  W32Time - ok
20:30:09.0766 5656  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:30:09.0786 5656  WacomPen - ok
20:30:09.0811 5656  [ AEA75207E443C8623C36B8D03596F84F ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:30:09.0814 5656  Wanarp - ok
20:30:09.0824 5656  [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:30:09.0825 5656  Wanarpv6 - ok
20:30:09.0879 5656  [ 055449247C490E24B968B44FE8A969EB ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:30:09.0884 5656  wcncsvc - ok
20:30:09.0902 5656  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:30:09.0904 5656  WcsPlugInService - ok
20:30:09.0924 5656  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
20:30:09.0934 5656  Wd - ok
20:30:09.0963 5656  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:30:09.0968 5656  Wdf01000 - ok
20:30:09.0978 5656  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:30:09.0980 5656  WdiServiceHost - ok
20:30:09.0989 5656  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:30:09.0991 5656  WdiSystemHost - ok
20:30:10.0013 5656  [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient       C:\Windows\System32\webclnt.dll
20:30:10.0016 5656  WebClient - ok
20:30:10.0065 5656  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:30:10.0068 5656  Wecsvc - ok
20:30:10.0082 5656  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:30:10.0084 5656  wercplsupport - ok
20:30:10.0110 5656  [ FC25242B3BCAF7E84D9184082274AE08 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:30:10.0112 5656  WerSvc - ok
20:30:10.0124 5656  WinHttpAutoProxySvc - ok
20:30:10.0166 5656  [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:30:10.0167 5656  Winmgmt - ok
20:30:10.0250 5656  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:30:10.0262 5656  WinRM - ok
20:30:10.0305 5656  [ 0A69955261C1B54206ADC9BEB89517DE ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:30:10.0310 5656  Wlansvc - ok
20:30:10.0331 5656  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:30:10.0347 5656  WmiAcpi - ok
20:30:10.0366 5656  [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:30:10.0368 5656  wmiApSrv - ok
20:30:10.0398 5656  WMPNetworkSvc - ok
20:30:10.0478 5656  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:30:10.0481 5656  WPCSvc - ok
20:30:10.0502 5656  [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:30:10.0504 5656  WPDBusEnum - ok
20:30:10.0540 5656  [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
20:30:10.0558 5656  WpdUsb - ok
20:30:10.0754 5656  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:30:10.0761 5656  WPFFontCache_v0400 - ok
20:30:10.0839 5656  [ 6CAB753B203F39B4CE05FF10013DE2EF ] WPS             C:\Windows\system32\drivers\wpsdrvnt.sys
20:30:10.0841 5656  WPS - ok
20:30:10.0867 5656  [ 49B9FA407586503D27D17DBDEAEAC970 ] WpsHelper       C:\Windows\system32\drivers\WpsHelper.sys
20:30:10.0869 5656  WpsHelper - ok
20:30:10.0900 5656  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:30:10.0919 5656  ws2ifsl - ok
20:30:10.0930 5656  WSearch - ok
20:30:11.0026 5656  [ FB3796754FE00F0BDC87A36F164A5F4D ] wuauserv        C:\Windows\system32\wuaueng.dll
20:30:11.0045 5656  wuauserv - ok
20:30:11.0109 5656  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:30:11.0112 5656  WUDFRd - ok
20:30:11.0138 5656  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:30:11.0141 5656  wudfsvc - ok
20:30:11.0218 5656  ‮etadpug - ok
20:30:11.0219 5656  ================ Scan global ===============================
20:30:11.0286 5656  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
20:30:11.0368 5656  [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
20:30:11.0401 5656  [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
20:30:11.0479 5656  [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe
20:30:11.0485 5656  [Global] - ok
20:30:11.0485 5656  ================ Scan MBR ==================================
20:30:11.0499 5656  [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
20:30:11.0925 5656  \Device\Harddisk0\DR0 - ok
20:30:11.0926 5656  ================ Scan VBR ==================================
20:30:11.0930 5656  [ 0E1BC3748B7634F6A9167B8EBA52713A ] \Device\Harddisk0\DR0\Partition1
20:30:11.0931 5656  \Device\Harddisk0\DR0\Partition1 - ok
20:30:11.0935 5656  [ 738C06DA93569DDDDCD23AA4A9AB167F ] \Device\Harddisk0\DR0\Partition2
20:30:11.0936 5656  \Device\Harddisk0\DR0\Partition2 - ok
20:30:11.0938 5656  ============================================================
20:30:11.0938 5656  Scan finished
20:30:11.0938 5656  ============================================================
20:30:11.0951 1904  Detected object count: 0
20:30:11.0951 1904  Actual detected object count: 0
 

 

ADW Cleaner Results

 

# AdwCleaner v3.010 - Report created 20/10/2013 at 20:31:40
# Updated 20/10/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 1 (64 bits)
# Username : robert - ROBERT-PC
# Running from : C:\Users\robert\Desktop\Malware Scan\Awd Cleaner\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater17.0.12

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found C:\Program Files (x86)\AVG Secure Search
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Game_Master_1
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\Users\robert\AppData\Local\AVG Secure Search
Folder Found C:\Users\robert\AppData\Local\Conduit
Folder Found C:\Users\robert\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\robert\AppData\LocalLow\Conduit
Folder Found C:\Users\robert\AppData\LocalLow\ConduitEngine
Folder Found C:\Users\robert\AppData\LocalLow\Game_Master_1
Folder Found C:\Users\robert\AppData\LocalLow\PriceGong
Folder Found C:\Users\Sarah\AppData\Local\AVG Secure Search
Folder Found C:\Users\Sarah\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Sarah\AppData\LocalLow\Conduit
Folder Found C:\Users\Sarah\AppData\LocalLow\Game_Master_1
Folder Found C:\Users\Sarah\AppData\LocalLow\PriceGong

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Game_Master_1
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Game_Master_1
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\incredibar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Game_Master_1 Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7818F16B-32D2-4EFD-836D-683F1AC74454}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7818F16B-32D2-4EFD-836D-683F1AC74454}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F60DA07-D4D6-4D85-AE98-363C62D45168}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\Game_Master_1
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\incredibar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7818F16B-32D2-4EFD-836D-683F1AC74454}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F60DA07-D4D6-4D85-AE98-363C62D45168}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2856432
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Game_Master_1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6289D0F8-0136-4CF9-8754-80046A5531DB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8283BF8-43EB-4A93-9018-C62710C44D4F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7818F16B-32D2-4EFD-836D-683F1AC74454}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F60DA07-D4D6-4D85-AE98-363C62D45168}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Game_Master_1 Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7818F16B-32D2-4EFD-836D-683F1AC74454}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7818F16B-32D2-4EFD-836D-683F1AC74454}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7818F16B-32D2-4EFD-836D-683F1AC74454}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7818F16B-32D2-4EFD-836D-683F1AC74454}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19088

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.avg.com/

-\\ Mozilla Firefox v17.0.1 (en-US)

[ File : C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\06o8mfzy.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [9405 octets] - [20/10/2013 20:31:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9465 octets] ##########
 

 

Junkware Results

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows ™ Vista Home Premium x64
Ran by robert on 20/10/2013 at 20:39:22.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{21C5C99F-CFB0-453B-B34D-1B80A412CC74}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\robert\AppData\Roaming\mozilla\firefox\profiles\06o8mfzy.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/10/2013 at 20:46:37.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Sorry its so long, thanks for the help so far.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:33 PM

Posted 21 October 2013 - 03:49 PM

No problem. Adwclaner found some, so lets remove that

Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Did you run ESET yet.. that may take long..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 VonZapper

VonZapper
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 22 October 2013 - 08:47 PM

Yeah I ran ESET the first night after I ran all the other programs.  I had to leave before it finished but I was told it just came up - no threats detected, and the only option was finish.

 

Here's the rescan of ADW I just did.

 

# AdwCleaner v3.010 - Report created 22/10/2013 at 21:39:38
# Updated 20/10/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 1 (64 bits)
# Username : robert - ROBERT-PC
# Running from : C:\Users\robert\Desktop\Malware Scan\Awd Cleaner\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19088


-\\ Mozilla Firefox v17.0.1 (en-US)

[ File : C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\06o8mfzy.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [9601 octets] - [20/10/2013 20:31:40]
AdwCleaner[R1].txt - [930 octets] - [22/10/2013 21:38:49]
AdwCleaner[S0].txt - [8882 octets] - [20/10/2013 20:33:31]
AdwCleaner[S1].txt - [852 octets] - [22/10/2013 21:39:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [911 octets] ##########
 



#6 VonZapper

VonZapper
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 22 October 2013 - 09:00 PM

And After all said and done I still have a folder I cannot delete in a subfolder stemming from c:\users\AppData.  Sadly the last time I ran across a file I couldn't delete in windows I went into DOS and used the good old Attrib function - which didn't work this time.  I also tried takeown to take owernship because I don't have the right "admin" permission to delete it.


Edited by VonZapper, 22 October 2013 - 09:28 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:33 PM

Posted 22 October 2013 - 09:35 PM

Ahh the good old days when you fix almost everything with a few DOS commands.
 
I believe you have MBAM so..
Open MBAM and click on the More Tools tab.
1.Start FileASSASSIN and select a file by dragging it onto the text area or select it using the (...) button.
2.Select a removal method from the list.
3.Click Execute and the removal process will commence.
Warning: Please use caution with FileASSASSIN as deleting critical system files may cause system errors.
In other words be sure to click on the correct file to remove.


How to reset Internet Explorer settings


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 VonZapper

VonZapper
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 22 October 2013 - 10:22 PM

Love the name.  Ok file assassin took care of the files in the sub directories but I still can't delete the directories themselves.  It seems to be an ownership issue of some sort.  File Assassin won't delete directories.  I'm looking for another one right now but they all look pretty shady.

 

(I think we're getting closer to the problem)



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:33 PM

Posted 23 October 2013 - 09:51 AM

Let's  Take Ownership of the File or Folder  first.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users