Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Invisible nameless DNS Malware keeps me from access certain website


  • This topic is locked This topic is locked
68 replies to this topic

#1 Rogue_wolf

Rogue_wolf

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 29 November 2013 - 08:42 PM

Hello there, to whom it may concern,

I have a problem with a recently downloaded piece of malware that seems to be obstucting me from visiting certain wbesites and instead shows me this: "This website has been blocked for you! steps to gain access to this website again: 1)click the unblock button below 2)Pick survey to verify that you are human 3)complete survey 4)continue using this website." Then it says "This website has been blocked because of your recent activity. Your actions have been marked as a spam bot like, to visit this website again follow the instructions on the left. This is made for security reasons." It also seems to be listing my IP address, country of origin & national flag. Is there any way I can remove myself of this virus? Thank you for your help.

 

DDS LOG:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2
Run by Jgall at 20:20:49 on 2013-11-29
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.34.3082.18.2006.742 [GMT -5:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Users\Jgall\AppData\Local\Akamai\netsession_win.exe
C:\Users\Jgall\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\VoiceMaster\VoiceMaster.exe
C:\Program Files\Xfire2\Xfire.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Google Update] "c:\users\jgall\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [Verizon Media Manager] c:\program files\verizon\verizon media manager\release\Verizon Media Manager.exe 0
uRun: [Akamai NetSession Interface] "c:\users\jgall\appdata\local\akamai\netsession_win.exe"
uRun: [VoiceMaster] c:\program files\voicemaster\VoiceMaster.exe
uRun: [Eraser] f:\apps\eraserportable\app\eraser\eraser.exe -hide
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\41c979bf-c054-49b1-9772-2cb335ba1792.exe /check
mRun: [AdAwareTray] "c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.0.4555.0\AdAwareTray.exe"
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\jgall\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire2\Xfire.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{1E5B528F-8616-4EBF-BB51-A48230D48624} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{20B9F40B-D245-4303-9231-BD57C32CD1D3} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{20B9F40B-D245-4303-9231-BD57C32CD1D3}\D49636861656C637D2E4564777F627B6 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli ACGina
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jgall\appdata\roaming\mozilla\firefox\profiles\ou12ja8k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316071&CUI=UN13943040702689547&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\jgall\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\users\jgall\appdata\roaming\mozilla\firefox\profiles\ou12ja8k.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll
FF - plugin: c:\users\jgall\appdata\roaming\mozilla\firefox\profiles\ou12ja8k.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\users\jgall\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\jgall\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\jgall\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - ExtSQL: 2013-09-30 12:00; {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}; c:\users\jgall\appdata\roaming\mozilla\firefox\profiles\ou12ja8k.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-7-31 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-7-31 178304]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2013-8-4 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-31 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-7-31 403440]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2013-8-29 13680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-7-31 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-7-31 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-5 50344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-24 22856]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2011-5-30 37432]
R3 XFDriver;XFDriver;c:\program files\xfire2\XFDriver.sys [2013-9-18 16648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2013-8-4 292200]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-8-2 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-8-2 49664]
.
=============== Created Last 30 ================
.
2013-11-30 00:48:19    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-30 00:48:18    105176    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-30 00:45:50    75992    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-11-30 00:33:46    --------    d-----w-    c:\users\jgall\.android
2013-11-30 00:33:40    --------    d-----w-    c:\users\jgall\appdata\local\cache
2013-11-30 00:33:35    --------    d-----w-    c:\users\jgall\appdata\local\Mobogenie
2013-11-30 00:30:48    --------    d-----w-    c:\program files\FreeHDSport TV V6.0
2013-11-30 00:20:34    --------    d-----w-    c:\users\jgall\appdata\local\TVU Networks
2013-11-30 00:20:34    --------    d-----w-    c:\programdata\TVU Networks
2013-11-30 00:18:15    --------    d-----w-    c:\windows\system32\TVUAx
2013-11-29 23:49:28    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{2e1bab67-f344-4071-9e4e-afbefabec400}\offreg.dll
2013-11-24 22:00:23    --------    d-----w-    c:\users\jgall\appdata\roaming\Malwarebytes
2013-11-24 22:00:15    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-24 22:00:15    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-24 22:00:15    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-11-23 22:21:06    --------    d-----w-    c:\users\jgall\appdata\roaming\LavasoftStatistics
2013-11-23 21:53:53    --------    d-----w-    c:\program files\Lavasoft
2013-11-23 21:52:56    --------    d-----w-    c:\program files\common files\Lavasoft
2013-11-23 19:36:45    7772552    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{2e1bab67-f344-4071-9e4e-afbefabec400}\mpengine.dll
2013-11-23 19:29:09    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-11-23 19:29:08    168960    ----a-w-    c:\windows\system32\credui.dll
2013-11-23 19:29:08    152576    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-23 19:29:02    305152    ----a-w-    c:\windows\system32\gdi32.dll
2013-11-17 21:17:08    274032    ----a-w-    c:\program files\mozilla firefox\updater.exe
2013-11-03 02:10:41    --------    d-----w-    c:\programdata\YTD Video Downloader
.
==================== Find3M  ====================
.
2013-11-29 23:47:58    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-29 23:47:58    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-11 10:50:18    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-06 02:19:43    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-11-06 02:19:43    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-11-06 02:19:40    43152    ----a-w-    c:\windows\avastSS.scr
2013-10-26 20:11:05    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-10-26 20:11:05    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-10-26 20:11:03    79720    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-10-12 07:03:50    1767936    ----a-w-    c:\windows\system32\wininet.dll
2013-10-12 07:02:33    2877952    ----a-w-    c:\windows\system32\jscript9.dll
2013-10-12 07:02:29    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-10-12 07:02:29    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-10-12 06:08:58    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-10-12 05:15:39    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-10-12 02:03:08    656896    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41    679424    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25    216576    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-08 11:50:41    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-05 19:57:25    1168384    ----a-w-    c:\windows\system32\crypt32.dll
2013-09-25 02:01:08    136640    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01:06    67520    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57:46    99840    ----a-w-    c:\windows\system32\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    c:\windows\system32\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    c:\windows\system32\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2013-09-25 01:56:02    1038848    ----a-w-    c:\windows\system32\lsasrv.dll
2013-09-25 00:49:20    22016    ----a-w-    c:\windows\system32\lsass.exe
2013-09-25 00:49:18    15872    ----a-w-    c:\windows\system32\sspisrv.dll
2013-09-17 17:18:16    27136    ----a-w-    c:\windows\system32\ImHttpComm.dll
2013-09-14 00:48:58    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-09 07:57:00    632656    ----a-w-    c:\windows\system32\msvcr80.dll
2013-09-09 07:57:00    554832    ----a-w-    c:\windows\system32\msvcp80.dll
2013-09-09 07:57:00    479232    ----a-w-    c:\windows\system32\msvcm80.dll
2013-09-09 07:57:00    421200    ----a-w-    c:\windows\system32\msvcp100.dll
2013-09-08 02:07:12    1294272    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58    231424    ----a-w-    c:\windows\system32\mswsock.dll
2013-09-04 01:15:32    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14:52    76288    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14:52    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14:45    43008    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14:45    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14:43    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14:40    6016    ----a-w-    c:\windows\system32\drivers\usbd.sys
.
============= FINISH: 20:22:52.95 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 04 December 2013 - 08:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/515835 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Rogue_wolf

Rogue_wolf
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 05 December 2013 - 06:51 PM

Attached File  attach.txt   29.36KB   0 downloadsDDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2
Run by Jgall at 18:34:46 on 2013-12-05
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.34.3082.18.2006.907 [GMT -5:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Users\Jgall\AppData\Local\Akamai\netsession_win.exe
C:\Users\Jgall\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\VoiceMaster\VoiceMaster.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskmgr.exe
D:\HBCD\Wintools\HBCDMenu.exe
C:\Users\Jgall\AppData\Local\Temp\HBCD\RootkitRevealer.exe
C:\Users\Jgall\AppData\Local\Temp\QNUSDJ.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Google Update] "c:\users\jgall\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [Verizon Media Manager] c:\program files\verizon\verizon media manager\release\Verizon Media Manager.exe 0
uRun: [Akamai NetSession Interface] "c:\users\jgall\appdata\local\akamai\netsession_win.exe"
uRun: [VoiceMaster] c:\program files\voicemaster\VoiceMaster.exe
uRun: [Eraser] f:\apps\eraserportable\app\eraser\eraser.exe -hide
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [AdAwareTray] "c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.0.4555.0\AdAwareTray.exe"
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\jgall\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire2\Xfire.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TCP: NameServer = 4.2.2.1 4.2.2.4 8.8.8.8
TCP: Interfaces\{1E5B528F-8616-4EBF-BB51-A48230D48624} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{20B9F40B-D245-4303-9231-BD57C32CD1D3} : DHCPNameServer = 4.2.2.1 4.2.2.4 8.8.8.8
TCP: Interfaces\{20B9F40B-D245-4303-9231-BD57C32CD1D3}\84F4D454D283935423 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{20B9F40B-D245-4303-9231-BD57C32CD1D3}\D49636861656C637D2E4564777F627B6 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli ACGina
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jgall\appdata\roaming\mozilla\firefox\profiles\ou12ja8k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316071&CUI=UN13943040702689547&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\jgall\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\users\jgall\appdata\roaming\mozilla\firefox\profiles\ou12ja8k.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll
FF - plugin: c:\users\jgall\appdata\roaming\mozilla\firefox\profiles\ou12ja8k.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\users\jgall\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\jgall\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\jgall\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-7-31 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-7-31 178304]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2013-8-4 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-31 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-7-31 403440]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2013-8-29 13680]
R1 SASDIFSV;SASDIFSV;c:\users\jgall\appdata\local\temp\hbcd\superantispyware\sasdifsv.sys [2013-12-5 12872]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-7-31 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-7-31 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-5 50344]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.0.4555.0\AdAwareService.exe [2013-10-18 497744]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R3 QNUSDJ;QNUSDJ;c:\users\jgall\appdata\local\temp\QNUSDJ.exe [2013-12-5 416640]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2011-5-30 37432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2013-8-4 292200]
S3 EC;EC;c:\users\jgall\appdata\local\temp\EC.exe [2013-12-5 437120]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2013-8-4 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2013-8-4 244800]
S3 QYKYKFZATDJ;QYKYKFZATDJ;c:\users\jgall\appdata\local\temp\QYKYKFZATDJ.exe [2013-12-5 359296]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-8-2 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TJDXXRW;TJDXXRW;c:\users\jgall\appdata\local\temp\TJDXXRW.exe [2013-12-5 351104]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-8-2 49664]
S3 VZK;VZK;c:\users\jgall\appdata\local\temp\VZK.exe [2013-12-5 502656]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\wat\WatAdminSvc.exe [2013-7-31 1343400]
S3 WZBWK;WZBWK;c:\users\jgall\appdata\local\temp\WZBWK.exe [2013-12-5 461696]
S3 XFDriver;XFDrive;c:\program files\xfire2\XFDriver.sys [2013-9-18 16648]
.
=============== Created Last 30 ================
.
2013-12-05 23:04:36    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{2e1bab67-f344-4071-9e4e-afbefabec400}\offreg.dll
2013-12-05 22:19:59    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-12-05 22:19:58    --------    d-----w-    c:\users\jgall\appdata\roaming\SUPERAntiSpyware.com
2013-11-30 00:48:19    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-30 00:48:18    105176    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-30 00:33:46    --------    d-----w-    c:\users\jgall\.android
2013-11-30 00:33:40    --------    d-----w-    c:\users\jgall\appdata\local\cache
2013-11-30 00:33:35    --------    d-----w-    c:\users\jgall\appdata\local\Mobogenie
2013-11-30 00:30:48    --------    d-----w-    c:\program files\FreeHDSport TV V6.0
2013-11-30 00:20:34    --------    d-----w-    c:\users\jgall\appdata\local\TVU Networks
2013-11-30 00:20:34    --------    d-----w-    c:\programdata\TVU Networks
2013-11-30 00:18:15    --------    d-----w-    c:\windows\system32\TVUAx
2013-11-24 22:00:23    --------    d-----w-    c:\users\jgall\appdata\roaming\Malwarebytes
2013-11-24 22:00:15    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-23 22:21:06    --------    d-----w-    c:\users\jgall\appdata\roaming\LavasoftStatistics
2013-11-23 21:53:53    --------    d-----w-    c:\program files\Lavasoft
2013-11-23 21:52:56    --------    d-----w-    c:\program files\common files\Lavasoft
2013-11-23 19:36:45    7772552    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{2e1bab67-f344-4071-9e4e-afbefabec400}\mpengine.dll
2013-11-23 19:29:09    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-11-23 19:29:08    168960    ----a-w-    c:\windows\system32\credui.dll
2013-11-23 19:29:08    152576    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-23 19:29:02    305152    ----a-w-    c:\windows\system32\gdi32.dll
2013-11-17 21:17:08    274032    ----a-w-    c:\program files\mozilla firefox\updater.exe
.
==================== Find3M  ====================
.
2013-11-29 23:47:58    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-29 23:47:58    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-11 10:50:18    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-06 02:19:43    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-11-06 02:19:43    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-11-06 02:19:40    43152    ----a-w-    c:\windows\avastSS.scr
2013-10-26 20:11:05    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-10-26 20:11:05    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-10-26 20:11:03    79720    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-10-12 07:03:50    1767936    ----a-w-    c:\windows\system32\wininet.dll
2013-10-12 07:02:33    2877952    ----a-w-    c:\windows\system32\jscript9.dll
2013-10-12 07:02:29    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-10-12 07:02:29    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-10-12 06:08:58    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-10-12 05:15:39    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-10-12 02:03:08    656896    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41    679424    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25    216576    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-08 11:50:41    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-05 19:57:25    1168384    ----a-w-    c:\windows\system32\crypt32.dll
2013-09-25 02:01:08    136640    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01:06    67520    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57:46    99840    ----a-w-    c:\windows\system32\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    c:\windows\system32\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    c:\windows\system32\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2013-09-25 01:56:02    1038848    ----a-w-    c:\windows\system32\lsasrv.dll
2013-09-25 00:49:20    22016    ----a-w-    c:\windows\system32\lsass.exe
2013-09-25 00:49:18    15872    ----a-w-    c:\windows\system32\sspisrv.dll
2013-09-17 17:18:16    27136    ----a-w-    c:\windows\system32\ImHttpComm.dll
2013-09-14 00:48:58    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-09 07:57:00    632656    ----a-w-    c:\windows\system32\msvcr80.dll
2013-09-09 07:57:00    554832    ----a-w-    c:\windows\system32\msvcp80.dll
2013-09-09 07:57:00    479232    ----a-w-    c:\windows\system32\msvcm80.dll
2013-09-09 07:57:00    421200    ----a-w-    c:\windows\system32\msvcp100.dll
2013-09-08 02:07:12    1294272    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58    231424    ----a-w-    c:\windows\system32\mswsock.dll
.
============= FINISH: 18:35:12.91 ===============


Edited by Rogue_wolf, 05 December 2013 - 06:52 PM.


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:15 AM

Posted 05 December 2013 - 07:48 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 Rogue_wolf

Rogue_wolf
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 06 December 2013 - 04:37 PM

# AdwCleaner v3.014 - Reporte Creado 06/12/2013 en 16:29:14
# Actualizado 01/12/2013 por Xplode
# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (32 bits)
# Nombre de usuario : Jgall - JGALL-PC
# Ejecutado desde : C:\Users\Jgall\Downloads\AdwCleaner.exe
# Opción : Escanear

***** [ Servicios ] *****


***** [ Archivos / Carpetas ] *****

Archivo Encontrado : C:\END
Archivo Encontrado : C:\Users\Jgall\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
Archivo Encontrado : C:\Users\Jgall\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
Archivo Encontrado : C:\Users\Jgall\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Archivo Encontrado : C:\Users\Jgall\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Archivo Encontrado : C:\Users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\searchplugins\Conduit.xml
Archivo Encontrado : C:\Users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\searchplugins\MyStart Search.xml
Archivo Encontrado : C:\Users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\user.js
Archivo Encontrado : C:\Windows\system32\ImhxxpComm.dll
Carpeta Encontrado : C:\Users\Jgall\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Carpeta Encontrado : C:\Users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\Extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
Carpeta Encontrado C:\Program Files\Common Files\Spigot
Carpeta Encontrado C:\Program Files\Conduit
Carpeta Encontrado C:\Program Files\FirstRowSportApp.com
Carpeta Encontrado C:\Program Files\LSHunter.TV
Carpeta Encontrado C:\ProgramData\Conduit
Carpeta Encontrado C:\ProgramData\GameTap Web Player
Carpeta Encontrado C:\Users\Jgall\AppData\Local\Conduit
Carpeta Encontrado C:\Users\Jgall\AppData\Local\iac
Carpeta Encontrado C:\Users\Jgall\AppData\LocalLow\Conduit
Carpeta Encontrado C:\Users\Jgall\AppData\LocalLow\iac
Carpeta Encontrado C:\Users\Jgall\AppData\LocalLow\PriceGong
Carpeta Encontrado C:\Users\Jgall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com
Carpeta Encontrado C:\Users\Jgall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LSHunter.TV
Carpeta Encontrado C:\Users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\CT2260173
Carpeta Encontrado C:\Users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\Smartbar
Carpeta Encontrado C:\Users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\ValueApps
Carpeta Encontrado C:\Users\Jgall\Documents\optimizer pro
Carpeta Encontrado C:\Windows\system32\ARFC
Carpeta Encontrado C:\Windows\system32\WNLT

***** [ Accesos directos ] *****


***** [ Registro ] *****

Clave Encontrado : HKCU\Software\1ClickDownload
Clave Encontrado : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clave Encontrado : HKCU\Software\AppDataLow\Software\Conduit
Clave Encontrado : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Clave Encontrado : HKCU\Software\AppDataLow\Software\Crossrider
Clave Encontrado : HKCU\Software\AppDataLow\Software\PriceGong
Clave Encontrado : HKCU\Software\AppDataLow\Software\Search Settings
Clave Encontrado : HKCU\Software\AppDataLow\Software\SmartBar
Clave Encontrado : HKCU\Software\Conduit
Clave Encontrado : HKCU\Software\IM
Clave Encontrado : HKCU\Software\ImInstaller
Clave Encontrado : HKCU\Software\installedbrowserextensions
Clave Encontrado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70809736-9F62-444C-9F72-A198B4E61B86}
Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A13CC898-9CA9-4578-9629-B328422FF014}
Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D757DBFC-1494-4647-A8B3-ABD654988DD8}
Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clave Encontrado : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clave Encontrado : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Clave Encontrado : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Clave Encontrado : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Clave Encontrado : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536636}
Clave Encontrado : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clave Encontrado : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Clave Encontrado : HKLM\SOFTWARE\Classes\S
Clave Encontrado : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Clave Encontrado : HKLM\SOFTWARE\Classes\Toolbar.CT3316071
Clave Encontrado : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Clave Encontrado : HKLM\Software\Conduit
Clave Encontrado : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Clave Encontrado : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Clave Encontrado : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Clave Encontrado : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Clave Encontrado : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\IBUpdaterService
Clave Encontrado : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASAPI32
Clave Encontrado : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASMANCS
Clave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Clave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588
Clave Encontrado : HKLM\Software\wnlt

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (en-US)

[ Archivo : C:\Users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\prefs.js ]

Linea encontrada : user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linea encontrada : user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linea encontrada : user_pref("CT2260173.FF19Solved", "true");
Linea encontrada : user_pref("CT2260173.FirstTime", "true");
Linea encontrada : user_pref("CT2260173.FirstTimeFF3", "true");
Linea encontrada : user_pref("CT2260173.SBmemberInfo.enc", "eyJoYXNoIjoiMThmMmZmNjE3ZTk3MmIwZTU4NTA2OGI1ZTc0MDhhNjMiLCJzdGF0dXMiOjEsInNidHYiOnRydWUsImRhaWx5U2IiOjEsImFsbG93U2hvcEVhcm4iOnRydWUsImhhc1ByZmwiOnRydWUsInNCcyI[...]
Linea encontrada : user_pref("CT2260173.SEmemberInfo.enc", "eyJoYXNoIjoiYWIzOWFjY2NmNjJlYzM4Y2YyZjlkMjE1MDY2ZjFlYmYiLCJzdGF0dXMiOjEsInNidHYiOnRydWUsImRhaWx5U2IiOiIwIiwiYWxsb3dTaG9wRWFybiI6dHJ1ZSwiaGFzUHJmbCI6dHJ1ZSwic0J[...]
Linea encontrada : user_pref("CT2260173.UserID", "UN14873496452631810");
Linea encontrada : user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true");
Linea encontrada : user_pref("CT2260173.countryCode", "US");
Linea encontrada : user_pref("CT2260173.defaultSearch", "false");
Linea encontrada : user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Linea encontrada : user_pref("CT2260173.enableSearchFromAddressBar", "true");
Linea encontrada : user_pref("CT2260173.firstTimeDialogOpened", "true");
Linea encontrada : user_pref("CT2260173.fixPageNotFoundErrorByUser", "FALSE");
Linea encontrada : user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true");
Linea encontrada : user_pref("CT2260173.fullUserID", "UN14873496452631810.IN.20130930120036");
Linea encontrada : user_pref("CT2260173.installDate", "30/09/2013 12:00:41");
Linea encontrada : user_pref("CT2260173.installId", "dm");
Linea encontrada : user_pref("CT2260173.installSessionId", "0C144E44-94CB-4A60-B480-05D060FDB061");
Linea encontrada : user_pref("CT2260173.installSp", "true");
Linea encontrada : user_pref("CT2260173.installType", "xpe");
Linea encontrada : user_pref("CT2260173.installUsage", "2013-09-30T19:00:57.2829139+03:00");
Linea encontrada : user_pref("CT2260173.installUsageEarly", "2013-09-30T19:00:56.1891639+03:00");
Linea encontrada : user_pref("CT2260173.installerVersion", "1.7.1.4");
Linea encontrada : user_pref("CT2260173.isCheckedStartAsHidden", true);
Linea encontrada : user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linea encontrada : user_pref("CT2260173.isFirstTimeToolbarLoading", "false");
Linea encontrada : user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Linea encontrada : user_pref("CT2260173.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Linea encontrada : user_pref("CT2260173.keyword", "true");
Linea encontrada : user_pref("CT2260173.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2260173&octid=CT2260173&SearchSource=15&CUI=UN14873496452631810&SSPV=&Lay=1&UM=2\"}");
Linea encontrada : user_pref("CT2260173.lastVersion", "10.22.5.510");
Linea encontrada : user_pref("CT2260173.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Linea encontrada : user_pref("CT2260173.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://SwagBucks.OurToolbar.com/\",\"EB_TOOLB[...]
Linea encontrada : user_pref("CT2260173.openThankYouPage", "true");
Linea encontrada : user_pref("CT2260173.openUninstallPage", "true");
Linea encontrada : user_pref("CT2260173.originalSearchAddressUrl", "");
Linea encontrada : user_pref("CT2260173.revertSettingsEnabled", "false");
Linea encontrada : user_pref("CT2260173.search.searchAppId", "128848965243869715");
Linea encontrada : user_pref("CT2260173.search.searchCount", "2");
Linea encontrada : user_pref("CT2260173.searchInNewTabEnabledByUser", "false");
Linea encontrada : user_pref("CT2260173.searchInNewTabEnabledInHidden", "true");
Linea encontrada : user_pref("CT2260173.searchRevert", "false");
Linea encontrada : user_pref("CT2260173.searchSuggestEnabledByUser", "true");
Linea encontrada : user_pref("CT2260173.searchUserMode", "2");
Linea encontrada : user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linea encontrada : user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Linea encontrada : user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Linea encontrada : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2260173\"}");
Linea encontrada : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SwagBucks.OurToolbar.com//xpi\"}");
Linea encontrada : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Swag Bucks \"}");
Linea encontrada : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linea encontrada : user_pref("CT2260173.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_Configuration_lastUpdate", "1386286583503");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1385663171178");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_appsMetadata_lastUpdate", "1386286583500");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1386007110683");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1380556873839");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1380556874830");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_login_10.20.1.508_lastUpdate", "1382975624537");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_login_10.20.1.8_lastUpdate", "1380556875112");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384632873580");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_login_10.22.3.518_lastUpdate", "1385233190654");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386280017723");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1386007111385");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_searchAPI_lastUpdate", "1386286583503");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_serviceMap_lastUpdate", "1386286583498");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_toolbarContextMenu_lastUpdate", "1386286583500");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_toolbarSettings_lastUpdate", "1386287217085");
Linea encontrada : user_pref("CT2260173.serviceLayer_services_translation_lastUpdate", "1386286583499");
Linea encontrada : user_pref("CT2260173.settingsINI", true);
Linea encontrada : user_pref("CT2260173.shouldFirstTimeDialog", "false");
Linea encontrada : user_pref("CT2260173.showToolbarPermission", "false");
Linea encontrada : user_pref("CT2260173.smartbar.CTID", "CT2260173");
Linea encontrada : user_pref("CT2260173.smartbar.Uninstall", "0");
Linea encontrada : user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
Linea encontrada : user_pref("CT2260173.startPage", "false");
Linea encontrada : user_pref("CT2260173.toolbarBornServerTime", "30-9-2013");
Linea encontrada : user_pref("CT2260173.toolbarCurrentServerTime", "6-12-2013");
Linea encontrada : user_pref("CT2260173.toolbarLoginClientTime", "Mon Sep 30 2013 12:01:15 GMT-0400");
Linea encontrada : user_pref("CT2260173.versionFromInstaller", "10.20.1.8");
Linea encontrada : user_pref("CT2260173.xpeMode", "0");
Linea encontrada : user_pref("CT2260173_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386364625529,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Linea encontrada : user_pref("CT3310511.FF19Solved", "true");
Linea encontrada : user_pref("CT3310511.UserID", "UN91858637034312799");
Linea encontrada : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");
Linea encontrada : user_pref("CT3310511.fullUserID", "UN91858637034312799.IN.20130901004345");
Linea encontrada : user_pref("CT3310511.installDate", "01/09/2013 00:43:50");
Linea encontrada : user_pref("CT3310511.installSessionId", "{20F6A339-8E1B-4F69-80DF-2260BC817D34}");
Linea encontrada : user_pref("CT3310511.installSp", "TRUE");
Linea encontrada : user_pref("CT3310511.installerVersion", "1.6.1.2");
Linea encontrada : user_pref("CT3310511.keyword", "true");
Linea encontrada : user_pref("CT3310511.originalHomepage", "about:home");
Linea encontrada : user_pref("CT3310511.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");
Linea encontrada : user_pref("CT3310511.originalSearchEngine", "Yahoo");
Linea encontrada : user_pref("CT3310511.originalSearchEngineName", "Yahoo");
Linea encontrada : user_pref("CT3310511.searchRevert", "false");
Linea encontrada : user_pref("CT3310511.searchUserMode", "2");
Linea encontrada : user_pref("CT3310511.smartbar.homepage", "true");
Linea encontrada : user_pref("CT3310511.versionFromInstaller", "10.19.2.5");
Linea encontrada : user_pref("CT3310511.xpeMode", "0");
Linea encontrada : user_pref("CT3316071_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1380943223331,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Linea encontrada : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3316071&CUI=UN13943040702689547&UM=2&SearchSource=13&UP=SPB6829E93-6482-4846-9BE2-0DF52A6527B4");
Linea encontrada : user_pref("Smartbar.ConduitSearchEngineList", "");
Linea encontrada : user_pref("Smartbar.ConduitSearchUrlList", "");
Linea encontrada : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN14873496452631810&UM=2&q=");
Linea encontrada : user_pref("Smartbar.keywordURLSelectedCTID", "CT3316071");
Linea encontrada : user_pref("browser.search.defaultthis.engineName", "SweetPacks A11 Customized Web Search");
Linea encontrada : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316071&CUI=UN13943040702689547&UM=2&SearchSource=3&q={searchTerms}");
Linea encontrada : user_pref("extensions.crossrider.bic", "142a68cb4d4fed8304a1074d4a2d9c82");
Linea encontrada : user_pref("extensions.toolbar.mindspark._4wMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=EDD6486E-57F0-42C1-B393-C43F46C9464F&n=77fd2a38&p2=^RG^xdm116^YYA^us");
Linea encontrada : user_pref("extensions.toolbar.mindspark._4wMembers_.initialized", true);
Linea encontrada : user_pref("extensions.toolbar.mindspark._4wMembers_.installation.contextKey", "");
Linea encontrada : user_pref("extensions.toolbar.mindspark._4wMembers_.installation.installDate", "2013080120");
Linea encontrada : user_pref("extensions.toolbar.mindspark._4wMembers_.installation.partnerId", "^RG^xdm116^YYA^us");
Linea encontrada : user_pref("extensions.toolbar.mindspark._4wMembers_.installation.partnerSubId", "");
Linea encontrada : user_pref("extensions.toolbar.mindspark._4wMembers_.installation.success", true);
Linea encontrada : user_pref("extensions.toolbar.mindspark._4wMembers_.installation.toolbarId", "EDD6486E-57F0-42C1-B393-C43F46C9464F");
Linea encontrada : user_pref("extensions.toolbar.mindspark._4wMembers_.lastActivePing", "1375402654553");
Linea encontrada : user_pref("extensions.toolbar.mindspark._4wMembers_.options.defaultSearch", false);
Linea encontrada : user_pref("extensions.toolbar.mindspark._4wMembers_.options.homePageEnabled", false);
Linea encontrada : user_pref("extensions.toolbar.mindspark._4wMembers_.options.keywordEnabled", false);
Linea encontrada : user_pref("extensions.toolbar.mindspark._4wMembers_.options.tabEnabled", false);
Linea encontrada : user_pref("extensions.toolbar.mindspark._4wMembers_.weather.location", "33101");
Linea encontrada : user_pref("extensions.toolbar.mindspark.lastInstalled", "retrogamer@mindspark.com");
Linea encontrada : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Linea encontrada : user_pref("smartbar.addressBarOwnerCTID", "CT3316071");
Linea encontrada : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN91858637034312799&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource[...]
Linea encontrada : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN91858637034312799&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Linea encontrada : user_pref("smartbar.defaultSearchOwnerCTID", "CT3316071");
Linea encontrada : user_pref("smartbar.homePageOwnerCTID", "CT3316071");
Linea encontrada : user_pref("smartbar.machineId", "/JE8H6H5LUB4XRFQKQMYWA0LAKMIDAXGKA5W8ZZBHKUUAON27XXF0EJDF/XPTMFDRPBHFJ05X+PXHFJEEJPVYG");
Linea encontrada : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN91858637034312799&UM=2&SearchSource=13");
Linea encontrada : user_pref("valueApps.CT2260173.mam_gk_currentVersion", "312E31312E352E31");
Linea encontrada : user_pref("valueApps.CT2260173.mam_gk_currentVersion.storedInFile", false);
Linea encontrada : user_pref("valueApps.CT2260173.mam_gk_globalKeysMigratedToLocalStorage", "31");
Linea encontrada : user_pref("valueApps.CT2260173.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Linea encontrada : user_pref("valueApps.CT2260173.mam_gk_migrated_from_ls", "31");
Linea encontrada : user_pref("valueApps.CT2260173.mam_gk_migrated_from_ls.storedInFile", false);
Linea encontrada : user_pref("valueApps.CT2260173.mam_gk_userId", "6E756C6C");
Linea encontrada : user_pref("valueApps.CT2260173.mam_gk_userId.storedInFile", false);

-\\ Google Chrome v31.0.1650.63

[ Archivo : C:\Users\Jgall\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Encontrado : homepage
Encontrado : homepage
Encontrado : homepage

*************************

AdwCleaner[R0].txt - [21508 octets] - [06/12/2013 16:29:14]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [21569 octets] ##########
 

Attached Files



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:15 AM

Posted 06 December 2013 - 09:38 PM

Could you give TDSSKiller another run please and post the log to the reply?  :)  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:15 AM

Posted 08 December 2013 - 12:24 PM

Still with me?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 Rogue_wolf

Rogue_wolf
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 09 December 2013 - 02:42 PM

Sorry I dont have internet access at home, have to wait to come to the library. here it goes:

 

14:38:21.0616 0x16bc  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
14:38:25.0710 0x16bc  ============================================================
14:38:25.0710 0x16bc  Current date / time: 2013/12/09 14:38:25.0710
14:38:25.0710 0x16bc  SystemInfo:
14:38:25.0710 0x16bc  
14:38:25.0710 0x16bc  OS Version: 6.1.7601 ServicePack: 1.0
14:38:25.0710 0x16bc  Product type: Workstation
14:38:25.0710 0x16bc  ComputerName: JGALL-PC
14:38:25.0711 0x16bc  UserName: Jgall
14:38:25.0711 0x16bc  Windows directory: C:\Windows
14:38:25.0711 0x16bc  System windows directory: C:\Windows
14:38:25.0711 0x16bc  Processor architecture: Intel x86
14:38:25.0711 0x16bc  Number of processors: 2
14:38:25.0711 0x16bc  Page size: 0x1000
14:38:25.0711 0x16bc  Boot type: Normal boot
14:38:25.0711 0x16bc  ============================================================
14:38:31.0390 0x16bc  KLMD registered as C:\Windows\system32\drivers\46015388.sys
14:38:31.0624 0x16bc  System UUID: {F3525E15-91CA-477B-C4DA-1F22EE0F2EBF}
14:38:33.0235 0x16bc  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
14:38:33.0281 0x16bc  ============================================================
14:38:33.0281 0x16bc  \Device\Harddisk0\DR0:
14:38:33.0301 0x16bc  MBR partitions:
14:38:33.0301 0x16bc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD21800, BlocksNum 0x87ED800
14:38:33.0301 0x16bc  ============================================================
14:38:33.0404 0x16bc  C: <-> \Device\Harddisk0\DR0\Partition1
14:38:33.0404 0x16bc  ============================================================
14:38:33.0404 0x16bc  Initialize success
14:38:33.0404 0x16bc  ============================================================
14:41:00.0032 0x13f4  ============================================================
14:41:00.0032 0x13f4  Scan started
14:41:00.0032 0x13f4  Mode: Manual;
14:41:00.0032 0x13f4  ============================================================
14:41:00.0033 0x13f4  KSN ping started
14:41:02.0612 0x13f4  KSN ping finished: true
14:41:03.0627 0x13f4  ================ Scan system memory ========================
14:41:03.0627 0x13f4  System memory - ok
14:41:03.0628 0x13f4  ================ Scan services =============================
14:41:03.0820 0x13f4  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:41:03.0825 0x13f4  1394ohci - ok
14:41:03.0889 0x13f4  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:41:03.0896 0x13f4  ACPI - ok
14:41:03.0922 0x13f4  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:41:03.0924 0x13f4  AcpiPmi - ok
14:41:04.0170 0x13f4  [ 1933DB4808793F3BD7AB34A39A809425, 424097DD9320645A920DA90B3D6A812D3D2A076199C8734AED17F264A65B0623 ] AcPrfMgrSvc     C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
14:41:04.0243 0x13f4  AcPrfMgrSvc - ok
14:41:04.0597 0x13f4  [ E7AF543334B21D84124709061A9AE4D7, 73F676A7C523A68D884E88367CA3486EB7243D1D5D92465D5B3007A29600B607 ] AcSvc           C:\Program Files\Lenovo\Access Connections\AcSvc.exe
14:41:04.0605 0x13f4  AcSvc - ok
14:41:04.0674 0x13f4  [ 6C61BCEB60C2C187E6F96001FD69493E, AB8752E7DCCE134CA63D2E660D3E2688086426167B9E8E2C24E0D45B87497774 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
14:41:04.0685 0x13f4  ADIHdAudAddService - ok
14:41:04.0750 0x13f4  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:41:04.0752 0x13f4  AdobeARMservice - ok
14:41:04.0826 0x13f4  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:41:04.0838 0x13f4  adp94xx - ok
14:41:04.0852 0x13f4  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:41:04.0861 0x13f4  adpahci - ok
14:41:04.0872 0x13f4  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:41:04.0877 0x13f4  adpu320 - ok
14:41:04.0923 0x13f4  [ 4DC6B0772D1698F04FC79053A21C8260, 010D4660DB9F7BC49C72691B5D9936EAB6F4A0799374B4019B97343B517D86F4 ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
14:41:04.0926 0x13f4  AEADIFilters - ok
14:41:04.0953 0x13f4  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:41:04.0956 0x13f4  AeLookupSvc - ok
14:41:05.0019 0x13f4  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys
14:41:05.0029 0x13f4  AFD - ok
14:41:05.0072 0x13f4  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
14:41:05.0075 0x13f4  agp440 - ok
14:41:05.0097 0x13f4  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
14:41:05.0100 0x13f4  aic78xx - ok
14:41:05.0158 0x13f4  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
14:41:05.0208 0x13f4  ALG - ok
14:41:05.0271 0x13f4  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:41:05.0313 0x13f4  aliide - ok
14:41:05.0341 0x13f4  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:41:05.0344 0x13f4  amdagp - ok
14:41:05.0380 0x13f4  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:41:05.0381 0x13f4  amdide - ok
14:41:05.0433 0x13f4  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:41:05.0436 0x13f4  AmdK8 - ok
14:41:05.0446 0x13f4  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:41:05.0449 0x13f4  AmdPPM - ok
14:41:05.0503 0x13f4  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:41:05.0506 0x13f4  amdsata - ok
14:41:05.0526 0x13f4  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:41:05.0532 0x13f4  amdsbs - ok
14:41:05.0555 0x13f4  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:41:05.0557 0x13f4  amdxata - ok
14:41:05.0604 0x13f4  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
14:41:05.0607 0x13f4  AppID - ok
14:41:05.0650 0x13f4  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:41:05.0653 0x13f4  AppIDSvc - ok
14:41:05.0690 0x13f4  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
14:41:05.0692 0x13f4  Appinfo - ok
14:41:05.0734 0x13f4  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:41:05.0739 0x13f4  AppMgmt - ok
14:41:05.0788 0x13f4  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:41:05.0791 0x13f4  arc - ok
14:41:05.0799 0x13f4  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:41:05.0802 0x13f4  arcsas - ok
14:41:05.0934 0x13f4  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:41:05.0982 0x13f4  aspnet_state - ok
14:41:06.0021 0x13f4  [ A870BC4C7AA159EA95EBB948BC9A9E63, 39463565634FFCED490EBC9AFBC5D38117889FB986B9CDD13D3093E09476874D ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
14:41:06.0041 0x13f4  aswFsBlk - ok
14:41:06.0131 0x13f4  [ 87DE24A345A84B357503C8E1039BDD6B, E7AABB5AE700F17032C6A9C019A9C8BA03A0D7B01BF429286CCEED6B15BCD884 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
14:41:06.0148 0x13f4  aswMonFlt - ok
14:41:06.0186 0x13f4  [ 2206985EF126AB90F3D7F1A020589DC9, F9BAA1E5B087977A113B9F46C3F6C9E41D36D87DBCF5BA4632FE1BD6099E6424 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
14:41:06.0194 0x13f4  aswRdr - ok
14:41:06.0247 0x13f4  [ F385467DF95D0A73775CB3B076B8B969, D427A5F4FB4D1DAB04AFC29E7EC510844F907ABBA053538995E65747BAD37422 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
14:41:06.0249 0x13f4  aswRvrt - ok
14:41:06.0302 0x13f4  [ 5BDF8C1CE61E23D51662FFDA2106E148, 7E33B09EBE42FA5DA6016D977D9BA06023644BFC7E2D85E3F7854A1FA6FAB15F ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
14:41:06.0323 0x13f4  aswSnx - ok
14:41:06.0380 0x13f4  [ 259E864BFB9268CD7CEFA5849A3B374B, EF1BE2581A53A6FCCE64ECE63AF2CF3D84592D472694102FD147ADE57C0F4697 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
14:41:06.0392 0x13f4  aswSP - ok
14:41:06.0441 0x13f4  [ B61AB6FAC792BB5AB34819339626117A, 01C7CDBDF27D7DC6DB7BD9A2F140262AF24F0B9E5282149F4FA07DF0C346C1F4 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
14:41:06.0444 0x13f4  aswTdi - ok
14:41:06.0489 0x13f4  [ BADA8FD627F1D0E22308211C33F0BDB5, F88751280969B8963DCFC684C99C7CCF396B50FD0AC0F869628A009557438609 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
14:41:06.0495 0x13f4  aswVmm - ok
14:41:06.0517 0x13f4  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:41:06.0519 0x13f4  AsyncMac - ok
14:41:06.0553 0x13f4  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:41:06.0554 0x13f4  atapi - ok
14:41:06.0638 0x13f4  [ 614A60AEE03A6151FDCBAC295854A9CB, 0453BD59AEF21F2EFD6E1E39F1CF691E694BC778073843111AE5FA2BB1DEF31B ] athr            C:\Windows\system32\DRIVERS\athr.sys
14:41:06.0668 0x13f4  athr - ok
14:41:06.0728 0x13f4  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:41:06.0741 0x13f4  AudioEndpointBuilder - ok
14:41:06.0759 0x13f4  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:41:06.0769 0x13f4  Audiosrv - ok
14:41:06.0842 0x13f4  [ 7A189530FD0CFD415DBE41123F8A6A59, C5A90C6D47CEAEFEA1E9F2EBA89B79DC72790EA87650B699EB8B69692CF3430B ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:41:06.0844 0x13f4  avast! Antivirus - ok
14:41:06.0889 0x13f4  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:41:06.0893 0x13f4  AxInstSV - ok
14:41:06.0942 0x13f4  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
14:41:06.0955 0x13f4  b06bdrv - ok
14:41:06.0990 0x13f4  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
14:41:06.0997 0x13f4  b57nd60x - ok
14:41:07.0178 0x13f4  [ F9CE9B5E049EFC66B8E6C73C18EE8438, 8B43B84F59810DAFA961EEA13E354FF9A0796A185E2C8D6642D8660AAC1B96F4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
14:41:07.0290 0x13f4  BCM43XX - ok
14:41:07.0332 0x13f4  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
14:41:07.0335 0x13f4  BDESVC - ok
14:41:07.0378 0x13f4  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:41:07.0379 0x13f4  Beep - ok
14:41:07.0436 0x13f4  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
14:41:07.0450 0x13f4  BFE - ok
14:41:07.0519 0x13f4  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
14:41:07.0539 0x13f4  BITS - ok
14:41:07.0561 0x13f4  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:41:07.0564 0x13f4  blbdrive - ok
14:41:07.0606 0x13f4  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:41:07.0610 0x13f4  bowser - ok
14:41:07.0638 0x13f4  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:41:07.0639 0x13f4  BrFiltLo - ok
14:41:07.0660 0x13f4  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:41:07.0661 0x13f4  BrFiltUp - ok
14:41:07.0688 0x13f4  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
14:41:07.0691 0x13f4  Browser - ok
14:41:07.0716 0x13f4  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:41:07.0724 0x13f4  Brserid - ok
14:41:07.0768 0x13f4  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:41:07.0771 0x13f4  BrSerWdm - ok
14:41:07.0779 0x13f4  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:41:07.0781 0x13f4  BrUsbMdm - ok
14:41:07.0788 0x13f4  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:41:07.0790 0x13f4  BrUsbSer - ok
14:41:07.0798 0x13f4  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:41:07.0802 0x13f4  BTHMODEM - ok
14:41:07.0865 0x13f4  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
14:41:07.0868 0x13f4  bthserv - ok
14:41:07.0905 0x13f4  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:41:07.0908 0x13f4  cdfs - ok
14:41:07.0966 0x13f4  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:41:07.0970 0x13f4  cdrom - ok
14:41:08.0009 0x13f4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:41:08.0012 0x13f4  CertPropSvc - ok
14:41:08.0034 0x13f4  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:41:08.0036 0x13f4  circlass - ok
14:41:08.0090 0x13f4  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
14:41:08.0098 0x13f4  CLFS - ok
14:41:08.0202 0x13f4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:41:08.0206 0x13f4  clr_optimization_v2.0.50727_32 - ok
14:41:08.0246 0x13f4  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:41:08.0329 0x13f4  clr_optimization_v4.0.30319_32 - ok
14:41:08.0475 0x13f4  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:41:08.0478 0x13f4  CmBatt - ok
14:41:08.0533 0x13f4  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:41:08.0549 0x13f4  cmdide - ok
14:41:08.0626 0x13f4  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
14:41:08.0637 0x13f4  CNG - ok
14:41:08.0686 0x13f4  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:41:08.0688 0x13f4  Compbatt - ok
14:41:08.0737 0x13f4  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:41:08.0739 0x13f4  CompositeBus - ok
14:41:08.0751 0x13f4  COMSysApp - ok
14:41:08.0773 0x13f4  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:41:08.0775 0x13f4  crcdisk - ok
14:41:08.0821 0x13f4  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:41:08.0826 0x13f4  CryptSvc - ok
14:41:08.0875 0x13f4  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
14:41:08.0886 0x13f4  CSC - ok
14:41:08.0926 0x13f4  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
14:41:08.0943 0x13f4  CscService - ok
14:41:08.0973 0x13f4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:41:08.0988 0x13f4  DcomLaunch - ok
14:41:09.0040 0x13f4  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
14:41:09.0048 0x13f4  defragsvc - ok
14:41:09.0103 0x13f4  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:41:09.0106 0x13f4  DfsC - ok
14:41:09.0169 0x13f4  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:41:09.0178 0x13f4  Dhcp - ok
14:41:09.0238 0x13f4  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
14:41:09.0259 0x13f4  discache - ok
14:41:09.0307 0x13f4  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:41:09.0310 0x13f4  Disk - ok
14:41:09.0372 0x13f4  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:41:09.0377 0x13f4  Dnscache - ok
14:41:09.0445 0x13f4  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:41:09.0453 0x13f4  dot3svc - ok
14:41:09.0527 0x13f4  [ 6D279BB0DE1D8E34F454E1B353F4D738, 0BBC77A62CC92D4C57DA1BE5CFAF5F50447746DD8D676904AEBD79D19A80AEE1 ] DozeHDD         C:\Windows\system32\DRIVERS\DozeHDD.sys
14:41:09.0530 0x13f4  DozeHDD - ok
14:41:09.0593 0x13f4  [ 01E2180C3D72CB0ADCC43FB83D18942A, C917B267BABAAB7441CDEEC9D0D8512AEA7C2A790491A21C3849A46249500A18 ] DozeSvc         C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
14:41:09.0603 0x13f4  DozeSvc - ok
14:41:09.0667 0x13f4  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
14:41:09.0673 0x13f4  DPS - ok
14:41:09.0706 0x13f4  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:41:09.0708 0x13f4  drmkaud - ok
14:41:09.0785 0x13f4  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:41:09.0808 0x13f4  DXGKrnl - ok
14:41:09.0897 0x13f4  [ CF0A6015F437161698C5B2A0A12CF052, C23A777CF5D34C96B16A4A6197DA3F14CC2F8C56421E422BBD46617C941DBBCE ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
14:41:09.0905 0x13f4  e1express - ok
14:41:09.0955 0x13f4  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
14:41:09.0960 0x13f4  EapHost - ok
14:41:10.0165 0x13f4  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
14:41:10.0304 0x13f4  ebdrv - ok
14:41:10.0504 0x13f4  [ 1CD7983BF9D98F1711BEA7C245B1C1C8, 7691C85EB8E44A1F93293C9C7C47F5B4792B6756D92EFEA241881075DC5609B2 ] EC              C:\Users\Jgall\AppData\Local\Temp\EC.exe
14:41:10.0548 0x13f4  EC - ok
14:41:10.0596 0x13f4  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS             C:\Windows\System32\lsass.exe
14:41:10.0601 0x13f4  EFS - ok
14:41:10.0708 0x13f4  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:41:10.0726 0x13f4  ehRecvr - ok
14:41:10.0766 0x13f4  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
14:41:10.0770 0x13f4  ehSched - ok
14:41:10.0828 0x13f4  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:41:10.0842 0x13f4  elxstor - ok
14:41:10.0894 0x13f4  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:41:11.0106 0x13f4  ErrDev - ok
14:41:11.0212 0x13f4  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
14:41:11.0264 0x13f4  EventSystem - ok
14:41:11.0524 0x13f4  [ 33ABDDB21DE2F4BB1B05A5A3A671BD64, 9A27823BE9C035F99729001AD765EF086DFAD7DB2DD546E7E1D0B9F347513A09 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:41:11.0557 0x13f4  EvtEng - ok
14:41:11.0601 0x13f4  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:41:11.0606 0x13f4  exfat - ok
14:41:11.0644 0x13f4  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:41:11.0650 0x13f4  fastfat - ok
14:41:11.0720 0x13f4  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
14:41:11.0736 0x13f4  Fax - ok
14:41:11.0763 0x13f4  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:41:11.0765 0x13f4  fdc - ok
14:41:11.0805 0x13f4  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
14:41:11.0808 0x13f4  fdPHost - ok
14:41:11.0821 0x13f4  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:41:11.0824 0x13f4  FDResPub - ok
14:41:11.0853 0x13f4  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:41:11.0857 0x13f4  FileInfo - ok
14:41:11.0865 0x13f4  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:41:11.0868 0x13f4  Filetrace - ok
14:41:11.0877 0x13f4  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:41:11.0879 0x13f4  flpydisk - ok
14:41:11.0941 0x13f4  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:41:11.0990 0x13f4  FltMgr - ok
14:41:12.0067 0x13f4  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
14:41:12.0095 0x13f4  FontCache - ok
14:41:12.0166 0x13f4  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:41:12.0170 0x13f4  FontCache3.0.0.0 - ok
14:41:12.0189 0x13f4  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:41:12.0192 0x13f4  FsDepends - ok
14:41:12.0228 0x13f4  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:41:12.0231 0x13f4  Fs_Rec - ok
14:41:12.0291 0x13f4  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:41:12.0300 0x13f4  fvevol - ok
14:41:12.0359 0x13f4  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:41:12.0370 0x13f4  gagp30kx - ok
14:41:12.0472 0x13f4  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:41:12.0490 0x13f4  gpsvc - ok
14:41:12.0662 0x13f4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:41:12.0669 0x13f4  gupdate - ok
14:41:12.0725 0x13f4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:41:12.0728 0x13f4  gupdatem - ok
14:41:12.0821 0x13f4  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:41:12.0840 0x13f4  hcw85cir - ok
14:41:12.0964 0x13f4  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:41:12.0979 0x13f4  HdAudAddService - ok
14:41:13.0036 0x13f4  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:41:13.0046 0x13f4  HDAudBus - ok
14:41:13.0093 0x13f4  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:41:13.0101 0x13f4  HidBatt - ok
14:41:13.0121 0x13f4  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:41:13.0125 0x13f4  HidBth - ok
14:41:13.0149 0x13f4  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:41:13.0156 0x13f4  HidIr - ok
14:41:13.0195 0x13f4  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
14:41:13.0198 0x13f4  hidserv - ok
14:41:13.0251 0x13f4  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
14:41:13.0253 0x13f4  HidUsb - ok
14:41:13.0298 0x13f4  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:41:13.0303 0x13f4  hkmsvc - ok
14:41:13.0368 0x13f4  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:41:13.0382 0x13f4  HomeGroupListener - ok
14:41:13.0423 0x13f4  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:41:13.0432 0x13f4  HomeGroupProvider - ok
14:41:13.0476 0x13f4  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:41:13.0480 0x13f4  HpSAMD - ok
14:41:13.0588 0x13f4  [ 7BC42C65B5C6281777C1A7605B253BA8, 71885EB4E8625450ECA4623466FB3D5437DAABE739A5DC3B5F4CF982A65F8A86 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:41:13.0617 0x13f4  HSF_DPV - ok
14:41:13.0691 0x13f4  [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E, A11CE324DD8E8BDFFDF513429C32D3C16EC79DC9A7517048587759B26BF38583 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:41:13.0698 0x13f4  HSXHWAZL - ok
14:41:13.0766 0x13f4  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:41:13.0782 0x13f4  HTTP - ok
14:41:13.0832 0x13f4  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:41:13.0834 0x13f4  hwpolicy - ok
14:41:13.0877 0x13f4  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:41:13.0880 0x13f4  i8042prt - ok
14:41:13.0972 0x13f4  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:41:13.0982 0x13f4  iaStorV - ok
14:41:14.0011 0x13f4  [ 171148FEA4BC562B4A84409640870B56, F32CCEA64A2341895DA8DD2558E9A31733DFDBB8D9ACD293DA4D7AD1DA24F3B2 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
14:41:14.0014 0x13f4  IBMPMDRV - ok
14:41:14.0024 0x13f4  [ 8854E596AFA75595C3810A086F8A3838, 37AEEDBCCE612ED74BCCC50E80B935B91D1517D060F5BB08E00848C3ACD4997A ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
14:41:14.0028 0x13f4  IBMPMSVC - ok
14:41:14.0099 0x13f4  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:41:14.0102 0x13f4  IDriverT - ok
14:41:14.0182 0x13f4  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:41:14.0207 0x13f4  idsvc - ok
14:41:14.0456 0x13f4  [ 1F50623259DF354776DF04C56504A2D7, AC9D7A588638C00091C2CB7A257182DB72AF9C924BDEA20BAF10CC556896BA75 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
14:41:14.0672 0x13f4  igfx - ok
14:41:14.0731 0x13f4  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:41:14.0733 0x13f4  iirsp - ok
14:41:14.0803 0x13f4  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:41:14.0824 0x13f4  IKEEXT - ok
14:41:14.0869 0x13f4  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:41:14.0870 0x13f4  intelide - ok
14:41:14.0897 0x13f4  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:41:14.0899 0x13f4  intelppm - ok
14:41:14.0936 0x13f4  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:41:14.0941 0x13f4  IPBusEnum - ok
14:41:14.0969 0x13f4  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:41:14.0972 0x13f4  IpFilterDriver - ok
14:41:15.0034 0x13f4  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:41:15.0050 0x13f4  iphlpsvc - ok
14:41:15.0091 0x13f4  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:41:15.0095 0x13f4  IPMIDRV - ok
14:41:15.0118 0x13f4  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:41:15.0122 0x13f4  IPNAT - ok
14:41:15.0156 0x13f4  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:41:15.0158 0x13f4  IRENUM - ok
14:41:15.0202 0x13f4  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:41:15.0205 0x13f4  isapnp - ok
14:41:15.0239 0x13f4  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:41:15.0246 0x13f4  iScsiPrt - ok
14:41:15.0319 0x13f4  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
14:41:15.0321 0x13f4  kbdclass - ok
14:41:15.0359 0x13f4  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
14:41:15.0362 0x13f4  kbdhid - ok
14:41:15.0396 0x13f4  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso          C:\Windows\system32\lsass.exe
14:41:15.0401 0x13f4  KeyIso - ok
14:41:15.0439 0x13f4  [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:41:15.0443 0x13f4  KSecDD - ok
14:41:15.0480 0x13f4  [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:41:15.0485 0x13f4  KSecPkg - ok
14:41:15.0548 0x13f4  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:41:15.0561 0x13f4  KtmRm - ok
14:41:15.0606 0x13f4  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:41:15.0620 0x13f4  LanmanServer - ok
14:41:15.0694 0x13f4  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:41:15.0706 0x13f4  LanmanWorkstation - ok
14:41:15.0862 0x13f4  [ 69A841BCBCCC2D5F2A18A3A9DD4BD7B4, 6C65500BA878DBA5D76D13EBEC7192D0CEC9CD4FD5C492A1F7BF017083B4B680 ] LavasoftAdAwareService11 C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
14:41:15.0877 0x13f4  LavasoftAdAwareService11 - ok
14:41:15.0957 0x13f4  [ 9AAC267A225F3CAEBB9E633F7EB16E4B, BFBB9772646D62ACD9208041621E4CDE92982ED96F243C8F61334F7FC368B387 ] lenovo.smi      C:\Windows\system32\DRIVERS\smiif32.sys
14:41:15.0959 0x13f4  lenovo.smi - ok
14:41:15.0998 0x13f4  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:41:16.0001 0x13f4  lltdio - ok
14:41:16.0081 0x13f4  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:41:16.0090 0x13f4  lltdsvc - ok
14:41:16.0130 0x13f4  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:41:16.0135 0x13f4  lmhosts - ok
14:41:16.0176 0x13f4  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:41:16.0180 0x13f4  LSI_FC - ok
14:41:16.0190 0x13f4  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:41:16.0194 0x13f4  LSI_SAS - ok
14:41:16.0209 0x13f4  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:41:16.0214 0x13f4  LSI_SAS2 - ok
14:41:16.0226 0x13f4  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:41:16.0230 0x13f4  LSI_SCSI - ok
14:41:16.0252 0x13f4  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:41:16.0256 0x13f4  luafv - ok
14:41:16.0292 0x13f4  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:41:16.0298 0x13f4  Mcx2Svc - ok
14:41:16.0362 0x13f4  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:41:16.0364 0x13f4  mdmxsdk - ok
14:41:16.0393 0x13f4  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:41:16.0395 0x13f4  megasas - ok
14:41:16.0441 0x13f4  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:41:16.0449 0x13f4  MegaSR - ok
14:41:16.0516 0x13f4  Microsoft SharePoint Workspace Audit Service - ok
14:41:16.0556 0x13f4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
14:41:16.0561 0x13f4  MMCSS - ok
14:41:16.0598 0x13f4  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
14:41:16.0600 0x13f4  Modem - ok
14:41:16.0649 0x13f4  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:41:16.0651 0x13f4  monitor - ok
14:41:16.0698 0x13f4  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:41:16.0701 0x13f4  mouclass - ok
14:41:16.0754 0x13f4  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:41:16.0756 0x13f4  mouhid - ok
14:41:16.0798 0x13f4  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:41:16.0802 0x13f4  mountmgr - ok
14:41:16.0867 0x13f4  [ 5E0686615A80A6279B2314E13CD23F6E, 659931AB2DD395FAA2E5036D02BC6AAE8A7E4C9FF1A902B1FF9C15E878C89E77 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:41:16.0871 0x13f4  MozillaMaintenance - ok
14:41:16.0913 0x13f4  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:41:16.0918 0x13f4  mpio - ok
14:41:16.0961 0x13f4  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:41:16.0964 0x13f4  mpsdrv - ok
14:41:17.0047 0x13f4  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:41:17.0068 0x13f4  MpsSvc - ok
14:41:17.0107 0x13f4  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:41:17.0115 0x13f4  MRxDAV - ok
14:41:17.0158 0x13f4  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:41:17.0166 0x13f4  mrxsmb - ok
14:41:17.0210 0x13f4  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:41:17.0220 0x13f4  mrxsmb10 - ok
14:41:17.0255 0x13f4  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:41:17.0260 0x13f4  mrxsmb20 - ok
14:41:17.0317 0x13f4  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:41:17.0319 0x13f4  msahci - ok
14:41:17.0358 0x13f4  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:41:17.0362 0x13f4  msdsm - ok
14:41:17.0392 0x13f4  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
14:41:17.0400 0x13f4  MSDTC - ok
14:41:17.0436 0x13f4  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:41:17.0438 0x13f4  Msfs - ok
14:41:17.0460 0x13f4  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:41:17.0461 0x13f4  mshidkmdf - ok
14:41:17.0499 0x13f4  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:41:17.0501 0x13f4  msisadrv - ok
14:41:17.0541 0x13f4  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:41:17.0546 0x13f4  MSiSCSI - ok
14:41:17.0556 0x13f4  msiserver - ok
14:41:17.0592 0x13f4  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:41:17.0594 0x13f4  MSKSSRV - ok
14:41:17.0610 0x13f4  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:41:17.0612 0x13f4  MSPCLOCK - ok
14:41:17.0621 0x13f4  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:41:17.0623 0x13f4  MSPQM - ok
14:41:17.0653 0x13f4  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:41:17.0664 0x13f4  MsRPC - ok
14:41:17.0708 0x13f4  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:41:17.0710 0x13f4  mssmbios - ok
14:41:17.0747 0x13f4  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:41:17.0748 0x13f4  MSTEE - ok
14:41:17.0754 0x13f4  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:41:17.0756 0x13f4  MTConfig - ok
14:41:17.0773 0x13f4  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:41:17.0776 0x13f4  Mup - ok
14:41:17.0845 0x13f4  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
14:41:17.0861 0x13f4  napagent - ok
14:41:17.0930 0x13f4  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:41:17.0944 0x13f4  NativeWifiP - ok
14:41:18.0095 0x13f4  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:41:18.0242 0x13f4  NDIS - ok
14:41:18.0372 0x13f4  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:41:18.0375 0x13f4  NdisCap - ok
14:41:18.0403 0x13f4  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:41:18.0407 0x13f4  NdisTapi - ok
14:41:18.0475 0x13f4  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:41:18.0500 0x13f4  Ndisuio - ok
14:41:18.0541 0x13f4  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:41:18.0545 0x13f4  NdisWan - ok
14:41:18.0614 0x13f4  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:41:18.0634 0x13f4  NDProxy - ok
14:41:18.0671 0x13f4  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:41:18.0673 0x13f4  NetBIOS - ok
14:41:18.0779 0x13f4  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:41:18.0786 0x13f4  NetBT - ok
14:41:18.0841 0x13f4  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon        C:\Windows\system32\lsass.exe
14:41:18.0854 0x13f4  Netlogon - ok
14:41:18.0931 0x13f4  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
14:41:18.0953 0x13f4  Netman - ok
14:41:19.0029 0x13f4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:41:19.0053 0x13f4  NetMsmqActivator - ok
14:41:19.0093 0x13f4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:41:19.0096 0x13f4  NetPipeActivator - ok
14:41:19.0130 0x13f4  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
14:41:19.0145 0x13f4  netprofm - ok
14:41:19.0220 0x13f4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:41:19.0223 0x13f4  NetTcpActivator - ok
14:41:19.0236 0x13f4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:41:19.0240 0x13f4  NetTcpPortSharing - ok
14:41:19.0294 0x13f4  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:41:19.0311 0x13f4  nfrd960 - ok
14:41:19.0358 0x13f4  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:41:19.0374 0x13f4  NlaSvc - ok
14:41:19.0399 0x13f4  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:41:19.0413 0x13f4  Npfs - ok
14:41:19.0444 0x13f4  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
14:41:19.0459 0x13f4  nsi - ok
14:41:19.0508 0x13f4  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:41:19.0516 0x13f4  nsiproxy - ok
14:41:19.0672 0x13f4  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:41:19.0761 0x13f4  Ntfs - ok
14:41:19.0806 0x13f4  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
14:41:19.0808 0x13f4  Null - ok
14:41:19.0827 0x13f4  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:41:19.0842 0x13f4  nvraid - ok
14:41:19.0903 0x13f4  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:41:19.0922 0x13f4  nvstor - ok
14:41:19.0997 0x13f4  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:41:20.0013 0x13f4  nv_agp - ok
14:41:20.0064 0x13f4  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:41:20.0079 0x13f4  ohci1394 - ok
14:41:20.0149 0x13f4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:41:20.0161 0x13f4  ose - ok
14:41:20.0604 0x13f4  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:41:21.0031 0x13f4  osppsvc - ok
14:41:21.0099 0x13f4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:41:21.0111 0x13f4  p2pimsvc - ok
14:41:21.0146 0x13f4  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:41:21.0159 0x13f4  p2psvc - ok
14:41:21.0196 0x13f4  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:41:21.0199 0x13f4  Parport - ok
14:41:21.0225 0x13f4  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:41:21.0228 0x13f4  partmgr - ok
14:41:21.0247 0x13f4  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
14:41:21.0249 0x13f4  Parvdm - ok
14:41:21.0283 0x13f4  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:41:21.0292 0x13f4  PcaSvc - ok
14:41:21.0325 0x13f4  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
14:41:21.0331 0x13f4  pci - ok
14:41:21.0366 0x13f4  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:41:21.0368 0x13f4  pciide - ok
14:41:21.0398 0x13f4  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:41:21.0406 0x13f4  pcmcia - ok
14:41:21.0419 0x13f4  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:41:21.0421 0x13f4  pcw - ok
14:41:21.0457 0x13f4  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:41:21.0475 0x13f4  PEAUTH - ok
14:41:21.0768 0x13f4  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:41:21.0812 0x13f4  PeerDistSvc - ok
14:41:21.0973 0x13f4  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
14:41:22.0024 0x13f4  pla - ok
14:41:22.0106 0x13f4  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:41:22.0122 0x13f4  PlugPlay - ok
14:41:22.0172 0x13f4  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:41:22.0187 0x13f4  PNRPAutoReg - ok
14:41:22.0221 0x13f4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:41:22.0235 0x13f4  PNRPsvc - ok
14:41:22.0362 0x13f4  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:41:22.0376 0x13f4  PolicyAgent - ok
14:41:22.0429 0x13f4  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
14:41:22.0438 0x13f4  Power - ok
14:41:22.0497 0x13f4  [ 4CADD52E1669693937360C7ED680365B, 42AB4E08508743F26C7A90221E33F6346A1C2E4D0FAA703AF3B4C2674DD98D34 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
14:41:22.0501 0x13f4  Power Manager DBC Service - ok
14:41:22.0553 0x13f4  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:41:22.0556 0x13f4  PptpMiniport - ok
14:41:22.0576 0x13f4  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:41:22.0580 0x13f4  Processor - ok
14:41:22.0612 0x13f4  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:41:22.0621 0x13f4  ProfSvc - ok
14:41:22.0653 0x13f4  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:41:22.0657 0x13f4  ProtectedStorage - ok
14:41:22.0740 0x13f4  [ 8830538EE870CE331B89C77D62A9AFC1, C502B0B00A361F343224F9B290CB27AF639DB632EEEABECC36FAC66F0A5720B0 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
14:41:22.0746 0x13f4  psadd - ok
14:41:22.0788 0x13f4  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:41:22.0792 0x13f4  Psched - ok
14:41:22.0836 0x13f4  [ 71399B176DE1CAEFD5AD4287ABB9E8A3, 4FEFDBD66B8478FFBF759667C2A3FC7A5EB47D14AFBC05B8B2C870538C66FE72 ] PwmEWSvc        C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
14:41:22.0844 0x13f4  PwmEWSvc - ok
14:41:22.0891 0x13f4  [ D86B4A68565E444D76457F14172C875A, 06B1CF81A62B3DAA8D0C5A8B88C56A504DE8E9278C520F754AF363A6676C58B0 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
14:41:22.0894 0x13f4  PxHelp20 - ok
14:41:22.0972 0x13f4  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:41:23.0011 0x13f4  ql2300 - ok
14:41:23.0042 0x13f4  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:41:23.0047 0x13f4  ql40xx - ok
14:41:23.0080 0x13f4  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
14:41:23.0090 0x13f4  QWAVE - ok
14:41:23.0111 0x13f4  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:41:23.0114 0x13f4  QWAVEdrv - ok
14:41:23.0182 0x13f4  [ FBC8713E03C477431F1FB0496186E59E, 4FF13055799BAB81D8C71C4C029D4C2E521CD34F30E95939046E6A691BCD3EDA ] QYKYKFZATDJ     C:\Users\Jgall\AppData\Local\Temp\QYKYKFZATDJ.exe
14:41:23.0215 0x13f4  QYKYKFZATDJ - ok
14:41:23.0221 0x13f4  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:41:23.0223 0x13f4  RasAcd - ok
14:41:23.0261 0x13f4  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:41:23.0264 0x13f4  RasAgileVpn - ok
14:41:23.0291 0x13f4  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
14:41:23.0298 0x13f4  RasAuto - ok
14:41:23.0333 0x13f4  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:41:23.0337 0x13f4  Rasl2tp - ok
14:41:23.0381 0x13f4  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
14:41:23.0393 0x13f4  RasMan - ok
14:41:23.0404 0x13f4  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:41:23.0407 0x13f4  RasPppoe - ok
14:41:23.0432 0x13f4  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:41:23.0436 0x13f4  RasSstp - ok
14:41:23.0461 0x13f4  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:41:23.0469 0x13f4  rdbss - ok
14:41:23.0483 0x13f4  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:41:23.0486 0x13f4  rdpbus - ok
14:41:23.0519 0x13f4  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:41:23.0520 0x13f4  RDPCDD - ok
14:41:23.0548 0x13f4  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:41:23.0553 0x13f4  RDPDR - ok
14:41:23.0602 0x13f4  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:41:23.0604 0x13f4  RDPENCDD - ok
14:41:23.0616 0x13f4  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:41:23.0618 0x13f4  RDPREFMP - ok
14:41:23.0676 0x13f4  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:41:23.0678 0x13f4  RdpVideoMiniport - ok
14:41:23.0726 0x13f4  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:41:23.0737 0x13f4  RDPWD - ok
14:41:23.0781 0x13f4  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:41:23.0787 0x13f4  rdyboost - ok
14:41:23.0864 0x13f4  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
14:41:23.0867 0x13f4  RealNetworks Downloader Resolver Service - ok
14:41:23.0941 0x13f4  [ 03D281098CE722210C48E1E8CAFEA260, 371BFCAF8AC64F321C853DFDC172998F8649B6EBBE515AFBB67AB8D1AE27740C ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:41:23.0957 0x13f4  RegSrvc - ok
14:41:24.0003 0x13f4  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:41:24.0008 0x13f4  RemoteAccess - ok
14:41:24.0043 0x13f4  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:41:24.0051 0x13f4  RemoteRegistry - ok
14:41:24.0094 0x13f4  [ 0F6756EF8BDA6DFA7BE50465C83132BB, 1AE76B66F04A2AE99CD1A1368D4998C8081E89578A37D7D535D8CBCAA6136AE0 ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
14:41:24.0096 0x13f4  RimUsb - ok
14:41:24.0162 0x13f4  [ D9B34325EE5DF78B8F28A3DE9F577C7D, 20E5655B79A252E012B6FB6DA5F4419DBF2577A9737D4A04BFE6A769D507E00B ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
14:41:24.0165 0x13f4  RimVSerPort - ok
14:41:24.0227 0x13f4  [ 906DCFC5EBF4EC0433F8D4FFFB0BA334, B6FD3FD29CE337CD3D50495E4988C49A3BDA4AAF20384C969EA7209611DB20A4 ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
14:41:24.0231 0x13f4  RMCAST - ok
14:41:24.0276 0x13f4  [ 564297827D213F52C7A3A2FF749568CA, B09A78D3B3F0BF47818BBEEDEF73BD6ACB9C5E367592BB90C85FD262BE521876 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
14:41:24.0278 0x13f4  ROOTMODEM - ok
14:41:24.0349 0x13f4  [ AFD61A7C48A3E15C86A6FADF0B69A2E4, D59AC1023E00D45505B3CD5AEDB461CB0A3106968D62876800E89CF9EF7EA4D3 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
14:41:24.0353 0x13f4  Roxio UPnP Renderer 9 - ok
14:41:24.0385 0x13f4  [ EFBB36E2BB02169D26E9980778FC20D3, 8CEFDEA2C7F7527CC2D5E44ED44AC544282723DC11B1D2EDE79245617914C019 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
14:41:24.0396 0x13f4  Roxio Upnp Server 9 - ok
14:41:24.0485 0x13f4  [ 6BD6D7EFEC6ECED723F186E3BFCC74E9, 859E180954029B5E891570BBF20D74B6E6E48BAB7D5BEA2B8D00C662C04DCDB8 ] RoxLiveShare9   C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
14:41:24.0495 0x13f4  RoxLiveShare9 - ok
14:41:24.0565 0x13f4  [ 7F2C88BCC5EF2A896E4827F33CCCA843, 0BDC2B946FAE2867F74B4B42B564D1CFA360A866A365A8C3E3D5FBB2F92101CD ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
14:41:24.0600 0x13f4  RoxMediaDB9 - ok
14:41:24.0633 0x13f4  [ 26C4A8AD3E75679B66FC0A6D3BB6BE2A, 4EBA335AB224D198F89A632B166E5FD1CB8F802FEEF91EBA069BE6B9FD318D50 ] RoxWatch9       C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
14:41:24.0639 0x13f4  RoxWatch9 - ok
14:41:24.0669 0x13f4  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:41:24.0674 0x13f4  RpcEptMapper - ok
14:41:24.0706 0x13f4  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
14:41:24.0710 0x13f4  RpcLocator - ok
14:41:24.0774 0x13f4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
14:41:24.0786 0x13f4  RpcSs - ok
14:41:24.0834 0x13f4  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:41:24.0838 0x13f4  rspndr - ok
14:41:24.0868 0x13f4  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:41:24.0871 0x13f4  s3cap - ok
14:41:24.0897 0x13f4  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] SamSs           C:\Windows\system32\lsass.exe
14:41:24.0903 0x13f4  SamSs - ok
14:41:24.0978 0x13f4  [ A3281AEC37E0720A2BC28034C2DF2A56, E8C122D17DD695D4EEAD115A5E1A388605EB77E5F2E8DA98C7BD93E0FDCFD01A ] SASDIFSV        C:\Users\Jgall\AppData\Local\Temp\HBCD\SuperAntiSpyware\SASDIFSV.SYS
14:41:24.0981 0x13f4  SASDIFSV - ok
14:41:25.0007 0x13f4  SASKUTIL - ok
14:41:25.0039 0x13f4  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:41:25.0043 0x13f4  sbp2port - ok
14:41:25.0103 0x13f4  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:41:25.0111 0x13f4  SCardSvr - ok
14:41:25.0135 0x13f4  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:41:25.0138 0x13f4  scfilter - ok
14:41:25.0219 0x13f4  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
14:41:25.0246 0x13f4  Schedule - ok
14:41:25.0276 0x13f4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:41:25.0279 0x13f4  SCPolicySvc - ok
14:41:25.0329 0x13f4  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:41:25.0338 0x13f4  SDRSVC - ok
14:41:25.0366 0x13f4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:41:25.0369 0x13f4  secdrv - ok
14:41:25.0412 0x13f4  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
14:41:25.0418 0x13f4  seclogon - ok
14:41:25.0455 0x13f4  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
14:41:25.0461 0x13f4  SENS - ok
14:41:25.0495 0x13f4  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:41:25.0501 0x13f4  SensrSvc - ok
14:41:25.0555 0x13f4  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:41:25.0557 0x13f4  Serenum - ok
14:41:25.0595 0x13f4  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:41:25.0599 0x13f4  Serial - ok
14:41:25.0620 0x13f4  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:41:25.0623 0x13f4  sermouse - ok
14:41:25.0659 0x13f4  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:41:25.0667 0x13f4  SessionEnv - ok
14:41:25.0709 0x13f4  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:41:25.0711 0x13f4  sffdisk - ok
14:41:25.0736 0x13f4  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:41:25.0739 0x13f4  sffp_mmc - ok
14:41:25.0765 0x13f4  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:41:25.0767 0x13f4  sffp_sd - ok
14:41:25.0773 0x13f4  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:41:25.0775 0x13f4  sfloppy - ok
14:41:25.0828 0x13f4  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:41:25.0839 0x13f4  SharedAccess - ok
14:41:25.0879 0x13f4  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:41:25.0893 0x13f4  ShellHWDetection - ok
14:41:25.0942 0x13f4  [ 1624530D05155F4E5A4736531523BFF5, CB0194DC136DD0065ED3F26BB5580EB07ACA2D7387641D6A03C82E6CF73D0182 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx86.sys
14:41:25.0947 0x13f4  Shockprf - ok
14:41:26.0007 0x13f4  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:41:26.0010 0x13f4  sisagp - ok
14:41:26.0056 0x13f4  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:41:26.0058 0x13f4  SiSRaid2 - ok
14:41:26.0071 0x13f4  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:41:26.0075 0x13f4  SiSRaid4 - ok
14:41:26.0121 0x13f4  [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
14:41:26.0128 0x13f4  SkypeUpdate - ok
14:41:26.0142 0x13f4  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:41:26.0145 0x13f4  Smb - ok
14:41:26.0179 0x13f4  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:41:26.0186 0x13f4  SNMPTRAP - ok
14:41:26.0207 0x13f4  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:41:26.0211 0x13f4  spldr - ok
14:41:26.0249 0x13f4  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
14:41:26.0263 0x13f4  Spooler - ok
14:41:26.0591 0x13f4  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
14:41:26.0707 0x13f4  sppsvc - ok
14:41:26.0749 0x13f4  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:41:26.0765 0x13f4  sppuinotify - ok
14:41:26.0801 0x13f4  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:41:26.0812 0x13f4  srv - ok
14:41:26.0843 0x13f4  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:41:26.0853 0x13f4  srv2 - ok
14:41:26.0906 0x13f4  [ E00FDFAFF025E94F9821153750C35A6D, 6ECDC5F314A29B859B0DCB7FF114CACE0718612556299B16412C21F9539DC9B5 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:41:26.0913 0x13f4  SrvHsfHDA - ok
14:41:26.0974 0x13f4  [ CEB4E3B6890E1E42DCA6694D9E59E1A0, 00D841690A88F1051A238F67AACCE905E8A59C86070F215A8D31FA3E68C6BF35 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:41:27.0003 0x13f4  SrvHsfV92 - ok
14:41:27.0068 0x13f4  [ BC0C7EA89194C299F051C24119000E17, F5FB21F7AD7370F3D5DF7C23F33118ECF19865B995AF12E9A8A8D893E7E6264F ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:41:27.0089 0x13f4  SrvHsfWinac - ok
14:41:27.0128 0x13f4  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:41:27.0132 0x13f4  srvnet - ok
14:41:27.0168 0x13f4  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:41:27.0177 0x13f4  SSDPSRV - ok
14:41:27.0207 0x13f4  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:41:27.0214 0x13f4  SstpSvc - ok
14:41:27.0244 0x13f4  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:41:27.0246 0x13f4  stexstor - ok
14:41:27.0296 0x13f4  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
14:41:27.0315 0x13f4  StiSvc - ok
14:41:27.0355 0x13f4  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:41:27.0357 0x13f4  storflt - ok
14:41:27.0375 0x13f4  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:41:27.0377 0x13f4  storvsc - ok
14:41:27.0409 0x13f4  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:41:27.0411 0x13f4  swenum - ok
14:41:27.0450 0x13f4  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
14:41:27.0464 0x13f4  swprv - ok
14:41:27.0487 0x13f4  Synth3dVsc - ok
14:41:27.0550 0x13f4  [ FFFA898575A8A16665429AFAE3D55302, 4241268D45E86D797250A996C014F7F4F701DF023A64669217C1EBE2555836BE ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
14:41:27.0562 0x13f4  SynTP - ok
14:41:27.0634 0x13f4  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
14:41:27.0673 0x13f4  SysMain - ok
14:41:27.0703 0x13f4  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
14:41:27.0711 0x13f4  TabletInputService - ok
14:41:27.0764 0x13f4  [ 147B9CCE0B523D4DAFD91A60C2CE2B25, 7B87C4550137A30D11F4E0F7B12BCBB62BDE06BB65EFE6E4E6C2CDB9EE7B9314 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
14:41:27.0767 0x13f4  tap0901 - ok
14:41:27.0811 0x13f4  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:41:27.0823 0x13f4  TapiSrv - ok
14:41:27.0856 0x13f4  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
14:41:27.0863 0x13f4  TBS - ok
14:41:28.0000 0x13f4  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:41:28.0036 0x13f4  Tcpip - ok
14:41:28.0165 0x13f4  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:41:28.0195 0x13f4  TCPIP6 - ok
14:41:28.0232 0x13f4  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:41:28.0234 0x13f4  tcpipreg - ok
14:41:28.0268 0x13f4  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:41:28.0271 0x13f4  TDPIPE - ok
14:41:28.0284 0x13f4  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:41:28.0289 0x13f4  TDTCP - ok
14:41:28.0320 0x13f4  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:41:28.0324 0x13f4  tdx - ok
14:41:28.0358 0x13f4  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:41:28.0361 0x13f4  TermDD - ok
14:41:28.0413 0x13f4  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
14:41:28.0432 0x13f4  TermService - ok
14:41:28.0483 0x13f4  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
14:41:28.0489 0x13f4  Themes - ok
14:41:28.0615 0x13f4  [ C5967F2DDF8A7B73546541BA59BC0132, CBEA7283DDD652877C09E9D2256D36A0C6DF0D1A9FA677033E5F282007BE1E63 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
14:41:28.0643 0x13f4  ThinkVantage Registry Monitor Service - ok
14:41:28.0668 0x13f4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
14:41:28.0680 0x13f4  THREADORDER - ok
14:41:28.0743 0x13f4  [ E44E1F2857259D64AC2D0D636CBB444F, A1445A286914074F5E13487ED81407E58FD2784F2E50528AB7556F6B9E388ECC ] TJDXXRW         C:\Users\Jgall\AppData\Local\Temp\TJDXXRW.exe
14:41:28.0754 0x13f4  TJDXXRW - ok
14:41:28.0798 0x13f4  [ D2378FBBD668D9FE9B6B5E3139D506D3, A0CE1FB7E70AE0119536EAFBA4E29E94C944910381A0C73B4B32F8AAB3EDDA7E ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM86.sys
14:41:28.0799 0x13f4  TPDIGIMN - ok
14:41:28.0825 0x13f4  [ A34A1E6B5461273846D30F5898602A72, 645B066A772A92F5BF5636C94EF7F8E06519B12E63BDA263E3501D09C2E07D8A ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG.exe
14:41:28.0832 0x13f4  TPHDEXLGSVC - ok
14:41:28.0875 0x13f4  [ 5AD05191DC8B444A7BA4D79B76C42A30, 6166E939A5A240388EBA5AF7FF335DC413F2BBCF74C2E1D310F4BE2A5454A610 ] TPM             C:\Windows\system32\drivers\tpm.sys
14:41:28.0877 0x13f4  TPM - ok
14:41:28.0934 0x13f4  [ C16EC6A5390904D3971179553852025B, EEECA9068E72C46A669421CD2754DCE0DE865B53212534DB3B1149EC776035A0 ] TPPWRIF         C:\Windows\system32\drivers\Tppwr32v.sys
14:41:28.0936 0x13f4  TPPWRIF - ok
14:41:28.0976 0x13f4  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
14:41:28.0984 0x13f4  TrkWks - ok
14:41:29.0080 0x13f4  [ B7C681175E3F8DE967CEFE90E46440B5, A47DA5AD1FD6E2DC4C8B7F06118985A2038E9CD6BD0F55ED95A3590258CB44EB ] Trufos          C:\Windows\system32\DRIVERS\Trufos.sys
14:41:29.0094 0x13f4  Trufos - ok
14:41:29.0155 0x13f4  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:41:29.0161 0x13f4  TrustedInstaller - ok
14:41:29.0298 0x13f4  [ 424CA16E6E57329AAB9CDCA8F3767E30, 2F2A40A44DB717B47DCEDE8191FE83C14BF0BE2787AC921F7937E9AC03A0BF12 ] TSSCoreService  C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
14:41:29.0326 0x13f4  TSSCoreService - ok
14:41:29.0363 0x13f4  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:41:29.0365 0x13f4  tssecsrv - ok
14:41:29.0421 0x13f4  [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:41:29.0425 0x13f4  TsUsbFlt - ok
14:41:29.0429 0x13f4  tsusbhub - ok
14:41:29.0484 0x13f4  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:41:29.0489 0x13f4  tunnel - ok
14:41:29.0534 0x13f4  [ 1BD7BC951D85810FBBB471DCE4AD9D29, EA00BBA0BA7EE3B7E9D3C3BC7C0A547570872AA3CEA535D63A8FBD89AA7B919A ] TVTI2C          C:\Windows\system32\DRIVERS\Tvti2c.sys
14:41:29.0537 0x13f4  TVTI2C - ok
14:41:29.0562 0x13f4  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:41:29.0565 0x13f4  uagp35 - ok
14:41:29.0600 0x13f4  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:41:29.0610 0x13f4  udfs - ok
14:41:29.0666 0x13f4  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:41:29.0672 0x13f4  UI0Detect - ok
14:41:29.0710 0x13f4  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:41:29.0714 0x13f4  uliagpkx - ok
14:41:29.0749 0x13f4  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
14:41:29.0752 0x13f4  umbus - ok
14:41:29.0778 0x13f4  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:41:29.0780 0x13f4  UmPass - ok
14:41:29.0832 0x13f4  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:41:29.0842 0x13f4  UmRdpService - ok
14:41:29.0877 0x13f4  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
14:41:29.0889 0x13f4  upnphost - ok
14:41:29.0922 0x13f4  [ 71D97F1A3CC47A56728F7A400A3F8295, ED3FDB73D8A98D9BAF702C0F5C7AD79D525D19DCE1487D442536913BEA5C7F15 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:41:29.0926 0x13f4  usbccgp - ok
14:41:29.0967 0x13f4  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:41:29.0971 0x13f4  usbcir - ok
14:41:30.0001 0x13f4  [ C4FB8E7ADEA9B5CEEA885A1B504B7E40, 3E0AE5D236890452F2EA33504309A7E5FE49C567FF6F68A83A5987F05ED01BF0 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:41:30.0004 0x13f4  usbehci - ok
14:41:30.0051 0x13f4  [ 86AA95ACB611001E26CD2C0145F2225A, 584D26E8C9407A4E717DCBF2D3819DB441C2D455B5FDA6654FBA3794E19B4D51 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:41:30.0060 0x13f4  usbhub - ok
14:41:30.0088 0x13f4  [ DCDF9855145A14DFCA0AB32308871961, 9A21013AD032195D54CE655DE5363E78BB74CC55C40B889520B478892F4BA40A ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:41:30.0090 0x13f4  usbohci - ok
14:41:30.0116 0x13f4  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:41:30.0118 0x13f4  usbprint - ok
14:41:30.0135 0x13f4  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:41:30.0138 0x13f4  USBSTOR - ok
14:41:30.0170 0x13f4  [ 8E51D04175BAA14C4F79AA5F6D248770, 6CE2E45E272734A5D1D0C4CE2BD7B61C61C7538903E87203E376495D198EFBD0 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:41:30.0172 0x13f4  usbuhci - ok
14:41:30.0214 0x13f4  [ AF77716205C97E902E6C5B78DECE2CCA, ED99EABED1C7F323EE2A76413E2B260F8EE1D76FDF1E60EE35136D060E756735 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
14:41:30.0216 0x13f4  usb_rndisx - ok
14:41:30.0244 0x13f4  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
14:41:30.0251 0x13f4  UxSms - ok
14:41:30.0275 0x13f4  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] VaultSvc        C:\Windows\system32\lsass.exe
14:41:30.0279 0x13f4  VaultSvc - ok
14:41:30.0329 0x13f4  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:41:30.0333 0x13f4  vdrvroot - ok
14:41:30.0607 0x13f4  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
14:41:30.0624 0x13f4  vds - ok
14:41:30.0660 0x13f4  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:41:30.0663 0x13f4  vga - ok
14:41:30.0688 0x13f4  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:41:30.0690 0x13f4  VgaSave - ok
14:41:30.0697 0x13f4  VGPU - ok
14:41:30.0728 0x13f4  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:41:30.0734 0x13f4  vhdmp - ok
14:41:30.0776 0x13f4  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:41:30.0779 0x13f4  viaagp - ok
14:41:30.0806 0x13f4  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
14:41:30.0809 0x13f4  ViaC7 - ok
14:41:30.0856 0x13f4  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:41:30.0858 0x13f4  viaide - ok
14:41:30.0906 0x13f4  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:41:30.0912 0x13f4  vmbus - ok
14:41:30.0931 0x13f4  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:41:30.0933 0x13f4  VMBusHID - ok
14:41:30.0962 0x13f4  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:41:30.0965 0x13f4  volmgr - ok
14:41:31.0007 0x13f4  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:41:31.0016 0x13f4  volmgrx - ok
14:41:31.0058 0x13f4  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:41:31.0066 0x13f4  volsnap - ok
14:41:31.0103 0x13f4  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:41:31.0109 0x13f4  vsmraid - ok
14:41:31.0174 0x13f4  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
14:41:31.0207 0x13f4  VSS - ok
14:41:31.0232 0x13f4  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:41:31.0234 0x13f4  vwifibus - ok
14:41:31.0261 0x13f4  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:41:31.0264 0x13f4  vwififlt - ok
14:41:31.0298 0x13f4  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:41:31.0300 0x13f4  vwifimp - ok
14:41:31.0365 0x13f4  [ 1C3069EB0F375B71B07609EF63F6CE33, 25489635D6D17E32EEAF417AFE8725DBD8D604384C150E6022351D53F2F3A80E ] VZK             C:\Users\Jgall\AppData\Local\Temp\VZK.exe
14:41:31.0380 0x13f4  VZK - ok
14:41:31.0424 0x13f4  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
14:41:31.0437 0x13f4  W32Time - ok
14:41:31.0460 0x13f4  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:41:31.0462 0x13f4  WacomPen - ok
14:41:31.0504 0x13f4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:41:31.0508 0x13f4  WANARP - ok
14:41:31.0515 0x13f4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:41:31.0517 0x13f4  Wanarpv6 - ok
14:41:31.0635 0x13f4  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:41:31.0760 0x13f4  WatAdminSvc - ok
14:41:32.0040 0x13f4  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
14:41:32.0076 0x13f4  wbengine - ok
14:41:32.0123 0x13f4  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:41:32.0133 0x13f4  WbioSrvc - ok
14:41:32.0172 0x13f4  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:41:32.0185 0x13f4  wcncsvc - ok
14:41:32.0212 0x13f4  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:41:32.0220 0x13f4  WcsPlugInService - ok
14:41:32.0244 0x13f4  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:41:32.0246 0x13f4  Wd - ok
14:41:32.0305 0x13f4  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:41:32.0321 0x13f4  Wdf01000 - ok
14:41:32.0362 0x13f4  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:41:32.0369 0x13f4  WdiServiceHost - ok
14:41:32.0375 0x13f4  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:41:32.0382 0x13f4  WdiSystemHost - ok
14:41:32.0425 0x13f4  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
14:41:32.0436 0x13f4  WebClient - ok
14:41:32.0478 0x13f4  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:41:32.0488 0x13f4  Wecsvc - ok
14:41:32.0522 0x13f4  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:41:32.0529 0x13f4  wercplsupport - ok
14:41:32.0545 0x13f4  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
14:41:32.0553 0x13f4  WerSvc - ok
14:41:32.0593 0x13f4  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:41:32.0594 0x13f4  WfpLwf - ok
14:41:32.0611 0x13f4  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:41:32.0614 0x13f4  WIMMount - ok
14:41:32.0667 0x13f4  [ 5A77AC34A0FFB70CE8B35B524FEDE9BA, 711DD957AF98F1B835ECE0FEBCCF8FCC7763F1DAA232F1C9E80DE6DA123C7F33 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:41:32.0686 0x13f4  winachsf - ok
14:41:32.0770 0x13f4  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:41:32.0790 0x13f4  WinDefend - ok
14:41:32.0813 0x13f4  WinHttpAutoProxySvc - ok
14:41:32.0895 0x13f4  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:41:32.0901 0x13f4  Winmgmt - ok
14:41:33.0009 0x13f4  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
14:41:33.0046 0x13f4  WinRM - ok
14:41:33.0116 0x13f4  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:41:33.0278 0x13f4  Wlansvc - ok
14:41:33.0325 0x13f4  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:41:33.0326 0x13f4  WmiAcpi - ok
14:41:33.0355 0x13f4  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:41:33.0360 0x13f4  wmiApSrv - ok
14:41:33.0467 0x13f4  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:41:33.0498 0x13f4  WMPNetworkSvc - ok
14:41:33.0528 0x13f4  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:41:33.0534 0x13f4  WPCSvc - ok
14:41:33.0563 0x13f4  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:41:33.0572 0x13f4  WPDBusEnum - ok
14:41:33.0602 0x13f4  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:41:33.0604 0x13f4  ws2ifsl - ok
14:41:33.0624 0x13f4  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
14:41:33.0631 0x13f4  wscsvc - ok
14:41:33.0638 0x13f4  WSearch - ok
14:41:33.0753 0x13f4  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:41:33.0811 0x13f4  wuauserv - ok
14:41:33.0842 0x13f4  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:41:33.0860 0x13f4  WudfPf - ok
14:41:33.0912 0x13f4  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:41:33.0922 0x13f4  WUDFRd - ok
14:41:33.0970 0x13f4  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:41:33.0978 0x13f4  wudfsvc - ok
14:41:34.0015 0x13f4  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4, 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:41:34.0027 0x13f4  WwanSvc - ok
14:41:34.0089 0x13f4  [ 93414C458ACD8FBD54B0B0D153747C66, 38019C5EDC99F9C3A141115B6F8E9BDB7EB164A8EB4F619B535E3722BE22AC68 ] WZBWK           C:\Users\Jgall\AppData\Local\Temp\WZBWK.exe
14:41:34.0140 0x13f4  WZBWK - ok
14:41:34.0173 0x13f4  [ 88AF537264F2B818DA15479CEEAF5D7C, E0F95D6448FFB77351BB63ED444238F891B16748FD09F8BCCA23BEC4E341A96B ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
14:41:34.0175 0x13f4  XAudio - ok
14:41:34.0228 0x13f4  [ 15A317674A08DF26BE65164D959E9203, 6EEE0D1711F37936D157651E265A65137BCBFBDA17F066C844BAA0D53558F86A ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
14:41:34.0240 0x13f4  XAudioService - ok
14:41:34.0343 0x13f4  [ 27CC620BC0758DCE42FF9C799AB15953, F80EBBE7F99C7BAECDE340A578A241C0E63020C51595743A598D2DB4B60A31B0 ] XFDriver        C:\Program Files\Xfire2\XFDriver.sys
14:41:34.0345 0x13f4  XFDriver - ok
14:41:34.0374 0x13f4  ================ Scan global ===============================
14:41:34.0413 0x13f4  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
14:41:34.0441 0x13f4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:41:34.0460 0x13f4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:41:34.0525 0x13f4  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
14:41:34.0565 0x13f4  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
14:41:34.0577 0x13f4  [ Global ] - ok
14:41:34.0581 0x13f4  ================ Scan MBR ==================================
14:41:34.0610 0x13f4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:41:35.0164 0x13f4  \Device\Harddisk0\DR0 - ok
14:41:35.0164 0x13f4  ================ Scan VBR ==================================
14:41:35.0167 0x13f4  [ 91471248AD4E0C3DE3BD14CD9BDECF59 ] \Device\Harddisk0\DR0\Partition1
14:41:35.0169 0x13f4  \Device\Harddisk0\DR0\Partition1 - ok
14:41:35.0172 0x13f4  Waiting for KSN requests completion. In queue: 93
14:41:36.0172 0x13f4  Waiting for KSN requests completion. In queue: 93
14:41:37.0172 0x13f4  Waiting for KSN requests completion. In queue: 93
14:41:38.0216 0x13f4  AV detected via SS2: Ad-Aware Antivirus, C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareSecurityCenter.exe ( 11.0.4555.0 ), 0x40010 ( disabled : outofdate )
14:41:38.0243 0x13f4  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2007.172 ), 0x41000 ( enabled : updated )
14:41:38.0245 0x13f4  FW detected via SS2: Ad-Aware Firewall, C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareSecurityCenter.exe ( 11.0.4555.0 ), 0x40010 ( disabled )
14:41:38.0249 0x13f4  Win FW state via NFP2: enabled
14:41:40.0840 0x13f4  ============================================================
14:41:40.0840 0x13f4  Scan finished
14:41:40.0840 0x13f4  ============================================================
14:41:40.0854 0x1058  Detected object count: 0
14:41:40.0854 0x1058  Actual detected object count: 0
 



#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:15 AM

Posted 09 December 2013 - 02:46 PM

Hi,
 
No problem.   :)
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 Rogue_wolf

Rogue_wolf
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 09 December 2013 - 07:06 PM

ComboFix 13-12-08.01 - Jgall 09/12/2013  18:31:13.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.34.3082.18.2006.1215 [GMT -5:00]
Running from: c:\users\Jgall\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome.manifest
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api\asyncDB.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api\background.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api\browserAction.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api\contextMenu.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api\dbManager.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api\dom_bg.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api\fileManager.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api\firefox.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api\firefoxNotifications.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api\firefoxOmnibox.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api\message.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api\pageAction.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api\request.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api\tabs.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\api\webRequest.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\background.html
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\baseObject.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\browser.xul
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\console.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\consts.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\delegate.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\extensionDataStore.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\folderIOWrapper.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\httpObserver.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\IDBWrapper.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\installer.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\logFile.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\prefs.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\progressListenerObserver.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\registry.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\reloadObserver.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\reports.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\requestObject.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\searchSettings.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\uninstallObserver.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\updateManager.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\utils.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\core\xhr.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\dialog.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\main.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\options.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\options.xul
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\chrome\content\search_dialog.xul
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\defaults\preferences\prefs.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\manifest.xml
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins.json
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\1_base.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\1000020_analytics.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\1000025_analyticsFront.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\1000030_mz.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\102_dealply_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\103_intext_5_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\105_corticas_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\108_icm_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\119_similar_web_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\120_luck_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\125_arcadi2_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\135_arcadi3_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\138_getdeal_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\142_intext_fa_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\17_jQuery.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\175_coolmirage_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\182_openUrl.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\189_active_sanity.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\190_pops_5_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\191_ciuvo_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\197_kreapixel_pops_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\199_superfish_no_coupons_plushd_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\200_foxydeal_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\204_pricedetect_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\21_debug.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\22_resources.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\28_initializer.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\47_resources_background.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\64_appApiMessage.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\7_hooks.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\72_appApiValidation.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\98_omniCommands.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\userCode\background.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\userCode\extension.js
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\install.rdf
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\locale\en-US\translations.dtd
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\skin\button1.png
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\skin\button2.png
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\skin\button3.png
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\skin\button4.png
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\skin\button5.png
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\skin\crossrider_statusbar.png
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\skin\icon128.png
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\skin\icon16.png
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\skin\icon24.png
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\skin\icon48.png
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\skin\panelarrow-up.png
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\skin\popup.html
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\skin\skin.css
c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\skin\update.css
c:\users\Jgall\AppData\Roaming\Slick Savings
c:\windows\MICROSOFT
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-09 to 2013-12-09  )))))))))))))))))))))))))))))))
.
.
2013-12-09 23:39 . 2013-12-09 23:43    --------    d-----w-    c:\users\Jgall\AppData\Local\temp
2013-12-09 23:39 . 2013-12-09 23:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-12-06 21:28 . 2013-12-06 21:29    --------    d-----w-    C:\AdwCleaner
2013-12-05 22:19 . 2013-12-05 22:19    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-12-05 22:19 . 2013-12-05 22:19    --------    d-----w-    c:\users\Jgall\AppData\Roaming\SUPERAntiSpyware.com
2013-11-30 00:48 . 2013-11-30 01:07    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-30 00:48 . 2013-11-30 00:48    105176    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-30 00:33 . 2013-11-30 00:33    --------    d-----w-    c:\users\Jgall\.android
2013-11-30 00:33 . 2013-11-30 00:33    --------    d-----w-    c:\users\Jgall\AppData\Local\cache
2013-11-30 00:33 . 2013-11-30 00:36    --------    d-----w-    c:\users\Jgall\AppData\Local\Mobogenie
2013-11-30 00:30 . 2013-11-30 00:31    --------    d-----w-    c:\program files\FreeHDSport TV V6.0
2013-11-30 00:20 . 2013-11-30 00:20    --------    d-----w-    c:\users\Jgall\AppData\Local\TVU Networks
2013-11-30 00:20 . 2013-11-30 00:20    --------    d-----w-    c:\programdata\TVU Networks
2013-11-30 00:18 . 2013-11-30 00:18    --------    d-----w-    c:\windows\system32\TVUAx
2013-11-24 22:00 . 2013-11-24 22:00    --------    d-----w-    c:\users\Jgall\AppData\Roaming\Malwarebytes
2013-11-24 22:00 . 2013-11-24 22:00    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-23 22:21 . 2013-11-23 22:21    --------    d-----w-    c:\users\Jgall\AppData\Roaming\LavasoftStatistics
2013-11-23 21:51 . 2013-11-23 21:51    --------    d-----w-    c:\programdata\Lavasoft
2013-11-23 19:36 . 2013-11-08 01:15    7772552    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E1BAB67-F344-4071-9E4E-AFBEFABEC400}\mpengine.dll
2013-11-23 19:29 . 2013-10-04 01:56    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-11-23 19:29 . 2013-10-04 01:58    152576    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-23 19:29 . 2013-10-04 01:56    168960    ----a-w-    c:\windows\system32\credui.dll
2013-11-23 19:29 . 2013-10-03 01:58    305152    ----a-w-    c:\windows\system32\gdi32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-29 23:47 . 2013-07-31 01:27    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-29 23:47 . 2013-07-31 01:27    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-16 20:16 . 2013-07-31 15:28    403440    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2013-11-11 10:50 . 2013-07-31 01:42    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-06 02:19 . 2013-07-31 15:28    35656    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-11-06 02:19 . 2013-07-31 15:28    57672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-11-06 02:19 . 2013-07-31 15:28    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-11-06 02:19 . 2013-07-31 15:28    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-11-06 02:19 . 2013-07-31 15:26    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-06 02:19 . 2013-07-31 15:26    269216    ----a-w-    c:\windows\system32\aswBoot.exe
2013-10-26 20:11 . 2013-07-31 20:33    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-10-26 20:11 . 2013-07-31 20:33    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-10-26 20:11 . 2013-07-31 15:28    79720    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-10-08 11:50 . 2013-10-19 17:27    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-09-17 17:18 . 2013-10-04 22:29    27136    ----a-w-    c:\windows\system32\ImHttpComm.dll
2013-09-14 00:48 . 2013-10-19 19:02    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-06 02:19    321752    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-10-02 20472992]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2013-08-01 13106328]
"Verizon Media Manager"="c:\program files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe" [2012-10-10 1523712]
"Akamai NetSession Interface"="c:\users\Jgall\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"VoiceMaster"="c:\program files\VoiceMaster\VoiceMaster.exe" [2013-11-07 2492416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 150552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-04-24 2379504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-02-28 1322048]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2013-08-22 295512]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2012-09-03 3094440]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-06 3568312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-07-31 280576]
.
c:\users\Jgall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire2\Xfire.exe [2013-9-18 4881624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 SASDIFSV;SASDIFSV;c:\users\Jgall\AppData\Local\Temp\HBCD\SuperAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Jgall\AppData\Local\Temp\HBCD\SuperAntiSpyware\SASKUTIL.SYS [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2012-02-28 292200]
R3 EC;EC;c:\users\Jgall\AppData\Local\Temp\EC.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2012-02-28 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2012-02-28 244800]
R3 QYKYKFZATDJ;QYKYKFZATDJ;c:\users\Jgall\AppData\Local\Temp\QYKYKFZATDJ.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TJDXXRW;TJDXXRW;c:\users\Jgall\AppData\Local\Temp\TJDXXRW.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VZK;VZK;c:\users\Jgall\AppData\Local\Temp\VZK.exe [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-07-31 1343400]
R3 WZBWK;WZBWK;c:\users\Jgall\AppData\Local\Temp\WZBWK.exe [x]
R3 XFDriver;XFDrive;c:\program files\Xfire2\XFDriver.sys [2013-03-14 16648]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2012-02-28 25968]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-03-29 20592]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-06 774392]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-16 403440]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-06 35656]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-06 70384]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2011-05-30 37432]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 00:26    1210320    ----a-w-    c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-09 c:\windows\Tasks\FreeHDSport TV V6.0-firefoxinstaller.job
- c:\program files\FreeHDSport TV V6.0\FreeHDSport TV V6.0-firefoxinstaller.exe [2013-11-30 00:30]
.
2013-12-09 c:\windows\Tasks\FreeHDSport TV V6.0-updater.job
- c:\program files\FreeHDSport TV V6.0\FreeHDSport TV V6.0-updater.exe [2013-11-30 00:31]
.
2013-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-10 03:36]
.
2013-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-10 03:36]
.
2013-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2047123495-558394648-3788537083-1000Core.job
- c:\users\Jgall\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-31 01:29]
.
2013-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2047123495-558394648-3788537083-1000UA.job
- c:\users\Jgall\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-31 01:29]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 206.59.51.148 64.134.255.2 64.134.255.10
FF - ProfilePath - c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316071&CUI=UN13943040702689547&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Eraser - f:\apps\EraserPortable\App\eraser\eraser.exe
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
MSConfigStartUp-Eraser - f:\apps\EraserPortable\App\eraser\eraser.exe
AddRemove-Avast 2013 - c:\program files\Avast\Avast\Uninstall.exe
AddRemove-Microsoft Security 2.55 - c:\program files\Microsoft\Microsoft Security\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2528)
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcCryptHlpr.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\SP\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-12-09  18:46:35 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-09 23:46
.
Pre-Run: 26,607,439,872 bytes libres
Post-Run: 27,020,238,848 bytes libres
.
- - End Of File - - C8E1C48C38389B153D20BB917B58D07E
A36C5E4F47E84449FF07ED3517B43A31
 



#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:15 AM

Posted 10 December 2013 - 08:02 AM

Sorry for any delay....I have finals in school right now. 
 
Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.

c:\users\Jgall\AppData\Local\Temp\EC.exe

Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 Rogue_wolf

Rogue_wolf
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 10 December 2013 - 02:56 PM

Hey, thanx for your help so far. Hope you pass with flying colors. Hey, I also forgot to tell you, in the last step, it seems i forgot to download the combofix app to my desktop, I left it in the "downloads" folder in my computer. Will that affect anything? Furthermore, it seems that when I followed your steps up the the part where you told me to copy and paste "c:\users\Jgall\AppData\Local\Temp\EC.exe" into the open file box, it kept saying it couldn't locate that file. I aslo wanted to share something with you when logging unto the websites the DNS namechanger keeps redirecting me from. this only happens to me when im at the public library, but when I go to places such as internet cafes or public wifi hot spots, where they don't have web filters, it wont show me this information. See here;

 

This Page Cannot Be Displayed

The system cannot communicate with the external server ( hotmail.com ). The Internet server may be busy, may be permanently down, or may be unreachable because of network problems.

Please check the spelling of the Internet address entered. If it is correct, try this request later.

If you have questions, please contact your organization's network administrator and provide the codes shown below.

Date: Tue, 10 Dec 2013 14:59:13 EST
URL: GET http://hotmail.com/
Category: Web-based Email
Reason: UNKNOWN
Notification: GATEWAY_TIMEOUT

 

the virus seems to be adding characters in the domain name section of the URL & blocking my access still. I also have a suggestion. Could this be whats the source of my headache? "c:\users\Jgall\AppData\Roaming\Slick Savings." Thank you.


Edited by Rogue_wolf, 10 December 2013 - 07:06 PM.


#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:15 AM

Posted 11 December 2013 - 07:44 AM

Hi,
 
Thanks for your understanding about my exam.  :) 
 
Don't worry about where you ran ComboFix from this last time, but just go ahead and move it to the Desktop now because it will need to be there later for sure. 
 
-------------------------
 
As of right now we really have not been cleaning anything, but only getting good diagnostics....let's get started on cleaning.  :)
 
ComboFix

Open notepad and copy/paste the text in the quotebox below into it:
 

http://www.bleepingcomputer.com/forums/t/515835/invisible-nameless-dns-malware-keeps-me-from-access-certain-website/

Collect::
c:\users\Jgall\AppData\Local\Temp\EC.exe
c:\users\Jgall\AppData\Local\Temp\QYKYKFZATDJ.exe
c:\users\Jgall\AppData\Local\Temp\TJDXXRW.exe
c:\users\Jgall\AppData\Local\Temp\VZK.exe
c:\users\Jgall\AppData\Local\Temp\WZBWK.exe
 
Firefox::
FF - ProfilePath - c:\users\Jgall\AppData\Roaming\Mozilla\Firefox\Profiles\ou12ja8k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316071&CUI=UN13943040702689547&UM=2&SearchSource=3&q={searchTerms}

Driver::
EC
QYKYKFZATDJ
TJDXXRW
VZK
WZBWK

Save this as "CFScript.txt", and as  Type: All Files (*.*) in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed.  With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

----------

 

 

81mYIKe.jpg  AdwCleaner

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------

 

 

Post the new ComboFix log and the AdwCleaner log and let me know how your system is running now.  :)

 

 


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:15 AM

Posted 13 December 2013 - 07:29 AM

Still need help?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:15 AM

Posted 14 December 2013 - 11:13 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users