Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with svchost.exe virus (Trojan.Agent)


  • This topic is locked This topic is locked
20 replies to this topic

#1 Xythenol

Xythenol

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Las Vegas, NV
  • Local time:09:32 PM

Posted 17 April 2014 - 06:01 AM

Hello :)

 

A couple of weeks ago, I noticed the computer was running a bit slow and also found that the only way I could open up Microsoft Security Essentials was by right-clicking and running as an administrator. I figured it was probably a virus, because that's the only time I need to do that. MSE found nothing, so I downloaded AVG and Anti-Malware Bytes to find the issue.

 

AVG deleted a couple of other viruses (I don't recall what), and Malware Bytes found more than a few hiding in the registry (mostly adware and PUPs). The only one I didn't delete was the Trojan.Agent, because it was located in svchost.exe, and I remember being told not to delete that file. After searching around for a while, I realized that it wasn't the authentic svchost, because it's located in C:\Windows, not system32. I decided to look around for more information on how to go about deleting it, and found that I can't simply click "delete", because apparently other problems can arise (eg. blue screens, slower performance, returning malware, etc.). So I'm kinda scared about using that option.

 

Also, I think it should be noted that the virus is currently quarantined, so I don't know if logs will let it show up. I'm using the trial version of Malware Bytes (the program that quarantined it), and the trial ends in about 15 hours, so I don't know if it'll stay quarantined after it expires.

 

So I'm hoping that I can find some help here on what to do. I'm not very tech-savvy, so forgive me if some of the information provided earlier seemed dumb, or if there's a simpler choice that I might've missed. Thank you for taking the time to read all of this, and thanks in advance for your patience.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.55.2
Run by User at 3:34:34 on 2014-04-17
Microsoft Windows 7 Professional N   6.1.7601.1.1252.1.1033.18.1984.508 [GMT -7:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\spool\DRIVERS\x64\3\lxedserv.exe
C:\Windows\system32\lxedcoms.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
C:\Program Files (x86)\Soda PDF 3D Reader\HelperService.exe
C:\Program Files (x86)\Soda PDF 3D Reader\ConversionService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} -
uURLSearchHooks: {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - <orphaned>
uURLSearchHooks: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>
mURLSearchHooks: {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - <orphaned>
mURLSearchHooks: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Soda PDF 3D Reader Helper: {2FE0F895-6D1D-4c80-A20D-18E42DE9B631} - C:\Program Files (x86)\Soda PDF 3D Reader\PDFIEHelper.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: Soda PDF 3D Reader Toolbar: {64C9D46E-8F8B-4158-9780-A6581C7439B1} - C:\Program Files (x86)\Soda PDF 3D Reader\PDFIEPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm
IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{DE8E6762-3C6E-4232-84BB-992A0C7B7716} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{DE8E6762-3C6E-4232-84BB-992A0C7B7716}\2375942554639353 : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe"
x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o8i34k3q.default-1397698208506\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-3-27 192792]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-3-27 324376]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-3-31 130840]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-3-27 32536]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-3-27 153368]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-4-1 236824]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-3-27 236824]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-3-31 274200]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-9-22 283064]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2014-4-3 1473280]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-4-1 3655184]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-3-27 291912]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 lxed_device;lxed_device;C:\Windows\System32\lxedcoms.exe -service --> C:\Windows\System32\lxedcoms.exe -service [?]
R2 lxedCATSCustConnectService;lxedCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxedserv.exe [2010-12-18 45736]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-3 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-3 857912]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 133928]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 Samsung Network Fax Server;Samsung Network Fax Server;C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe [2012-9-19 237056]
R2 Soda PDF 3D Reader Helper Service;Soda PDF 3D Reader Helper Service;C:\Program Files (x86)\Soda PDF 3D Reader\HelperService.exe [2012-12-21 1352024]
R2 Soda PDF 3D Reader Service;Soda PDF 3D Reader Service;C:\Program Files (x86)\Soda PDF 3D Reader\ConversionService.exe [2012-12-21 874328]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2012-2-15 11576]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-12-10 8786848]
R2 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-12-10 565152]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-3 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-3 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-3 63192]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187B.sys [2010-3-31 450048]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-12-10 13728]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-12-10 68512]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-12-10 15736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-7 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-04-17 09:40:33    208216    ----a-w-    C:\Windows\System32\drivers\58564933.sys
2014-04-17 01:44:57    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CAB2042A-3EC1-433E-A479-57EF88F982BC}\offreg.dll
2014-04-17 01:16:59    10651696    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CAB2042A-3EC1-433E-A479-57EF88F982BC}\mpengine.dll
2014-04-16 03:38:03    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-16 01:06:55    10651696    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-16 00:48:52    503312    ----a-w-    C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Avg2014\update\backup\avgmfarx.dll
2014-04-16 00:48:52    2917904    ----a-w-    C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Avg2014\update\backup\avgupdx.dll
2014-04-16 00:48:51    6089216    ----a-w-    C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Avg2014\update\backup\avgmfapx.exe
2014-04-14 00:12:33    --------    d-----w-    C:\Users\User\AppData\Roaming\NVIDIA
2014-04-13 23:45:44    --------    d-----w-    C:\Program Files (x86)\Common Files\Oberon Media
2014-04-13 23:25:31    --------    d-----w-    C:\Program Files (x86)\GamesBar
2014-04-13 23:20:56    --------    d-----w-    C:\ProgramData\Oberon Media
2014-04-04 07:59:09    --------    d--h--w-    C:\Program Files (x86)\Common Files\EAInstaller
2014-04-04 07:55:40    519000    ----a-w-    C:\Windows\System32\d3dx10_40.dll
2014-04-04 07:55:40    452440    ----a-w-    C:\Windows\SysWow64\d3dx10_40.dll
2014-04-04 07:55:40    2605920    ----a-w-    C:\Windows\System32\D3DCompiler_40.dll
2014-04-04 07:55:40    2036576    ----a-w-    C:\Windows\SysWow64\D3DCompiler_40.dll
2014-04-04 07:55:32    5631312    ----a-w-    C:\Windows\System32\D3DX9_40.dll
2014-04-04 07:55:32    4379984    ----a-w-    C:\Windows\SysWow64\D3DX9_40.dll
2014-04-04 03:03:47    --------    d-----w-    C:\Users\User\AppData\Roaming\AVG2014
2014-04-04 02:59:04    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD08BF17-636B-4B18-A748-9A463C32789B}\gapaengine.dll
2014-04-04 02:35:50    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-04 02:33:15    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-04 02:33:14    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-04-04 02:33:14    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-04-04 02:33:13    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-04-04 02:33:13    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-04 02:28:03    234592    ----a-w-    C:\Windows\System32\drivers\03314170.sys
2014-04-04 02:26:26    --------    d-----w-    C:\Users\User\AppData\Roaming\TuneUp Software
2014-04-04 02:24:28    --------    d--h--w-    C:\$AVG
2014-04-04 02:24:28    --------    d-----w-    C:\ProgramData\AVG2014
2014-04-04 02:23:11    --------    d-----w-    C:\Program Files (x86)\AVG
2014-04-04 02:17:29    --------    d-----w-    C:\Users\User\AppData\Local\MFAData
2014-04-04 02:17:29    --------    d-----w-    C:\Users\User\AppData\Local\Avg2014
2014-04-04 02:17:29    --------    d-----w-    C:\ProgramData\MFAData
2014-04-02 04:03:14    236824    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2014-03-31 23:20:54    274200    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2014-03-31 23:06:26    130840    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2014-03-28 05:14:26    192792    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2014-03-28 05:14:24    153368    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2014-03-28 05:07:10    236824    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2014-03-28 05:05:02    324376    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2014-03-28 05:03:16    32536    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
.
==================== Find3M  ====================
.
2014-04-13 20:50:51    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-13 20:50:51    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-31 16:35:08    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-03-11 16:52:30    133928    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2014-01-25 08:19:42    268512    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2014-01-17 23:24:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-17 23:24:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2007-09-17 17:10:42    24576    ----a-w-    C:\Program Files (x86)\Lexmark 3500-4500 Series
.
============= FINISH:  3:39:10.30 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:32 PM

Posted 19 April 2014 - 02:08 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
---------- 

 
81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------
 
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 Xythenol

Xythenol
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Las Vegas, NV
  • Local time:09:32 PM

Posted 19 April 2014 - 09:42 PM

Wait, so do I click the "Clean" button on Adwcleaner, wait for it to finish, and then click "Report", or do I just click the report button without pushing clean?

 

I just want to make sure before I give you the logs that I'm not forgetting something or getting ahead of myself. Also, I already have TDSSKiller installed, so do I need to reinstall it, or is it okay?



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:32 PM

Posted 19 April 2014 - 09:44 PM

If you have it already, please run TDSSKiller and post the new log.  :)

 

As for AdwCleaner, please do not press the Clean button.  I just want a log of what is being seen on the system for now.  Thanks.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 Xythenol

Xythenol
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Las Vegas, NV
  • Local time:09:32 PM

Posted 19 April 2014 - 10:14 PM

Okay, well I know the one thing I want to keep is DVDVideoSoft (not the toolbar, of course). Thank you again for helping.

 

Here's the log for AdwCleaner:

 

 

# AdwCleaner v3.100 - Report created 19/04/2014 at 18:14:08
# Updated 20/04/2014 by Xplode
# Operating System : Windows 7 Professional N Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\torntv@torntv.com.xpi
File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Folder Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found C:\Program Files (x86)\Ask.com
Folder Found C:\Program Files (x86)\Common Files\DVDVideoSoft
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\DVDVideoSoft
Folder Found C:\Program Files (x86)\DVDVideoSoftTB
Folder Found C:\Program Files (x86)\DVDVideoSoftTB
Folder Found C:\Program Files (x86)\GamesBar
Folder Found C:\Program Files (x86)\MakeMeBabies_2.0
Folder Found C:\Program Files (x86)\Red Sky
Folder Found C:\Program Files (x86)\RegClean Pro
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Users\User\AppData\Local\Conduit
Folder Found C:\Users\User\AppData\Local\DownTango
Folder Found C:\Users\User\AppData\Local\iLivid
Folder Found C:\Users\User\AppData\Local\PackageAware
Folder Found C:\Users\User\AppData\Local\Temp\DVDVideoSoft
Folder Found C:\Users\User\AppData\LocalLow\AskToolbar
Folder Found C:\Users\User\AppData\LocalLow\Conduit
Folder Found C:\Users\User\AppData\LocalLow\DVDVideoSoftTB
Folder Found C:\Users\User\AppData\LocalLow\DVDVideoSoftTB
Folder Found C:\Users\User\AppData\LocalLow\MakeMeBabies_2.0
Folder Found C:\Users\User\AppData\LocalLow\PriceGong
Folder Found C:\Users\User\AppData\Roaming\DVDVideoSoft
Folder Found C:\Users\User\AppData\Roaming\dvdvideosoftiehelpers
Folder Found C:\Users\User\AppData\Roaming\Search Protection
Folder Found C:\Users\User\AppData\Roaming\Systweak
Folder Found C:\Users\User\Documents\DVDVideoSoft
Folder Found C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Found : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Found : HKCU\Software\AppDataLow\Software\MakeMeBabies_2.0
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\DVDVideoSoftTB
Key Found : HKCU\Software\DVDVideoSoftTB
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FBAF4A71-E681-4A25-BFA8-3A2CCE2BEC5F}
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\WEDLMNGR
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\APN
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\DVDVideoSoftTB
Key Found : [x64] HKCU\Software\DVDVideoSoftTB
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKCU\Software\StartSearch
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBAF4A71-E681-4A25-BFA8-3A2CCE2BEC5F}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3027459
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DVDVideoSoftTB
Key Found : HKLM\Software\DVDVideoSoftTB
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\Software\MakeMeBabies_2.0
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C812B57-747A-4D90-8105-F336A673C301}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35018CD6-AE8B-4085-9388-B51AA00AB1B5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FCDF968-EE4B-48AF-ACE9-1CD711160FA5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C815A5E-632F-4430-BF2B-8AEE24811BE1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FBAF4A71-E681-4A25-BFA8-3A2CCE2BEC5F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MakeMeBabies_2.0 Toolbar
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4330680-C0AE-4226-8A21-0AFE2FD1AC24}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D4330680-C0AE-4226-8A21-0AFE2FD1AC24}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D4330680-C0AE-4226-8A21-0AFE2FD1AC24}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o8i34k3q.default-1397698208506\prefs.js ]


-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12807 octets] - [19/04/2014 18:14:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12868 octets] ##########
 

 

 

 

And here's the log for TDSSKiller:

 

 

20:10:42.0297 2120  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:10:44.0439 2120  ============================================================
20:10:44.0439 2120  Current date / time: 2014/04/19 20:10:44.0439
20:10:44.0439 2120  SystemInfo:
20:10:44.0439 2120  
20:10:44.0439 2120  OS Version: 6.1.7601 ServicePack: 1.0
20:10:44.0439 2120  Product type: Workstation
20:10:44.0440 2120  ComputerName: USER-PC
20:10:44.0440 2120  UserName: User
20:10:44.0440 2120  Windows directory: C:\Windows
20:10:44.0440 2120  System windows directory: C:\Windows
20:10:44.0440 2120  Running under WOW64
20:10:44.0440 2120  Processor architecture: Intel x64
20:10:44.0440 2120  Number of processors: 2
20:10:44.0440 2120  Page size: 0x1000
20:10:44.0440 2120  Boot type: Normal boot
20:10:44.0440 2120  ============================================================
20:10:47.0269 2120  Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xB5B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:10:47.0379 2120  ============================================================
20:10:47.0379 2120  \Device\Harddisk0\DR0:
20:10:47.0392 2120  MBR partitions:
20:10:47.0392 2120  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:10:47.0392 2120  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x29E80800
20:10:47.0392 2120  ============================================================
20:10:47.0511 2120  C: <-> \Device\Harddisk0\DR0\Partition2
20:10:47.0575 2120  ============================================================
20:10:47.0576 2120  Initialize success
20:10:47.0576 2120  ============================================================
20:10:49.0203 2944  ============================================================
20:10:49.0203 2944  Scan started
20:10:49.0204 2944  Mode: Manual;
20:10:49.0204 2944  ============================================================
20:10:51.0360 2944  ================ Scan system memory ========================
20:10:51.0360 2944  System memory - ok
20:10:51.0361 2944  ================ Scan services =============================
20:10:52.0062 2944  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:10:52.0067 2944  1394ohci - ok
20:10:52.0093 2944  38456373 - ok
20:10:52.0150 2944  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:10:52.0155 2944  ACPI - ok
20:10:52.0208 2944  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:10:52.0210 2944  AcpiPmi - ok
20:10:52.0404 2944  [ B362181ED3771DC03B4141927C80F801 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:10:52.0409 2944  AdobeARMservice - ok
20:10:52.0837 2944  [ C2CE3311D2477B1B24CFB67020AD49B6 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:10:53.0267 2944  AdobeFlashPlayerUpdateSvc - ok
20:10:53.0377 2944  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:10:53.0403 2944  adp94xx - ok
20:10:53.0458 2944  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:10:53.0466 2944  adpahci - ok
20:10:53.0499 2944  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:10:53.0503 2944  adpu320 - ok
20:10:53.0588 2944  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:10:53.0622 2944  AeLookupSvc - ok
20:10:53.0714 2944  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:10:53.0749 2944  AFD - ok
20:10:53.0815 2944  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:10:53.0830 2944  agp440 - ok
20:10:53.0870 2944  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:10:53.0875 2944  ALG - ok
20:10:53.0931 2944  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:10:53.0945 2944  aliide - ok
20:10:53.0995 2944  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:10:54.0011 2944  amdide - ok
20:10:54.0063 2944  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:10:54.0076 2944  AmdK8 - ok
20:10:54.0107 2944  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:10:54.0109 2944  AmdPPM - ok
20:10:54.0162 2944  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:10:54.0178 2944  amdsata - ok
20:10:54.0222 2944  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:10:54.0227 2944  amdsbs - ok
20:10:54.0256 2944  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:10:54.0275 2944  amdxata - ok
20:10:54.0358 2944  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:10:54.0363 2944  AppID - ok
20:10:54.0390 2944  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:10:54.0394 2944  AppIDSvc - ok
20:10:54.0445 2944  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
20:10:54.0448 2944  Appinfo - ok
20:10:54.0528 2944  [ 221564CC7BE37611FE15EACF443E1BF6 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:10:54.0570 2944  Apple Mobile Device - ok
20:10:54.0614 2944  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:10:54.0624 2944  AppMgmt - ok
20:10:54.0664 2944  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:10:54.0667 2944  arc - ok
20:10:54.0700 2944  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:10:54.0718 2944  arcsas - ok
20:10:55.0270 2944  [ 9A262EDD17F8473B91B333D6B031A901 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:10:55.0340 2944  aspnet_state - ok
20:10:55.0398 2944  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:10:55.0400 2944  AsyncMac - ok
20:10:55.0490 2944  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:10:55.0494 2944  atapi - ok
20:10:55.0563 2944  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:10:55.0697 2944  AudioEndpointBuilder - ok
20:10:55.0747 2944  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:10:55.0753 2944  AudioSrv - ok
20:10:55.0826 2944  [ 2D5E8A35808FDA50274CFD22000DAB53 ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys
20:10:55.0831 2944  Avgdiska - ok
20:10:55.0873 2944  [ CA10D51653068DB6A0ADEEDDC4946C47 ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6a.sys
20:10:55.0886 2944  Avgfwfd - ok
20:10:56.0312 2944  [ FD57CC9F627CCED94B5E59F2FCE6A78A ] avgfws          C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
20:10:56.0391 2944  avgfws - ok
20:10:56.0702 2944  [ 539608AD59EE0B7C9990BA68FCDCA3C3 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
20:10:56.0825 2944  AVGIDSAgent - ok
20:10:56.0903 2944  [ BAF6FCBA5370EEC834A3A26037EAED0B ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:10:56.0910 2944  AVGIDSDriver - ok
20:10:56.0965 2944  [ F6CE2F1B6E890FB5EBC04A11A2E31DC1 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
20:10:56.0971 2944  AVGIDSHA - ok
20:10:57.0019 2944  [ B323DE78E0C75F3605C7A200F3CF350F ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
20:10:57.0029 2944  Avgldx64 - ok
20:10:57.0086 2944  [ 6E381AFF06BC6ABFAEF70405014D7A37 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
20:10:57.0120 2944  Avgloga - ok
20:10:57.0164 2944  [ DBFB9BEAE2816FDB4B4EF8C89AFA3DF0 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
20:10:57.0170 2944  Avgmfx64 - ok
20:10:57.0228 2944  [ 9C6CD518AE78D532FB33240DE11C765D ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
20:10:57.0232 2944  Avgrkx64 - ok
20:10:57.0345 2944  [ F86A506DA0BF61402E19DB8AF0684C9A ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
20:10:57.0363 2944  Avgtdia - ok
20:10:57.0450 2944  [ DBAEB3D23C653018629A76E53260E122 ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
20:10:57.0467 2944  avgwd - ok
20:10:57.0526 2944  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:10:57.0532 2944  AxInstSV - ok
20:10:57.0573 2944  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:10:57.0598 2944  b06bdrv - ok
20:10:57.0626 2944  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:10:57.0634 2944  b57nd60a - ok
20:10:57.0676 2944  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:10:57.0680 2944  BDESVC - ok
20:10:57.0691 2944  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:10:57.0692 2944  Beep - ok
20:10:57.0750 2944  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:10:57.0799 2944  BFE - ok
20:10:57.0865 2944  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:10:57.0933 2944  BITS - ok
20:10:57.0963 2944  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:10:57.0966 2944  blbdrive - ok
20:10:58.0037 2944  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:10:58.0054 2944  Bonjour Service - ok
20:10:58.0111 2944  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:10:58.0117 2944  bowser - ok
20:10:58.0139 2944  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:10:58.0141 2944  BrFiltLo - ok
20:10:58.0160 2944  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:10:58.0161 2944  BrFiltUp - ok
20:10:58.0200 2944  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:10:58.0300 2944  Browser - ok
20:10:58.0339 2944  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:10:58.0350 2944  Brserid - ok
20:10:58.0412 2944  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:10:58.0416 2944  BrSerWdm - ok
20:10:58.0431 2944  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:10:58.0434 2944  BrUsbMdm - ok
20:10:58.0459 2944  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:10:58.0461 2944  BrUsbSer - ok
20:10:58.0479 2944  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:10:58.0482 2944  BTHMODEM - ok
20:10:58.0513 2944  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:10:58.0516 2944  bthserv - ok
20:10:58.0532 2944  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:10:58.0535 2944  cdfs - ok
20:10:58.0599 2944  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:10:58.0607 2944  cdrom - ok
20:10:58.0664 2944  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:10:58.0670 2944  CertPropSvc - ok
20:10:58.0704 2944  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:10:58.0708 2944  circlass - ok
20:10:58.0746 2944  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:10:58.0758 2944  CLFS - ok
20:10:58.0810 2944  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:10:58.0817 2944  clr_optimization_v2.0.50727_32 - ok
20:10:58.0857 2944  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:10:58.0866 2944  clr_optimization_v2.0.50727_64 - ok
20:10:59.0119 2944  [ E87213F37A13E2B54391E40934F071D0 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:10:59.0269 2944  clr_optimization_v4.0.30319_32 - ok
20:10:59.0324 2944  [ 4AEDAB50F83580D0B4D6CF78191F92AA ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:10:59.0400 2944  clr_optimization_v4.0.30319_64 - ok
20:10:59.0429 2944  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:10:59.0432 2944  CmBatt - ok
20:10:59.0478 2944  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:10:59.0488 2944  cmdide - ok
20:10:59.0537 2944  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
20:10:59.0563 2944  CNG - ok
20:10:59.0576 2944  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:10:59.0579 2944  Compbatt - ok
20:10:59.0622 2944  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:10:59.0625 2944  CompositeBus - ok
20:10:59.0639 2944  COMSysApp - ok
20:10:59.0655 2944  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:10:59.0658 2944  crcdisk - ok
20:10:59.0731 2944  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:10:59.0829 2944  CryptSvc - ok
20:10:59.0888 2944  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
20:10:59.0914 2944  CSC - ok
20:10:59.0953 2944  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
20:10:59.0964 2944  CscService - ok
20:11:00.0022 2944  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:11:00.0069 2944  DcomLaunch - ok
20:11:00.0114 2944  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:11:00.0156 2944  defragsvc - ok
20:11:00.0194 2944  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:11:00.0198 2944  DfsC - ok
20:11:00.0264 2944  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:11:00.0294 2944  Dhcp - ok
20:11:00.0321 2944  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:11:00.0323 2944  discache - ok
20:11:00.0338 2944  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:11:00.0340 2944  Disk - ok
20:11:00.0384 2944  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:11:00.0477 2944  Dnscache - ok
20:11:00.0547 2944  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:11:00.0556 2944  dot3svc - ok
20:11:00.0619 2944  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:11:00.0625 2944  DPS - ok
20:11:00.0653 2944  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:11:00.0656 2944  drmkaud - ok
20:11:00.0715 2944  [ 6A0E850DDCB136AA3D2FB7234382DF12 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:11:00.0722 2944  dtsoftbus01 - ok
20:11:00.0808 2944  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:11:00.0834 2944  DXGKrnl - ok
20:11:00.0864 2944  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:11:00.0905 2944  EapHost - ok
20:11:01.0031 2944  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:11:01.0140 2944  ebdrv - ok
20:11:01.0173 2944  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:11:01.0176 2944  EFS - ok
20:11:01.0228 2944  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:11:01.0251 2944  ehRecvr - ok
20:11:01.0280 2944  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:11:01.0285 2944  ehSched - ok
20:11:01.0355 2944  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:11:01.0381 2944  elxstor - ok
20:11:01.0431 2944  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:11:01.0434 2944  ErrDev - ok
20:11:01.0492 2944  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:11:01.0512 2944  EventSystem - ok
20:11:01.0540 2944  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:11:01.0547 2944  exfat - ok
20:11:01.0595 2944  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:11:01.0603 2944  fastfat - ok
20:11:01.0709 2944  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:11:01.0743 2944  Fax - ok
20:11:01.0756 2944  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:11:01.0760 2944  fdc - ok
20:11:01.0788 2944  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:11:01.0790 2944  fdPHost - ok
20:11:01.0821 2944  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:11:01.0824 2944  FDResPub - ok
20:11:01.0846 2944  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:11:01.0849 2944  FileInfo - ok
20:11:01.0860 2944  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:11:01.0863 2944  Filetrace - ok
20:11:01.0884 2944  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:11:01.0887 2944  flpydisk - ok
20:11:01.0965 2944  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:11:01.0983 2944  FltMgr - ok
20:11:02.0073 2944  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
20:11:02.0168 2944  FontCache - ok
20:11:02.0223 2944  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:11:02.0227 2944  FontCache3.0.0.0 - ok
20:11:02.0259 2944  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:11:02.0263 2944  FsDepends - ok
20:11:02.0298 2944  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:11:02.0309 2944  Fs_Rec - ok
20:11:02.0354 2944  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:11:02.0359 2944  fvevol - ok
20:11:02.0375 2944  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:11:02.0378 2944  gagp30kx - ok
20:11:02.0427 2944  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:11:02.0430 2944  GEARAspiWDM - ok
20:11:02.0497 2944  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:11:02.0532 2944  gpsvc - ok
20:11:02.0670 2944  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:02.0673 2944  gupdate - ok
20:11:02.0698 2944  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:02.0703 2944  gupdatem - ok
20:11:02.0769 2944  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:11:02.0775 2944  gusvc - ok
20:11:02.0811 2944  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:11:02.0815 2944  hcw85cir - ok
20:11:02.0873 2944  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:11:02.0915 2944  HdAudAddService - ok
20:11:02.0956 2944  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:11:02.0962 2944  HDAudBus - ok
20:11:02.0989 2944  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:11:02.0993 2944  HidBatt - ok
20:11:03.0027 2944  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:11:03.0032 2944  HidBth - ok
20:11:03.0063 2944  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:11:03.0065 2944  HidIr - ok
20:11:03.0110 2944  [ 4965189C05ACAAC13FE47686E28EDCCE ] hidkmdf         C:\Windows\system32\DRIVERS\hidkmdf.sys
20:11:03.0112 2944  hidkmdf - ok
20:11:03.0130 2944  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:11:03.0133 2944  hidserv - ok
20:11:03.0184 2944  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:11:03.0198 2944  HidUsb - ok
20:11:03.0243 2944  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:11:03.0249 2944  hkmsvc - ok
20:11:03.0298 2944  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:11:03.0319 2944  HomeGroupListener - ok
20:11:03.0369 2944  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:11:03.0378 2944  HomeGroupProvider - ok
20:11:03.0431 2944  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:11:03.0435 2944  HpSAMD - ok
20:11:03.0498 2944  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:11:03.0551 2944  HTTP - ok
20:11:03.0598 2944  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:11:03.0607 2944  hwpolicy - ok
20:11:03.0653 2944  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:11:03.0658 2944  i8042prt - ok
20:11:03.0688 2944  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:11:03.0706 2944  iaStorV - ok
20:11:03.0921 2944  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:11:03.0957 2944  idsvc - ok
20:11:03.0989 2944  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:11:03.0993 2944  iirsp - ok
20:11:04.0063 2944  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:11:04.0173 2944  IKEEXT - ok
20:11:04.0215 2944  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:11:04.0217 2944  intelide - ok
20:11:04.0244 2944  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:11:04.0247 2944  intelppm - ok
20:11:04.0269 2944  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:11:04.0273 2944  IPBusEnum - ok
20:11:04.0307 2944  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:11:04.0309 2944  IpFilterDriver - ok
20:11:04.0352 2944  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:11:04.0366 2944  IPMIDRV - ok
20:11:04.0403 2944  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:11:04.0409 2944  IPNAT - ok
20:11:04.0545 2944  [ 842D1EDD0F2A6E0E6631BB96BAAA01DE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:11:04.0594 2944  iPod Service - ok
20:11:04.0620 2944  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:11:04.0623 2944  IRENUM - ok
20:11:04.0668 2944  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:11:04.0687 2944  isapnp - ok
20:11:04.0745 2944  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:11:04.0758 2944  iScsiPrt - ok
20:11:04.0790 2944  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:11:04.0794 2944  kbdclass - ok
20:11:04.0842 2944  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:11:04.0845 2944  kbdhid - ok
20:11:04.0864 2944  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:11:04.0869 2944  KeyIso - ok
20:11:04.0920 2944  [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
20:11:04.0927 2944  KMWDFILTER - ok
20:11:04.0973 2944  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:11:04.0978 2944  KSecDD - ok
20:11:05.0025 2944  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:11:05.0034 2944  KSecPkg - ok
20:11:05.0063 2944  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:11:05.0066 2944  ksthunk - ok
20:11:05.0107 2944  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:11:05.0124 2944  KtmRm - ok
20:11:05.0187 2944  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:11:05.0237 2944  LanmanServer - ok
20:11:05.0290 2944  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:11:05.0357 2944  LanmanWorkstation - ok
20:11:05.0387 2944  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:11:05.0390 2944  lltdio - ok
20:11:05.0425 2944  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:11:05.0442 2944  lltdsvc - ok
20:11:05.0455 2944  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:11:05.0492 2944  lmhosts - ok
20:11:05.0532 2944  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:11:05.0536 2944  LSI_FC - ok
20:11:05.0565 2944  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:11:05.0571 2944  LSI_SAS - ok
20:11:05.0591 2944  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:11:05.0593 2944  LSI_SAS2 - ok
20:11:05.0612 2944  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:11:05.0616 2944  LSI_SCSI - ok
20:11:05.0642 2944  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:11:05.0645 2944  luafv - ok
20:11:05.0754 2944  [ D6CDF198518B8428B66AAD8F7BABC3BE ] lxedCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe
20:11:05.0811 2944  lxedCATSCustConnectService - ok
20:11:05.0838 2944  lxed_device - ok
20:11:05.0880 2944  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:11:05.0885 2944  Mcx2Svc - ok
20:11:05.0902 2944  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:11:05.0905 2944  megasas - ok
20:11:05.0932 2944  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:11:05.0939 2944  MegaSR - ok
20:11:05.0965 2944  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:11:05.0968 2944  MMCSS - ok
20:11:05.0975 2944  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:11:05.0977 2944  Modem - ok
20:11:06.0003 2944  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:11:06.0004 2944  monitor - ok
20:11:06.0038 2944  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:11:06.0049 2944  mouclass - ok
20:11:06.0062 2944  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:11:06.0064 2944  mouhid - ok
20:11:06.0110 2944  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:11:06.0113 2944  mountmgr - ok
20:11:06.0213 2944  [ AEE4E9CC59CDEB55B1ECB0E596E796BE ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:11:06.0217 2944  MozillaMaintenance - ok
20:11:06.0280 2944  [ 9EB89625A82AC961F25E7C865947BF9A ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:11:06.0297 2944  MpFilter - ok
20:11:06.0346 2944  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:11:06.0350 2944  mpio - ok
20:11:06.0466 2944  MpKsl7534a931 - ok
20:11:06.0528 2944  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:11:06.0548 2944  mpsdrv - ok
20:11:06.0679 2944  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:11:06.0730 2944  MpsSvc - ok
20:11:06.0774 2944  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:11:06.0778 2944  MRxDAV - ok
20:11:06.0826 2944  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:11:06.0834 2944  mrxsmb - ok
20:11:06.0888 2944  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:11:06.0895 2944  mrxsmb10 - ok
20:11:06.0907 2944  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:11:06.0911 2944  mrxsmb20 - ok
20:11:06.0957 2944  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:11:06.0978 2944  msahci - ok
20:11:07.0027 2944  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:11:07.0046 2944  msdsm - ok
20:11:07.0072 2944  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:11:07.0088 2944  MSDTC - ok
20:11:07.0150 2944  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:11:07.0152 2944  Msfs - ok
20:11:07.0174 2944  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:11:07.0177 2944  mshidkmdf - ok
20:11:07.0214 2944  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:11:07.0223 2944  msisadrv - ok
20:11:07.0267 2944  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:11:07.0274 2944  MSiSCSI - ok
20:11:07.0284 2944  msiserver - ok
20:11:07.0322 2944  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:11:07.0324 2944  MSKSSRV - ok
20:11:07.0433 2944  [ 89F2AEDC2788696702141AB82C3E7866 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:11:07.0446 2944  MsMpSvc - ok
20:11:07.0470 2944  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:11:07.0473 2944  MSPCLOCK - ok
20:11:07.0491 2944  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:11:07.0494 2944  MSPQM - ok
20:11:07.0537 2944  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:11:07.0554 2944  MsRPC - ok
20:11:07.0597 2944  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:11:07.0598 2944  mssmbios - ok
20:11:07.0628 2944  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:11:07.0630 2944  MSTEE - ok
20:11:07.0643 2944  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:11:07.0646 2944  MTConfig - ok
20:11:07.0670 2944  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:11:07.0673 2944  Mup - ok
20:11:07.0720 2944  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:11:07.0738 2944  napagent - ok
20:11:07.0782 2944  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:11:07.0798 2944  NativeWifiP - ok
20:11:07.0877 2944  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:11:07.0913 2944  NDIS - ok
20:11:07.0946 2944  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:11:07.0950 2944  NdisCap - ok
20:11:07.0975 2944  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:11:07.0978 2944  NdisTapi - ok
20:11:08.0038 2944  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:11:08.0049 2944  Ndisuio - ok
20:11:08.0096 2944  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:11:08.0105 2944  NdisWan - ok
20:11:08.0151 2944  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:11:08.0154 2944  NDProxy - ok
20:11:08.0179 2944  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:11:08.0182 2944  NetBIOS - ok
20:11:08.0218 2944  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:11:08.0224 2944  NetBT - ok
20:11:08.0238 2944  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:11:08.0240 2944  Netlogon - ok
20:11:08.0276 2944  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:11:08.0326 2944  Netman - ok
20:11:08.0390 2944  [ 21318671BCAD3ACF16638F98D4D00973 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:08.0432 2944  NetMsmqActivator - ok
20:11:08.0442 2944  [ 21318671BCAD3ACF16638F98D4D00973 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:08.0447 2944  NetPipeActivator - ok
20:11:08.0546 2944  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:11:08.0573 2944  netprofm - ok
20:11:08.0585 2944  [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:08.0587 2944  NetTcpActivator - ok
20:11:08.0606 2944  [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:08.0608 2944  NetTcpPortSharing - ok
20:11:08.0637 2944  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:11:08.0640 2944  nfrd960 - ok
20:11:08.0691 2944  [ C3E0696C3B42F694C5822776AA6FFFDF ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:11:08.0695 2944  NisDrv - ok
20:11:08.0716 2944  [ DCEE3592299B2229A0DB98CB415059A2 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
20:11:08.0723 2944  NisSrv - ok
20:11:08.0773 2944  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:11:08.0805 2944  NlaSvc - ok
20:11:08.0831 2944  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:11:08.0834 2944  Npfs - ok
20:11:08.0855 2944  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:11:08.0868 2944  nsi - ok
20:11:08.0876 2944  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:11:08.0878 2944  nsiproxy - ok
20:11:09.0123 2944  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:11:09.0193 2944  Ntfs - ok
20:11:09.0223 2944  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:11:09.0235 2944  Null - ok
20:11:09.0272 2944  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
20:11:09.0279 2944  NVENETFD - ok
20:11:10.0406 2944  [ 8E6247F418B4C8AE9EEB0B532CABCC21 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:11:10.0683 2944  nvlddmkm - ok
20:11:10.0766 2944  [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
20:11:10.0792 2944  NVNET - ok
20:11:10.0851 2944  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:11:10.0858 2944  nvraid - ok
20:11:10.0880 2944  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:11:10.0884 2944  nvstor - ok
20:11:10.0958 2944  [ 41B97DCE2B2D113B831EB197F02A7398 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:11:10.0993 2944  nvsvc - ok
20:11:11.0113 2944  [ A3A25E0509F67473B960DAF214828BE3 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:11:11.0157 2944  nvUpdatusService - ok
20:11:11.0198 2944  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:11:11.0201 2944  nv_agp - ok
20:11:11.0303 2944  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:11:11.0320 2944  odserv - ok
20:11:11.0346 2944  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:11:11.0349 2944  ohci1394 - ok
20:11:11.0400 2944  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:11:11.0426 2944  ose - ok
20:11:11.0459 2944  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:11:11.0476 2944  p2pimsvc - ok
20:11:11.0505 2944  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:11:11.0515 2944  p2psvc - ok
20:11:11.0549 2944  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:11:11.0553 2944  Parport - ok
20:11:11.0590 2944  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:11:11.0598 2944  partmgr - ok
20:11:11.0661 2944  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:11:11.0678 2944  pci - ok
20:11:11.0713 2944  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:11:11.0716 2944  pciide - ok
20:11:11.0744 2944  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:11:11.0752 2944  pcmcia - ok
20:11:11.0775 2944  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:11:11.0779 2944  pcw - ok
20:11:11.0804 2944  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:11:11.0822 2944  PEAUTH - ok
20:11:11.0867 2944  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:11:11.0901 2944  PeerDistSvc - ok
20:11:11.0964 2944  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:11:12.0117 2944  PerfHost - ok
20:11:12.0255 2944  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:11:12.0315 2944  pla - ok
20:11:12.0401 2944  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:11:12.0475 2944  PlugPlay - ok
20:11:12.0504 2944  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:11:12.0507 2944  PNRPAutoReg - ok
20:11:12.0523 2944  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:11:12.0526 2944  PNRPsvc - ok
20:11:12.0562 2944  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:11:12.0566 2944  Power - ok
20:11:12.0611 2944  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:11:12.0616 2944  PptpMiniport - ok
20:11:12.0639 2944  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:11:12.0643 2944  Processor - ok
20:11:12.0705 2944  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:11:12.0787 2944  ProfSvc - ok
20:11:12.0803 2944  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:11:12.0805 2944  ProtectedStorage - ok
20:11:12.0862 2944  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:11:12.0866 2944  Psched - ok
20:11:12.0919 2944  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:11:12.0963 2944  ql2300 - ok
20:11:13.0004 2944  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:11:13.0009 2944  ql40xx - ok
20:11:13.0036 2944  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:11:13.0049 2944  QWAVE - ok
20:11:13.0074 2944  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:11:13.0076 2944  QWAVEdrv - ok
20:11:13.0096 2944  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:11:13.0098 2944  RasAcd - ok
20:11:13.0125 2944  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:11:13.0128 2944  RasAgileVpn - ok
20:11:13.0139 2944  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:11:13.0145 2944  RasAuto - ok
20:11:13.0186 2944  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:11:13.0190 2944  Rasl2tp - ok
20:11:13.0274 2944  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:11:13.0291 2944  RasMan - ok
20:11:13.0322 2944  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:11:13.0327 2944  RasPppoe - ok
20:11:13.0352 2944  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:11:13.0357 2944  RasSstp - ok
20:11:13.0404 2944  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:11:13.0419 2944  rdbss - ok
20:11:13.0432 2944  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:11:13.0435 2944  rdpbus - ok
20:11:13.0445 2944  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:11:13.0447 2944  RDPCDD - ok
20:11:13.0520 2944  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:11:13.0545 2944  RDPDR - ok
20:11:13.0569 2944  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:11:13.0573 2944  RDPENCDD - ok
20:11:13.0607 2944  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:11:13.0608 2944  RDPREFMP - ok
20:11:13.0655 2944  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:11:13.0662 2944  RDPWD - ok
20:11:13.0720 2944  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:11:13.0736 2944  rdyboost - ok
20:11:13.0828 2944  [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
20:11:13.0836 2944  RealNetworks Downloader Resolver Service - ok
20:11:13.0865 2944  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:11:13.0874 2944  RemoteRegistry - ok
20:11:13.0889 2944  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:11:13.0911 2944  RpcEptMapper - ok
20:11:13.0930 2944  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:11:13.0932 2944  RpcLocator - ok
20:11:13.0995 2944  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:11:14.0007 2944  RpcSs - ok
20:11:14.0042 2944  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:11:14.0045 2944  rspndr - ok
20:11:14.0144 2944  [ 945AB249D12CBE044782430C6013AA1A ] RTL8187B        C:\Windows\system32\DRIVERS\RTL8187B.sys
20:11:14.0170 2944  RTL8187B - ok
20:11:14.0210 2944  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:11:14.0213 2944  s3cap - ok
20:11:14.0236 2944  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:11:14.0239 2944  SamSs - ok
20:11:14.0332 2944  [ 250112C2973C72E17C87D1FB80A4C98E ] Samsung Network Fax Server C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
20:11:14.0768 2944  Samsung Network Fax Server - ok
20:11:14.0804 2944  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:11:14.0807 2944  sbp2port - ok
20:11:14.0828 2944  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:11:14.0833 2944  SCardSvr - ok
20:11:14.0869 2944  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:11:14.0871 2944  scfilter - ok
20:11:14.0933 2944  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:11:15.0044 2944  Schedule - ok
20:11:15.0083 2944  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:11:15.0085 2944  SCPolicySvc - ok
20:11:15.0129 2944  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:11:15.0146 2944  SDRSVC - ok
20:11:15.0183 2944  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:11:15.0187 2944  secdrv - ok
20:11:15.0230 2944  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:11:15.0248 2944  seclogon - ok
20:11:15.0286 2944  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:11:15.0325 2944  SENS - ok
20:11:15.0353 2944  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:11:15.0357 2944  SensrSvc - ok
20:11:15.0382 2944  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:11:15.0384 2944  Serenum - ok
20:11:15.0414 2944  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:11:15.0417 2944  Serial - ok
20:11:15.0455 2944  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:11:15.0457 2944  sermouse - ok
20:11:15.0514 2944  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:11:15.0531 2944  SessionEnv - ok
20:11:15.0573 2944  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:11:15.0576 2944  sffdisk - ok
20:11:15.0597 2944  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:11:15.0600 2944  sffp_mmc - ok
20:11:15.0621 2944  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:11:15.0623 2944  sffp_sd - ok
20:11:15.0647 2944  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:11:15.0649 2944  sfloppy - ok
20:11:15.0674 2944  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:11:15.0766 2944  ShellHWDetection - ok
20:11:15.0785 2944  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:11:15.0787 2944  SiSRaid2 - ok
20:11:15.0808 2944  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:11:15.0812 2944  SiSRaid4 - ok
20:11:15.0836 2944  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:11:15.0840 2944  Smb - ok
20:11:15.0879 2944  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:11:15.0882 2944  SNMPTRAP - ok
20:11:16.0002 2944  [ 59982DBADF1451C370438C90FEA008CB ] Soda PDF 3D Reader Helper Service C:\Program Files (x86)\Soda PDF 3D Reader\HelperService.exe
20:11:16.0046 2944  Soda PDF 3D Reader Helper Service - ok
20:11:16.0074 2944  [ 5B675A95F12A13297D09412B52772B96 ] Soda PDF 3D Reader Service C:\Program Files (x86)\Soda PDF 3D Reader\ConversionService.exe
20:11:16.0100 2944  Soda PDF 3D Reader Service - ok
20:11:16.0111 2944  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:11:16.0114 2944  spldr - ok
20:11:16.0158 2944  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:11:16.0176 2944  Spooler - ok
20:11:16.0295 2944  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:11:16.0396 2944  sppsvc - ok
20:11:16.0437 2944  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:11:16.0442 2944  sppuinotify - ok
20:11:16.0498 2944  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:11:16.0519 2944  srv - ok
20:11:16.0548 2944  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:11:16.0565 2944  srv2 - ok
20:11:16.0587 2944  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:11:16.0592 2944  srvnet - ok
20:11:16.0620 2944  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:11:16.0626 2944  SSDPSRV - ok
20:11:16.0664 2944  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
20:11:16.0681 2944  SSPORT - ok
20:11:16.0702 2944  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:11:16.0709 2944  SstpSvc - ok
20:11:16.0728 2944  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:11:16.0730 2944  stexstor - ok
20:11:16.0783 2944  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:11:16.0853 2944  stisvc - ok
20:11:16.0895 2944  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:11:16.0899 2944  storflt - ok
20:11:16.0924 2944  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
20:11:16.0930 2944  StorSvc - ok
20:11:16.0986 2944  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:11:16.0990 2944  storvsc - ok
20:11:17.0009 2944  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:11:17.0013 2944  swenum - ok
20:11:17.0050 2944  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:11:17.0067 2944  swprv - ok
20:11:17.0141 2944  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:11:17.0193 2944  SysMain - ok
20:11:17.0238 2944  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:11:17.0243 2944  TabletInputService - ok
20:11:17.0696 2944  [ 1CBBC0EB320BC9195A886FD0D183BEBC ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
20:11:17.0911 2944  TabletServiceWacom - ok
20:11:17.0986 2944  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:11:18.0020 2944  TapiSrv - ok
20:11:18.0049 2944  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:11:18.0064 2944  TBS - ok
20:11:18.0171 2944  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:11:18.0234 2944  Tcpip - ok
20:11:18.0293 2944  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:11:18.0305 2944  TCPIP6 - ok
20:11:18.0355 2944  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:11:18.0357 2944  tcpipreg - ok
20:11:18.0398 2944  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:11:18.0400 2944  TDPIPE - ok
20:11:18.0442 2944  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:11:18.0445 2944  TDTCP - ok
20:11:18.0493 2944  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:11:18.0496 2944  tdx - ok
20:11:18.0539 2944  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:11:18.0543 2944  TermDD - ok
20:11:18.0608 2944  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:11:18.0660 2944  TermService - ok
20:11:18.0693 2944  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:11:18.0727 2944  Themes - ok
20:11:18.0752 2944  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:11:18.0755 2944  THREADORDER - ok
20:11:18.0857 2944  [ C0F628F426FA7A6C2AAEFDAE5A00F20B ] TouchServiceWacom C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
20:11:18.0891 2944  TouchServiceWacom - ok
20:11:18.0915 2944  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:11:18.0948 2944  TrkWks - ok
20:11:19.0006 2944  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:11:19.0015 2944  TrustedInstaller - ok
20:11:19.0069 2944  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:11:19.0073 2944  tssecsrv - ok
20:11:19.0119 2944  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:11:19.0124 2944  TsUsbFlt - ok
20:11:19.0186 2944  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:11:19.0192 2944  tunnel - ok
20:11:19.0217 2944  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:11:19.0221 2944  uagp35 - ok
20:11:19.0282 2944  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:11:19.0299 2944  udfs - ok
20:11:19.0340 2944  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:11:19.0355 2944  UI0Detect - ok
20:11:19.0384 2944  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:11:19.0387 2944  uliagpkx - ok
20:11:19.0430 2944  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:11:19.0433 2944  umbus - ok
20:11:19.0451 2944  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:11:19.0453 2944  UmPass - ok
20:11:19.0497 2944  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
20:11:19.0505 2944  UmRdpService - ok
20:11:19.0543 2944  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:11:19.0560 2944  upnphost - ok
20:11:19.0603 2944  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:11:19.0613 2944  USBAAPL64 - ok
20:11:19.0660 2944  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:11:19.0676 2944  usbccgp - ok
20:11:19.0717 2944  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:11:19.0721 2944  usbcir - ok
20:11:19.0743 2944  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:11:19.0746 2944  usbehci - ok
20:11:19.0778 2944  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:11:19.0786 2944  usbhub - ok
20:11:19.0802 2944  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:11:19.0805 2944  usbohci - ok
20:11:19.0825 2944  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:11:19.0827 2944  usbprint - ok
20:11:19.0878 2944  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:11:19.0902 2944  usbscan - ok
20:11:19.0917 2944  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:11:19.0933 2944  USBSTOR - ok
20:11:19.0946 2944  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:11:19.0949 2944  usbuhci - ok
20:11:19.0971 2944  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:11:19.0985 2944  UxSms - ok
20:11:20.0000 2944  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:11:20.0002 2944  VaultSvc - ok
20:11:20.0023 2944  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:11:20.0025 2944  vdrvroot - ok
20:11:20.0157 2944  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:11:20.0191 2944  vds - ok
20:11:20.0218 2944  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:11:20.0226 2944  vga - ok
20:11:20.0251 2944  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:11:20.0255 2944  VgaSave - ok
20:11:20.0347 2944  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:11:20.0355 2944  vhdmp - ok
20:11:20.0396 2944  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:11:20.0399 2944  viaide - ok
20:11:20.0494 2944  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:11:20.0505 2944  vmbus - ok
20:11:20.0528 2944  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:11:20.0530 2944  VMBusHID - ok
20:11:20.0538 2944  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:11:20.0540 2944  volmgr - ok
20:11:20.0587 2944  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:11:20.0597 2944  volmgrx - ok
20:11:20.0621 2944  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:11:20.0628 2944  volsnap - ok
20:11:20.0671 2944  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:11:20.0678 2944  vsmraid - ok
20:11:20.0764 2944  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:11:20.0841 2944  VSS - ok
20:11:20.0861 2944  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:11:20.0863 2944  vwifibus - ok
20:11:20.0891 2944  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:11:20.0893 2944  vwififlt - ok
20:11:20.0920 2944  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:11:20.0928 2944  W32Time - ok
20:11:20.0975 2944  [ F713C4EE053219C9A22540A99380F2F2 ] WacHidRouter    C:\Windows\system32\DRIVERS\wachidrouter.sys
20:11:20.0977 2944  WacHidRouter - ok
20:11:21.0006 2944  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:11:21.0008 2944  WacomPen - ok
20:11:21.0030 2944  [ B59EC4DD1026F059CD95C1627562F3F3 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
20:11:21.0032 2944  wacomrouterfilter - ok
20:11:21.0087 2944  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:11:21.0097 2944  WANARP - ok
20:11:21.0130 2944  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:11:21.0134 2944  Wanarpv6 - ok
20:11:21.0231 2944  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:11:21.0266 2944  WatAdminSvc - ok
20:11:21.0603 2944  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:11:21.0662 2944  wbengine - ok
20:11:21.0691 2944  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:11:21.0701 2944  WbioSrvc - ok
20:11:21.0744 2944  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:11:21.0752 2944  wcncsvc - ok
20:11:21.0765 2944  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:11:21.0770 2944  WcsPlugInService - ok
20:11:21.0793 2944  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:11:21.0795 2944  Wd - ok
20:11:21.0842 2944  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
20:11:21.0845 2944  WDC_SAM - ok
20:11:21.0921 2944  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:11:21.0948 2944  Wdf01000 - ok
20:11:21.0970 2944  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:11:22.0015 2944  WdiServiceHost - ok
20:11:22.0023 2944  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:11:22.0026 2944  WdiSystemHost - ok
20:11:22.0062 2944  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:11:22.0068 2944  WebClient - ok
20:11:22.0082 2944  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:11:22.0088 2944  Wecsvc - ok
20:11:22.0102 2944  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:11:22.0106 2944  wercplsupport - ok
20:11:22.0137 2944  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:11:22.0146 2944  WerSvc - ok
20:11:22.0174 2944  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:11:22.0176 2944  WfpLwf - ok
20:11:22.0191 2944  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:11:22.0193 2944  WIMMount - ok
20:11:22.0213 2944  WinDefend - ok
20:11:22.0225 2944  WinHttpAutoProxySvc - ok
20:11:22.0278 2944  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:11:22.0307 2944  Winmgmt - ok
20:11:22.0620 2944  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:11:22.0671 2944  WinRM - ok
20:11:22.0758 2944  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:11:22.0768 2944  WinUsb - ok
20:11:22.0818 2944  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:11:22.0941 2944  Wlansvc - ok
20:11:22.0976 2944  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:11:22.0978 2944  WmiAcpi - ok
20:11:23.0032 2944  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:11:23.0038 2944  wmiApSrv - ok
20:11:23.0064 2944  WMPNetworkSvc - ok
20:11:23.0089 2944  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:11:23.0093 2944  WPCSvc - ok
20:11:23.0157 2944  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:11:23.0172 2944  WPDBusEnum - ok
20:11:23.0209 2944  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:11:23.0211 2944  ws2ifsl - ok
20:11:23.0264 2944  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:11:23.0268 2944  wscsvc - ok
20:11:23.0273 2944  WSearch - ok
20:11:23.0384 2944  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:11:23.0462 2944  wuauserv - ok
20:11:23.0500 2944  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:11:23.0518 2944  WudfPf - ok
20:11:23.0579 2944  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:11:23.0587 2944  WUDFRd - ok
20:11:23.0630 2944  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:11:23.0671 2944  wudfsvc - ok
20:11:23.0735 2944  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:11:23.0747 2944  WwanSvc - ok
20:11:23.0858 2944  ‮etadpug - ok
20:11:23.0985 2944  ================ Scan global ===============================
20:11:24.0015 2944  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:11:24.0073 2944  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
20:11:24.0234 2944  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
20:11:24.0270 2944  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:11:24.0310 2944  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:11:24.0315 2944  [Global] - ok
20:11:24.0316 2944  ================ Scan MBR ==================================
20:11:24.0339 2944  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:11:24.0642 2944  \Device\Harddisk0\DR0 - ok
20:11:24.0642 2944  ================ Scan VBR ==================================
20:11:24.0645 2944  [ 88564D6A4E2BC9F75A72163895E4BF3A ] \Device\Harddisk0\DR0\Partition1
20:11:24.0648 2944  \Device\Harddisk0\DR0\Partition1 - ok
20:11:24.0658 2944  [ D2DC0014ABD9ECA065EF54516A54730C ] \Device\Harddisk0\DR0\Partition2
20:11:24.0660 2944  \Device\Harddisk0\DR0\Partition2 - ok
20:11:24.0660 2944  ============================================================
20:11:24.0660 2944  Scan finished
20:11:24.0660 2944  ============================================================
20:11:24.0674 5424  Detected object count: 0
20:11:24.0674 5424  Actual detected object count: 0
 



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:32 PM

Posted 20 April 2014 - 08:38 AM

Ok just remember the next time that I have you run AdwCleaner, to uncheck those that you want before pressing Clean.   :)  Not yet though.
---------------
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 Xythenol

Xythenol
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Las Vegas, NV
  • Local time:09:32 PM

Posted 21 April 2014 - 04:08 PM

((Okay, I'll make sure to remember that about AdwCleaner))

 

Here's the log report from ComboFix. I think everything ran smoothly. I had a few pop-ups from AVG about it (even though I thought I had turned it off) , but I made sure to allow it.

 

 

ComboFix 14-04-20.01 - User 04/21/2014  13:21:29.1.2 - x64
Microsoft Windows 7 Professional N   6.1.7601.1.1252.1.1033.18.1984.717 [GMT -7:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\SPL4653.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-21 to 2014-04-21  )))))))))))))))))))))))))))))))
.
.
2014-04-21 20:06 . 2014-04-16 10:22    10651704    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE7E6227-2E4F-4FD1-9244-AE8E972ED2A4}\mpengine.dll
2014-04-20 03:10 . 2014-04-20 03:10    208216    ----a-w-    c:\windows\system32\drivers\83512759.sys
2014-04-20 01:35 . 2014-02-19 22:02    1031560    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D1E7C66-B4DB-42EF-9ACD-64617478CB89}\gapaengine.dll
2014-04-20 01:13 . 2014-04-20 01:16    --------    d-----w-    C:\AdwCleaner
2014-04-18 02:07 . 2014-04-18 02:07    208216    ----a-w-    c:\windows\system32\drivers\42044236.sys
2014-04-17 22:03 . 2014-04-17 22:03    --------    d-----w-    c:\windows\Migration
2014-04-17 09:40 . 2014-04-17 09:40    208216    ----a-w-    c:\windows\system32\drivers\58564933.sys
2014-04-17 01:16 . 2014-04-01 01:15    10651696    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-16 03:38 . 2014-03-18 05:11    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-16 01:04 . 2014-04-16 01:04    --------    d-----w-    c:\users\Default\AppData\Roaming\TuneUp Software
2014-04-16 00:48 . 2014-03-29 23:37    6089216    ----a-w-    c:\program files\Windows Defender\en-US\systemprofile\AppData\Local\Avg2014\update\backup\avgmfapx.exe
2014-04-14 00:12 . 2014-04-14 00:12    --------    d-----w-    c:\users\User\AppData\Roaming\NVIDIA
2014-04-13 23:45 . 2014-04-13 23:45    --------    d-----w-    c:\program files (x86)\Common Files\Oberon Media
2014-04-13 23:25 . 2014-04-13 23:25    --------    d-----w-    c:\program files (x86)\GamesBar
2014-04-13 23:20 . 2014-04-13 23:20    --------    d-----w-    c:\programdata\Oberon Media
2014-04-05 05:26 . 2014-04-06 03:11    --------    d-----w-    c:\users\TEMP
2014-04-04 07:59 . 2014-04-04 07:59    --------    d--h--w-    c:\program files (x86)\Common Files\EAInstaller
2014-04-04 07:55 . 2008-10-15 13:22    519000    ----a-w-    c:\windows\system32\d3dx10_40.dll
2014-04-04 07:55 . 2008-10-15 13:22    452440    ----a-w-    c:\windows\SysWow64\d3dx10_40.dll
2014-04-04 07:55 . 2008-10-15 13:22    2605920    ----a-w-    c:\windows\system32\D3DCompiler_40.dll
2014-04-04 07:55 . 2008-10-15 13:22    2036576    ----a-w-    c:\windows\SysWow64\D3DCompiler_40.dll
2014-04-04 07:55 . 2008-10-15 13:22    5631312    ----a-w-    c:\windows\system32\D3DX9_40.dll
2014-04-04 07:55 . 2008-10-15 13:22    4379984    ----a-w-    c:\windows\SysWow64\D3DX9_40.dll
2014-04-04 03:03 . 2014-04-04 03:03    --------    d-----w-    c:\users\User\AppData\Roaming\AVG2014
2014-04-04 02:35 . 2014-04-18 01:30    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-04 02:33 . 2014-04-03 16:51    88280    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-04-04 02:33 . 2014-04-03 16:51    63192    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-04-04 02:33 . 2014-04-03 16:50    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-04 02:33 . 2014-04-05 05:51    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-04 02:33 . 2014-04-04 02:33    --------    d-----w-    c:\programdata\Malwarebytes
2014-04-04 02:28 . 2014-04-04 02:28    234592    ----a-w-    c:\windows\system32\drivers\03314170.sys
2014-04-04 02:26 . 2014-04-04 02:26    --------    d-----w-    c:\users\User\AppData\Roaming\TuneUp Software
2014-04-04 02:24 . 2014-04-04 02:27    --------    d-----w-    c:\programdata\AVG2014
2014-04-04 02:24 . 2014-04-04 02:24    --------    d-----w-    C:\$AVG
2014-04-04 02:23 . 2014-04-04 02:23    --------    d-----w-    c:\program files (x86)\AVG
2014-04-04 02:17 . 2014-04-21 20:05    --------    d-----w-    c:\programdata\MFAData
2014-04-04 02:17 . 2014-04-05 05:52    --------    d-----w-    c:\users\User\AppData\Local\Avg2014
2014-04-04 02:17 . 2014-04-04 02:17    --------    d-----w-    c:\users\User\AppData\Local\MFAData
2014-04-02 04:03 . 2014-04-02 04:03    236824    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2014-03-31 23:20 . 2014-03-31 23:20    274200    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2014-03-31 23:06 . 2014-03-31 23:06    130840    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2014-03-28 05:14 . 2014-03-28 05:14    192792    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2014-03-28 05:14 . 2014-03-28 05:14    153368    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2014-03-28 05:07 . 2014-03-28 05:07    236824    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2014-03-28 05:05 . 2014-03-28 05:05    324376    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2014-03-28 05:03 . 2014-03-28 05:03    32536    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-13 20:50 . 2012-08-16 18:47    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-13 20:50 . 2011-08-18 04:19    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 16:35 . 2010-04-07 19:12    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-31 10:51 . 2010-04-07 21:40    90655440    ----a-w-    c:\windows\system32\MRT.exe
2014-03-11 16:52 . 2013-06-19 04:50    133928    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-19 22:02 . 2013-10-18 08:21    1031560    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-25 08:19 . 2014-01-25 08:19    268512    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2007-09-17 17:10 . 2012-12-07 09:41    24576    ----a-w-    c:\program files (x86)\Lexmark 3500-4500 Series
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2012-12-05 04:45    431784    ----a-w-    c:\program files (x86)\DAP\LinkVerifier.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-28 03:29    297128    ----a-w-    c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-03-24 3588952]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-04-07 5180432]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Network PC Fax.lnk - c:\windows\System32\spool\drivers\x64\3\NetFaxTray64.exe [2012-9-19 273408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl7534a931;MpKsl7534a931;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED3ABC55-EA26-4EED-A67F-AD77FE0B5D55}\MpKsl7534a931.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED3ABC55-EA26-4EED-A67F-AD77FE0B5D55}\MpKsl7534a931.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 38456373;38456373; [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe;c:\windows\SYSNATIVE\lxedcoms.exe [x]
S2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxedserv.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe;c:\windows\SYSNATIVE\spool\drivers\x64\3\NetFaxServer64.exe [x]
S2 Soda PDF 3D Reader Helper Service;Soda PDF 3D Reader Helper Service;c:\program files (x86)\Soda PDF 3D Reader\HelperService.exe;c:\program files (x86)\Soda PDF 3D Reader\HelperService.exe [x]
S2 Soda PDF 3D Reader Service;Soda PDF 3D Reader Service;c:\program files (x86)\Soda PDF 3D Reader\ConversionService.exe;c:\program files (x86)\Soda PDF 3D Reader\ConversionService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-12 19:58    1077576    ----a-w-    c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 20:50]
.
2014-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 01:10]
.
2014-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 01:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-21 01:08    357432    ----a-w-    c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"EzPrint"="c:\program files (x86)\Lexmark S600 Series\ezprint.exe" [2009-10-01 139944]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-21 456704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o8i34k3q.default-1397698208506\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
URLSearchHooks-{d4330680-c0ae-4226-8a21-0afe2fd1ac24} - (no file)
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-04698184.sys
SafeBoot-47322185.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-1ClickDownload - c:\program files (x86)\TornTV.com\uninst.exe
AddRemove-SimsTR - Valentine's Day Special Pack - c:\users\User\Documents\EA Games\The Sims™ 2 Double Deluxe\Downloads2\Uninstal.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}"=hex:51,66,7a,6c,4c,1d,38,12,62,ab,04,
   14,3b,21,26,00,d7,5b,ae,96,a9,cb,61,e4
"{D4330680-C0AE-4226-8A21-0AFE2FD1AC24}"=hex:51,66,7a,6c,4c,1d,38,12,ee,05,20,
   d0,9c,8e,48,07,f5,37,49,be,2a,8f,e8,30
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}"=hex:51,66,7a,6c,4c,1d,38,12,7e,e6,d6,
   d6,5f,f0,a2,07,e0,77,a7,b9,3c,59,c0,60
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F37C7F06-0B23-4AD1-9160-1CC285A5E9EC}"=hex:51,66,7a,6c,4c,1d,38,12,68,7c,6f,
   f7,11,45,bf,0f,ee,76,5f,82,80,fb,ad,f8
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:8c,77,9b,28,94,98,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-04-21  13:51:19 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-21 20:51
.
Pre-Run: 200,831,512,576 bytes free
Post-Run: 203,848,359,936 bytes free
.
- - End Of File - - B9981220D5E46FDDAABA550A94AE6594
A36C5E4F47E84449FF07ED3517B43A31
 



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:32 PM

Posted 21 April 2014 - 07:41 PM

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
c:\windows\system32\drivers\83512759.sys
 
c:\windows\system32\drivers\42044236.sys
 
c:\windows\system32\drivers\58564933.sys


 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 Xythenol

Xythenol
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Las Vegas, NV
  • Local time:09:32 PM

Posted 22 April 2014 - 03:41 AM

I followed your instructions and tried copying and pasting the lines a couple of times, but I keep getting this pop-up error that says "the file could not be found" for each line. I even tried copying and pasting the three lines altogether, but the same pop-up just keeps coming up.



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:32 PM

Posted 22 April 2014 - 06:39 PM

Ok thanks for letting me know.   :)
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    DDS::
    uStart Page = hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ie
    IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
     
    File::
    c:\windows\system32\drivers\83512759.sys
    c:\windows\system32\drivers\42044236.sys
    c:\windows\system32\drivers\58564933.sys
    c:\windows\system32\drivers\03314170.sys
    c:\program files (x86)\DAP\LinkVerifier.dll
    c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
    c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
     
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
     
    Driver::
    38456373

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 

81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 
Post the new logs made by AdwCleaner and ComboFix and also let me know how your system is running.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 Xythenol

Xythenol
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Las Vegas, NV
  • Local time:09:32 PM

Posted 25 April 2014 - 12:47 AM

Hi, again. :)

I just want to apologize for no new notices on this topic, I've been really sick lately and haven't been able to get to the computer. I know you have a 3-day waiting period for replies, and I wanted you to know that I haven't been lazy about replying. Promise I'll do those scans tomorrow and let you know how the computer's running.

#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:32 PM

Posted 25 April 2014 - 10:56 AM

No worries.  Thanks for letting me know.  Hope you get to feeling better.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 Xythenol

Xythenol
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Las Vegas, NV
  • Local time:09:32 PM

Posted 26 April 2014 - 08:30 PM

Thank you so much for being so understanding and patient! I'm doing a lot better ~

 

My computer seems to be running a little better; it's shutting down more smoother (no freezing or blinking black), and it's starting up better too, as well as the programs that open upon start-up. Firefox is even running faster, and it hasn't been freezing up. Microsoft Security Essentials is still having trouble opening unless I click "Run as Administrator", but I don't know if that's related to the trojan issue.

 

Anyhow, here's the log from ComboFix:

 

 

ComboFix 14-04-26.01 - User 04/26/2014  17:39:29.2.2 - x64
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
.
FILE ::
"c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll"
"c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll"
"c:\program files (x86)\DAP\LinkVerifier.dll"
"c:\windows\system32\drivers\03314170.sys"
"c:\windows\system32\drivers\42044236.sys"
"c:\windows\system32\drivers\58564933.sys"
"c:\windows\system32\drivers\83512759.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\programdata\SPL4653.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_38456373
-------\Service_38456373
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-27 to 2014-04-27  )))))))))))))))))))))))))))))))
.
.
2014-04-27 00:49 . 2014-04-27 00:49    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-04-27 00:49 . 2014-04-27 00:49    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-23 03:46 . 2014-04-16 10:22    10651704    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECB13D99-5135-47F8-8BC8-B7FB784C48E3}\mpengine.dll
2014-04-22 00:08 . 2014-04-16 10:22    10651704    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-20 03:10 . 2014-04-20 03:10    208216    ----a-w-    c:\windows\system32\drivers\83512759.sys
2014-04-20 01:35 . 2014-02-19 22:02    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D1E7C66-B4DB-42EF-9ACD-64617478CB89}\gapaengine.dll
2014-04-20 01:13 . 2014-04-20 01:16    --------    d-----w-    C:\AdwCleaner
2014-04-18 02:07 . 2014-04-18 02:07    208216    ----a-w-    c:\windows\system32\drivers\42044236.sys
2014-04-17 22:03 . 2014-04-17 22:03    --------    d-----w-    c:\windows\Migration
2014-04-17 09:40 . 2014-04-17 09:40    208216    ----a-w-    c:\windows\system32\drivers\58564933.sys
2014-04-16 03:38 . 2014-03-18 05:11    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-16 01:04 . 2014-04-16 01:04    --------    d-----w-    c:\users\Default\AppData\Roaming\TuneUp Software
2014-04-14 00:12 . 2014-04-14 00:12    --------    d-----w-    c:\users\User\AppData\Roaming\NVIDIA
2014-04-13 23:45 . 2014-04-13 23:45    --------    d-----w-    c:\program files (x86)\Common Files\Oberon Media
2014-04-13 23:25 . 2014-04-13 23:25    --------    d-----w-    c:\program files (x86)\GamesBar
2014-04-13 23:20 . 2014-04-13 23:20    --------    d-----w-    c:\programdata\Oberon Media
2014-04-05 05:26 . 2014-04-06 03:11    --------    d-----w-    c:\users\TEMP
2014-04-04 07:59 . 2014-04-04 07:59    --------    d--h--w-    c:\program files (x86)\Common Files\EAInstaller
2014-04-04 07:55 . 2008-10-15 13:22    519000    ----a-w-    c:\windows\system32\d3dx10_40.dll
2014-04-04 07:55 . 2008-10-15 13:22    452440    ----a-w-    c:\windows\SysWow64\d3dx10_40.dll
2014-04-04 07:55 . 2008-10-15 13:22    2605920    ----a-w-    c:\windows\system32\D3DCompiler_40.dll
2014-04-04 07:55 . 2008-10-15 13:22    2036576    ----a-w-    c:\windows\SysWow64\D3DCompiler_40.dll
2014-04-04 07:55 . 2008-10-15 13:22    5631312    ----a-w-    c:\windows\system32\D3DX9_40.dll
2014-04-04 07:55 . 2008-10-15 13:22    4379984    ----a-w-    c:\windows\SysWow64\D3DX9_40.dll
2014-04-04 03:03 . 2014-04-04 03:03    --------    d-----w-    c:\users\User\AppData\Roaming\AVG2014
2014-04-04 02:35 . 2014-04-27 00:16    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-04 02:33 . 2014-04-03 16:51    88280    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-04-04 02:33 . 2014-04-03 16:51    63192    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-04-04 02:33 . 2014-04-03 16:50    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-04 02:33 . 2014-04-05 05:51    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-04 02:33 . 2014-04-04 02:33    --------    d-----w-    c:\programdata\Malwarebytes
2014-04-04 02:28 . 2014-04-04 02:28    234592    ----a-w-    c:\windows\system32\drivers\03314170.sys
2014-04-04 02:26 . 2014-04-04 02:26    --------    d-----w-    c:\users\User\AppData\Roaming\TuneUp Software
2014-04-04 02:24 . 2014-04-04 02:27    --------    d-----w-    c:\programdata\AVG2014
2014-04-04 02:24 . 2014-04-04 02:24    --------    d-----w-    C:\$AVG
2014-04-04 02:23 . 2014-04-04 02:23    --------    d-----w-    c:\program files (x86)\AVG
2014-04-04 02:17 . 2014-04-27 00:14    --------    d-----w-    c:\programdata\MFAData
2014-04-04 02:17 . 2014-04-05 05:52    --------    d-----w-    c:\users\User\AppData\Local\Avg2014
2014-04-04 02:17 . 2014-04-04 02:17    --------    d-----w-    c:\users\User\AppData\Local\MFAData
2014-04-02 04:03 . 2014-04-02 04:03    236824    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2014-03-31 23:20 . 2014-03-31 23:20    274200    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2014-03-31 23:06 . 2014-03-31 23:06    130840    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2014-03-28 05:14 . 2014-03-28 05:14    192792    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2014-03-28 05:14 . 2014-03-28 05:14    153368    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2014-03-28 05:07 . 2014-03-28 05:07    236824    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2014-03-28 05:05 . 2014-03-28 05:05    324376    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2014-03-28 05:03 . 2014-03-28 05:03    32536    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-13 20:50 . 2012-08-16 18:47    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-13 20:50 . 2011-08-18 04:19    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 16:35 . 2010-04-07 19:12    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-31 10:51 . 2010-04-07 21:40    90655440    ----a-w-    c:\windows\system32\MRT.exe
2014-03-11 16:52 . 2013-06-19 04:50    133928    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-19 22:02 . 2013-10-18 08:21    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2007-09-17 17:10 . 2012-12-07 09:41    24576    ----a-w-    c:\program files (x86)\Lexmark 3500-4500 Series
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2012-12-05 04:45    431784    ----a-w-    c:\program files (x86)\DAP\LinkVerifier.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-28 03:29    297128    ----a-w-    c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-03-24 3588952]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-04-07 5180432]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Network PC Fax.lnk - c:\windows\System32\spool\drivers\x64\3\NetFaxTray64.exe [2012-9-19 273408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl7534a931;MpKsl7534a931;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED3ABC55-EA26-4EED-A67F-AD77FE0B5D55}\MpKsl7534a931.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED3ABC55-EA26-4EED-A67F-AD77FE0B5D55}\MpKsl7534a931.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe;c:\windows\SYSNATIVE\lxedcoms.exe [x]
S2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxedserv.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe;c:\windows\SYSNATIVE\spool\drivers\x64\3\NetFaxServer64.exe [x]
S2 Soda PDF 3D Reader Helper Service;Soda PDF 3D Reader Helper Service;c:\program files (x86)\Soda PDF 3D Reader\HelperService.exe;c:\program files (x86)\Soda PDF 3D Reader\HelperService.exe [x]
S2 Soda PDF 3D Reader Service;Soda PDF 3D Reader Service;c:\program files (x86)\Soda PDF 3D Reader\ConversionService.exe;c:\program files (x86)\Soda PDF 3D Reader\ConversionService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-12 19:58    1077576    ----a-w-    c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 20:50]
.
2014-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 01:10]
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 01:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"EzPrint"="c:\program files (x86)\Lexmark S600 Series\ezprint.exe" [2009-10-01 139944]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-21 456704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o8i34k3q.default-1397698208506\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
URLSearchHooks-{d4330680-c0ae-4226-8a21-0afe2fd1ac24} - (no file)
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-1ClickDownload - c:\program files (x86)\TornTV.com\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}"=hex:51,66,7a,6c,4c,1d,38,12,62,ab,04,
   14,3b,21,26,00,d7,5b,ae,96,a9,cb,61,e4
"{D4330680-C0AE-4226-8A21-0AFE2FD1AC24}"=hex:51,66,7a,6c,4c,1d,38,12,ee,05,20,
   d0,9c,8e,48,07,f5,37,49,be,2a,8f,e8,30
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}"=hex:51,66,7a,6c,4c,1d,38,12,7e,e6,d6,
   d6,5f,f0,a2,07,e0,77,a7,b9,3c,59,c0,60
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F37C7F06-0B23-4AD1-9160-1CC285A5E9EC}"=hex:51,66,7a,6c,4c,1d,38,12,68,7c,6f,
   f7,11,45,bf,0f,ee,76,5f,82,80,fb,ad,f8
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:8c,77,9b,28,94,98,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-04-26  18:06:50 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-27 01:06
ComboFix2.txt  2014-04-21 20:51
.
Pre-Run: 209,234,173,952 bytes free
Post-Run: 208,593,006,592 bytes free
.
- - End Of File - - C9E6468185E18FA93B2EACBD3FE65814
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

And here's the log for AdwCleaner:

 

 

# AdwCleaner v3.204 - Report created 26/04/2014 at 18:15:32
# Updated 26/04/2014 by Xplode
# Operating System : Windows 7 Professional N Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DVDVideoSoftTB
Folder Deleted : C:\Program Files (x86)\GamesBar
Folder Deleted : C:\Program Files (x86)\Red Sky
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Program Files (x86)\MakeMeBabies_2.0
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\User\AppData\Local\Conduit
Folder Deleted : C:\Users\User\AppData\Local\DownTango
Folder Deleted : C:\Users\User\AppData\Local\iLivid
Folder Deleted : C:\Users\User\AppData\Local\PackageAware
Folder Deleted : C:\Users\User\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\User\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\User\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\User\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\User\AppData\LocalLow\MakeMeBabies_2.0
Folder Deleted : C:\Users\User\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\User\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\User\AppData\Roaming\Systweak
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\torntv@torntv.com.xpi
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3027459
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBAF4A71-E681-4A25-BFA8-3A2CCE2BEC5F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FBAF4A71-E681-4A25-BFA8-3A2CCE2BEC5F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FBAF4A71-E681-4A25-BFA8-3A2CCE2BEC5F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FCDF968-EE4B-48AF-ACE9-1CD711160FA5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C815A5E-632F-4430-BF2B-8AEE24811BE1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35018CD6-AE8B-4085-9388-B51AA00AB1B5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C812B57-747A-4D90-8105-F336A673C301}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D4330680-C0AE-4226-8A21-0AFE2FD1AC24}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\MakeMeBabies_2.0
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DVDVideoSoftTB
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\MakeMeBabies_2.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MakeMeBabies_2.0 Toolbar
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o8i34k3q.default-1397698208506\prefs.js ]


-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1587&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^AA9&apn_dtid=^YYYYYY^YY^US&apn_uid=5E9F1262-3CE5-41B3-8957-FD40FD5354F5&apn_sauid=B0F59A99-20F5-4128-A8C1-9297E660450B
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : niapdbllcanepiiimjjndipklodoedlc

*************************

AdwCleaner[R0].txt - [13021 octets] - [19/04/2014 18:14:08]
AdwCleaner[R1].txt - [10786 octets] - [26/04/2014 18:13:48]
AdwCleaner[S0].txt - [9895 octets] - [26/04/2014 18:15:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9955 octets] ##########
 



#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:32 PM

Posted 27 April 2014 - 02:48 PM

GUZVCQN.jpgMalwarebytes
 
Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 

ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 Xythenol

Xythenol
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Las Vegas, NV
  • Local time:09:32 PM

Posted 27 April 2014 - 10:56 PM

The computer's running about the same, nothing new noticeable. Here's the log for Malwarebytes:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/27/2014
Scan Time: 3:32:45 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.27.05
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329249
Time Elapsed: 34 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

And here's the list from ESET:

 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe.vir    Win32/Toolbar.Conduit.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB\hk64tbDVD0.dll.vir    a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB\hktbDVD0.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB\ldrtbDVD0.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB\ldrtbDVDV.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll.vir    Win32/Toolbar.Conduit.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB\tbDVD0.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll.vir    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MakeMeBabies_2.0\ldrtbMake.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MakeMeBabies_2.0\MakeMeBabies_2.0ToolbarHelper.exe.vir    Win32/Toolbar.Conduit.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MakeMeBabies_2.0\tbMake.dll.vir    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Conduit\CT3027459\MakeMeBabies_2.0AutoUpdateHelper.exe.vir    Win32/Toolbar.Conduit.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js.vir    JS/Adware.Yontoo.A application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD0.dll.vir    a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\DVDVideoSoftTB\hktbDVD0.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD0.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVDV.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\DVDVideoSoftTB\tbDVD1.dll.vir    a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir    a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\MakeMeBabies_2.0\ldrtbMake.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\MakeMeBabies_2.0\tbMake.dll.vir    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\MakeMeBabies_2.0\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir    a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Search Protection\Uninstall.exe.vir    a variant of Win32/Toolbar.Widgi potentially unwanted application
C:\Users\User\Downloads\Blackout RO Game Client v1230.exe    Win32/GameTool.V potentially unsafe application
C:\Users\User\Downloads\cbsidlm-tr1_13-Facade-SEO-10414037.exe    Win32/DownloadAdmin.G potentially unwanted application
C:\Users\User\Downloads\cbsidlm-tr1_13-Roller_Coaster_Tycoon-SEO-10026882.exe    Win32/DownloadAdmin.G potentially unwanted application
C:\Users\User\Downloads\FreeAVIVideoConverter(1).exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Users\User\Downloads\FreeAVIVideoConverter(2).exe    Win32/OpenCandy potentially unsafe application
C:\Users\User\Downloads\FreeAVIVideoConverter(3).exe    Win32/OpenCandy potentially unsafe application
C:\Users\User\Downloads\FreeAVIVideoConverter.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Users\User\Downloads\FreeYouTubeDownload(1).exe    Win32/OpenCandy potentially unsafe application
C:\Users\User\Downloads\FreeYouTubeDownload(2).exe    Win32/OpenCandy potentially unsafe application
C:\Users\User\Downloads\FreeYouTubeDownload(3).exe    Win32/OpenCandy potentially unsafe application
C:\Users\User\Downloads\FreeYouTubeDownload.exe    Win32/OpenCandy potentially unsafe application
C:\Users\User\Downloads\FreeYouTubeToMP3Converter (1).exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Users\User\Downloads\FreeYouTubeToMP3Converter(1).exe    Win32/OpenCandy potentially unsafe application
C:\Users\User\Downloads\FreeYouTubeToMP3Converter(2).exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Users\User\Downloads\FreeYouTubeToMP3Converter(3).exe    Win32/OpenCandy potentially unsafe application
C:\Users\User\Downloads\FreeYouTubeToMP3Converter(4).exe    Win32/OpenCandy potentially unsafe application
C:\Users\User\Downloads\FreeYouTubeToMP3Converter(5).exe    Win32/OpenCandy potentially unsafe application
C:\Users\User\Downloads\FreeYouTubeToMP3Converter(6).exe    Win32/OpenCandy potentially unsafe application
C:\Users\User\Downloads\FreeYouTubeToMP3Converter(7).exe    Win32/OpenCandy potentially unsafe application
C:\Users\User\Downloads\FreeYouTubeToMP3Converter(8).exe    Win32/OpenCandy potentially unsafe application
C:\Users\User\Downloads\FreeYouTubeToMP3Converter(9).exe    Win32/InstallCore.ME potentially unwanted application
C:\Users\User\Downloads\FreeYouTubeToMP3Converter.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Users\User\Downloads\Installer_YTDHD.exe    Win32/OpenCandy potentially unsafe application
C:\Users\User\Downloads\Shockwave_Installer_Slim.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\User\Downloads\WinZip175.exe    a variant of Win32/OpenInstall potentially unwanted application
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users