Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

www-search.net is taking over, need help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

www-search.net is taking over, need help

Unread postby Sellon05 » March 9th, 2014, 11:52 pm

I installed a publishing program the other day, stupidly I might add, and now my internet home page has been re-routed to

hxxp://www-search.net/search/search.html?pid=s&pi=1

I'm now starting to get pop-ups and everything seems to be running slower.

I need help! Thanks so much in advance

DDS.txt

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Sellon at 21:49:14.89 on Sun 03/09/2014
Internet Explorer: 9.11.9600.16518
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3997.1544 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\albrechto\updatealbrechto.exe
C:\Program Files (x86)\albrechto\bin\utilalbrechto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Sellon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\StikyNot.exe
C:\Users\Sellon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
Q:\140066.enu\Office14\WINWORDC.EXE
Q:\140066.enu\Office14\OffSpon.EXE
C:\windows\splwow64.exe
C:\Program Files (x86)\Steam\steamapps\common\YNAB 4\YNAB 4.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Sellon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Sellon\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com/?type=586383&fr=spigot-yhp-ie
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: iWebar: {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho.dll
BHO: albrechto: {4b74bd5c-e08b-4921-92bc-1ea8bb899da2} - C:\Program Files (x86)\albrechto\albrechtoBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Spotify Web Helper] "C:\Users\Sellon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Sellon\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [Google Update] "C:\Users\Sellon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Sellon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sellon\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [(Default)]
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [BatteryManager] %ProgramFiles%\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE
mRun-x64: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
mRun-x64: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sellon\AppData\Roaming\Mozilla\Firefox\Profiles\gqjyoili.default-1393478999498\
FF - prefs.js: browser.startup.homepage - Google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Sellon\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Sellon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Sellon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Sellon\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-1-7 151536]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 irstrtsv;Intel(R) Rapid Start Technology Service;C:\windows\system32\irstrtsv.exe --> C:\windows\system32\irstrtsv.exe [?]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-7-21 212944]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2013-10-3 101888]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-8-22 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-10-3 2656536]
R2 Update albrechto;Update albrechto;C:\Program Files (x86)\albrechto\updatealbrechto.exe [2014-1-10 111904]
R2 Util albrechto;Util albrechto;C:\Program Files (x86)\albrechto\bin\utilalbrechto.exe [2014-1-11 111904]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\System32\drivers\e1c62x64.sys [2013-2-21 495888]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2013-10-3 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2011-5-1 8593920]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-7-28 92672]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-7-28 209408]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2013-10-3 38096]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-10-3 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-8-10 833464]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-3 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-3 257928]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-3 136176]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-3 118896]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-1 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-3 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-3 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-3 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-3 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-10 01:38:59 10536864 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{3D587F96-D863-4F44-B2B2-2B0C5352D3F6}\mpengine.dll
2014-03-08 05:01:54 1031560 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{833EC984-CDE6-4D15-B756-3A2026E1A12F}\gapaengine.dll
2014-03-08 05:01:33 10536864 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-06 03:19:21 1031560 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{148C4261-3CEA-4BA8-AB9F-C0C298647972}\gapaengine.dll
2014-02-27 05:29:23 -------- d-----w- C:\Program Files (x86)\Anvisoft
2014-02-27 05:03:33 -------- d-----w- C:\Users\Sellon\AppData\Roaming\Malwarebytes
2014-02-27 05:03:20 -------- d-----w- C:\PROGRA~3\Malwarebytes
2014-02-27 05:03:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-26 17:46:47 -------- d-----w- C:\windows\Migration
2014-02-25 05:02:58 -------- d-----w- C:\PROGRA~3\SearchModule
2014-02-25 05:02:54 -------- d-----w- C:\Program Files\Common Files\Goobzo
2014-02-22 21:51:54 -------- d-----w- C:\Users\Sellon\AppData\Roaming\Serif
2014-02-22 21:32:55 -------- d-----w- C:\Users\Sellon\AppData\Roaming\Scribus
2014-02-12 18:22:23 548864 ----a-w- C:\windows\System32\vbscript.dll
2014-02-12 18:22:23 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-02-12 04:04:07 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2014-02-12 04:04:07 2048 ----a-w- C:\windows\System32\msxml3r.dll
2014-02-12 04:04:07 1882112 ----a-w- C:\windows\System32\msxml3.dll
2014-02-12 04:04:07 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
.
==================== Find3M ====================
.
2014-02-21 07:05:00 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 07:05:00 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2014-01-19 07:33:29 270496 ------w- C:\windows\System32\MpSigStub.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2013-12-15 18:40:59 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2013-12-15 18:40:59 48128 ----a-w- C:\windows\System32\imgutil.dll
.
============= FINISH: 21:49:48.30 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/3/2013 1:40:32 PM
System Uptime: 3/9/2014 5:36:17 AM (16 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM) i3-2367M CPU @ 1.40GHz | Socket BGA1023 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 106 GiB total, 48.578 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP64: 2/26/2014 10:29:37 PM - Anvi CSB 3.2
RP65: 2/27/2014 6:50:31 AM - Windows Update
RP66: 3/2/2014 11:36:16 PM - Windows Update
RP67: 3/7/2014 10:01:19 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
Age of Empires II: HD Edition
Best Buy pc app
BitTorrent
Company of Heroes (New Steam Version)
Coupon Printer for Windows
D3DX10
Day of Defeat
Day of Defeat: Source
Dropbox
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hex Color Finder
Intel PROSet Wireless
Intel(R) Identity Protection Technology 1.2.18.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Start Technology
Intel(R) Rapid Storage Technology
Intel(R) WiDi
iWebar
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PlayReady PC Runtime x86
PS_AIO_07_D110_SW_Min
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Replay Music 5
RICOH Media Driver v2.15.17.02
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skype™ 6.11
Spotify
Steam
swMSM
System Requirements Lab Detection
Toolbox
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA User's Guide
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless Display Monitor
TOSHIBA Wireless LAN Indicator
TOSHIBARegistration
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
You Need A Budget 4 (YNAB)
.
==== Event Viewer Messages From Past Week ========
.
3/9/2014 9:45:26 PM, Error: Service Control Manager [7034] - The Anvi Cloud System Booster Speed Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2014 10:38:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
3/7/2014 9:50:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
.
==== End Of File ===========================


Once again, thank you in advance.
Last edited by Cypher on March 11th, 2014, 11:16 am, edited 1 time in total.
Reason: Disabled link
Sellon05
Active Member
 
Posts: 13
Joined: March 9th, 2014, 11:41 pm
Advertisement
Register to Remove

Re: www-search.net is taking over, need help

Unread postby Cypher » March 11th, 2014, 11:45 am

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: www-search.net is taking over, need help

Unread postby Cypher » March 11th, 2014, 11:51 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
BitTorrent
Coupon Printer for Windows
Java(TM) 6 Update 25


Next.

Please download Malwarebytes' Anti-Malware and save to your desktop.
  • Right-click mbam-setup.exe and select " Run as administrator " to run it.
  • Follow the prompts and at the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you wish)
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • AdwCleaner log.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: www-search.net is taking over, need help

Unread postby Sellon05 » March 11th, 2014, 12:44 pm

Logs

Malwarebytes

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
http://www.malwarebytes.org

Database version: v2014.03.11.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Sellon :: SELLON-PC [administrator]

Protection: Disabled

3/11/2014 10:13:08 AM
mbam-log-2014-03-11 (10-13-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215304
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Detected: 2
C:\Program Files (x86)\albrechto\updatealbrechto.exe (PUP.Optional.Albrechto.A) -> 2392 -> Delete on reboot.
C:\Program Files (x86)\albrechto\bin\utilalbrechto.exe (PUP.Optional.Albrechto.A) -> 2444 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files (x86)\albrechto\bin\albrechto.BrowserFilter.Helper.dll (PUP.Optional.Albrechto.A) -> Delete on reboot.

Registry Keys Detected: 26
HKLM\SYSTEM\CurrentControlSet\Services\Update albrechto (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Util albrechto (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110311551110} (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440344554410} (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550355555510} (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0035510.BHO.1 (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551110} (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311551110} (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311551110} (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1881A451-F7FB-44BC-85B2-FCEA4B1403E3} (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWebar (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0035510.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0035510.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0035510.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\albrechto (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\iWebar (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\iWebar (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\iWebar (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKLM\Software\albrechto (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b74bd5c-e08b-4921-92bc-1ea8bb899da2} (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4b74bd5c-e08b-4921-92bc-1ea8bb899da2} (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{b287c84c-3fb1-48e8-914a-44a41222194c} (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
HKCR\Interface\{BF411B06-E132-46D1-94B8-15D8E39A9D92} (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B74BD5C-E08B-4921-92BC-1EA8BB899DA2} (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 23
C:\Program Files (x86)\iWebar (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\albrechto (PUP.Optional.Albrechto.A) -> Delete on reboot.
C:\Program Files (x86)\albrechto\bin (PUP.Optional.Albrechto.A) -> Delete on reboot.
C:\Program Files (x86)\albrechto\bin\plugins (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\icons (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\icons\actions (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\api (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\app (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\popupResource (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\userCode (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\icons (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\icons\actions (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\api (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\popupResource (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.

Files Detected: 127
C:\Program Files (x86)\albrechto\updatealbrechto.exe (PUP.Optional.Albrechto.A) -> Delete on reboot.
C:\Program Files (x86)\albrechto\bin\utilalbrechto.exe (PUP.Optional.Albrechto.A) -> Delete on reboot.
C:\Program Files (x86)\iWebar\iWebar-bho.dll (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\background.html (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\35510.crx (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\35510.xpi (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\Installer.log (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-bg.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-buttonutil.dll (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-buttonutil.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-buttonutil64.dll (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-buttonutil64.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-chromeinstaller.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-enabler.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-firefoxinstaller.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-helper.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-updater.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar.ico (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\Uninstall.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\utils.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\iWebar-chromeinstaller.job (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\iWebar-codedownloader.job (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\iWebar-enabler.job (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\iWebar-firefoxinstaller.job (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\iWebar-updater.job (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\albrechto\albrechto.ico (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\albrechto\albrechtoUninstall.exe (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\albrechto\sqlite3.exe (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\albrechto\updatealbrechto.InstallState (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\albrechto\bin\albrechto.BrowserFilter.Helper.dll (PUP.Optional.Albrechto.A) -> Delete on reboot.
C:\Program Files (x86)\albrechto\bin\albrechto.BrowserFilter.Helper.dll.old.4fe25f84-7fed-4f3d-a106-2af8bb0e67ef (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\albrechto\bin\albrechtoBrowserFilter.exe (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\albrechto\bin\sqlite3.dll (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\albrechto\bin\utilalbrechto.InstallState (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\albrechto\bin\plugins\albrechto.BrowserFilter.dll (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\albrechto\bin\plugins\albrechto.FFUpdate.dll (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\albrechto\bin\plugins\albrechto.GCUpdate.dll (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\albrechto\bin\plugins\albrechto.IEUpdate.dll (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\background.html (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\crossriderManifest.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\manifest.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\popup.html (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\icons\icon128.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\icons\icon16.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\icons\icon48.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\icons\actions\1.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\background.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\api\chrome.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\api\cookie.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\api\message.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\app\background.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\app\extension.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\app_api.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\async_api.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\bg_app_api.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\cookie_store.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\crossriderAPI.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\data_store.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\delegate.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\events.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\installer.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\logging.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\onBGDocumentLoad.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\reports.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\util.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\xhr.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\popupResource\newPopup.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.23.73_0\js\lib\popupResource\popup.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\background.html (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\crossriderManifest.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\manifest.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\popup.html (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\version.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\manifest.xml (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\13_CrossriderAppUtils.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\14_CrossriderUtils.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\177_crossriderDashboard.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\17_jQuery.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\182_openUrl.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\183_tabsWrapper.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\19_CHAppAPIWrapper.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\1_base.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\21_debug.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\22_resources.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\28_initializer.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\47_resources_background.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\4_jquery_1_7_1.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\64_appApiMessage.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\72_appApiValidation.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\78_CrossriderInfo.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\80_CHPopupAppAPI.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\91_monetizationLoader.js.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\97_resourceApiWrapper.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\userCode\background.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\userCode\extension.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\icons\icon128.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\icons\icon16.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\icons\icon48.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\icons\actions\1.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\background.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\main.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\api\chrome.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\api\cookie.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\api\message.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\api\pageAction.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\api\pageActionBG.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\app_api.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\bg_app_api.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\consts.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\cookie_store.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\crossriderAPI.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\delegate.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\events.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\extensionDataStore.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\installer.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\logFile.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\logging.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\onBGDocumentLoad.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\reports.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\storageWrapper.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\updateManager.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\util.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\xhr.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\popupResource\newPopup.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\popupResource\popup.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.

(end)


AdwCleaner

# AdwCleaner v3.021 - Report created 11/03/2014 at 10:29:00
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sellon - SELLON-PC
# Running from : C:\Users\Sellon\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Users\Sellon\AppData\Local\SearchProtect
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322552210}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556610}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556610}
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Sellon\AppData\Roaming\Mozilla\Firefox\Profiles\gqjyoili.default-1393478999498\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2146 octets] - [11/03/2014 10:27:58]
AdwCleaner[S0].txt - [2037 octets] - [11/03/2014 10:29:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2097 octets] ##########


OTL

OTL logfile created on: 3/11/2014 10:31:06 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sellon\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 56.58% Memory free
7.80 Gb Paging File | 5.91 Gb Available in Paging File | 75.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 105.63 Gb Total Space | 48.16 Gb Free Space | 45.59% Space Free | Partition Type: NTFS

Computer Name: SELLON-PC | User Name: Sellon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/11 10:30:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sellon\Downloads\OTL.exe
PRC - [2014/02/15 19:26:29 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/01/16 21:26:33 | 006,118,400 | ---- | M] (Spotify Ltd) -- C:\Users\Sellon\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/01/16 21:26:22 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Sellon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/01/16 21:26:22 | 000,603,648 | ---- | M] () -- C:\Users\Sellon\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2014/01/02 18:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sellon\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2011/07/21 16:23:04 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/07/06 17:24:00 | 000,184,320 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2010/12/25 17:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\widimon\widimon.exe
PRC - [2010/06/04 17:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/15 19:26:03 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/01/16 21:26:22 | 036,967,424 | ---- | M] () -- C:\Users\Sellon\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/01/16 21:26:22 | 000,603,648 | ---- | M] () -- C:\Users\Sellon\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/01/02 18:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Sellon\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 17:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Sellon\AppData\Roaming\Dropbox\bin\libcef.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 04:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/22 23:22:46 | 000,582,064 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/08/22 18:08:16 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/08/10 16:59:04 | 000,833,464 | ---- | M] (TOSHIBA Corporation) [On_Demand | Start_Pending] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/09 22:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/06/01 13:38:30 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/06/01 13:23:40 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/06/01 13:19:58 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/10/20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/02/25 15:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/02/15 19:26:28 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/05 11:29:41 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/08/08 18:39:32 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/08 18:39:26 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/07/21 16:23:04 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/07/11 18:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/07/06 17:24:00 | 000,184,320 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2009/11/18 04:51:42 | 001,043,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/27 10:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/25 15:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/02/21 06:14:04 | 000,495,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/31 13:53:20 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/28 10:20:08 | 000,209,408 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/07/28 10:20:06 | 000,092,672 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/06/21 16:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/06/21 16:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/05/25 18:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011/05/01 15:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 20:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 13:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/24 16:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=586383&fr=spigot-yhp-ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{1E22B5E9-C729-41BD-9994-EE50B08B4C3A}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =586383&p={searchTerms}
IE - HKCU\..\SearchScopes\{E43751F6-CDF2-4186-9C3A-F6D9BC934B25}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "Google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sellon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Sellon\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sellon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sellon\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sellon\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/10/03 13:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sellon\AppData\Roaming\Mozilla\Extensions
[2014/03/07 22:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sellon\AppData\Roaming\Mozilla\Firefox\Profiles\gqjyoili.default-1393478999498\extensions
[2014/03/07 22:57:12 | 000,000,000 | ---D | M] ("iWebar") -- C:\Users\Sellon\AppData\Roaming\Mozilla\Firefox\Profiles\gqjyoili.default-1393478999498\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com
[2014/03/07 22:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sellon\AppData\Roaming\Mozilla\Firefox\Profiles\gqjyoili.default-1393478999498\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData
[2014/03/07 22:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sellon\AppData\Roaming\Mozilla\Firefox\Profiles\gqjyoili.default-1393478999498\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins
[2014/03/07 22:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sellon\AppData\Roaming\Mozilla\Firefox\Profiles\gqjyoili.default-1393478999498\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\userCode
[2014/03/11 10:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/15 19:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 19:26:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-g ... =586383&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?outpu ... n&command={searchTerms},
CHR - homepage: http://search.yahoo.com/?type=586383&fr=spigot-yhp-ch
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\npcoplgn.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Wallet = C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [BatteryManager] C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\Toshiba\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Spotify] C:\Users\Sellon\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Sellon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Sellon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sellon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CF2BB8A-CED3-4123-ABC8-5DE79A0FDE3A}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F355D3A9-A91D-46D7-8FEE-BF277DAFA6AA}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{39877a46-9c0b-11e3-8196-e89d87c71c32}\Shell - "" = AutoRun
O33 - MountPoints2\{39877a46-9c0b-11e3-8196-e89d87c71c32}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{90f39b09-62ea-11e3-ae24-e89d87c71c32}\Shell - "" = AutoRun
O33 - MountPoints2\{90f39b09-62ea-11e3-ae24-e89d87c71c32}\Shell\AutoRun\command - "" = D:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/11 10:27:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/11 10:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/11 10:12:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/03/11 10:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/11 10:09:22 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/03/11 10:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/03/11 10:08:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/03/09 21:53:23 | 000,000,000 | ---D | C] -- C:\Users\Sellon\Desktop\virus shit
[2014/02/26 23:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2014/02/26 23:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2014/02/26 23:03:33 | 000,000,000 | ---D | C] -- C:\Users\Sellon\AppData\Roaming\Malwarebytes
[2014/02/26 23:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/26 11:46:47 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2014/02/24 23:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchModule
[2014/02/24 23:02:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Goobzo
[2014/02/22 15:51:57 | 000,000,000 | ---D | C] -- C:\Users\Sellon\Documents\Serif
[2014/02/22 15:51:54 | 000,000,000 | ---D | C] -- C:\Users\Sellon\AppData\Roaming\Serif
[2014/02/22 15:32:55 | 000,000,000 | ---D | C] -- C:\Users\Sellon\AppData\Roaming\Scribus
[2014/02/15 19:25:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/11 10:30:08 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/11 10:29:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/03/11 10:29:41 | 3143,012,352 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/11 10:29:18 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/11 10:29:18 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/11 10:29:09 | 000,782,876 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/03/11 10:29:09 | 000,662,852 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/03/11 10:29:09 | 000,122,430 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/03/11 10:12:22 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/11 10:09:46 | 000,000,207 | ---- | M] () -- C:\windows\tweaking.com-regbackup-SELLON-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/11 10:09:00 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/03/11 10:04:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/03/11 10:03:42 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3701182733-3961789217-2791859033-1001Core.job
[2014/03/11 10:03:41 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3701182733-3961789217-2791859033-1001UA.job
[2014/03/11 10:03:41 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/04 17:20:10 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/02/27 07:51:29 | 000,775,490 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/02/24 23:03:05 | 000,001,490 | ---- | M] () -- C:\Users\Sellon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/24 20:30:22 | 000,001,371 | ---- | M] () -- C:\Users\Sellon\Desktop\DOD Turbo.lnk
[2014/02/24 20:14:34 | 000,000,358 | ---- | M] () -- C:\Users\Sellon\power.ext
[2014/02/22 19:52:41 | 000,049,553 | ---- | M] () -- C:\Users\Sellon\AppData\Roaming\art.png
[2014/02/22 18:30:44 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/02/22 15:49:52 | 000,287,488 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/11 10:12:22 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/11 10:09:46 | 000,000,207 | ---- | C] () -- C:\windows\tweaking.com-regbackup-SELLON-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/11 10:09:00 | 000,002,250 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/02/24 20:20:33 | 000,001,371 | ---- | C] () -- C:\Users\Sellon\Desktop\DOD Turbo.lnk
[2014/02/24 20:14:34 | 000,000,358 | ---- | C] () -- C:\Users\Sellon\power.ext
[2014/02/22 18:37:24 | 000,049,553 | ---- | C] () -- C:\Users\Sellon\AppData\Roaming\art.png
[2014/02/22 18:30:44 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/02/02 21:26:51 | 000,173,080 | ---- | C] () -- C:\windows\hpoins46.dat
[2014/02/02 21:26:51 | 000,000,601 | ---- | C] () -- C:\windows\hpomdl46.dat
[2013/10/03 14:05:52 | 000,775,490 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/03/11 10:10:22 | 000,000,000 | ---D | M] -- C:\Users\Sellon\AppData\Roaming\BitTorrent
[2013/10/31 23:29:12 | 000,000,000 | ---D | M] -- C:\Users\Sellon\AppData\Roaming\Book Place
[2014/02/25 12:48:03 | 000,000,000 | ---D | M] -- C:\Users\Sellon\AppData\Roaming\com.ynab.YNAB4.LiveSteam
[2014/03/11 10:30:36 | 000,000,000 | ---D | M] -- C:\Users\Sellon\AppData\Roaming\Dropbox
[2014/02/22 15:36:02 | 000,000,000 | ---D | M] -- C:\Users\Sellon\AppData\Roaming\Scribus
[2014/02/22 15:51:54 | 000,000,000 | ---D | M] -- C:\Users\Sellon\AppData\Roaming\Serif
[2014/03/11 10:05:33 | 000,000,000 | ---D | M] -- C:\Users\Sellon\AppData\Roaming\SoftGrid Client
[2014/03/11 10:35:22 | 000,000,000 | ---D | M] -- C:\Users\Sellon\AppData\Roaming\Spotify
[2013/10/09 20:08:00 | 000,000,000 | ---D | M] -- C:\Users\Sellon\AppData\Roaming\Toshiba
[2013/10/03 14:06:48 | 000,000,000 | ---D | M] -- C:\Users\Sellon\AppData\Roaming\TP
[2013/10/03 13:40:48 | 000,000,000 | ---D | M] -- C:\Users\Sellon\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >
Sellon05
Active Member
 
Posts: 13
Joined: March 9th, 2014, 11:41 pm

Re: www-search.net is taking over, need help

Unread postby Sellon05 » March 11th, 2014, 12:44 pm

Extra

OTL Extras logfile created on: 3/11/2014 10:31:06 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sellon\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 56.58% Memory free
7.80 Gb Paging File | 5.91 Gb Available in Paging File | 75.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 105.63 Gb Total Space | 48.16 Gb Free Space | 45.59% Space Free | Partition Type: NTFS

Computer Name: SELLON-PC | User Name: Sellon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C217C7C-61EF-46D2-998E-DFAF399F44EC}" = rport=139 | protocol=6 | dir=out | app=system |
"{189E62CA-5D13-46D3-8C7D-EBF6549DA6E3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{26E02ADB-8904-4817-8A84-8E4DDC18D1FF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{287592DB-D20B-4494-9AD5-AA28C23D452D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3022EB8E-EFDB-4BDE-9E9B-92BCFC3F7460}" = rport=445 | protocol=6 | dir=out | app=system |
"{330C7312-26EE-4AEF-914C-487B6D513711}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4CA8467A-32A5-4677-B480-EE28700555AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58246E6F-DFE1-43D1-8385-677BF5E1B706}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A12B262-87B3-4F14-BD9E-07B1B492976F}" = rport=138 | protocol=17 | dir=out | app=system |
"{7063BB77-B0A6-422E-BEAC-3FED407AA9C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{8914CF8E-DD57-4F62-A2C8-89FE339C7A44}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8B5CA267-7363-4050-BF81-955BF39DFD7D}" = rport=137 | protocol=17 | dir=out | app=system |
"{9A4ED6FE-C438-45FB-B565-E89F790C1512}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9B6CF278-6880-47AA-A63A-09282FC4DEAF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A00D3E57-1FBF-42AD-9525-324FD251CADE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A14F57F9-4FE6-4D27-BBFB-56746256F3B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA532A3D-E919-46C7-A46A-45B82360472E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AC8C0B3C-4161-4FAA-8099-97D26137640C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCD94E1E-828F-4DEB-975B-C97096C6F905}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C53258C1-EA6D-4663-B468-331519370937}" = lport=445 | protocol=6 | dir=in | app=system |
"{D8BF51F5-6513-41D2-9608-F3BCAB1B3BB9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8C4DB51-F2DB-419E-A991-F04600DDF180}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E207C06E-71AB-4F35-8E82-B1678064C114}" = lport=139 | protocol=6 | dir=in | app=system |
"{FAFC1E7E-CB01-41F0-BE4A-801C43DCD325}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FF6375BE-9415-43E1-A4CA-23759A0F199E}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0365822C-92D5-41A1-AAE2-E8AE47A460D5}" = protocol=17 | dir=in | app=c:\users\sellon\appdata\roaming\dropbox\bin\dropbox.exe |
"{07105BEB-E534-4745-A26C-49DB5A73825A}" = protocol=17 | dir=in | app=c:\users\sellon\appdata\roaming\bittorrent\bittorrent.exe |
"{10B5DA39-3DA6-41C3-96B5-B3EA9D8D4B03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C469218-6017-4B96-9CD1-78837F404375}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{23D59EDA-AC9C-44B6-B871-A7CD1F859B2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{23DB168D-85A5-4040-90CC-51586EB4CFBB}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{2618A72B-629F-4B9C-BA6A-30D0AB55AF45}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe |
"{29A3839F-495A-4BE8-9541-90EB58276760}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{343D4C94-B6DB-45DF-82F0-942D1DBC7C83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ynab 4\ynab 4.exe |
"{3B020B7A-4EF4-4198-8931-22D637810473}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe |
"{416949DB-41C2-4F45-8F66-531971513A0B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{4875B864-CD64-414D-9BDD-7710EEFBC94C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{504EA296-E6EE-4D56-905E-4627898A6F94}" = protocol=6 | dir=in | app=c:\users\sellon\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5600B657-C1B8-400B-88C3-C6772682C4C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{56F51389-7A87-4B61-9F93-0B12D53B7870}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5FC4FBBD-C3EB-4913-B8FD-38121C39E67C}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{64AA485D-9AB9-4D0A-BA9A-001B8C0381C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{67DBB739-DC7A-4ACF-BD45-C239EC856E59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{693CBFEC-B116-4D62-A1E9-C0473BD2FAF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BEEFF77-8F9B-4E7A-BCA2-0E9DC0AB4D43}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6D585A05-3199-400D-A780-3D1A704019E5}" = protocol=17 | dir=in | app=c:\users\sellon\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{77D477D3-5C95-408B-A06C-C7CE7888BD77}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{77E6E6AE-A608-4250-B911-D11A88F4931D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{78E028FB-F924-4CD4-B8D3-B8BD50B1D866}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe |
"{797DCBEA-9C11-442D-8865-E1661BA9C8C3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7A9D71C1-77E9-4816-9B03-8E2317E4BE14}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7C7B34E9-03D7-49EF-B7B2-9ADC49F4C258}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{8AB919B2-0FA3-4883-AE5E-503ED625E1D6}" = protocol=6 | dir=in | app=c:\users\sellon\appdata\roaming\dropbox\bin\dropbox.exe |
"{93EC6BB2-B914-4B56-A59D-236CD0D07B25}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe |
"{98C764CD-8510-4B2B-8171-6DFCE82DF73D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ynab 4\ynab 4.exe |
"{9A7CBF37-7F1C-4537-A92A-3134F4384D46}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9EFB4E10-2C22-4617-B78B-B1AEA8DB44D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe |
"{A73E28C8-21AA-457E-B0E9-E94975CB5608}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC55834A-D2D9-4191-986D-C73F00FC89AF}" = protocol=6 | dir=in | app=c:\users\sellon\appdata\roaming\bittorrent\bittorrent.exe |
"{B8154DC5-019A-4056-9FE3-C1B76AC350B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B997D089-525B-439B-876B-4D0E9ED45D2A}" = protocol=58 | dir=in | app=system |
"{C21774F5-7DBD-478A-B2DC-C33571EFD470}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C76CEFD3-F599-4E81-8A3A-B42233CAE51B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe |
"{CA30A198-F5E4-4A10-B477-30566B590662}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB055708-6D73-4055-A11E-5CAF0D62D21E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E55E4061-4066-4BD2-A0E1-84F5C7A46B1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F11C0029-2570-414B-A1F7-21B5A6FF6145}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F1BD1371-61BC-4140-996A-EAB6D7B4DECC}" = protocol=6 | dir=out | app=system |
"{F26A2A5E-7D4E-4FDC-863D-F1A37A77BDCA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F43BF4D6-7A97-4C48-A102-7BE3882CA2EE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F5E3193B-72D7-4171-9807-F43EA2693FC8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F6A8B2C9-4F28-4C8E-9CD9-9B74CB6DC139}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC820F18-2278-4E81-AF59-A1059BE1783C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"TCP Query User{3F2D34A2-0461-4495-8D0D-8CA2E3EC9C4F}C:\users\sellon\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sellon\appdata\roaming\spotify\spotify.exe |
"TCP Query User{6688DCFC-3D88-4936-B339-9743F83850D9}C:\users\sellon\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sellon\appdata\roaming\spotify\spotify.exe |
"TCP Query User{79B79DF9-451A-4BD1-A748-8C1ABE331883}C:\users\sellon\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sellon\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C68512C7-6B71-4228-B319-E0E3C8AA90CC}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{39D12A1C-694B-4C9A-8E7C-4AA1D435E3D3}C:\users\sellon\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sellon\appdata\roaming\spotify\spotify.exe |
"UDP Query User{5A9A25DD-275B-47E1-AF57-1D28F7BEC08D}C:\users\sellon\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sellon\appdata\roaming\spotify\spotify.exe |
"UDP Query User{CDDC3AE4-4CC2-4053-B4DD-55C5C667A482}C:\users\sellon\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sellon\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FE2F0A1B-05E3-4C71-B216-B796142A0A36}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{41C2B21A-63BB-4377-9567-A97B15F21E59}" = TOSHIBA eco Utility
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}" = TOSHIBA Audio Enhancement
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"albrechto" = albrechto
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3384E1D9-3F18-4A98-8655-180FEF0DFC02}" = TOSHIBA User's Guide
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41101F0C-DBD9-321C-A6B1-E0689B495A4E}" = Google Talk Plugin
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6E579724-82F9-454C-A98E-39DDDAB167FF}" = Intel(R) Rapid Start Technology
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9602841E-ECE2-1019-AAEE-906A4DE25D6B}" = Intel(R) Identity Protection Technology 1.2.18.0
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B26AEDA3-B044-4FC0-B243-871FDAA6D2B6}" = Hex Color Finder
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{cb41fc68-4442-4f7f-b22f-8f31c74897ac}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.15.17.02
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"ProInst" = Intel PROSet Wireless
"ReplayMusic5.55" = Replay Music 5
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 227320" = You Need A Budget 4 (YNAB)
"Steam App 228200" = Company of Heroes (New Steam Version)
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/25/2014 3:29:15 AM | Computer Name = Sellon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: YTDownloader.exe, version: 1.0.3.3, time
stamp: 0x52931616 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x173c Faulting application
start time: 0x01cf12ea3d23fe11 Faulting application path: C:\Program Files (x86)\YTDownloader\YTDownloader.exe
Faulting
module path: unknown Report Id: 642fea76-8592-11e3-81a9-e89d87c71c32

Error - 1/27/2014 12:18:17 AM | Computer Name = Sellon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: SysMenu.dll, version: 1.0.0.4, time
stamp: 0x5293152d Exception code: 0xc0000005 Fault offset: 0x0006c24c Faulting process
id: 0x118 Faulting application start time: 0x01cf1b16c40a3ff0 Faulting application
path: C:\windows\SysWOW64\rundll32.exe Faulting module path: C:\PROGRA~1\COMMON~1\System\SysMenu.dll
Report
Id: 0bc90b3a-870a-11e3-81a9-e89d87c71c32

Error - 1/27/2014 12:18:17 AM | Computer Name = Sellon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: SysMenu.dll, version: 1.0.0.4, time
stamp: 0x5293152d Exception code: 0xc0000005 Fault offset: 0x0006c24c Faulting process
id: 0x2784 Faulting application start time: 0x01cf1b16c40a3ff0 Faulting application
path: C:\windows\SysWOW64\rundll32.exe Faulting module path: C:\PROGRA~1\COMMON~1\System\SysMenu.dll
Report
Id: 0bc9324a-870a-11e3-81a9-e89d87c71c32

Error - 1/28/2014 2:42:21 PM | Computer Name = Sellon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: SysMenu.dll, version: 1.0.0.4, time
stamp: 0x5293152d Exception code: 0xc0000005 Fault offset: 0x0006c24c Faulting process
id: 0x24ac Faulting application start time: 0x01cf1c58a2ccf39c Faulting application
path: C:\windows\SysWOW64\rundll32.exe Faulting module path: C:\PROGRA~1\COMMON~1\System\SysMenu.dll
Report
Id: eb666f5f-884b-11e3-81a9-e89d87c71c32

Error - 1/29/2014 3:16:12 PM | Computer Name = Sellon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: SysMenu.dll, version: 1.0.0.4, time
stamp: 0x5293152d Exception code: 0xc0000005 Fault offset: 0x0006c24c Faulting process
id: 0xd24 Faulting application start time: 0x01cf1d26891f651f Faulting application
path: C:\windows\SysWOW64\rundll32.exe Faulting module path: C:\PROGRA~1\COMMON~1\System\SysMenu.dll
Report
Id: d06b16a5-8919-11e3-81a9-e89d87c71c32

Error - 2/1/2014 12:30:19 AM | Computer Name = Sellon-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 2/1/2014 12:30:46 AM | Computer Name = Sellon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: SysMenu.dll, version: 1.0.0.4, time
stamp: 0x5293152d Exception code: 0xc0000005 Fault offset: 0x0006c24c Faulting process
id: 0x1ff8 Faulting application start time: 0x01cf1f0655ad95f2 Faulting application
path: C:\windows\SysWOW64\rundll32.exe Faulting module path: C:\PROGRA~1\COMMON~1\System\SysMenu.dll
Report
Id: 9dff73d2-8af9-11e3-81a9-e89d87c71c32

Error - 2/2/2014 11:09:30 PM | Computer Name = Sellon-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 2/2/2014 11:09:57 PM | Computer Name = Sellon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: SysMenu.dll, version: 1.0.0.4, time
stamp: 0x5293152d Exception code: 0xc0000005 Fault offset: 0x0006c24c Faulting process
id: 0x153c Faulting application start time: 0x01cf208d5f78a38b Faulting application
path: C:\windows\SysWOW64\rundll32.exe Faulting module path: C:\PROGRA~1\COMMON~1\System\SysMenu.dll
Report
Id: a896560d-8c80-11e3-81a9-e89d87c71c32

Error - 2/4/2014 12:51:27 AM | Computer Name = Sellon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: SysMenu.dll, version: 1.0.0.4, time
stamp: 0x5293152d Exception code: 0xc0000005 Fault offset: 0x0006c24c Faulting process
id: 0x2058 Faulting application start time: 0x01cf2164bd5484e8 Faulting application
path: C:\windows\SysWOW64\rundll32.exe Faulting module path: C:\PROGRA~1\COMMON~1\System\SysMenu.dll
Report
Id: 014d103c-8d58-11e3-81a9-e89d87c71c32

[ System Events ]
Error - 2/22/2014 5:52:04 PM | Computer Name = Sellon-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 2/22/2014 9:55:18 PM | Computer Name = Sellon-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/22/2014 9:55:19 PM | Computer Name = Sellon-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/22/2014 9:55:19 PM | Computer Name = Sellon-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/22/2014 9:55:20 PM | Computer Name = Sellon-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/22/2014 9:55:20 PM | Computer Name = Sellon-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/24/2014 10:42:27 AM | Computer Name = Sellon-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 2/26/2014 1:46:59 AM | Computer Name = Sellon-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 2/26/2014 1:48:00 AM | Computer Name = Sellon-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 2/26/2014 1:48:00 AM | Computer Name = Sellon-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053


< End of report >
Sellon05
Active Member
 
Posts: 13
Joined: March 9th, 2014, 11:41 pm

Re: www-search.net is taking over, need help

Unread postby Cypher » March 11th, 2014, 1:03 pm

Hi,
my internet home page has been re-routed to ...

Is your homepage still re-routed? if yes which browser/browsers are affected?

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following script into the Image textbox. Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).
    Code: Select all
    :commands
    [createrestorepoint]
    
    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    O33 - MountPoints2\{39877a46-9c0b-11e3-8196-e89d87c71c32}\Shell - "" = AutoRun
    O33 - MountPoints2\{39877a46-9c0b-11e3-8196-e89d87c71c32}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
    O33 - MountPoints2\{90f39b09-62ea-11e3-ae24-e89d87c71c32}\Shell - "" = AutoRun
    O33 - MountPoints2\{90f39b09-62ea-11e3-ae24-e89d87c71c32}\Shell\AutoRun\command - "" = D:\LaunchU3.exe
    [2014/03/11 10:10:22 | 000,000,000 | ---D | M] -- C:\Users\Sellon\AppData\Roaming\BitTorrent
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0365822C-92D5-41A1-AAE2-E8AE47A460D5}"=-
    "{07105BEB-E534-4745-A26C-49DB5A73825A}"=-
    "{AC55834A-D2D9-4191-986D-C73F00FC89AF}"=-
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: www-search.net is taking over, need help

Unread postby Sellon05 » March 11th, 2014, 1:10 pm

Yes, my home page is still being re-routed to tuvaro or www-search.net, when I click on links I will also get re-routed to another page trying to sell me something or some sort of useless nonsense.

OTL

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39877a46-9c0b-11e3-8196-e89d87c71c32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39877a46-9c0b-11e3-8196-e89d87c71c32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39877a46-9c0b-11e3-8196-e89d87c71c32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39877a46-9c0b-11e3-8196-e89d87c71c32}\ not found.
File E:\VZW_Software_upgrade_assistant.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90f39b09-62ea-11e3-ae24-e89d87c71c32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90f39b09-62ea-11e3-ae24-e89d87c71c32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90f39b09-62ea-11e3-ae24-e89d87c71c32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90f39b09-62ea-11e3-ae24-e89d87c71c32}\ not found.
File D:\LaunchU3.exe not found.
C:\Users\Sellon\AppData\Roaming\BitTorrent folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0365822C-92D5-41A1-AAE2-E8AE47A460D5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0365822C-92D5-41A1-AAE2-E8AE47A460D5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07105BEB-E534-4745-A26C-49DB5A73825A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07105BEB-E534-4745-A26C-49DB5A73825A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC55834A-D2D9-4191-986D-C73F00FC89AF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC55834A-D2D9-4191-986D-C73F00FC89AF}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sellon\Downloads\cmd.bat deleted successfully.
C:\Users\Sellon\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sellon
->Temp folder emptied: 1565449 bytes
->Temporary Internet Files folder emptied: 183320 bytes
->FireFox cache emptied: 51870831 bytes
->Google Chrome cache emptied: 7144567 bytes
->Flash cache emptied: 170177 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11317897 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42241295 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 109.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03112014_110534

Files\Folders moved on Reboot...
C:\Users\Sellon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Sellon\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Sellon05
Active Member
 
Posts: 13
Joined: March 9th, 2014, 11:41 pm

Re: www-search.net is taking over, need help

Unread postby Cypher » March 11th, 2014, 1:15 pm

Hi,
Yes, my home page is still being re-routed to tuvaro or www-search.net

Which browser/browsers are affected, Internet Explorer, FireFox, Chrome ?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: www-search.net is taking over, need help

Unread postby Sellon05 » March 11th, 2014, 1:16 pm

Sorry, forgot that. All of them are infected. Firefox, Chrome, and Internet Explorer.
Sellon05
Active Member
 
Posts: 13
Joined: March 9th, 2014, 11:41 pm

Re: www-search.net is taking over, need help

Unread postby Cypher » March 11th, 2014, 1:19 pm

Ok run the below scans for me.

Please download zoek.exe and save it to your desktop.
  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  • Right click on zoek.exe and select " Run as administrator " to run it.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  • Click the More Options button below the large panel and check the box:

    • Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Next.

Please download TDSSKiller.exe and save it to your Desktop.
  • Right click on TDSSKiller.exe and select " Run as administrator " to run it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • The log is like UtilityName.Version_Date_Time_log.txt. for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • Post the contents of that log in your next reply please.

Logs/Information to Post in your Next Reply

  • zoek-results.log.
  • TDSSKiller log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: www-search.net is taking over, need help

Unread postby Sellon05 » March 11th, 2014, 1:51 pm

Zoek

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Sellon on Tue 03/11/2014 at 11:29:04.18.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sellon\Downloads\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

3/11/2014 11:29:38 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3701182733-3961789217-2791859033-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1E22B5E9-C729-41BD-9994-EE50B08B4C3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\SearchModule deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Sellon\Downloads\CouponPrinterCPS.exe deleted
C:\windows\SysNative\tasks\SMupdate1 deleted
C:\windows\SysNative\tasks\Microsoft\Windows\Maintenance\SMupdate2 deleted
C:\windows\SysNative\tasks\Microsoft\Windows\Multimedia\SMupdate3 deleted
C:\Users\Sellon\AppData\Roaming\Mozilla\Firefox\Profiles\gqjyoili.default-1393478999498\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com deleted

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Sellon\AppData\Roaming\Mozilla\Firefox\Profiles\gqjyoili.default-1393478999498
D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash
A9C86900D2A61728C8326FE7147617C5 - C:\Users\Sellon\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
FE5EBC41BC74FEB22D64FCB715F067F5 - C:\Users\Sellon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
4CD25DDA1221224BB92591756ED12602 - C:\Users\Sellon\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
A0D63D14016C75D718F5432B13FC6576 - C:\Users\Sellon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
0C0C5C207121C7A78414A8250E8E099A - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll - Shockwave for Director / Shockwave for Director
8A67413465B16698D3AC2E7AC1D5FFD2 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll - Best Buy pc app Detector


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nkopijddpkmggacdghppacglggodkcod - C:\Program Files (x86)\albrechto\nkopijddpkmggacdghppacglggodkcod.crx[]


==== Chrome Fix ======================

C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkopijddpkmggacdghppacglggodkcod deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.yahoo.com/?type=586383&fr=spigot-yhp-ie"
"Default_Page_URL"="http://start.toshiba.com/?cid=C001B2Y"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{1E22B5E9-C729-41BD-9994-EE50B08B4C3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E22B5E9-C729-41BD-9994-EE50B08B4C3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{E43751F6-CDF2-4186-9C3A-F6D9BC934B25} Google Url="http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\Sellon\Desktop\DOD Turbo.lnk - C:\Windows\System32\powercfg.exe -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
C:\Users\Sellon\Desktop\Dropbox.lnk - C:\Users\Sellon\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Sellon\Desktop\Spotify.lnk - C:\Users\Sellon\AppData\Roaming\Spotify\spotify.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Replay Music 5.lnk - C:\Program Files (x86)\Replay Music 5\ReplayMusic.exe
C:\Users\Public\Desktop\Skype.lnk - C:\windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk - C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Sellon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www-search.net/?pid=s&pi=1
C:\Users\Sellon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www-search.net/?pid=s&pi=1

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www-search.net/?pid=s&pi=1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www-search.net/?pid=s&pi=1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Registry Backup\Tweaking.com - Registry Backup.lnk - C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Registry Backup\Uninstall Tweaking.com - Registry Backup.lnk - C:\Program Files (x86)\Tweaking.com\Registry Backup\uninstall.exe "/U:C:\Program Files (x86)\Tweaking.com\Registry Backup\Uninstall\uninstall.xml"

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Sellon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www-search.net/?pid=s&pi=1
C:\Users\Sellon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Sellon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Sellon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\windows\system32\control.exe
C:\Users\Sellon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\HyperSpeedStart.lnk - C:\Program Files\TOSHIBA\Power Saver\THyboot.exe
C:\Users\Sellon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www-search.net/?pid=s&pi=1
C:\Users\Sellon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www-search.net/?pid=s&pi=1
C:\Users\Sellon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www-search.net/?pid=s&pi=1
C:\Users\Sellon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe
C:\Users\Sellon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== shortcuts After Repair ======================

C:\Users\Sellon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Sellon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Sellon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Sellon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Sellon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Sellon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nkopijddpkmggacdghppacglggodkcod deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sellon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sellon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Sellon\AppData\Local\Mozilla\Firefox\Profiles\gqjyoili.default-1393478999498\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Sellon\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=128 folders=31 17369038 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Sellon\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Sellon\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Tue 03/11/2014 at 11:47:56.43 ======================
Sellon05
Active Member
 
Posts: 13
Joined: March 9th, 2014, 11:41 pm

Re: www-search.net is taking over, need help

Unread postby Sellon05 » March 11th, 2014, 1:52 pm

TDSSKiller

11:49:09.0341 0x1b38 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
11:49:12.0836 0x1b38 ============================================================
11:49:12.0836 0x1b38 Current date / time: 2014/03/11 11:49:12.0836
11:49:12.0836 0x1b38 SystemInfo:
11:49:12.0836 0x1b38
11:49:12.0836 0x1b38 OS Version: 6.1.7601 ServicePack: 1.0
11:49:12.0836 0x1b38 Product type: Workstation
11:49:12.0836 0x1b38 ComputerName: SELLON-PC
11:49:12.0837 0x1b38 UserName: Sellon
11:49:12.0837 0x1b38 Windows directory: C:\windows
11:49:12.0837 0x1b38 System windows directory: C:\windows
11:49:12.0837 0x1b38 Running under WOW64
11:49:12.0837 0x1b38 Processor architecture: Intel x64
11:49:12.0837 0x1b38 Number of processors: 4
11:49:12.0837 0x1b38 Page size: 0x1000
11:49:12.0837 0x1b38 Boot type: Normal boot
11:49:12.0837 0x1b38 ============================================================
11:49:13.0129 0x1b38 KLMD registered as C:\windows\system32\drivers\19815934.sys
11:49:13.0258 0x1b38 System UUID: {7B18B726-7C43-F64F-DB2B-824CFF2EBA62}
11:49:14.0049 0x1b38 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:49:14.0055 0x1b38 ============================================================
11:49:14.0055 0x1b38 \Device\Harddisk0\DR0:
11:49:14.0057 0x1b38 MBR partitions:
11:49:14.0057 0x1b38 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xD343000
11:49:14.0057 0x1b38 ============================================================
11:49:14.0061 0x1b38 C: <-> \Device\Harddisk0\DR0\Partition1
11:49:14.0061 0x1b38 ============================================================
11:49:14.0061 0x1b38 Initialize success
11:49:14.0061 0x1b38 ============================================================
11:49:15.0942 0x0d5c ============================================================
11:49:15.0942 0x0d5c Scan started
11:49:15.0942 0x0d5c Mode: Manual;
11:49:15.0943 0x0d5c ============================================================
11:49:15.0943 0x0d5c KSN ping started
11:49:18.0976 0x0d5c KSN ping finished: true
11:49:19.0237 0x0d5c ================ Scan system memory ========================
11:49:19.0237 0x0d5c System memory - ok
11:49:19.0238 0x0d5c ================ Scan services =============================
11:49:19.0314 0x0d5c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
11:49:19.0324 0x0d5c 1394ohci - ok
11:49:19.0362 0x0d5c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
11:49:19.0376 0x0d5c ACPI - ok
11:49:19.0381 0x0d5c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
11:49:19.0382 0x0d5c AcpiPmi - ok
11:49:19.0395 0x0d5c [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:49:19.0398 0x0d5c AdobeARMservice - ok
11:49:19.0441 0x0d5c [ C8C6C0D659734FDBF63F6F421A5416BC, 11C452D77D0A8A5E430D0D0C9949797FFC03D2E3DADB8FBB9B63EDA868AFF83C ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:49:19.0452 0x0d5c AdobeFlashPlayerUpdateSvc - ok
11:49:19.0476 0x0d5c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
11:49:19.0497 0x0d5c adp94xx - ok
11:49:19.0515 0x0d5c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\drivers\adpahci.sys
11:49:19.0528 0x0d5c adpahci - ok
11:49:19.0541 0x0d5c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\drivers\adpu320.sys
11:49:19.0549 0x0d5c adpu320 - ok
11:49:19.0560 0x0d5c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
11:49:19.0563 0x0d5c AeLookupSvc - ok
11:49:19.0589 0x0d5c [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\windows\system32\drivers\afd.sys
11:49:19.0609 0x0d5c AFD - ok
11:49:19.0617 0x0d5c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
11:49:19.0620 0x0d5c agp440 - ok
11:49:19.0628 0x0d5c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
11:49:19.0632 0x0d5c ALG - ok
11:49:19.0638 0x0d5c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
11:49:19.0640 0x0d5c aliide - ok
11:49:19.0646 0x0d5c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
11:49:19.0647 0x0d5c amdide - ok
11:49:19.0656 0x0d5c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
11:49:19.0659 0x0d5c AmdK8 - ok
11:49:19.0669 0x0d5c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
11:49:19.0672 0x0d5c AmdPPM - ok
11:49:19.0681 0x0d5c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
11:49:19.0686 0x0d5c amdsata - ok
11:49:19.0698 0x0d5c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
11:49:19.0707 0x0d5c amdsbs - ok
11:49:19.0713 0x0d5c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
11:49:19.0714 0x0d5c amdxata - ok
11:49:19.0722 0x0d5c [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\windows\system32\drivers\appid.sys
11:49:19.0726 0x0d5c AppID - ok
11:49:19.0732 0x0d5c [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\windows\System32\appidsvc.dll
11:49:19.0734 0x0d5c AppIDSvc - ok
11:49:19.0743 0x0d5c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll
11:49:19.0746 0x0d5c Appinfo - ok
11:49:19.0754 0x0d5c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\drivers\arc.sys
11:49:19.0758 0x0d5c arc - ok
11:49:19.0767 0x0d5c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\drivers\arcsas.sys
11:49:19.0772 0x0d5c arcsas - ok
11:49:19.0798 0x0d5c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:49:19.0806 0x0d5c aspnet_state - ok
11:49:19.0812 0x0d5c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
11:49:19.0813 0x0d5c AsyncMac - ok
11:49:19.0821 0x0d5c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
11:49:19.0823 0x0d5c atapi - ok
11:49:19.0855 0x0d5c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:49:19.0882 0x0d5c AudioEndpointBuilder - ok
11:49:19.0914 0x0d5c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\windows\System32\Audiosrv.dll
11:49:19.0937 0x0d5c AudioSrv - ok
11:49:19.0954 0x0d5c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
11:49:19.0959 0x0d5c AxInstSV - ok
11:49:19.0983 0x0d5c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
11:49:20.0002 0x0d5c b06bdrv - ok
11:49:20.0020 0x0d5c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
11:49:20.0031 0x0d5c b57nd60a - ok
11:49:20.0044 0x0d5c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
11:49:20.0049 0x0d5c BDESVC - ok
11:49:20.0055 0x0d5c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
11:49:20.0056 0x0d5c Beep - ok
11:49:20.0094 0x0d5c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
11:49:20.0122 0x0d5c BFE - ok
11:49:20.0162 0x0d5c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\System32\qmgr.dll
11:49:20.0198 0x0d5c BITS - ok
11:49:20.0206 0x0d5c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
11:49:20.0208 0x0d5c blbdrive - ok
11:49:20.0218 0x0d5c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
11:49:20.0222 0x0d5c bowser - ok
11:49:20.0228 0x0d5c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
11:49:20.0230 0x0d5c BrFiltLo - ok
11:49:20.0235 0x0d5c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
11:49:20.0236 0x0d5c BrFiltUp - ok
11:49:20.0245 0x0d5c [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] Bridge C:\windows\system32\DRIVERS\bridge.sys
11:49:20.0250 0x0d5c Bridge - ok
11:49:20.0258 0x0d5c [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
11:49:20.0262 0x0d5c BridgeMP - ok
11:49:20.0272 0x0d5c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
11:49:20.0279 0x0d5c Browser - ok
11:49:20.0295 0x0d5c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys
11:49:20.0307 0x0d5c Brserid - ok
11:49:20.0314 0x0d5c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
11:49:20.0317 0x0d5c BrSerWdm - ok
11:49:20.0322 0x0d5c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
11:49:20.0324 0x0d5c BrUsbMdm - ok
11:49:20.0329 0x0d5c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
11:49:20.0330 0x0d5c BrUsbSer - ok
11:49:20.0339 0x0d5c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
11:49:20.0342 0x0d5c BTHMODEM - ok
11:49:20.0354 0x0d5c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
11:49:20.0358 0x0d5c bthserv - ok
11:49:20.0366 0x0d5c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
11:49:20.0371 0x0d5c cdfs - ok
11:49:20.0381 0x0d5c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
11:49:20.0388 0x0d5c cdrom - ok
11:49:20.0396 0x0d5c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
11:49:20.0400 0x0d5c CertPropSvc - ok
11:49:20.0407 0x0d5c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\drivers\circlass.sys
11:49:20.0409 0x0d5c circlass - ok
11:49:20.0429 0x0d5c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\windows\system32\CLFS.sys
11:49:20.0443 0x0d5c CLFS - ok
11:49:20.0456 0x0d5c [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:49:20.0463 0x0d5c clr_optimization_v2.0.50727_32 - ok
11:49:20.0474 0x0d5c [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:49:20.0481 0x0d5c clr_optimization_v2.0.50727_64 - ok
11:49:20.0504 0x0d5c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:49:20.0530 0x0d5c clr_optimization_v4.0.30319_32 - ok
11:49:20.0542 0x0d5c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:49:20.0561 0x0d5c clr_optimization_v4.0.30319_64 - ok
11:49:20.0568 0x0d5c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
11:49:20.0570 0x0d5c CmBatt - ok
11:49:20.0576 0x0d5c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
11:49:20.0577 0x0d5c cmdide - ok
11:49:20.0603 0x0d5c [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\windows\system32\Drivers\cng.sys
11:49:20.0622 0x0d5c CNG - ok
11:49:20.0628 0x0d5c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\drivers\compbatt.sys
11:49:20.0630 0x0d5c Compbatt - ok
11:49:20.0636 0x0d5c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
11:49:20.0638 0x0d5c CompositeBus - ok
11:49:20.0643 0x0d5c COMSysApp - ok
11:49:20.0652 0x0d5c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
11:49:20.0654 0x0d5c crcdisk - ok
11:49:20.0669 0x0d5c [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\windows\system32\cryptsvc.dll
11:49:20.0677 0x0d5c CryptSvc - ok
11:49:20.0721 0x0d5c [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:49:20.0754 0x0d5c cvhsvc - ok
11:49:20.0763 0x0d5c [ C6E1C081C0849E08FECEC18DF73B10C4, B5E552F4744C91836CBAF3F62CB861C1D9422721870D11B5CCE21B45E384985A ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
11:49:20.0767 0x0d5c dc3d - ok
11:49:20.0795 0x0d5c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
11:49:20.0817 0x0d5c DcomLaunch - ok
11:49:20.0834 0x0d5c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
11:49:20.0846 0x0d5c defragsvc - ok
11:49:20.0856 0x0d5c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
11:49:20.0861 0x0d5c DfsC - ok
11:49:20.0880 0x0d5c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
11:49:20.0893 0x0d5c Dhcp - ok
11:49:20.0901 0x0d5c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
11:49:20.0903 0x0d5c discache - ok
11:49:20.0911 0x0d5c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\drivers\disk.sys
11:49:20.0914 0x0d5c Disk - ok
11:49:20.0927 0x0d5c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
11:49:20.0935 0x0d5c Dnscache - ok
11:49:20.0950 0x0d5c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
11:49:20.0961 0x0d5c dot3svc - ok
11:49:20.0974 0x0d5c [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
11:49:20.0980 0x0d5c Dot4 - ok
11:49:20.0987 0x0d5c [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys
11:49:20.0989 0x0d5c Dot4Print - ok
11:49:20.0995 0x0d5c [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
11:49:20.0997 0x0d5c dot4usb - ok
11:49:21.0011 0x0d5c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
11:49:21.0019 0x0d5c DPS - ok
11:49:21.0024 0x0d5c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
11:49:21.0025 0x0d5c drmkaud - ok
11:49:21.0070 0x0d5c [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
11:49:21.0103 0x0d5c DXGKrnl - ok
11:49:21.0130 0x0d5c [ BA01A130D2B850CA87483CE6AC1A2BBA, DFF760DB1A6F60A856D64F01C67B8FC075ABED9DD80FFA50AA681296FF56FCE0 ] e1cexpress C:\windows\system32\DRIVERS\e1c62x64.sys
11:49:21.0147 0x0d5c e1cexpress - ok
11:49:21.0157 0x0d5c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
11:49:21.0162 0x0d5c EapHost - ok
11:49:21.0298 0x0d5c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\drivers\evbda.sys
11:49:21.0426 0x0d5c ebdrv - ok
11:49:21.0438 0x0d5c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\windows\System32\lsass.exe
11:49:21.0441 0x0d5c EFS - ok
11:49:21.0475 0x0d5c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
11:49:21.0504 0x0d5c ehRecvr - ok
11:49:21.0517 0x0d5c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
11:49:21.0522 0x0d5c ehSched - ok
11:49:21.0549 0x0d5c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\drivers\elxstor.sys
11:49:21.0571 0x0d5c elxstor - ok
11:49:21.0577 0x0d5c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
11:49:21.0579 0x0d5c ErrDev - ok
11:49:21.0609 0x0d5c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
11:49:21.0626 0x0d5c EventSystem - ok
11:49:21.0695 0x0d5c [ 57E61DC4F7980D57C0B162FC5B9F0B38, B00A219724C2A58A253CE7893B4A586BB36E6AD6B6130C87041EF3107B1CE48B ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:49:21.0755 0x0d5c EvtEng - ok
11:49:21.0769 0x0d5c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
11:49:21.0777 0x0d5c exfat - ok
11:49:21.0791 0x0d5c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
11:49:21.0800 0x0d5c fastfat - ok
11:49:21.0833 0x0d5c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
11:49:21.0861 0x0d5c Fax - ok
11:49:21.0868 0x0d5c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\drivers\fdc.sys
11:49:21.0870 0x0d5c fdc - ok
11:49:21.0876 0x0d5c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
11:49:21.0878 0x0d5c fdPHost - ok
11:49:21.0885 0x0d5c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
11:49:21.0887 0x0d5c FDResPub - ok
11:49:21.0895 0x0d5c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
11:49:21.0898 0x0d5c FileInfo - ok
11:49:21.0904 0x0d5c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
11:49:21.0906 0x0d5c Filetrace - ok
11:49:21.0912 0x0d5c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\drivers\flpydisk.sys
11:49:21.0914 0x0d5c flpydisk - ok
11:49:21.0931 0x0d5c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
11:49:21.0942 0x0d5c FltMgr - ok
11:49:21.0994 0x0d5c [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\windows\system32\FntCache.dll
11:49:22.0042 0x0d5c FontCache - ok
11:49:22.0051 0x0d5c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:49:22.0055 0x0d5c FontCache3.0.0.0 - ok
11:49:22.0063 0x0d5c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
11:49:22.0066 0x0d5c FsDepends - ok
11:49:22.0072 0x0d5c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
11:49:22.0074 0x0d5c Fs_Rec - ok
11:49:22.0088 0x0d5c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
11:49:22.0097 0x0d5c fvevol - ok
11:49:22.0105 0x0d5c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
11:49:22.0109 0x0d5c gagp30kx - ok
11:49:22.0145 0x0d5c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
11:49:22.0178 0x0d5c gpsvc - ok
11:49:22.0191 0x0d5c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:49:22.0196 0x0d5c gupdate - ok
11:49:22.0206 0x0d5c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:49:22.0211 0x0d5c gupdatem - ok
11:49:22.0227 0x0d5c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:49:22.0242 0x0d5c gusvc - ok
11:49:22.0249 0x0d5c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
11:49:22.0251 0x0d5c hcw85cir - ok
11:49:22.0272 0x0d5c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:49:22.0287 0x0d5c HdAudAddService - ok
11:49:22.0298 0x0d5c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
11:49:22.0303 0x0d5c HDAudBus - ok
11:49:22.0309 0x0d5c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\drivers\HidBatt.sys
11:49:22.0312 0x0d5c HidBatt - ok
11:49:22.0323 0x0d5c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\drivers\hidbth.sys
11:49:22.0328 0x0d5c HidBth - ok
11:49:22.0336 0x0d5c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\drivers\hidir.sys
11:49:22.0339 0x0d5c HidIr - ok
11:49:22.0345 0x0d5c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\system32\hidserv.dll
11:49:22.0348 0x0d5c hidserv - ok
11:49:22.0355 0x0d5c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
11:49:22.0356 0x0d5c HidUsb - ok
11:49:22.0366 0x0d5c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
11:49:22.0371 0x0d5c hkmsvc - ok
11:49:22.0384 0x0d5c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:49:22.0394 0x0d5c HomeGroupListener - ok
11:49:22.0407 0x0d5c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:49:22.0416 0x0d5c HomeGroupProvider - ok
11:49:22.0425 0x0d5c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
11:49:22.0428 0x0d5c HpSAMD - ok
11:49:22.0487 0x0d5c [ 5ECEC779312AD35B1B19951A4B53FAC1, 67F4D2603E233FA0C2957419BB196BE6273C02FF6AAA188BA613EF62E80BCBC1 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
11:49:22.0534 0x0d5c HPSLPSVC - ok
11:49:22.0569 0x0d5c [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\windows\system32\drivers\HTTP.sys
11:49:22.0598 0x0d5c HTTP - ok
11:49:22.0605 0x0d5c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
11:49:22.0606 0x0d5c hwpolicy - ok
11:49:22.0615 0x0d5c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
11:49:22.0619 0x0d5c i8042prt - ok
11:49:22.0644 0x0d5c [ D469B77687E12FE43E344806740B624D, DFDD486FD040813BF4E5DDB504CF9E0BFBF6D4E540DDDA4829F9B675ACF63E89 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
11:49:22.0659 0x0d5c iaStor - ok
11:49:22.0680 0x0d5c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
11:49:22.0698 0x0d5c iaStorV - ok
11:49:22.0737 0x0d5c [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:49:22.0772 0x0d5c idsvc - ok
11:49:22.0778 0x0d5c IEEtwCollectorService - ok
11:49:23.0272 0x0d5c [ 0D1B8C64BDF0E5CDC523A1409FFB5EF0, 92F264325C3B1F70E0ACDBC886F7DC4C32371759EA94CE359B0FABD89573DCA4 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
11:49:23.0750 0x0d5c igfx - ok
11:49:23.0774 0x0d5c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\drivers\iirsp.sys
11:49:23.0776 0x0d5c iirsp - ok
11:49:23.0816 0x0d5c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
11:49:23.0851 0x0d5c IKEEXT - ok
11:49:23.0861 0x0d5c [ CADDF0927DAC63EDAE48F5C35A61D87D, C46006461311B1563C1D149B9D60B202F30147265B9D93069B084D03A09D2BEC ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
11:49:23.0864 0x0d5c intaud_WaveExtensible - ok
11:49:23.0992 0x0d5c [ E7E0E8F2F44BCB48143FBBA70106D8C1, 21BC507F2FB77F68FD81D946EA97E474EA8D07D396E2B13945F2CD5C61EBCBFE ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
11:49:24.0098 0x0d5c IntcAzAudAddService - ok
11:49:24.0121 0x0d5c [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
11:49:24.0134 0x0d5c IntcDAud - ok
11:49:24.0140 0x0d5c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
11:49:24.0142 0x0d5c intelide - ok
11:49:24.0150 0x0d5c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
11:49:24.0153 0x0d5c intelppm - ok
11:49:24.0162 0x0d5c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
11:49:24.0168 0x0d5c IPBusEnum - ok
11:49:24.0176 0x0d5c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
11:49:24.0180 0x0d5c IpFilterDriver - ok
11:49:24.0209 0x0d5c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
11:49:24.0233 0x0d5c iphlpsvc - ok
11:49:24.0243 0x0d5c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
11:49:24.0247 0x0d5c IPMIDRV - ok
11:49:24.0257 0x0d5c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
11:49:24.0263 0x0d5c IPNAT - ok
11:49:24.0270 0x0d5c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
11:49:24.0272 0x0d5c IRENUM - ok
11:49:24.0276 0x0d5c irstrtsv - ok
11:49:24.0283 0x0d5c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
11:49:24.0285 0x0d5c isapnp - ok
11:49:24.0301 0x0d5c [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
11:49:24.0313 0x0d5c iScsiPrt - ok
11:49:24.0319 0x0d5c [ 716F66336F10885D935B08174DC54242, 1992708956A2A45A8870CFCB532F3ABF24B1143B75EF32AB1F59D5D86E65F493 ] iwdbus C:\windows\system32\DRIVERS\iwdbus.sys
11:49:24.0321 0x0d5c iwdbus - ok
11:49:24.0335 0x0d5c [ 8112496F91A80D9EEE8442D61CDF07D7, E9182710AA260F6562C929BBAF1EC773B68D452D83E5DB25ECEE479F70A96606 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
11:49:24.0345 0x0d5c jhi_service - ok
11:49:24.0353 0x0d5c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
11:49:24.0355 0x0d5c kbdclass - ok
11:49:24.0361 0x0d5c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
11:49:24.0363 0x0d5c kbdhid - ok
11:49:24.0369 0x0d5c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\windows\system32\lsass.exe
11:49:24.0371 0x0d5c KeyIso - ok
11:49:24.0380 0x0d5c [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
11:49:24.0384 0x0d5c KSecDD - ok
11:49:24.0396 0x0d5c [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
11:49:24.0402 0x0d5c KSecPkg - ok
11:49:24.0409 0x0d5c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
11:49:24.0411 0x0d5c ksthunk - ok
11:49:24.0432 0x0d5c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
11:49:24.0448 0x0d5c KtmRm - ok
11:49:24.0463 0x0d5c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\system32\srvsvc.dll
11:49:24.0474 0x0d5c LanmanServer - ok
11:49:24.0484 0x0d5c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:49:24.0491 0x0d5c LanmanWorkstation - ok
11:49:24.0502 0x0d5c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
11:49:24.0504 0x0d5c lltdio - ok
11:49:24.0523 0x0d5c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
11:49:24.0538 0x0d5c lltdsvc - ok
11:49:24.0544 0x0d5c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
11:49:24.0547 0x0d5c lmhosts - ok
11:49:24.0565 0x0d5c [ 5495EB40DF7061059C57F0DEFDBD72A1, FE61F86DEBF795603C781B74CFC09963D1883C436ABDC2D14812383FEF4CE8C0 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:49:24.0580 0x0d5c LMS - ok
11:49:24.0594 0x0d5c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
11:49:24.0601 0x0d5c LSI_FC - ok
11:49:24.0614 0x0d5c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
11:49:24.0621 0x0d5c LSI_SAS - ok
11:49:24.0631 0x0d5c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
11:49:24.0635 0x0d5c LSI_SAS2 - ok
11:49:24.0648 0x0d5c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
11:49:24.0654 0x0d5c LSI_SCSI - ok
11:49:24.0665 0x0d5c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
11:49:24.0671 0x0d5c luafv - ok
11:49:24.0680 0x0d5c [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector C:\windows\system32\drivers\mbam.sys
11:49:24.0682 0x0d5c MBAMProtector - ok
11:49:24.0705 0x0d5c [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:49:24.0723 0x0d5c MBAMScheduler - ok
11:49:24.0756 0x0d5c [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:49:24.0785 0x0d5c MBAMService - ok
11:49:24.0794 0x0d5c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
11:49:24.0799 0x0d5c Mcx2Svc - ok
11:49:24.0806 0x0d5c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\drivers\megasas.sys
11:49:24.0808 0x0d5c megasas - ok
11:49:24.0824 0x0d5c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
11:49:24.0836 0x0d5c MegaSR - ok
11:49:24.0843 0x0d5c [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
11:49:24.0846 0x0d5c MEIx64 - ok
11:49:24.0853 0x0d5c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
11:49:24.0858 0x0d5c MMCSS - ok
11:49:24.0865 0x0d5c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
11:49:24.0868 0x0d5c Modem - ok
11:49:24.0874 0x0d5c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
11:49:24.0875 0x0d5c monitor - ok
11:49:24.0883 0x0d5c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
11:49:24.0885 0x0d5c mouclass - ok
11:49:24.0891 0x0d5c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
11:49:24.0893 0x0d5c mouhid - ok
11:49:24.0902 0x0d5c [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
11:49:24.0906 0x0d5c mountmgr - ok
11:49:24.0917 0x0d5c [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:49:24.0924 0x0d5c MozillaMaintenance - ok
11:49:24.0940 0x0d5c [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
11:49:24.0950 0x0d5c MpFilter - ok
11:49:24.0961 0x0d5c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
11:49:24.0968 0x0d5c mpio - ok
11:49:24.0976 0x0d5c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
11:49:24.0981 0x0d5c mpsdrv - ok
11:49:25.0018 0x0d5c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
11:49:25.0053 0x0d5c MpsSvc - ok
11:49:25.0065 0x0d5c [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
11:49:25.0071 0x0d5c MRxDAV - ok
11:49:25.0083 0x0d5c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
11:49:25.0090 0x0d5c mrxsmb - ok
11:49:25.0107 0x0d5c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
11:49:25.0119 0x0d5c mrxsmb10 - ok
11:49:25.0129 0x0d5c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
11:49:25.0134 0x0d5c mrxsmb20 - ok
11:49:25.0140 0x0d5c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
11:49:25.0141 0x0d5c msahci - ok
11:49:25.0152 0x0d5c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
11:49:25.0158 0x0d5c msdsm - ok
11:49:25.0169 0x0d5c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
11:49:25.0176 0x0d5c MSDTC - ok
11:49:25.0187 0x0d5c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
11:49:25.0189 0x0d5c Msfs - ok
11:49:25.0196 0x0d5c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
11:49:25.0198 0x0d5c mshidkmdf - ok
11:49:25.0203 0x0d5c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
11:49:25.0204 0x0d5c msisadrv - ok
11:49:25.0216 0x0d5c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
11:49:25.0223 0x0d5c MSiSCSI - ok
11:49:25.0229 0x0d5c msiserver - ok
11:49:25.0234 0x0d5c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
11:49:25.0236 0x0d5c MSKSSRV - ok
11:49:25.0241 0x0d5c [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:49:25.0243 0x0d5c MsMpSvc - ok
11:49:25.0249 0x0d5c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
11:49:25.0251 0x0d5c MSPCLOCK - ok
11:49:25.0255 0x0d5c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
11:49:25.0256 0x0d5c MSPQM - ok
11:49:25.0281 0x0d5c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
11:49:25.0296 0x0d5c MsRPC - ok
11:49:25.0304 0x0d5c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
11:49:25.0306 0x0d5c mssmbios - ok
11:49:25.0312 0x0d5c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
11:49:25.0314 0x0d5c MSTEE - ok
11:49:25.0318 0x0d5c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\drivers\MTConfig.sys
11:49:25.0320 0x0d5c MTConfig - ok
11:49:25.0329 0x0d5c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
11:49:25.0331 0x0d5c Mup - ok
11:49:25.0348 0x0d5c [ 50B99D53BC013458381C6476D790C9F3, E5543EF514740B58F424A425AF992BF166AAAA01D33056F83BB45D05D57A4D5B ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
11:49:25.0362 0x0d5c MyWiFiDHCPDNS - ok
11:49:25.0386 0x0d5c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
11:49:25.0406 0x0d5c napagent - ok
11:49:25.0424 0x0d5c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
11:49:25.0437 0x0d5c NativeWifiP - ok
11:49:25.0479 0x0d5c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys
11:49:25.0517 0x0d5c NDIS - ok
11:49:25.0526 0x0d5c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
11:49:25.0528 0x0d5c NdisCap - ok
11:49:25.0534 0x0d5c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
11:49:25.0536 0x0d5c NdisTapi - ok
11:49:25.0543 0x0d5c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
11:49:25.0546 0x0d5c Ndisuio - ok
11:49:25.0557 0x0d5c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
11:49:25.0564 0x0d5c NdisWan - ok
11:49:25.0571 0x0d5c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
11:49:25.0574 0x0d5c NDProxy - ok
11:49:25.0588 0x0d5c [ DC6530A291D4BDF6DF399F1F128E7F8F, 85123D802063383646EEBC60F4ABBCDBA2AE3180E99A8A99C024B1EBB0C6690E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:49:25.0592 0x0d5c Net Driver HPZ12 - ok
11:49:25.0600 0x0d5c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
11:49:25.0602 0x0d5c NetBIOS - ok
11:49:25.0617 0x0d5c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
11:49:25.0627 0x0d5c NetBT - ok
11:49:25.0633 0x0d5c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\windows\system32\lsass.exe
11:49:25.0635 0x0d5c Netlogon - ok
11:49:25.0654 0x0d5c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
11:49:25.0670 0x0d5c Netman - ok
11:49:25.0680 0x0d5c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:49:25.0691 0x0d5c NetMsmqActivator - ok
11:49:25.0700 0x0d5c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:49:25.0706 0x0d5c NetPipeActivator - ok
11:49:25.0730 0x0d5c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
11:49:25.0750 0x0d5c netprofm - ok
11:49:25.0760 0x0d5c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:49:25.0765 0x0d5c NetTcpActivator - ok
11:49:25.0774 0x0d5c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:49:25.0779 0x0d5c NetTcpPortSharing - ok
11:49:26.0131 0x0d5c [ AC69618DE5BCCE8747C9AB0AAE1003C1, D975963FA338AB58684BE0556633F3A846D5360FAD1A5E11BB7A273474DFB64D ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
11:49:26.0471 0x0d5c NETwNs64 - ok
11:49:26.0491 0x0d5c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
11:49:26.0494 0x0d5c nfrd960 - ok
11:49:26.0504 0x0d5c [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
11:49:26.0510 0x0d5c NisDrv - ok
11:49:26.0528 0x0d5c [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:49:26.0543 0x0d5c NisSrv - ok
11:49:26.0560 0x0d5c [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\windows\System32\nlasvc.dll
11:49:26.0572 0x0d5c NlaSvc - ok
11:49:26.0580 0x0d5c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
11:49:26.0586 0x0d5c Npfs - ok
11:49:26.0595 0x0d5c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
11:49:26.0603 0x0d5c nsi - ok
11:49:26.0609 0x0d5c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
11:49:26.0610 0x0d5c nsiproxy - ok
11:49:26.0748 0x0d5c [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\windows\system32\drivers\Ntfs.sys
11:49:26.0817 0x0d5c Ntfs - ok
11:49:26.0830 0x0d5c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
11:49:26.0831 0x0d5c Null - ok
11:49:26.0852 0x0d5c [ 550BE6C46110B74C1ED7B156598D67AF, EB6DCF9FC9F9312DF0108C96C74F13D057F314F52D432DE53FA07DD76FE984F6 ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
11:49:26.0856 0x0d5c nusb3hub - ok
11:49:26.0890 0x0d5c [ 17401C97DCF93F121B89B554D733B836, 60626F14A62037326C43AFEAE58BBDAFD30E97C6E668AA88C1F8A0832533ACCF ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
11:49:26.0899 0x0d5c nusb3xhc - ok
11:49:26.0923 0x0d5c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
11:49:26.0935 0x0d5c nvraid - ok
11:49:26.0951 0x0d5c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
11:49:26.0960 0x0d5c nvstor - ok
11:49:26.0971 0x0d5c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
11:49:26.0979 0x0d5c nv_agp - ok
11:49:26.0995 0x0d5c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
11:49:27.0000 0x0d5c ohci1394 - ok
11:49:27.0016 0x0d5c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:49:27.0027 0x0d5c ose - ok
11:49:27.0256 0x0d5c [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:49:27.0470 0x0d5c osppsvc - ok
11:49:27.0497 0x0d5c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
11:49:27.0513 0x0d5c p2pimsvc - ok
11:49:27.0539 0x0d5c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
11:49:27.0559 0x0d5c p2psvc - ok
11:49:27.0569 0x0d5c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\drivers\parport.sys
11:49:27.0573 0x0d5c Parport - ok
11:49:27.0588 0x0d5c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
11:49:27.0594 0x0d5c partmgr - ok
11:49:27.0610 0x0d5c [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\windows\System32\pcasvc.dll
11:49:27.0619 0x0d5c PcaSvc - ok
11:49:27.0632 0x0d5c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
11:49:27.0640 0x0d5c pci - ok
11:49:27.0646 0x0d5c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
11:49:27.0648 0x0d5c pciide - ok
11:49:27.0663 0x0d5c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\drivers\pcmcia.sys
11:49:27.0674 0x0d5c pcmcia - ok
11:49:27.0685 0x0d5c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
11:49:27.0688 0x0d5c pcw - ok
11:49:27.0718 0x0d5c [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\windows\system32\drivers\peauth.sys
11:49:27.0746 0x0d5c PEAUTH - ok
11:49:27.0783 0x0d5c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
11:49:27.0785 0x0d5c PerfHost - ok
11:49:27.0800 0x0d5c [ 91111CEBBDE8015E822C46120ED9537C, 255B85FEF663C2E0652CECF3F9B67B12B576F924A34415DEE13F0F5137E1E7F7 ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
11:49:27.0802 0x0d5c PGEffect - ok
11:49:27.0863 0x0d5c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
11:49:27.0919 0x0d5c pla - ok
11:49:27.0942 0x0d5c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
11:49:27.0961 0x0d5c PlugPlay - ok
11:49:27.0969 0x0d5c [ 71F62C51DFDFBC04C83C5C64B2B8058E, CAB12E6D27BE421BD5A3CB04066EA50303A3210332ECC4B5C03B5F19735FC857 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:49:27.0974 0x0d5c Pml Driver HPZ12 - ok
11:49:27.0980 0x0d5c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
11:49:27.0983 0x0d5c PNRPAutoReg - ok
11:49:28.0000 0x0d5c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
11:49:28.0013 0x0d5c PNRPsvc - ok
11:49:28.0038 0x0d5c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
11:49:28.0059 0x0d5c PolicyAgent - ok
11:49:28.0073 0x0d5c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll
11:49:28.0082 0x0d5c Power - ok
11:49:28.0091 0x0d5c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
11:49:28.0097 0x0d5c PptpMiniport - ok
11:49:28.0104 0x0d5c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\drivers\processr.sys
11:49:28.0108 0x0d5c Processor - ok
11:49:28.0122 0x0d5c [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\windows\system32\profsvc.dll
11:49:28.0131 0x0d5c ProfSvc - ok
11:49:28.0137 0x0d5c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
11:49:28.0140 0x0d5c ProtectedStorage - ok
11:49:28.0152 0x0d5c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
11:49:28.0158 0x0d5c Psched - ok
11:49:28.0222 0x0d5c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\drivers\ql2300.sys
11:49:28.0283 0x0d5c ql2300 - ok
11:49:28.0295 0x0d5c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\drivers\ql40xx.sys
11:49:28.0301 0x0d5c ql40xx - ok
11:49:28.0316 0x0d5c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
11:49:28.0327 0x0d5c QWAVE - ok
11:49:28.0334 0x0d5c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
11:49:28.0336 0x0d5c QWAVEdrv - ok
11:49:28.0342 0x0d5c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
11:49:28.0344 0x0d5c RasAcd - ok
11:49:28.0352 0x0d5c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
11:49:28.0355 0x0d5c RasAgileVpn - ok
11:49:28.0365 0x0d5c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
11:49:28.0371 0x0d5c RasAuto - ok
11:49:28.0382 0x0d5c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
11:49:28.0387 0x0d5c Rasl2tp - ok
11:49:28.0407 0x0d5c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
11:49:28.0422 0x0d5c RasMan - ok
11:49:28.0432 0x0d5c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
11:49:28.0436 0x0d5c RasPppoe - ok
11:49:28.0445 0x0d5c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
11:49:28.0449 0x0d5c RasSstp - ok
11:49:28.0466 0x0d5c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
11:49:28.0479 0x0d5c rdbss - ok
11:49:28.0484 0x0d5c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\drivers\rdpbus.sys
11:49:28.0486 0x0d5c rdpbus - ok
11:49:28.0493 0x0d5c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
11:49:28.0494 0x0d5c RDPCDD - ok
11:49:28.0501 0x0d5c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
11:49:28.0502 0x0d5c RDPENCDD - ok
11:49:28.0510 0x0d5c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
11:49:28.0511 0x0d5c RDPREFMP - ok
11:49:28.0520 0x0d5c [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
11:49:28.0522 0x0d5c RdpVideoMiniport - ok
11:49:28.0536 0x0d5c [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
11:49:28.0545 0x0d5c RDPWD - ok
11:49:28.0559 0x0d5c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
11:49:28.0568 0x0d5c rdyboost - ok
11:49:28.0617 0x0d5c [ 18505D90FEE940EE9EAE4C5B421F22B4, FA49B42F2B0BA89F77046F46C00F058A9AD3E60E555644361F858EC3F1D8BC61 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:49:28.0651 0x0d5c RegSrvc - ok
11:49:28.0661 0x0d5c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
11:49:28.0666 0x0d5c RemoteAccess - ok
11:49:28.0677 0x0d5c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
11:49:28.0686 0x0d5c RemoteRegistry - ok
11:49:28.0698 0x0d5c [ 5A227511ED22DDFEDF7EF7323C8F7D2F, 5056DED32432E192268BE8214B6152A488807357D1BBB769171843E589BF4320 ] risdxc C:\windows\system32\DRIVERS\risdxc64.sys
11:49:28.0703 0x0d5c risdxc - ok
11:49:28.0714 0x0d5c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
11:49:28.0719 0x0d5c RpcEptMapper - ok
11:49:28.0724 0x0d5c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
11:49:28.0726 0x0d5c RpcLocator - ok
11:49:28.0751 0x0d5c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll
11:49:28.0771 0x0d5c RpcSs - ok
11:49:28.0781 0x0d5c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
11:49:28.0785 0x0d5c rspndr - ok
11:49:28.0790 0x0d5c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\windows\system32\lsass.exe
11:49:28.0793 0x0d5c SamSs - ok
11:49:28.0802 0x0d5c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
11:49:28.0807 0x0d5c sbp2port - ok
11:49:28.0820 0x0d5c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
11:49:28.0830 0x0d5c SCardSvr - ok
11:49:28.0836 0x0d5c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
11:49:28.0838 0x0d5c scfilter - ok
11:49:28.0889 0x0d5c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll
11:49:28.0934 0x0d5c Schedule - ok
11:49:28.0944 0x0d5c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
11:49:28.0947 0x0d5c SCPolicySvc - ok
11:49:28.0960 0x0d5c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll
11:49:28.0968 0x0d5c SDRSVC - ok
11:49:28.0974 0x0d5c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
11:49:28.0976 0x0d5c secdrv - ok
11:49:28.0982 0x0d5c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
11:49:28.0986 0x0d5c seclogon - ok
11:49:28.0994 0x0d5c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\System32\sens.dll
11:49:28.0998 0x0d5c SENS - ok
11:49:29.0004 0x0d5c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
11:49:29.0008 0x0d5c SensrSvc - ok
11:49:29.0014 0x0d5c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\drivers\serenum.sys
11:49:29.0016 0x0d5c Serenum - ok
11:49:29.0024 0x0d5c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\drivers\serial.sys
11:49:29.0029 0x0d5c Serial - ok
11:49:29.0035 0x0d5c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\drivers\sermouse.sys
11:49:29.0037 0x0d5c sermouse - ok
11:49:29.0054 0x0d5c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
11:49:29.0061 0x0d5c SessionEnv - ok
11:49:29.0066 0x0d5c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
11:49:29.0068 0x0d5c sffdisk - ok
11:49:29.0073 0x0d5c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
11:49:29.0076 0x0d5c sffp_mmc - ok
11:49:29.0080 0x0d5c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
11:49:29.0082 0x0d5c sffp_sd - ok
11:49:29.0087 0x0d5c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
11:49:29.0089 0x0d5c sfloppy - ok
11:49:29.0125 0x0d5c [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
11:49:29.0151 0x0d5c Sftfs - ok
11:49:29.0178 0x0d5c [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:49:29.0201 0x0d5c sftlist - ok
11:49:29.0219 0x0d5c [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
11:49:29.0228 0x0d5c Sftplay - ok
11:49:29.0236 0x0d5c [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
11:49:29.0238 0x0d5c Sftredir - ok
11:49:29.0246 0x0d5c [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
11:49:29.0247 0x0d5c Sftvol - ok
11:49:29.0261 0x0d5c [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:49:29.0269 0x0d5c sftvsa - ok
11:49:29.0289 0x0d5c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
11:49:29.0307 0x0d5c SharedAccess - ok
11:49:29.0327 0x0d5c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:49:29.0344 0x0d5c ShellHWDetection - ok
11:49:29.0351 0x0d5c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
11:49:29.0353 0x0d5c SiSRaid2 - ok
11:49:29.0363 0x0d5c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
11:49:29.0367 0x0d5c SiSRaid4 - ok
11:49:29.0380 0x0d5c [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:49:29.0387 0x0d5c SkypeUpdate - ok
11:49:29.0397 0x0d5c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
11:49:29.0401 0x0d5c Smb - ok
11:49:29.0414 0x0d5c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
11:49:29.0416 0x0d5c SNMPTRAP - ok
11:49:29.0422 0x0d5c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
11:49:29.0423 0x0d5c spldr - ok
11:49:29.0452 0x0d5c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
11:49:29.0476 0x0d5c Spooler - ok
11:49:29.0620 0x0d5c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
11:49:29.0764 0x0d5c sppsvc - ok
11:49:29.0777 0x0d5c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
11:49:29.0782 0x0d5c sppuinotify - ok
11:49:29.0804 0x0d5c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys
11:49:29.0824 0x0d5c srv - ok
11:49:29.0844 0x0d5c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
11:49:29.0861 0x0d5c srv2 - ok
11:49:29.0872 0x0d5c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
11:49:29.0879 0x0d5c srvnet - ok
11:49:29.0892 0x0d5c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
11:49:29.0901 0x0d5c SSDPSRV - ok
11:49:29.0909 0x0d5c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
11:49:29.0914 0x0d5c SstpSvc - ok
11:49:29.0942 0x0d5c [ 2F3B5A3567FFB343D8867C3D34C687F1, D01971412506746B2EA1CBB0ACF9472889ABBC23318C1332BEC9C8256011183E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
11:49:29.0963 0x0d5c Steam Client Service - ok
11:49:29.0969 0x0d5c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\drivers\stexstor.sys
11:49:29.0971 0x0d5c stexstor - ok
11:49:30.0000 0x0d5c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll
11:49:30.0025 0x0d5c stisvc - ok
11:49:30.0031 0x0d5c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\DRIVERS\swenum.sys
11:49:30.0032 0x0d5c swenum - ok
11:49:30.0058 0x0d5c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
11:49:30.0082 0x0d5c swprv - ok
11:49:30.0147 0x0d5c [ F5B46DF59FEAA48A442AED7EEB754D4B, 8415FDD5E7B4D4819BB9B0937CDF254548C871045787958BCF708096204B1714 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
11:49:30.0196 0x0d5c SynTP - ok
11:49:30.0274 0x0d5c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll
11:49:30.0345 0x0d5c SysMain - ok
11:49:30.0356 0x0d5c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
11:49:30.0362 0x0d5c TabletInputService - ok
11:49:30.0379 0x0d5c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
11:49:30.0395 0x0d5c TapiSrv - ok
11:49:30.0406 0x0d5c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
11:49:30.0412 0x0d5c TBS - ok
11:49:30.0493 0x0d5c [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\windows\system32\drivers\tcpip.sys
11:49:30.0567 0x0d5c Tcpip - ok
11:49:30.0655 0x0d5c [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
11:49:30.0720 0x0d5c TCPIP6 - ok
11:49:30.0734 0x0d5c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
11:49:30.0736 0x0d5c tcpipreg - ok
11:49:30.0750 0x0d5c [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
11:49:30.0752 0x0d5c tdcmdpst - ok
11:49:30.0762 0x0d5c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
11:49:30.0764 0x0d5c TDPIPE - ok
11:49:30.0771 0x0d5c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
11:49:30.0773 0x0d5c TDTCP - ok
11:49:30.0783 0x0d5c [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\windows\system32\DRIVERS\tdx.sys
11:49:30.0788 0x0d5c tdx - ok
11:49:30.0796 0x0d5c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\DRIVERS\termdd.sys
11:49:30.0799 0x0d5c TermDD - ok
11:49:30.0831 0x0d5c [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\windows\System32\termsrv.dll
11:49:30.0860 0x0d5c TermService - ok
11:49:30.0868 0x0d5c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
11:49:30.0871 0x0d5c Themes - ok
11:49:30.0880 0x0d5c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
11:49:30.0884 0x0d5c THREADORDER - ok
11:49:30.0895 0x0d5c [ 71C321649B28638EE80A2EEB164C1DC8, D75D296B506DCC38A4DED82C71141388AEB60B065785DCC5BC2F4B3B77ACEDC7 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
11:49:30.0897 0x0d5c TMachInfo - ok
11:49:30.0908 0x0d5c [ 8E2C799D3476EAC32C3BA0DF7CE6AF19, CFE8A69E3F2A42C3BA2B38EC9233076D0AD32C441500E6407219F2E866905D9B ] TODDSrv C:\windows\system32\TODDSrv.exe
11:49:30.0916 0x0d5c TODDSrv - ok
11:49:30.0947 0x0d5c [ 6CDFED6845A29111E8AE1806196CDA2A, 1EF1016C8FC099F59A6614AB60728A7EA73A5CB5269407EC184CF00E49E7533B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
11:49:30.0972 0x0d5c TosCoSrv - ok
11:49:30.0990 0x0d5c [ 641387237B7AB2027E8FD810B8A63282, B71492BCA43E30A33E608BAE9A5E193C5BCAB0A54A7563F494A7A841D6869528 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
11:49:31.0002 0x0d5c TOSHIBA eco Utility Service - ok
11:49:31.0014 0x0d5c [ 29D0886CF250FCEF1BF9E65AB8D2C0C8, 8D852DB100AC68A07A6E2AD21198410EAAB36E83BB8BAEA71CB698680B5DCE71 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:49:31.0020 0x0d5c TOSHIBA HDD SSD Alert Service - ok
11:49:31.0047 0x0d5c [ 09FF7B0B1B5C3D225495CB6F5A9B39F8, 0D2CC72B7E02B92C9A1D6B76300B75A39427046903326642B9D511A51A795027 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
11:49:31.0066 0x0d5c tos_sps64 - ok
11:49:31.0106 0x0d5c [ 37521A8DF30A306CFC16326120ED09FB, E13B360716144C873BA47F8DACF804C8D7578869E6462BD512CE2E07660727AC ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
11:49:31.0139 0x0d5c TPCHSrv - ok
11:49:31.0147 0x0d5c [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\windows\system32\drivers\tpm.sys
11:49:31.0149 0x0d5c TPM - ok
11:49:31.0160 0x0d5c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
11:49:31.0167 0x0d5c TrkWks - ok
11:49:31.0181 0x0d5c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:49:31.0189 0x0d5c TrustedInstaller - ok
11:49:31.0199 0x0d5c [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
11:49:31.0201 0x0d5c tssecsrv - ok
11:49:31.0211 0x0d5c [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
11:49:31.0214 0x0d5c TsUsbFlt - ok
11:49:31.0220 0x0d5c [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
11:49:31.0224 0x0d5c TsUsbGD - ok
11:49:31.0235 0x0d5c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
11:49:31.0240 0x0d5c tunnel - ok
11:49:31.0248 0x0d5c [ EFFCE6E033EBDD0F3C0F14A413558F65, 576E7C8F1FBE874A0F8F7AA97FC19F472474CFD4A6F663034341E98FF5A28BB5 ] TVALZ C:\windows\system32\DRIVERS\TVALZ.SYS
11:49:31.0250 0x0d5c TVALZ - ok
11:49:31.0260 0x0d5c [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
11:49:31.0261 0x0d5c TVALZFL - ok
11:49:31.0268 0x0d5c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\drivers\uagp35.sys
11:49:31.0272 0x0d5c uagp35 - ok
11:49:31.0293 0x0d5c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
11:49:31.0309 0x0d5c udfs - ok
11:49:31.0320 0x0d5c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
11:49:31.0324 0x0d5c UI0Detect - ok
11:49:31.0331 0x0d5c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
11:49:31.0334 0x0d5c uliagpkx - ok
11:49:31.0342 0x0d5c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\DRIVERS\umbus.sys
11:49:31.0344 0x0d5c umbus - ok
11:49:31.0349 0x0d5c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\drivers\umpass.sys
11:49:31.0350 0x0d5c UmPass - ok
11:49:31.0460 0x0d5c [ D329A1589257FB671338E8CDBC6CB6DB, F7CF6DD0C131B46E1D2425A04FEF02AC497CC8B7368249C0F587C42EDB861738 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:49:31.0575 0x0d5c UNS - ok
11:49:31.0600 0x0d5c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
11:49:31.0618 0x0d5c upnphost - ok
11:49:31.0627 0x0d5c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
11:49:31.0631 0x0d5c usbccgp - ok
11:49:31.0641 0x0d5c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys
11:49:31.0646 0x0d5c usbcir - ok
11:49:31.0653 0x0d5c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\drivers\usbehci.sys
11:49:31.0656 0x0d5c usbehci - ok
11:49:31.0675 0x0d5c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
11:49:31.0688 0x0d5c usbhub - ok
11:49:31.0695 0x0d5c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\drivers\usbohci.sys
11:49:31.0697 0x0d5c usbohci - ok
11:49:31.0703 0x0d5c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
11:49:31.0706 0x0d5c usbprint - ok
11:49:31.0714 0x0d5c [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
11:49:31.0717 0x0d5c usbscan - ok
11:49:31.0726 0x0d5c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
11:49:31.0730 0x0d5c USBSTOR - ok
11:49:31.0738 0x0d5c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
11:49:31.0741 0x0d5c usbuhci - ok
11:49:31.0758 0x0d5c [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
11:49:31.0766 0x0d5c usbvideo - ok
11:49:31.0774 0x0d5c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
11:49:31.0777 0x0d5c UxSms - ok
11:49:31.0784 0x0d5c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\windows\system32\lsass.exe
11:49:31.0788 0x0d5c VaultSvc - ok
11:49:31.0796 0x0d5c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
11:49:31.0799 0x0d5c vdrvroot - ok
11:49:31.0827 0x0d5c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
11:49:31.0850 0x0d5c vds - ok
11:49:31.0857 0x0d5c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
11:49:31.0859 0x0d5c vga - ok
11:49:31.0864 0x0d5c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
11:49:31.0866 0x0d5c VgaSave - ok
11:49:31.0879 0x0d5c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
11:49:31.0889 0x0d5c vhdmp - ok
11:49:31.0895 0x0d5c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
11:49:31.0897 0x0d5c viaide - ok
11:49:31.0904 0x0d5c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
11:49:31.0908 0x0d5c volmgr - ok
11:49:31.0926 0x0d5c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
11:49:31.0941 0x0d5c volmgrx - ok
11:49:31.0958 0x0d5c [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\windows\system32\drivers\volsnap.sys
11:49:31.0970 0x0d5c volsnap - ok
11:49:31.0984 0x0d5c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\drivers\vsmraid.sys
11:49:31.0992 0x0d5c vsmraid - ok
11:49:32.0063 0x0d5c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
11:49:32.0133 0x0d5c VSS - ok
11:49:32.0142 0x0d5c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
11:49:32.0145 0x0d5c vwifibus - ok
11:49:32.0154 0x0d5c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
11:49:32.0158 0x0d5c vwififlt - ok
11:49:32.0166 0x0d5c [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
11:49:32.0168 0x0d5c vwifimp - ok
11:49:32.0191 0x0d5c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
11:49:32.0209 0x0d5c W32Time - ok
11:49:32.0222 0x0d5c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\drivers\wacompen.sys
11:49:32.0224 0x0d5c WacomPen - ok
11:49:32.0237 0x0d5c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
11:49:32.0242 0x0d5c WANARP - ok
11:49:32.0249 0x0d5c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
11:49:32.0253 0x0d5c Wanarpv6 - ok
11:49:32.0308 0x0d5c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
11:49:32.0358 0x0d5c WatAdminSvc - ok
11:49:32.0424 0x0d5c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
11:49:32.0486 0x0d5c wbengine - ok
11:49:32.0501 0x0d5c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
11:49:32.0512 0x0d5c WbioSrvc - ok
11:49:32.0530 0x0d5c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
11:49:32.0547 0x0d5c wcncsvc - ok
11:49:32.0555 0x0d5c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:49:32.0559 0x0d5c WcsPlugInService - ok
11:49:32.0565 0x0d5c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\drivers\wd.sys
11:49:32.0567 0x0d5c Wd - ok
11:49:32.0604 0x0d5c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
11:49:32.0635 0x0d5c Wdf01000 - ok
11:49:32.0645 0x0d5c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\windows\system32\wdi.dll
11:49:32.0650 0x0d5c WdiServiceHost - ok
11:49:32.0658 0x0d5c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\windows\system32\wdi.dll
11:49:32.0663 0x0d5c WdiSystemHost - ok
11:49:32.0679 0x0d5c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll
11:49:32.0691 0x0d5c WebClient - ok
11:49:32.0705 0x0d5c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
11:49:32.0716 0x0d5c Wecsvc - ok
11:49:32.0725 0x0d5c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
11:49:32.0731 0x0d5c wercplsupport - ok
11:49:32.0740 0x0d5c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
11:49:32.0745 0x0d5c WerSvc - ok
11:49:32.0750 0x0d5c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
11:49:32.0752 0x0d5c WfpLwf - ok
11:49:32.0761 0x0d5c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
11:49:32.0763 0x0d5c WIMMount - ok
11:49:32.0768 0x0d5c WinDefend - ok
11:49:32.0778 0x0d5c WinHttpAutoProxySvc - ok
11:49:32.0802 0x0d5c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
11:49:32.0812 0x0d5c Winmgmt - ok
11:49:32.0896 0x0d5c [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\windows\system32\WsmSvc.dll
11:49:32.0977 0x0d5c WinRM - ok
11:49:32.0996 0x0d5c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
11:49:33.0000 0x0d5c WinUsb - ok
11:49:33.0040 0x0d5c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
11:49:33.0077 0x0d5c Wlansvc - ok
11:49:33.0086 0x0d5c [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:49:33.0089 0x0d5c wlcrasvc - ok
11:49:33.0185 0x0d5c [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:49:33.0276 0x0d5c wlidsvc - ok
11:49:33.0285 0x0d5c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
11:49:33.0287 0x0d5c WmiAcpi - ok
11:49:33.0302 0x0d5c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
11:49:33.0311 0x0d5c wmiApSrv - ok
11:49:33.0319 0x0d5c WMPNetworkSvc - ok
11:49:33.0327 0x0d5c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
11:49:33.0330 0x0d5c WPCSvc - ok
11:49:33.0339 0x0d5c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
11:49:33.0346 0x0d5c WPDBusEnum - ok
11:49:33.0352 0x0d5c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
11:49:33.0354 0x0d5c ws2ifsl - ok
11:49:33.0363 0x0d5c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\System32\wscsvc.dll
11:49:33.0369 0x0d5c wscsvc - ok
11:49:33.0374 0x0d5c WSearch - ok
11:49:33.0479 0x0d5c [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\windows\system32\wuaueng.dll
11:49:33.0576 0x0d5c wuauserv - ok
11:49:33.0589 0x0d5c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
11:49:33.0594 0x0d5c WudfPf - ok
11:49:33.0607 0x0d5c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
11:49:33.0616 0x0d5c WUDFRd - ok
11:49:33.0626 0x0d5c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
11:49:33.0631 0x0d5c wudfsvc - ok
11:49:33.0646 0x0d5c [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\windows\System32\wwansvc.dll
11:49:33.0658 0x0d5c WwanSvc - ok
11:49:33.0676 0x0d5c ================ Scan global ===============================
11:49:33.0682 0x0d5c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
11:49:33.0696 0x0d5c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
11:49:33.0716 0x0d5c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
11:49:33.0730 0x0d5c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
11:49:33.0749 0x0d5c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
Sellon05
Active Member
 
Posts: 13
Joined: March 9th, 2014, 11:41 pm

Re: www-search.net is taking over, need help

Unread postby Sellon05 » March 11th, 2014, 1:52 pm

11:49:33.0763 0x0d5c [ Global ] - ok
11:49:33.0764 0x0d5c ================ Scan MBR ==================================
11:49:33.0767 0x0d5c [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
11:49:33.0877 0x0d5c \Device\Harddisk0\DR0 - ok
11:49:33.0877 0x0d5c ================ Scan VBR ==================================
11:49:33.0881 0x0d5c [ 868FC2D835896AFBAB5387B959C7BC76 ] \Device\Harddisk0\DR0\Partition1
11:49:33.0883 0x0d5c \Device\Harddisk0\DR0\Partition1 - ok
11:49:33.0883 0x0d5c Waiting for KSN requests completion. In queue: 322
11:49:34.0884 0x0d5c Waiting for KSN requests completion. In queue: 322
11:49:35.0884 0x0d5c Waiting for KSN requests completion. In queue: 322
11:49:36.0908 0x0d5c AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x60000 ( disabled : updated )
11:49:36.0914 0x0d5c Win FW state via NFP2: enabled
11:49:39.0500 0x0d5c ============================================================
11:49:39.0500 0x0d5c Scan finished
11:49:39.0500 0x0d5c ============================================================
11:49:39.0513 0x0bbc Detected object count: 0
11:49:39.0513 0x0bbc Actual detected object count: 0
Sellon05
Active Member
 
Posts: 13
Joined: March 9th, 2014, 11:41 pm

Re: www-search.net is taking over, need help

Unread postby Cypher » March 11th, 2014, 2:01 pm

Hi,
Still having problems? if yes are all three browsers still affected?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: www-search.net is taking over, need help

Unread postby Sellon05 » March 11th, 2014, 2:02 pm

Everything seems to be running smoothly now, no sign of Tuvaro at all!
Sellon05
Active Member
 
Posts: 13
Joined: March 9th, 2014, 11:41 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware