Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

E Mail Download Fails Due To virus Error


  • Please log in to reply

#1
wmw

wmw

    Member

  • Member
  • PipPip
  • 10 posts
Hi,

I can't download any kinds of files through Gmail or Yahoo E-mail after I upgraded my laptop to IE10 and the latest version of gmail. Same result with Firefox and Googe Chrrome. The same download works fine on other PC's. My laptop runs W7 Ultimate SP 1 with SuperAntiSpyMare and Microsoft Seccurity Essentials. The virus error is still there after I uninstall Google Chrome and IE7. Please help.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Do you have AVG? This seems to be a common problem with them. Following is a work around which should allow you to download again. It disables the scan after download so you should manually scan any file you download.

Copy the lines between the stars (but not the stars):

****************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"ScanWithAntiVirus"=dword:00000001


****************

Open notepad and paste the above into it. Verify that you have it all then File, Save As, (to your desktop) "NoScan.reg" OK (Make sure you includes the quotes around the file name)

Close notepad. Right click on NoScan.reg and select Merge. Allow it to merge. (If you don't see the Merge option you probably left off the quotes and notepad tacked on .txt)


I've also seen people claim that renaming the Windows Defender folder in Program Files will then allow downloads but haven't tried it myself.

Ron
  • 0

#3
wmw

wmw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Ron,

I don't have AVG in my laptop. Clicking "Download" gets no respnse at all after I reduced the Registry count "ScanWithAntiVirus". I tried renaming Window Defender folder and result is the same. The next thing I'll try will be removing SuperAntiSpyWare or Microsoft Security Essentials. Can you think of any others?

Warren
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.



Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#5
wmw

wmw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Ron,

I ran OTL as administrator in Safe Mode with Networking.
OTL hangs right after displaying "Search Pattern c:/windows/system32/config/systemprofile/AppData/local/microsft/Internet Explorer/Recovery/high/active/{FFF2xxxx......". No _OTL folder is created. No result file is created.

I ran Farbar Service in Safe Mode with Networking as administrator successful. The following is the content in the test file:

Farbar Service Scanner Version: 08-07-2013
Ran by Admin (administrator) on 08-07-2013 at 12:30:04
Running from "F:\Files\FSS"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Let's see if we can get DDS to run:

Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool. (Vista and Win 7 please right click and Run As Admin)
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


Lot of services not running. Let's see if we can fix them.


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.

Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#7
wmw

wmw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Ron,

Should I run these test programs in safe mode or regular mode? I'm having the problem of missing desktop and taskbar icons in regular mode.


Warren
  • 0

#8
wmw

wmw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Ron,

I ran all tests in real mode with as administrator.

DDS ran a long while quietly without producing any test resuts.

Service Repair seems to work O.K.

==== View system result =====
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 7/8/2013 8:23:49 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 9/7/2013 3:13:35 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The WinDefend service terminated with the following error: Access is denied.

Log: 'System' Date/Time: 9/7/2013 3:11:30 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 9/7/2013 3:11:30 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the User Profile Service service to connect.

Log: 'System' Date/Time: 9/7/2013 3:11:00 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 9/7/2013 3:11:00 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Group Policy Client service to connect.

Log: 'System' Date/Time: 9/7/2013 3:10:30 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 9/7/2013 3:10:30 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 9/7/2013 3:10:30 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.

Log: 'System' Date/Time: 9/7/2013 3:09:58 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microsoft Antimalware Service service failed to start due to the following error: Access is denied.

Log: 'System' Date/Time: 9/7/2013 3:04:12 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The WinDefend service terminated with the following error: Access is denied.

Log: 'System' Date/Time: 9/7/2013 3:02:08 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 9/7/2013 3:02:08 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the User Profile Service service to connect.

Log: 'System' Date/Time: 9/7/2013 3:01:38 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 9/7/2013 3:01:38 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Group Policy Client service to connect.

Log: 'System' Date/Time: 9/7/2013 3:01:08 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 9/7/2013 3:01:08 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 9/7/2013 3:01:08 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.

Log: 'System' Date/Time: 9/7/2013 3:00:37 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microsoft Antimalware Service service failed to start due to the following error: Access is denied.

Log: 'System' Date/Time: 9/7/2013 2:50:03 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The WinDefend service terminated with the following error: Access is denied.

Log: 'System' Date/Time: 9/7/2013 2:47:59 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 9/7/2013 3:11:34 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_1100#9J530FKV5A47IB95&0#.

Log: 'System' Date/Time: 9/7/2013 3:10:07 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 9/7/2013 3:08:58 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 9/7/2013 3:02:11 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_1100#9J530FKV5A47IB95&0#.

Log: 'System' Date/Time: 9/7/2013 3:00:46 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 9/7/2013 2:59:48 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 9/7/2013 2:48:03 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_1100#9J530FKV5A47IB95&0#.

Log: 'System' Date/Time: 9/7/2013 2:46:37 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 9/7/2013 2:45:39 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 9/7/2013 2:42:16 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_1100#9J530FKV5A47IB95&0#.

Log: 'System' Date/Time: 9/7/2013 2:40:50 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 9/7/2013 2:39:40 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

==== View Application result ====

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 7/8/2013 8:31:09 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 9/7/2013 3:11:33 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 9/7/2013 3:02:16 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 9/7/2013 2:48:08 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 9/7/2013 2:42:17 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 9/7/2013 3:23:30 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 17 user registry handles leaked from \Registry\User\S-1-5-21-1371944425-3764896818-1080939326-1003:
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\MSF\Registration\Listen
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Policies
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows NT\CurrentVersion
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\HomeGroup\Printers
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\Shell
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Office\12.0\Groove\Development
Process 384 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count


Log: 'Application' Date/Time: 9/7/2013 3:14:01 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 9/7/2013 3:14:00 AM
Type: Warning Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 9/7/2013 3:14:00 AM
Type: Warning Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 9/7/2013 3:13:36 AM
Type: Warning Category: 3
Event: 3086 Source: Microsoft-Windows-Search
The system locale has changed. Existing data will be deleted and the index must be recreated.

Context: Application, SystemIndex Catalog


Log: 'Application' Date/Time: 9/7/2013 3:11:02 AM
Type: Warning Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 9/7/2013 3:08:55 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1371944425-3764896818-1080939326-1003:
Process 3088 (\Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003
Process 3088 (\Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\mozilla\Firefox\Extensions
Process 3088 (\Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Process 3088 (\Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3088 (\Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Internet Explorer\SearchScopes


Log: 'Application' Date/Time: 9/7/2013 3:08:55 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 9/7/2013 3:08:54 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 9/7/2013 3:02:51 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 0 user registry handles leaked from \Registry\User\S-1-5-21-1371944425-3764896818-1080939326-1003_Classes:


Log: 'Application' Date/Time: 9/7/2013 3:02:51 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 33 user registry handles leaked from \Registry\User\S-1-5-21-1371944425-3764896818-1080939326-1003:
Process 872 (\Device\HarddiskVolume2\Windows\System32\dwm.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003
Process 1200 (\Device\HarddiskVolume2\Windows\System32\taskhost.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003
Process 804 (\Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 804 (\Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\mozilla\Firefox\Extensions
Process 1200 (\Device\HarddiskVolume2\Windows\System32\taskhost.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Control Panel\Input Method\Hot Keys
Process 1200 (\Device\HarddiskVolume2\Windows\System32\taskhost.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\CTF\DirectSwitchHotkeys
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\MSF\Registration\Listen
Process 1200 (\Device\HarddiskVolume2\Windows\System32\taskhost.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Keyboard Layout\Preload
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Policies
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Process 1200 (\Device\HarddiskVolume2\Windows\System32\taskhost.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\CTF\Assemblies
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows NT\CurrentVersion
Process 1200 (\Device\HarddiskVolume2\Windows\System32\taskhost.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Run
Process 1200 (\Device\HarddiskVolume2\Windows\System32\taskhost.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Keyboard Layout\Toggle
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 1200 (\Device\HarddiskVolume2\Windows\System32\taskhost.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Keyboard Layout
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\HomeGroup\Printers
Process 804 (\Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Process 1200 (\Device\HarddiskVolume2\Windows\System32\taskhost.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\CTF\SortOrder
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 804 (\Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
Process 1200 (\Device\HarddiskVolume2\Windows\System32\taskhost.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\CTF\TIP
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\Shell
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Office\12.0\Groove\Development
Process 804 (\Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Internet Explorer\SearchScopes
Process 1512 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count


Log: 'Application' Date/Time: 9/7/2013 3:02:13 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 9/7/2013 3:02:12 AM
Type: Warning Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 9/7/2013 3:02:12 AM
Type: Warning Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 9/7/2013 3:01:40 AM
Type: Warning Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 9/7/2013 2:59:45 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 9/7/2013 2:59:45 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 9/7/2013 2:51:15 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 23 user registry handles leaked from \Registry\User\S-1-5-21-1371944425-3764896818-1080939326-1003:
Process 1200 (\Device\HarddiskVolume2\Windows\System32\dwm.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003
Process 1532 (\Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1532 (\Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\mozilla\Firefox\Extensions
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\MSF\Registration\Listen
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Policies
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows NT\CurrentVersion
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\HomeGroup\Printers
Process 1532 (\Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1532 (\Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\Shell
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Office\12.0\Groove\Development
Process 1532 (\Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Internet Explorer\SearchScopes
Process 1560 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count


Log: 'Application' Date/Time: 9/7/2013 2:48:03 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 9/7/2013 2:48:03 AM
Type: Warning Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.

==== Farbar Test Result ====
Farbar Service Scanner Version: 08-07-2013
Ran by Admin (administrator) on 08-07-2013 at 20:32:21
Running from "F:\Files\FSS"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


Warren
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Let's try HijackThis:

http://www.filehippo...oad_hijackthis/

Been a while since I've had to use this. This is the installer version so you have to let it install (right click on it and Run As Admin). When it finishes there will be an icon on your desktop. Click on it. It will give you and then a menu. We want the first option to Scan and Log. Then copy and paste the log.

Appears that you have Vista or Win 7 so we can run some other scans and see if any of them work:



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

  • 0

#10
wmw

wmw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Ron,

Win7 didn't install Hijackthis saying "System Administrator has a policies to deny the installation". I need to figure out how to reset the policies.

ComboFix
========
I let ComboFix stay on for more than a hour. combofix.txt was not produced.

aswMBR.ex
=========
file 1
------
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-09 14:13:18
-----------------------------
14:13:18.095 OS Version: Windows 6.1.7601 Service Pack 1
14:13:18.095 Number of processors: 2 586 0xE0C
14:13:18.095 ComputerName: WARREN-PC UserName: Admin
14:13:23.025 Initialize success
14:13:43.897 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:13:43.897 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC70P Size: 152627MB BusType: 3
14:13:43.929 Disk 0 MBR read successfully
14:13:43.929 Disk 0 MBR scan
14:13:43.929 Disk 0 Windows 7 default MBR code
14:13:43.944 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSWIN4.1 8001 MB offset 63
14:13:43.960 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72316 MB offset 16386300
14:13:43.975 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 72308 MB offset 164489535
14:13:43.991 Disk 0 scanning sectors +312576705
14:13:44.069 Disk 0 scanning C:\Windows\system32\drivers
14:13:54.006 Service scanning
14:14:38.435 Modules scanning
14:15:49.384 Scan finished successfully
14:16:50.302 Disk 0 MBR has been saved successfully to "F:\Problem - Down Load\MBR.dat"
14:16:50.349 The log file has been saved successfully to "F:\Problem - Down Load\aswMBR.txt"




file 2
--------
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-09 14:08:06
-----------------------------
14:08:06.196 OS Version: Windows 6.1.7601 Service Pack 1
14:08:06.196 Number of processors: 2 586 0xE0C
14:08:06.196 ComputerName: WARREN-PC UserName: Admin
14:08:16.913 Initialize success
14:09:51.309 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:09:51.309 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC70P Size: 152627MB BusType: 3
14:09:51.387 Disk 0 MBR read successfully
14:09:51.387 Disk 0 MBR scan
14:09:51.387 Disk 0 Windows 7 default MBR code
14:09:51.387 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSWIN4.1 8001 MB offset 63
14:09:51.418 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72316 MB offset 16386300
14:09:51.449 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 72308 MB offset 164489535
14:09:51.449 Disk 0 scanning sectors +312576705
14:09:51.512 Disk 0 scanning C:\Windows\system32\drivers
14:10:00.879 Service scanning
14:10:37.508 Modules scanning
14:11:05.994 Scan finished successfully
14:12:52.714 Disk 0 MBR has been saved successfully to "F:\Problem - Down Load\MBR.dat"
14:12:53.260 The log file has been saved successfully to "F:\Problem - Down Load\aswMBR 1.txt"


file 3
-------
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-09 22:40:31
-----------------------------
22:40:31.772 OS Version: Windows 6.1.7601 Service Pack 1
22:40:31.772 Number of processors: 2 586 0xE0C
22:40:31.772 ComputerName: WARREN-PC UserName: Admin
22:40:40.493 Initialize success
22:40:56.405 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:40:56.405 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC70P Size: 152627MB BusType: 3
22:40:56.514 Disk 0 MBR read successfully
22:40:56.514 Disk 0 MBR scan
22:40:56.530 Disk 0 Windows 7 default MBR code
22:40:56.561 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSWIN4.1 8001 MB offset 63
22:40:56.608 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72316 MB offset 16386300
22:40:56.639 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 72308 MB offset 164489535
22:40:56.654 Disk 0 scanning sectors +312576705
22:40:56.998 Disk 0 scanning C:\Windows\system32\drivers
22:41:19.774 Service scanning
22:43:09.801 Modules scanning
22:44:01.577 Disk 0 trace - called modules:
22:44:01.608 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x847481f8]<<
22:44:01.624 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85543758]
22:44:01.624 3 CLASSPNP.SYS[877a259e] -> nt!IofCallDriver -> [0x85478020]
22:44:01.640 5 ACPI.sys[872103d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x847d1610]
22:44:01.640 \Driver\atapi[0x854607d0] -> IRP_MJ_CREATE -> 0x847481f8
22:44:01.655 Scan finished successfully
22:45:03.759 Disk 0 MBR has been saved successfully to "F:\Problem - Down Load\MBR.dat"
22:45:03.775 The log file has been saved successfully to "F:\Problem - Down Load\aswMBR 2.txt"



TDSSkiller Output
=================
20:28:40.0774 1280 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:28:42.0818 1280 ============================================================
20:28:42.0818 1280 Current date / time: 2013/07/09 20:28:42.0818
20:28:42.0818 1280 SystemInfo:
20:28:42.0818 1280
20:28:42.0833 1280 OS Version: 6.1.7601 ServicePack: 1.0
20:28:42.0833 1280 Product type: Workstation
20:28:42.0833 1280 ComputerName: WARREN-PC
20:28:42.0833 1280 UserName: Admin
20:28:42.0833 1280 Windows directory: C:\Windows
20:28:42.0833 1280 System windows directory: C:\Windows
20:28:42.0833 1280 Processor architecture: Intel x86
20:28:42.0833 1280 Number of processors: 2
20:28:42.0833 1280 Page size: 0x1000
20:28:42.0833 1280 Boot type: Safe boot with network
20:28:42.0833 1280 ============================================================
20:28:48.0168 1280 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:28:48.0200 1280 Drive \Device\Harddisk1\DR1 - Size: 0x1E0000000 (7.50 Gb), SectorSize: 0x200, Cylinders: 0x3D3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:28:48.0200 1280 ============================================================
20:28:48.0200 1280 \Device\Harddisk0\DR0:
20:28:48.0215 1280 MBR partitions:
20:28:48.0215 1280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFA08FC, BlocksNum 0x8D3E043
20:28:48.0215 1280 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9CDE93F, BlocksNum 0x8D3A182
20:28:48.0215 1280 \Device\Harddisk1\DR1:
20:28:48.0215 1280 MBR partitions:
20:28:48.0215 1280 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x848, BlocksNum 0xEFF7B8
20:28:48.0215 1280 ============================================================
20:28:48.0480 1280 C: <-> \Device\Harddisk0\DR0\Partition1
20:28:48.0605 1280 D: <-> \Device\Harddisk0\DR0\Partition2
20:28:48.0605 1280 ============================================================
20:28:48.0636 1280 Initialize success
20:28:48.0636 1280 ============================================================
20:30:44.0201 0832 ============================================================
20:30:44.0201 0832 Scan started
20:30:44.0201 0832 Mode: Manual; SigCheck; TDLFS;
20:30:44.0201 0832 ============================================================
20:30:51.0877 0832 ================ Scan system memory ========================
20:30:51.0877 0832 System memory - ok
20:30:51.0877 0832 ================ Scan services =============================
20:30:52.0267 0832 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:30:53.0639 0832 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
20:30:53.0639 0832 !SASCORE - detected UnsignedFile.Multi.Generic (1)
20:30:55.0293 0832 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:30:55.0761 0832 1394ohci - ok
20:30:55.0870 0832 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:30:55.0933 0832 ACPI - ok
20:30:56.0042 0832 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:30:56.0463 0832 AcpiPmi - ok
20:30:56.0900 0832 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:30:57.0071 0832 AdobeARMservice - ok
20:30:57.0368 0832 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:30:57.0461 0832 AdobeFlashPlayerUpdateSvc - ok
20:30:57.0711 0832 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:30:57.0789 0832 adp94xx - ok
20:30:57.0929 0832 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:30:57.0976 0832 adpahci - ok
20:30:58.0085 0832 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:30:58.0132 0832 adpu320 - ok
20:30:58.0195 0832 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:30:59.0645 0832 AeLookupSvc - ok
20:30:59.0817 0832 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:31:00.0035 0832 AFD - ok
20:31:00.0363 0832 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
20:31:00.0659 0832 AgereSoftModem - ok
20:31:00.0722 0832 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:31:00.0815 0832 agp440 - ok
20:31:00.0893 0832 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:31:00.0987 0832 aic78xx - ok
20:31:01.0174 0832 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:31:01.0361 0832 ALG - ok
20:31:01.0424 0832 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:31:01.0471 0832 aliide - ok
20:31:01.0533 0832 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:31:01.0611 0832 amdagp - ok
20:31:01.0642 0832 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:31:01.0689 0832 amdide - ok
20:31:01.0751 0832 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:31:01.0845 0832 AmdK8 - ok
20:31:01.0892 0832 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:31:02.0017 0832 AmdPPM - ok
20:31:02.0173 0832 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:31:02.0251 0832 amdsata - ok
20:31:02.0329 0832 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:31:02.0391 0832 amdsbs - ok
20:31:02.0453 0832 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:31:02.0531 0832 amdxata - ok
20:31:02.0656 0832 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:31:02.0812 0832 AppID - ok
20:31:02.0906 0832 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:31:03.0031 0832 AppIDSvc - ok
20:31:03.0140 0832 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
20:31:03.0436 0832 Appinfo - ok
20:31:03.0577 0832 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
20:31:03.0764 0832 AppMgmt - ok
20:31:03.0857 0832 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
20:31:03.0935 0832 arc - ok
20:31:03.0967 0832 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:31:04.0045 0832 arcsas - ok
20:31:04.0669 0832 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:31:04.0903 0832 aspnet_state - ok
20:31:05.0074 0832 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:31:06.0899 0832 AsyncMac - ok
20:31:06.0977 0832 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:31:07.0009 0832 atapi - ok
20:31:07.0196 0832 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:31:07.0336 0832 AudioEndpointBuilder - ok
20:31:07.0445 0832 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:31:07.0523 0832 Audiosrv - ok
20:31:07.0664 0832 [ 22C022AC526880D06238558D8B6CEDDF ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
20:31:07.0898 0832 avgtp - ok
20:31:07.0976 0832 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:31:08.0319 0832 AxInstSV - ok
20:31:08.0491 0832 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
20:31:08.0678 0832 b06bdrv - ok
20:31:08.0818 0832 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:31:08.0896 0832 b57nd60x - ok
20:31:09.0130 0832 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:31:09.0364 0832 BDESVC - ok
20:31:09.0458 0832 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:31:09.0583 0832 Beep - ok
20:31:09.0770 0832 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:31:09.0895 0832 BFE - ok
20:31:10.0160 0832 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
20:31:10.0519 0832 BITS - ok
20:31:10.0597 0832 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:31:10.0675 0832 blbdrive - ok
20:31:10.0737 0832 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:31:10.0862 0832 bowser - ok
20:31:10.0893 0832 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:31:10.0971 0832 BrFiltLo - ok
20:31:11.0096 0832 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:31:11.0174 0832 BrFiltUp - ok
20:31:11.0392 0832 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:31:11.0517 0832 BridgeMP - ok
20:31:11.0611 0832 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:31:11.0767 0832 Browser - ok
20:31:12.0796 0832 [ 981794879E8FD26CDD6ABCFF3F3F65EF ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
20:31:13.0249 0832 BrowserProtect - ok
20:31:13.0358 0832 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:31:13.0436 0832 Brserid - ok
20:31:13.0467 0832 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:31:13.0545 0832 BrSerWdm - ok
20:31:13.0576 0832 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:31:13.0670 0832 BrUsbMdm - ok
20:31:13.0685 0832 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:31:13.0826 0832 BrUsbSer - ok
20:31:13.0857 0832 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:31:13.0951 0832 BTHMODEM - ok
20:31:14.0044 0832 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:31:14.0169 0832 bthserv - ok
20:31:14.0294 0832 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:31:14.0387 0832 cdfs - ok
20:31:14.0497 0832 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:31:14.0575 0832 cdrom - ok
20:31:14.0715 0832 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:31:14.0871 0832 CertPropSvc - ok
20:31:14.0980 0832 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
20:31:15.0058 0832 circlass - ok
20:31:15.0152 0832 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:31:15.0214 0832 CLFS - ok
20:31:15.0495 0832 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:31:15.0589 0832 clr_optimization_v2.0.50727_32 - ok
20:31:15.0776 0832 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:31:16.0400 0832 clr_optimization_v4.0.30319_32 - ok
20:31:16.0447 0832 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:31:16.0540 0832 CmBatt - ok
20:31:16.0571 0832 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:31:16.0618 0832 cmdide - ok
20:31:16.0727 0832 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
20:31:16.0883 0832 CNG - ok
20:31:16.0977 0832 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:31:17.0024 0832 Compbatt - ok
20:31:17.0102 0832 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:31:17.0180 0832 CompositeBus - ok
20:31:17.0227 0832 COMSysApp - ok
20:31:17.0258 0832 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:31:17.0305 0832 crcdisk - ok
20:31:17.0429 0832 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:31:17.0570 0832 CryptSvc - ok
20:31:17.0679 0832 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
20:31:17.0866 0832 CSC - ok
20:31:18.0069 0832 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
20:31:18.0163 0832 CscService - ok
20:31:18.0334 0832 [ BFA04E060F1F26C92F62958757C47BDB ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
20:31:18.0397 0832 dc3d - ok
20:31:18.0568 0832 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:31:18.0662 0832 DcomLaunch - ok
20:31:18.0771 0832 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:31:18.0911 0832 defragsvc - ok
20:31:18.0989 0832 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:31:19.0099 0832 DfsC - ok
20:31:19.0239 0832 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:31:19.0364 0832 Dhcp - ok
20:31:19.0411 0832 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:31:19.0551 0832 discache - ok
20:31:19.0660 0832 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
20:31:19.0738 0832 Disk - ok
20:31:19.0801 0832 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
20:31:20.0003 0832 dmvsc - ok
20:31:20.0081 0832 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:31:20.0222 0832 Dnscache - ok
20:31:20.0315 0832 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:31:20.0440 0832 dot3svc - ok
20:31:20.0487 0832 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:31:20.0643 0832 DPS - ok
20:31:20.0705 0832 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:31:20.0783 0832 drmkaud - ok
20:31:21.0033 0832 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:31:21.0127 0832 DXGKrnl - ok
20:31:21.0205 0832 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:31:21.0314 0832 EapHost - ok
20:31:22.0047 0832 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
20:31:22.0375 0832 ebdrv - ok
20:31:22.0437 0832 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:31:22.0624 0832 EFS - ok
20:31:22.0921 0832 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:31:23.0170 0832 ehRecvr - ok
20:31:23.0233 0832 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:31:23.0295 0832 ehSched - ok
20:31:23.0435 0832 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:31:23.0498 0832 elxstor - ok
20:31:23.0529 0832 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:31:23.0591 0832 ErrDev - ok
20:31:23.0716 0832 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:31:23.0825 0832 EventSystem - ok
20:31:23.0919 0832 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:31:23.0997 0832 exfat - ok
20:31:24.0044 0832 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:31:24.0153 0832 fastfat - ok
20:31:24.0356 0832 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:31:24.0559 0832 Fax - ok
20:31:24.0621 0832 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
20:31:24.0683 0832 fdc - ok
20:31:24.0746 0832 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:31:24.0871 0832 fdPHost - ok
20:31:24.0902 0832 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:31:25.0027 0832 FDResPub - ok
20:31:25.0058 0832 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:31:25.0136 0832 FileInfo - ok
20:31:25.0183 0832 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:31:25.0323 0832 Filetrace - ok
20:31:25.0385 0832 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:31:25.0448 0832 flpydisk - ok
20:31:25.0541 0832 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:31:25.0604 0832 FltMgr - ok
20:31:25.0869 0832 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
20:31:26.0134 0832 FontCache - ok
20:31:26.0353 0832 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:31:26.0446 0832 FontCache3.0.0.0 - ok
20:31:26.0509 0832 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:31:26.0555 0832 FsDepends - ok
20:31:26.0618 0832 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:31:26.0680 0832 Fs_Rec - ok
20:31:26.0805 0832 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:31:26.0883 0832 fvevol - ok
20:31:26.0961 0832 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:31:27.0023 0832 gagp30kx - ok
20:31:27.0133 0832 ghfxftlm - ok
20:31:27.0304 0832 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:31:27.0429 0832 gpsvc - ok
20:31:27.0476 0832 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:31:27.0679 0832 hcw85cir - ok
20:31:27.0866 0832 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:31:27.0959 0832 HdAudAddService - ok
20:31:28.0022 0832 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:31:28.0147 0832 HDAudBus - ok
20:31:28.0209 0832 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:31:28.0287 0832 HidBatt - ok
20:31:28.0318 0832 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:31:28.0396 0832 HidBth - ok
20:31:28.0474 0832 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:31:28.0568 0832 HidIr - ok
20:31:28.0615 0832 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
20:31:28.0724 0832 hidserv - ok
20:31:28.0880 0832 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:31:28.0958 0832 HidUsb - ok
20:31:29.0036 0832 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:31:29.0129 0832 hkmsvc - ok
20:31:29.0207 0832 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:31:29.0363 0832 HomeGroupListener - ok
20:31:29.0441 0832 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:31:29.0551 0832 HomeGroupProvider - ok
20:31:29.0644 0832 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:31:29.0707 0832 HpSAMD - ok
20:31:29.0878 0832 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:31:29.0987 0832 HTTP - ok
20:31:30.0019 0832 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:31:30.0065 0832 hwpolicy - ok
20:31:30.0190 0832 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:31:30.0284 0832 i8042prt - ok
20:31:30.0440 0832 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:31:30.0487 0832 iaStorV - ok
20:31:30.0783 0832 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:31:30.0892 0832 idsvc - ok
20:31:32.0062 0832 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
20:31:32.0639 0832 igfx - ok
20:31:32.0749 0832 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:31:32.0827 0832 iirsp - ok
20:31:33.0045 0832 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:31:33.0170 0832 IKEEXT - ok
20:31:33.0217 0832 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:31:33.0263 0832 intelide - ok
20:31:33.0341 0832 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:31:33.0404 0832 intelppm - ok
20:31:33.0466 0832 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:31:33.0560 0832 IPBusEnum - ok
20:31:33.0591 0832 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:31:33.0685 0832 IpFilterDriver - ok
20:31:33.0841 0832 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
20:31:34.0043 0832 IpHlpSvc - ok
20:31:34.0106 0832 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:31:34.0168 0832 IPMIDRV - ok
20:31:34.0215 0832 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:31:34.0324 0832 IPNAT - ok
20:31:34.0402 0832 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:31:34.0480 0832 IRENUM - ok
20:31:34.0543 0832 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:31:34.0621 0832 isapnp - ok
20:31:34.0699 0832 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:31:34.0808 0832 iScsiPrt - ok
20:31:34.0886 0832 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:31:34.0948 0832 kbdclass - ok
20:31:34.0995 0832 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:31:35.0057 0832 kbdhid - ok
20:31:35.0089 0832 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:31:35.0120 0832 KeyIso - ok
20:31:35.0182 0832 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:31:35.0260 0832 KSecDD - ok
20:31:35.0323 0832 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:31:35.0369 0832 KSecPkg - ok
20:31:35.0494 0832 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:31:35.0619 0832 KtmRm - ok
20:31:35.0806 0832 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
20:31:35.0900 0832 LanmanServer - ok
20:31:36.0025 0832 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:31:36.0149 0832 LanmanWorkstation - ok
20:31:36.0259 0832 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:31:36.0368 0832 lltdio - ok
20:31:36.0446 0832 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:31:36.0555 0832 lltdsvc - ok
20:31:36.0586 0832 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:31:36.0695 0832 lmhosts - ok
20:31:36.0742 0832 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:31:36.0805 0832 LSI_FC - ok
20:31:36.0867 0832 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:31:36.0929 0832 LSI_SAS - ok
20:31:36.0992 0832 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:31:37.0054 0832 LSI_SAS2 - ok
20:31:37.0117 0832 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:31:37.0195 0832 LSI_SCSI - ok
20:31:37.0241 0832 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:31:37.0366 0832 luafv - ok
20:31:37.0413 0832 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:31:37.0491 0832 Mcx2Svc - ok
20:31:37.0538 0832 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
20:31:37.0600 0832 megasas - ok
20:31:37.0694 0832 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:31:37.0741 0832 MegaSR - ok
20:31:38.0099 0832 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:31:38.0209 0832 Microsoft Office Groove Audit Service - ok
20:31:38.0271 0832 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:31:38.0396 0832 MMCSS - ok
20:31:38.0427 0832 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:31:38.0552 0832 Modem - ok
20:31:38.0645 0832 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:31:38.0739 0832 monitor - ok
20:31:38.0817 0832 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:31:38.0864 0832 mouclass - ok
20:31:38.0973 0832 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:31:39.0067 0832 mouhid - ok
20:31:39.0098 0832 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:31:39.0145 0832 mountmgr - ok
20:31:39.0410 0832 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:31:39.0519 0832 MozillaMaintenance - ok
20:31:39.0737 0832 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:31:39.0815 0832 MpFilter - ok
20:31:39.0878 0832 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:31:39.0940 0832 mpio - ok
20:31:39.0971 0832 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:31:40.0081 0832 mpsdrv - ok
20:31:40.0252 0832 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:31:40.0377 0832 MpsSvc - ok
20:31:40.0439 0832 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:31:40.0517 0832 MRxDAV - ok
20:31:40.0595 0832 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:31:40.0720 0832 mrxsmb - ok
20:31:40.0798 0832 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:31:40.0861 0832 mrxsmb10 - ok
20:31:40.0907 0832 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:31:40.0954 0832 mrxsmb20 - ok
20:31:41.0017 0832 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:31:41.0079 0832 msahci - ok
20:31:41.0110 0832 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:31:41.0173 0832 msdsm - ok
20:31:41.0235 0832 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:31:41.0329 0832 MSDTC - ok
20:31:41.0391 0832 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:31:41.0500 0832 Msfs - ok
20:31:41.0531 0832 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:31:41.0625 0832 mshidkmdf - ok
20:31:41.0641 0832 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:31:41.0687 0832 msisadrv - ok
20:31:41.0781 0832 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:31:41.0906 0832 MSiSCSI - ok
20:31:41.0921 0832 MSIServer - ok
20:31:41.0984 0832 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:31:42.0093 0832 MSKSSRV - ok
20:31:42.0358 0832 MsMpSvc - ok
20:31:42.0389 0832 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:31:42.0514 0832 MSPCLOCK - ok
20:31:42.0577 0832 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:31:42.0701 0832 MSPQM - ok
20:31:42.0779 0832 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:31:42.0826 0832 MsRPC - ok
20:31:42.0873 0832 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:31:42.0935 0832 mssmbios - ok
20:31:42.0982 0832 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:31:43.0060 0832 MSTEE - ok
20:31:43.0123 0832 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:31:43.0201 0832 MTConfig - ok
20:31:43.0247 0832 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:31:43.0294 0832 Mup - ok
20:31:43.0419 0832 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:31:43.0528 0832 napagent - ok
20:31:43.0731 0832 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:31:43.0840 0832 NativeWifiP - ok
20:31:44.0105 0832 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:31:44.0183 0832 NDIS - ok
20:31:44.0293 0832 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:31:44.0417 0832 NdisCap - ok
20:31:44.0495 0832 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:31:44.0605 0832 NdisTapi - ok
20:31:44.0667 0832 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:31:44.0792 0832 Ndisuio - ok
20:31:44.0823 0832 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:31:44.0932 0832 NdisWan - ok
20:31:44.0995 0832 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:31:45.0088 0832 NDProxy - ok
20:31:45.0151 0832 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:31:45.0260 0832 NetBIOS - ok
20:31:45.0322 0832 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:31:45.0431 0832 NetBT - ok
20:31:45.0463 0832 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:31:45.0494 0832 Netlogon - ok
20:31:45.0650 0832 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:31:45.0743 0832 Netman - ok
20:31:45.0899 0832 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:31:46.0055 0832 NetMsmqActivator - ok
20:31:46.0071 0832 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:31:46.0102 0832 NetPipeActivator - ok
20:31:46.0243 0832 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:31:46.0352 0832 netprofm - ok
20:31:46.0383 0832 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:31:46.0414 0832 NetTcpActivator - ok
20:31:46.0445 0832 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:31:46.0477 0832 NetTcpPortSharing - ok
20:31:47.0849 0832 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
20:31:48.0193 0832 netw5v32 - ok
20:31:48.0286 0832 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:31:48.0349 0832 nfrd960 - ok
20:31:48.0583 0832 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:31:48.0645 0832 NisDrv - ok
20:31:48.0676 0832 NisSrv - ok
20:31:49.0066 0832 [ 6F123DB2BF6A4113260EF4127D255315 ] NitroDriverReadSpool2 C:\Program Files\iLivid\NitroPDFDriverService2.exe
20:31:49.0176 0832 NitroDriverReadSpool2 - ok
20:31:49.0254 0832 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:31:49.0316 0832 NlaSvc - ok
20:31:49.0347 0832 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:31:49.0472 0832 Npfs - ok
20:31:49.0550 0832 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:31:49.0644 0832 nsi - ok
20:31:49.0706 0832 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:31:49.0815 0832 nsiproxy - ok
20:31:50.0268 0832 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:31:50.0377 0832 Ntfs - ok
20:31:50.0455 0832 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:31:50.0580 0832 Null - ok
20:31:50.0673 0832 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:31:50.0736 0832 nvraid - ok
20:31:50.0814 0832 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:31:50.0876 0832 nvstor - ok
20:31:50.0938 0832 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:31:51.0001 0832 nv_agp - ok
20:31:51.0297 0832 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:31:51.0360 0832 odserv - ok
20:31:51.0406 0832 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:31:51.0469 0832 ohci1394 - ok
20:31:51.0625 0832 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:31:51.0672 0832 ose - ok
20:31:51.0812 0832 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:31:51.0968 0832 p2pimsvc - ok
20:31:52.0077 0832 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:31:52.0140 0832 p2psvc - ok
20:31:52.0202 0832 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
20:31:52.0264 0832 Parport - ok
20:31:52.0327 0832 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:31:52.0389 0832 partmgr - ok
20:31:52.0436 0832 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:31:52.0530 0832 Parvdm - ok
20:31:52.0623 0832 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:31:52.0686 0832 PcaSvc - ok
20:31:52.0764 0832 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:31:52.0842 0832 pci - ok
20:31:52.0873 0832 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:31:52.0920 0832 pciide - ok
20:31:52.0998 0832 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:31:53.0044 0832 pcmcia - ok
20:31:53.0091 0832 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:31:53.0138 0832 pcw - ok
20:31:53.0325 0832 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:31:53.0481 0832 PEAUTH - ok
20:31:53.0731 0832 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:31:53.0871 0832 PeerDistSvc - ok
20:31:54.0324 0832 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:31:54.0526 0832 pla - ok
20:31:54.0714 0832 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:31:54.0823 0832 PlugPlay - ok
20:31:54.0885 0832 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:31:54.0963 0832 PNRPAutoReg - ok
20:31:55.0057 0832 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:31:55.0104 0832 PNRPsvc - ok
20:31:55.0228 0832 [ 56E08C5366865A8DE8D106BFC27490A4 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
20:31:55.0291 0832 Point32 - ok
20:31:55.0400 0832 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:31:55.0525 0832 PolicyAgent - ok
20:31:55.0618 0832 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:31:55.0712 0832 Power - ok
20:31:55.0821 0832 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:31:55.0930 0832 PptpMiniport - ok
20:31:55.0962 0832 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
20:31:56.0024 0832 Processor - ok
20:31:56.0180 0832 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:31:56.0289 0832 ProfSvc - ok
20:31:56.0336 0832 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:31:56.0367 0832 ProtectedStorage - ok
20:31:56.0476 0832 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:31:56.0601 0832 Psched - ok
20:31:57.0054 0832 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:31:57.0194 0832 ql2300 - ok
20:31:57.0210 0832 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:31:57.0256 0832 ql40xx - ok
20:31:57.0350 0832 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:31:57.0428 0832 QWAVE - ok
20:31:57.0475 0832 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:31:57.0522 0832 QWAVEdrv - ok
20:31:57.0568 0832 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:31:57.0662 0832 RasAcd - ok
20:31:57.0740 0832 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:31:57.0818 0832 RasAgileVpn - ok
20:31:57.0896 0832 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:31:58.0021 0832 RasAuto - ok
20:31:58.0068 0832 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:31:58.0177 0832 Rasl2tp - ok
20:31:58.0317 0832 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:31:58.0426 0832 RasMan - ok
20:31:58.0458 0832 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:31:58.0551 0832 RasPppoe - ok
20:31:58.0660 0832 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:31:58.0770 0832 RasSstp - ok
20:31:58.0863 0832 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:31:58.0972 0832 rdbss - ok
20:31:59.0035 0832 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:31:59.0097 0832 rdpbus - ok
20:31:59.0128 0832 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:31:59.0238 0832 RDPCDD - ok
20:31:59.0331 0832 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:31:59.0472 0832 RDPDR - ok
20:31:59.0581 0832 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:31:59.0737 0832 RDPENCDD - ok
20:31:59.0799 0832 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:31:59.0908 0832 RDPREFMP - ok
20:31:59.0986 0832 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:32:00.0252 0832 RdpVideoMiniport - ok
20:32:00.0314 0832 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:32:00.0486 0832 RDPWD - ok
20:32:00.0595 0832 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:32:00.0642 0832 rdyboost - ok
20:32:00.0688 0832 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:32:00.0782 0832 RemoteAccess - ok
20:32:00.0844 0832 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:32:00.0954 0832 RemoteRegistry - ok
20:32:01.0032 0832 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:32:01.0156 0832 RpcEptMapper - ok
20:32:01.0203 0832 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:32:01.0281 0832 RpcLocator - ok
20:32:01.0375 0832 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:32:01.0468 0832 RpcSs - ok
20:32:01.0515 0832 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:32:01.0640 0832 rspndr - ok
20:32:01.0734 0832 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
20:32:01.0796 0832 RTL8167 - ok
20:32:01.0843 0832 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:32:01.0936 0832 s3cap - ok
20:32:01.0968 0832 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:32:01.0999 0832 SamSs - ok
20:32:02.0248 0832 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:32:02.0295 0832 SASDIFSV - ok
20:32:02.0373 0832 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:32:02.0420 0832 SASKUTIL - ok
20:32:02.0482 0832 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:32:02.0529 0832 sbp2port - ok
20:32:02.0623 0832 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:32:02.0763 0832 SCardSvr - ok
20:32:02.0779 0832 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:32:02.0888 0832 scfilter - ok
20:32:03.0169 0832 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:32:03.0309 0832 Schedule - ok
20:32:03.0356 0832 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:32:03.0418 0832 SCPolicySvc - ok
20:32:03.0512 0832 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:32:03.0574 0832 sdbus - ok
20:32:03.0652 0832 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:32:03.0808 0832 SDRSVC - ok
20:32:03.0902 0832 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:32:04.0027 0832 secdrv - ok
20:32:04.0074 0832 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:32:04.0183 0832 seclogon - ok
20:32:04.0261 0832 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:32:04.0354 0832 SENS - ok
20:32:04.0417 0832 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:32:04.0588 0832 SensrSvc - ok
20:32:04.0604 0832 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:32:04.0651 0832 Serenum - ok
20:32:04.0729 0832 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
20:32:04.0807 0832 Serial - ok
20:32:04.0838 0832 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:32:04.0885 0832 sermouse - ok
20:32:04.0947 0832 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:32:05.0072 0832 SessionEnv - ok
20:32:05.0119 0832 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:32:05.0212 0832 sffdisk - ok
20:32:05.0259 0832 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:32:05.0306 0832 sffp_mmc - ok
20:32:05.0353 0832 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:32:05.0431 0832 sffp_sd - ok
20:32:05.0462 0832 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:32:05.0524 0832 sfloppy - ok
20:32:05.0665 0832 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:32:05.0790 0832 SharedAccess - ok
20:32:05.0930 0832 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:32:06.0055 0832 ShellHWDetection - ok
20:32:06.0102 0832 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:32:06.0164 0832 sisagp - ok
20:32:06.0242 0832 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:32:06.0289 0832 SiSRaid2 - ok
20:32:06.0336 0832 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:32:06.0398 0832 SiSRaid4 - ok
20:32:06.0476 0832 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:32:06.0570 0832 Smb - ok
20:32:06.0663 0832 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:32:06.0741 0832 SNMPTRAP - ok
20:32:06.0804 0832 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:32:06.0866 0832 spldr - ok
20:32:06.0991 0832 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
20:32:07.0225 0832 Spooler - ok
20:32:08.0067 0832 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:32:08.0317 0832 sppsvc - ok
20:32:08.0348 0832 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:32:08.0442 0832 sppuinotify - ok
20:32:08.0769 0832 [ 68103A2B441BBF3908EBB587F0704D6C ] sptd C:\Windows\System32\Drivers\sptd.sys
20:32:08.0832 0832 sptd - ok
20:32:08.0956 0832 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:32:09.0144 0832 srv - ok
20:32:09.0268 0832 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:32:09.0378 0832 srv2 - ok
20:32:09.0424 0832 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:32:09.0487 0832 srvnet - ok
20:32:09.0580 0832 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:32:09.0674 0832 SSDPSRV - ok
20:32:09.0705 0832 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:32:09.0814 0832 SstpSvc - ok
20:32:09.0861 0832 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:32:09.0924 0832 stexstor - ok
20:32:10.0111 0832 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:32:10.0236 0832 StiSvc - ok
20:32:10.0282 0832 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:32:10.0345 0832 storflt - ok
20:32:10.0407 0832 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:32:10.0470 0832 storvsc - ok
20:32:10.0532 0832 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:32:10.0594 0832 swenum - ok
20:32:10.0704 0832 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:32:10.0813 0832 swprv - ok
20:32:10.0875 0832 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
20:32:10.0938 0832 Synth3dVsc - ok
20:32:11.0218 0832 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:32:11.0312 0832 SysMain - ok
20:32:11.0359 0832 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:32:11.0452 0832 TabletInputService - ok
20:32:11.0577 0832 [ 2D631E8B09C2D6DA3EF8D12797A9FA44 ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
20:32:11.0640 0832 taphss6 - ok
20:32:11.0718 0832 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:32:11.0827 0832 TapiSrv - ok
20:32:11.0874 0832 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:32:12.0014 0832 TBS - ok
20:32:12.0451 0832 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:32:12.0576 0832 Tcpip - ok
20:32:12.0950 0832 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:32:13.0044 0832 TCPIP6 - ok
20:32:13.0106 0832 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:32:13.0168 0832 tcpipreg - ok
20:32:13.0231 0832 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:32:13.0356 0832 TDPIPE - ok
20:32:13.0402 0832 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:32:13.0449 0832 TDTCP - ok
20:32:13.0512 0832 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:32:13.0621 0832 tdx - ok
20:32:13.0668 0832 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:32:13.0777 0832 TermDD - ok
20:32:13.0839 0832 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys
20:32:13.0933 0832 terminpt - ok
20:32:14.0104 0832 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:32:14.0229 0832 TermService - ok
20:32:14.0260 0832 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:32:14.0370 0832 Themes - ok
20:32:14.0416 0832 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:32:14.0526 0832 THREADORDER - ok
20:32:14.0572 0832 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:32:14.0697 0832 TrkWks - ok
20:32:14.0869 0832 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:32:15.0040 0832 TrustedInstaller - ok
20:32:15.0072 0832 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:32:15.0212 0832 tssecsrv - ok
20:32:15.0243 0832 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:32:15.0368 0832 TsUsbFlt - ok
20:32:15.0446 0832 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:32:15.0524 0832 TsUsbGD - ok
20:32:15.0571 0832 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
20:32:15.0633 0832 tsusbhub - ok
20:32:15.0727 0832 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:32:15.0820 0832 tunnel - ok
20:32:15.0883 0832 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:32:15.0945 0832 uagp35 - ok
20:32:16.0039 0832 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:32:16.0164 0832 udfs - ok
20:32:16.0242 0832 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:32:16.0320 0832 UI0Detect - ok
20:32:16.0398 0832 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:32:16.0460 0832 uliagpkx - ok
20:32:16.0491 0832 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:32:16.0554 0832 umbus - ok
20:32:16.0616 0832 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
20:32:16.0678 0832 UmPass - ok
20:32:16.0741 0832 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
20:32:16.0819 0832 UmRdpService - ok
20:32:16.0944 0832 Updater Service for StartNow Toolbar - ok
20:32:17.0037 0832 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:32:17.0209 0832 upnphost - ok
20:32:17.0287 0832 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:32:17.0458 0832 usbccgp - ok
20:32:17.0583 0832 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:32:17.0692 0832 usbcir - ok
20:32:17.0755 0832 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:32:17.0802 0832 usbehci - ok
20:32:17.0895 0832 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:32:17.0958 0832 usbhub - ok
20:32:17.0973 0832 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:32:18.0051 0832 usbohci - ok
20:32:18.0145 0832 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:32:18.0207 0832 usbprint - ok
20:32:18.0270 0832 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:32:18.0348 0832 usbscan - ok
20:32:18.0410 0832 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:32:18.0535 0832 USBSTOR - ok
20:32:18.0597 0832 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:32:18.0644 0832 usbuhci - ok
20:32:18.0769 0832 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:32:18.0831 0832 usbvideo - ok
20:32:18.0878 0832 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:32:18.0972 0832 UxSms - ok
20:32:19.0003 0832 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:32:19.0034 0832 VaultSvc - ok
20:32:19.0065 0832 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:32:19.0128 0832 vdrvroot - ok
20:32:19.0315 0832 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:32:19.0455 0832 vds - ok
20:32:19.0549 0832 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:32:19.0627 0832 vga - ok
20:32:19.0658 0832 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:32:19.0752 0832 VgaSave - ok
20:32:19.0767 0832 VGPU - ok
20:32:19.0845 0832 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:32:19.0892 0832 vhdmp - ok
20:32:19.0970 0832 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:32:20.0032 0832 viaagp - ok
20:32:20.0064 0832 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:32:20.0142 0832 ViaC7 - ok
20:32:20.0173 0832 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:32:20.0235 0832 viaide - ok
20:32:20.0298 0832 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:32:20.0360 0832 vmbus - ok
20:32:20.0438 0832 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:32:20.0500 0832 VMBusHID - ok
20:32:20.0563 0832 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:32:20.0610 0832 volmgr - ok
20:32:20.0719 0832 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:32:20.0781 0832 volmgrx - ok
20:32:20.0844 0832 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:32:20.0890 0832 volsnap - ok
20:32:20.0968 0832 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:32:21.0031 0832 vsmraid - ok
20:32:21.0374 0832 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:32:21.0530 0832 VSS - ok
20:32:21.0561 0832 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:32:21.0624 0832 vwifibus - ok
20:32:21.0702 0832 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:32:21.0795 0832 W32Time - ok
20:32:21.0873 0832 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:32:21.0920 0832 WacomPen - ok
20:32:21.0982 0832 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:32:22.0092 0832 WANARP - ok
20:32:22.0107 0832 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:32:22.0185 0832 Wanarpv6 - ok
20:32:22.0716 0832 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:32:22.0965 0832 WatAdminSvc - ok
20:32:23.0308 0832 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:32:23.0480 0832 wbengine - ok
20:32:23.0527 0832 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:32:23.0589 0832 WbioSrvc - ok
20:32:23.0698 0832 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:32:23.0776 0832 wcncsvc - ok
20:32:23.0823 0832 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:32:23.0979 0832 WcsPlugInService - ok
20:32:24.0042 0832 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
20:32:24.0104 0832 Wd - ok
20:32:24.0213 0832 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
20:32:24.0338 0832 WDC_SAM - ok
20:32:24.0494 0832 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:32:24.0588 0832 Wdf01000 - ok
20:32:24.0619 0832 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:32:25.0071 0832 WdiServiceHost - ok
20:32:25.0102 0832 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:32:25.0149 0832 WdiSystemHost - ok
20:32:25.0243 0832 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:32:25.0336 0832 WebClient - ok
20:32:25.0414 0832 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:32:25.0508 0832 Wecsvc - ok
20:32:25.0570 0832 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:32:25.0648 0832 wercplsupport - ok
20:32:25.0726 0832 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:32:25.0851 0832 WerSvc - ok
20:32:25.0898 0832 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:32:26.0023 0832 WfpLwf - ok
20:32:26.0070 0832 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:32:26.0101 0832 WIMMount - ok
20:32:26.0272 0832 WinDefend - ok
20:32:26.0319 0832 WinHttpAutoProxySvc - ok
20:32:26.0616 0832 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:32:26.0850 0832 Winmgmt - ok
20:32:27.0224 0832 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:32:27.0380 0832 WinRM - ok
20:32:27.0708 0832 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:32:27.0801 0832 Wlansvc - ok
20:32:27.0832 0832 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:32:27.0879 0832 WmiAcpi - ok
20:32:27.0957 0832 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:32:28.0020 0832 wmiApSrv - ok
20:32:28.0410 0832 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:32:28.0597 0832 WMPNetworkSvc - ok
20:32:28.0628 0832 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:32:28.0800 0832 WPCSvc - ok
20:32:28.0846 0832 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:32:29.0002 0832 WPDBusEnum - ok
20:32:29.0049 0832 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:32:29.0158 0832 ws2ifsl - ok
20:32:29.0221 0832 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
20:32:29.0314 0832 wscsvc - ok
20:32:29.0330 0832 WSearch - ok
20:32:29.0658 0832 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:32:29.0860 0832 wuauserv - ok
20:32:29.0938 0832 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:32:30.0032 0832 WudfPf - ok
20:32:30.0094 0832 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:32:30.0141 0832 WUDFRd - ok
20:32:30.0235 0832 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:32:30.0282 0832 wudfsvc - ok
20:32:30.0375 0832 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:32:30.0516 0832 WwanSvc - ok
20:32:30.0921 0832 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:32:31.0015 0832 YahooAUService - ok
20:32:31.0030 0832 ================ Scan global ===============================
20:32:31.0140 0832 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:32:31.0233 0832 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:32:31.0280 0832 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:32:31.0342 0832 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:32:31.0452 0832 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:32:31.0483 0832 [Global] - ok
20:32:31.0483 0832 ================ Scan MBR ==================================
20:32:31.0514 0832 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:32:38.0503 0832 \Device\Harddisk0\DR0 - ok
20:32:38.0503 0832 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
20:32:46.0412 0832 \Device\Harddisk1\DR1 - ok
20:32:46.0412 0832 ================ Scan VBR ==================================
20:32:46.0459 0832 [ D213F795C4AC12AD3A869F450DDA430F ] \Device\Harddisk0\DR0\Partition1
20:32:46.0490 0832 \Device\Harddisk0\DR0\Partition1 - ok
20:32:46.0521 0832 [ F6E5284E5BA489891DA6E547D4B17340 ] \Device\Harddisk0\DR0\Partition2
20:32:46.0568 0832 \Device\Harddisk0\DR0\Partition2 - ok
20:32:46.0568 0832 [ D29B64A668B445522AB1FAB70654D942 ] \Device\Harddisk1\DR1\Partition1
20:32:46.0584 0832 \Device\Harddisk1\DR1\Partition1 - ok
20:32:46.0599 0832 ============================================================
20:32:46.0599 0832 Scan finished
20:32:46.0599 0832 ============================================================
20:32:46.0630 0544 Detected object count: 1
20:32:46.0630 0544 Actual detected object count: 1
20:34:40.0058 0544 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
20:34:40.0058 0544 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:35:17.0139 1840 Deinitialize success


MalwareBytes Anti-Malware
===========================


It caught two viruses:
------------------------
PUP.gameplayLab Registry key HRTR\crossriderApp0003491.BHO.1
PUP.dealply FILE c:\users\Warren\AppData\Local\Temp\dealply.exe

Output file as follows:
-------------------------

alwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.09.09

Windows 7 Service Pack 1 x86 FAT32 (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Admin :: WARREN-PC [administrator]

7/9/2013 8:41:24 PM
MBAM-log-2013-07-09 (21-35-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 309712
Time elapsed: 52 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Warren\AppData\Local\Temp\dealply.exe (PUP.DealPly) -> No action taken.

(end)

AdwCleaner
=============

File 1: adwCleaner[R1]
-------------------------

# AdwCleaner v2.304 - Logfile created 07/09/2013 at 21:50:25
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Admin - WARREN-PC
# Boot Mode : Safe mode with networking
# Running from : F:\Files\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : BrowserProtect
Found : Updater Service for StartNow Toolbar

***** [Files / Folders] *****

File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Found : C:\user.js
File Found : C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Warren\AppData\Local\funmoods-speeddial.crx
File Found : C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\Warren\Desktop\sweetpcfix.url
File Found : C:\Windows\system32\ImhxxpComm.dll
File Found : C:\Windows\system32\roboot.exe
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files\Common Files\spigot
Folder Found : C:\Program Files\Common Files\Wondershare
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\DealPly
Folder Found : C:\Program Files\Free Ride Games
Folder Found : C:\Program Files\Ilivid
Folder Found : C:\Program Files\Iminent
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\[email protected]
Folder Found : C:\Program Files\OApps
Folder Found : C:\Program Files\Perion
Folder Found : C:\Program Files\Vid-Saver
Folder Found : C:\Program Files\Wajam
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\Program Files\ytbyclick_B1
Folder Found : C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\visualbee
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Users\Admin\AppData\Local\Wondershare
Folder Found : C:\Users\Admin\AppData\LocalLow\Conduit
Folder Found : C:\Users\Admin\AppData\Roaming\Babylon
Folder Found : C:\Users\Warren Wang\AppData\Local\Wondershare
Folder Found : C:\Users\Warren\AppData\Local\Conduit
Folder Found : C:\Users\Warren\AppData\Local\Ilivid
Folder Found : C:\Users\Warren\AppData\Local\Ilivid Player
Folder Found : C:\Users\Warren\AppData\Local\PackageAware
Folder Found : C:\Users\Warren\AppData\Local\Vid-Saver
Folder Found : C:\Users\Warren\AppData\Local\visualbeeexe
Folder Found : C:\Users\Warren\AppData\Local\Wajam
Folder Found : C:\Users\Warren\AppData\Local\Wondershare
Folder Found : C:\Users\Warren\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Warren\AppData\LocalLow\Conduit
Folder Found : C:\Users\Warren\AppData\LocalLow\Delta
Folder Found : C:\Users\Warren\AppData\LocalLow\FunWebProducts
Folder Found : C:\Users\Warren\AppData\LocalLow\holasearch
Folder Found : C:\Users\Warren\AppData\LocalLow\incredibar.com
Folder Found : C:\Users\Warren\AppData\LocalLow\MyWebSearch
Folder Found : C:\Users\Warren\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Warren\AppData\LocalLow\searchquband
Folder Found : C:\Users\Warren\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Warren\AppData\LocalLow\Vuze_Remote
Folder Found : C:\Users\Warren\AppData\Roaming\BabSolution
Folder Found : C:\Users\Warren\AppData\Roaming\Babylon
Folder Found : C:\Users\Warren\AppData\Roaming\DealPly
Folder Found : C:\Users\Warren\AppData\Roaming\DefaultTab
Folder Found : C:\Users\Warren\AppData\Roaming\DriverCure
Folder Found : C:\Users\Warren\AppData\Roaming\file scout
Folder Found : C:\Users\Warren\AppData\Roaming\Funmoods
Folder Found : C:\Users\Warren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Found : C:\Users\Warren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found : C:\Users\Warren\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Warren\AppData\Roaming\ParetoLogic
Folder Found : C:\Users\Warren\AppData\Roaming\PerformerSoft
Folder Found : C:\Users\Warren\AppData\Roaming\Wondershare
Folder Found : C:\Windows\system32\WNLT

***** [Registry] *****

Key Found : HKCU\Software\59578fd1b56eba42
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Found : HKCU\Software\AppDataLow\Software\I Want This
Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Vid-Saver
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6565F37-655B-4C9E-AA5F-0307AC976ED4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\WNLT
Key Found : HKLM\SOFTWARE\59578fd1b56eba42
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Found : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\ilivid
Key Found : HKLM\Software\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160
Key Found : HKLM\Software\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Found : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3000930
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3240727
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3241284
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3282128
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3283791
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287802
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3292583
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\DealPly
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\InfoAtoms
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver-InternalInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver-InternalInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\817FDB46B46DE8B4AAD499F1DAFF341D
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A9327D31011C244A196F700637C701
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6B84CEB2810F104BA0E5FC5C8EACD7E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ytbyclick_B1 Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Key Found : HKLM\Software\StartNow Toolbar
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\Wajam
Key Found : HKLM\Software\WNLT
Key Found : HKLM\Software\ytbyclick_B1
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKU\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKU\S-1-5-21-1371944425-3764896818-1080939326-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [StartNowToolbarHelper]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.2554] : homepage = "hxxp://search.conduit.com/?ctid=CT3292583&octid=CT3292583&SearchSource=61&CUI=UN33661960192964577&UM=2&UP=SP3C7E6539-70BF-4287-BDCE-113C6EED8F9A",
Found [l.2836] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3292583&octid=CT3292583&SearchSource=61&CUI=UN33661960192964577&UM=2&UP=SP3C7E6539-70BF-4287-BDCE-113C6EED8F9A" ]

File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************


AdwCleaner[R1].txt - [27735 octets] - [09/07/2013 21:50:25]

########## EOF - C:\AdwCleaner[R1].txt - [27796 octets] ##########



File 2: adwCleaner[S1]
-----------------------
# AdwCleaner v2.304 - Logfile created 07/09/2013 at 21:58:38
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Admin - WARREN-PC
# Boot Mode : Safe mode with networking
# Running from : F:\Files\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : BrowserProtect
Stopped & Deleted : Updater Service for StartNow Toolbar

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Ilivid
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\user.js
File Deleted : C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Warren\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Warren\Desktop\sweetpcfix.url
File Deleted : C:\Windows\system32\ImhxxpComm.dll
File Deleted : C:\Windows\system32\roboot.exe
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\Common Files\Wondershare
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DealPly
Folder Deleted : C:\Program Files\Free Ride Games
Folder Deleted : C:\Program Files\Iminent
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\Perion
Folder Deleted : C:\Program Files\Vid-Saver
Folder Deleted : C:\Program Files\Wajam
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Program Files\ytbyclick_B1
Folder Deleted : C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\visualbee
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Admin\AppData\Local\Wondershare
Folder Deleted : C:\Users\Admin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Admin\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Warren Wang\AppData\Local\Wondershare
Folder Deleted : C:\Users\Warren\AppData\Local\Conduit
Folder Deleted : C:\Users\Warren\AppData\Local\Ilivid
Folder Deleted : C:\Users\Warren\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Warren\AppData\Local\PackageAware
Folder Deleted : C:\Users\Warren\AppData\Local\Vid-Saver
Folder Deleted : C:\Users\Warren\AppData\Local\visualbeeexe
Folder Deleted : C:\Users\Warren\AppData\Local\Wajam
Folder Deleted : C:\Users\Warren\AppData\Local\Wondershare
Folder Deleted : C:\Users\Warren\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Warren\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Warren\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Warren\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Warren\AppData\LocalLow\holasearch
Folder Deleted : C:\Users\Warren\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Warren\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Warren\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Warren\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Warren\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Warren\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\Warren\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Warren\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Warren\AppData\Roaming\DealPly
Folder Deleted : C:\Users\Warren\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Warren\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Warren\AppData\Roaming\file scout
Folder Deleted : C:\Users\Warren\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\Warren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Users\Warren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Warren\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Warren\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Warren\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Warren\AppData\Roaming\Wondershare
Folder Deleted : C:\Windows\system32\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\59578fd1b56eba42
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vid-Saver
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6565F37-655B-4C9E-AA5F-0307AC976ED4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\59578fd1b56eba42
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\Software\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : HKLM\Software\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3000930
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3240727
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3241284
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282128
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3283791
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287802
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3292583
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver-InternalInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver-InternalInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\817FDB46B46DE8B4AAD499F1DAFF341D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A9327D31011C244A196F700637C701
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6B84CEB2810F104BA0E5FC5C8EACD7E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ytbyclick_B1 Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\Software\WNLT
Key Deleted : HKLM\Software\ytbyclick_B1
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [StartNowToolbarHelper]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2554] : homepage = "hxxp://search.conduit.com/?ctid=CT3292583&octid=CT3292583&SearchSource=61&CUI=UN3366[...]
Deleted [l.2836] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3292583&octid=CT3292583&Sea[...]

File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [27866 octets] - [09/07/2013 21:50:25]
AdwCleaner[S1].txt - [27658 octets] - [09/07/2013 21:58:38]

########## EOF - C:\AdwCleaner[S1].txt - [27719 octets] ##########
  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
See if you can download and save hijackthis.exe. http://sourceforge.net/projects/hjt/ It doesn't need to be installed. Just right click on it and Run As Admin.

There is some strange driver in your 3rd aswMBR log. Not sure what it is. Might be part of SAS

Get autoruns from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program by right clicking and Run As Admin. File, Save, to your desktop, autoruns.arn, OK

Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it. Do not copy and paste.
  • 0

#12
wmw

wmw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Ron,

Sorry for not getting back sooner. My laptop finally got to the point of barely usable that I had to reinstall W7. I do appreciate your help very much.

Sincerely,

Warren
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP