Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdChoices


  • This topic is locked This topic is locked
19 replies to this topic

#1 stubaines

stubaines

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 15 August 2012 - 12:42 PM

Hi, there appears to be a few things wrong with my PC. I think the main problem is AdChoices which is on my Facebook, YouTube and various sites. I have also been battling to get Babylon off my browser for about 6 months but it keeps coming back. Oh, and incredibar, which seems to come and go? I've followed all the steps except one, I can't run GMER, when I do I get blue screen. I've tried several times.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.16982
Run by Pickles at 12:18:32 on 2012-08-15
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1917.849 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\rundll32.exe
C:\Windows\system32\sdclt.exe
C:\Users\Pickles\Downloads\Defogger.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=113480&tt=010812_ctrl_3112_6&babsrc=HP_ss&mntrId=84097f7f00000000000000ffe98b6974
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: {F0381DBD-E018-4E07-AE40-D96AB15083F0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PCSync2.exe" /NoDialog
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 6\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [SBRegRebootCleaner] "c:\program files\ad-aware antivirus\engine\SBRC.exe"
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
StartupFolder: c:\users\pickles\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E39DD75B-670B-44FF-A89B-5F4D1DF3CC79} : DhcpNameServer = 192.168.1.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pickles\appdata\roaming\mozilla\firefox\profiles\j2vqul8r.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113480&tt=010812_ctrl_3112_6&babsrc=KW_ss&mntrId=84097f7f00000000000000ffe98b6974&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=adknlg&q=
FF - user.js: extensions.funmoods_i.id - 84097f7f00000000000000ffe98b6974
FF - user.js: extensions.funmoods_i.instlDay - 15409
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1616:33:15
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyHkYyTPv&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 84097f7f00000000000000ffe98b6974
FF - user.js: extensions.incredibar_i.instlDay - 15529
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:41:55
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyHkYyTPv
FF - user.js: extensions.incredibar_i.upn2n - 92261721081121861
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 169%5F2
.
FF - user.js: extensions.autoDisableScopes - 14
.
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=010812_ctrl_3112_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 84097f7f00000000000000ffe98b6974
FF - user.js: extensions.BabylonToolbar.instlDay - 15556
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.112:39:51
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2012-2-18 21728]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-10 242240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-6 221784]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-6 78936]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-7-8 185856]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2012-2-18 278528]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2012-2-18 699896]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2012-2-18 7168]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-6 69208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe --> c:\program files\hotspot shield\bin\openvpnas.exe [?]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-18 113120]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-2-18 50704]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-2-18 251496]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-6 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-6 94040]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-04 11:39:44 -------- d-----w- c:\users\pickles\appdata\local\Giant Savings
2012-08-04 11:39:41 -------- d-----w- c:\program files\Giant Savings
2012-08-04 11:39:38 -------- d-----w- c:\users\pickles\appdata\roaming\Babylon
2012-08-04 11:39:38 -------- d-----w- c:\programdata\Babylon
2012-08-04 11:39:36 -------- d-----w- c:\program files\FLVPlayer
2012-08-03 13:27:17 -------- d-----w- c:\users\pickles\appdata\roaming\PC Cleaners
2012-08-03 13:27:06 -------- d-----w- c:\users\pickles\appdata\roaming\PCPro
2012-08-03 13:27:05 4269368 ----a-w- c:\windows\uninst.exe
2012-08-03 13:27:02 -------- d-----w- c:\programdata\PC1Data
2012-08-02 11:37:11 -------- d-----w- c:\programdata\Tarma Installer
2012-07-18 00:00:12 -------- d-----w- c:\users\pickles\appdata\local\adawarebp
2012-07-18 00:00:09 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-07-17 23:59:55 -------- d-----w- c:\program files\Toolbar Cleaner
2012-07-17 23:57:34 -------- d-----w- c:\program files\adawaretb
.
==================== Find3M ====================
.
2012-07-03 12:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:21:06.58 ===============


Hope someone can help! Thanks in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 15 August 2012 - 02:00 PM

Hello stubaines ,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


3.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


Things to include in your next reply::
TdssKiller log
Combofix.txt
Otl.txt
Attach.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 stubaines

stubaines
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 15 August 2012 - 07:01 PM

First of all thanks for your help, it's hugely appreciated.

ComboFix 12-08-15.01 - Pickles 15/08/2012 22:15:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1917.1321 [GMT 1:00]
Running from: c:\users\Pickles\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Web Assistant\ExTEnsion32.dll
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome.manifest
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\background.html
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\browser.xul
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossrider.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossriderapi.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\dialog.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.xul
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\search_dialog.xul
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\update.html
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\defaults\preferences\prefs.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\install.rdf
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\locale\en-US\translations.dtd
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\button1.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\button2.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\button3.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\button4.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\button5.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\crossrider_statusbar.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\icon128.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\icon16.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\icon24.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\icon48.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\panelarrow-up.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\popup.css
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\popup.html
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\popup_binding.xml
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\skin.css
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\update.css
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome.manifest
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\background.html
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\browser.xul
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\crossrider.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\crossriderapi.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\dialog.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.xul
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\search_dialog.xul
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\update.html
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\defaults\preferences\prefs.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\install.rdf
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\locale\en-US\translations.dtd
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\button1.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\button2.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\button3.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\button4.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\button5.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\crossrider_statusbar.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\icon128.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\icon16.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\icon24.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\icon48.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\panelarrow-up.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\popup.css
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\popup.html
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\popup_binding.xml
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\skin.css
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\update.css
c:\windows\system32\CddbCdda.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 21:23 . 2012-08-15 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 11:39 . 2012-08-04 11:39 -------- d-----w- c:\users\Pickles\AppData\Local\Giant Savings
2012-08-04 11:39 . 2012-08-11 01:21 -------- d-----w- c:\program files\Giant Savings
2012-08-04 11:39 . 2012-08-04 11:39 -------- d-----w- c:\users\Pickles\AppData\Roaming\Babylon
2012-08-04 11:39 . 2012-08-04 11:39 -------- d-----w- c:\programdata\Babylon
2012-08-04 11:39 . 2012-08-04 11:39 -------- d-----w- c:\program files\FLVPlayer
2012-08-03 13:27 . 2012-08-03 13:27 -------- d-----w- c:\users\Pickles\AppData\Roaming\PC Cleaners
2012-08-03 13:27 . 2012-08-03 13:27 -------- d-----w- c:\users\Pickles\AppData\Roaming\PCPro
2012-08-03 13:27 . 2012-08-03 13:26 4269368 ----a-w- c:\windows\uninst.exe
2012-08-03 13:27 . 2012-08-03 13:27 -------- d-----w- c:\programdata\PC1Data
2012-08-02 11:37 . 2012-08-03 13:31 -------- d-----w- c:\programdata\Tarma Installer
2012-07-18 00:00 . 2012-07-18 00:00 -------- d-----w- c:\users\Pickles\AppData\Local\adawarebp
2012-07-18 00:00 . 2012-08-15 21:30 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-07-17 23:59 . 2012-07-17 23:59 -------- d-----w- c:\program files\Toolbar Cleaner
2012-07-17 23:57 . 2012-07-18 00:00 -------- d-----w- c:\program files\adawaretb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 12:46 . 2012-03-16 12:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-30 07:26 . 2012-07-17 23:51 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-02-20 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-01-29 430080]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"NDSTray.exe"="NDSTray.exe" [BU]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SBRegRebootCleaner"="c:\program files\Ad-Aware Antivirus\Engine\SBRC.exe" [2011-05-17 197968]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112]
.
c:\users\Pickles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2012-5-27 368640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2012-2-18 4562944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 11:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=113480&tt=010812_ctrl_3112_6&babsrc=HP_ss&mntrId=84097f7f00000000000000ffe98b6974
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113480&tt=010812_ctrl_3112_6&babsrc=KW_ss&mntrId=84097f7f00000000000000ffe98b6974&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=adknlg&q=
FF - user.js: extensions.funmoods_i.id - 84097f7f00000000000000ffe98b6974
FF - user.js: extensions.funmoods_i.instlDay - 15409
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1616:33
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyHkYyTPv&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 84097f7f00000000000000ffe98b6974
FF - user.js: extensions.incredibar_i.instlDay - 15529
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:41
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyHkYyTPv
FF - user.js: extensions.incredibar_i.upn2n - 92261721081121861
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 169%5F2
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=010812_ctrl_3112_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 84097f7f00000000000000ffe98b6974
FF - user.js: extensions.BabylonToolbar.instlDay - 15556
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.112:39
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f0381dbd-e018-4e07-ae40-d96ab15083f0} - (no file)
WebBrowser-{F0381DBD-E018-4E07-AE40-D96AB15083F0} - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
SafeBoot-45284827.sys
AddRemove-HotspotShield - c:\program files\Hotspot Shield\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 22:30
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2228)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Web Assistant\ExtensionUpdaterService.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-08-15 22:42:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 21:42
.
Pre-Run: 67,368,992,768 bytes free
Post-Run: 73,844,371,456 bytes free
.
- - End Of File - - 16649CD0F03E155665EC71CFC80A99F9



AdChoices seems to be gone now which is awesome since it was the main problem I think. Incredibar's still there though.

First of all thanks for your help, it's hugely appreciated.

ComboFix 12-08-15.01 - Pickles 15/08/2012 22:15:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1917.1321 [GMT 1:00]
Running from: c:\users\Pickles\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Web Assistant\ExTEnsion32.dll
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome.manifest
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\background.html
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\browser.xul
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossrider.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossriderapi.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\dialog.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.xul
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\search_dialog.xul
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\chrome\content\update.html
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\defaults\preferences\prefs.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\install.rdf
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\locale\en-US\translations.dtd
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\button1.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\button2.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\button3.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\button4.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\button5.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\crossrider_statusbar.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\icon128.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\icon16.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\icon24.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\icon48.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\panelarrow-up.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\popup.css
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\popup.html
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\popup_binding.xml
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\skin.css
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp435@crossrider.com\skin\update.css
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome.manifest
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\background.html
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\browser.xul
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\crossrider.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\crossriderapi.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\dialog.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.xul
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\search_dialog.xul
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\chrome\content\update.html
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\defaults\preferences\prefs.js
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\install.rdf
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\locale\en-US\translations.dtd
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\button1.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\button2.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\button3.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\button4.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\button5.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\crossrider_statusbar.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\icon128.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\icon16.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\icon24.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\icon48.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\panelarrow-up.png
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\popup.css
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\popup.html
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\popup_binding.xml
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\skin.css
c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\crossriderapp4479@crossrider.com\skin\update.css
c:\windows\system32\CddbCdda.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 21:23 . 2012-08-15 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 11:39 . 2012-08-04 11:39 -------- d-----w- c:\users\Pickles\AppData\Local\Giant Savings
2012-08-04 11:39 . 2012-08-11 01:21 -------- d-----w- c:\program files\Giant Savings
2012-08-04 11:39 . 2012-08-04 11:39 -------- d-----w- c:\users\Pickles\AppData\Roaming\Babylon
2012-08-04 11:39 . 2012-08-04 11:39 -------- d-----w- c:\programdata\Babylon
2012-08-04 11:39 . 2012-08-04 11:39 -------- d-----w- c:\program files\FLVPlayer
2012-08-03 13:27 . 2012-08-03 13:27 -------- d-----w- c:\users\Pickles\AppData\Roaming\PC Cleaners
2012-08-03 13:27 . 2012-08-03 13:27 -------- d-----w- c:\users\Pickles\AppData\Roaming\PCPro
2012-08-03 13:27 . 2012-08-03 13:26 4269368 ----a-w- c:\windows\uninst.exe
2012-08-03 13:27 . 2012-08-03 13:27 -------- d-----w- c:\programdata\PC1Data
2012-08-02 11:37 . 2012-08-03 13:31 -------- d-----w- c:\programdata\Tarma Installer
2012-07-18 00:00 . 2012-07-18 00:00 -------- d-----w- c:\users\Pickles\AppData\Local\adawarebp
2012-07-18 00:00 . 2012-08-15 21:30 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-07-17 23:59 . 2012-07-17 23:59 -------- d-----w- c:\program files\Toolbar Cleaner
2012-07-17 23:57 . 2012-07-18 00:00 -------- d-----w- c:\program files\adawaretb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 12:46 . 2012-03-16 12:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-30 07:26 . 2012-07-17 23:51 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-02-20 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-01-29 430080]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"NDSTray.exe"="NDSTray.exe" [BU]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SBRegRebootCleaner"="c:\program files\Ad-Aware Antivirus\Engine\SBRC.exe" [2011-05-17 197968]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112]
.
c:\users\Pickles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2012-5-27 368640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2012-2-18 4562944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 11:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=113480&tt=010812_ctrl_3112_6&babsrc=HP_ss&mntrId=84097f7f00000000000000ffe98b6974
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113480&tt=010812_ctrl_3112_6&babsrc=KW_ss&mntrId=84097f7f00000000000000ffe98b6974&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=adknlg&q=
FF - user.js: extensions.funmoods_i.id - 84097f7f00000000000000ffe98b6974
FF - user.js: extensions.funmoods_i.instlDay - 15409
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1616:33
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyHkYyTPv&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 84097f7f00000000000000ffe98b6974
FF - user.js: extensions.incredibar_i.instlDay - 15529
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:41
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyHkYyTPv
FF - user.js: extensions.incredibar_i.upn2n - 92261721081121861
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 169%5F2
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=010812_ctrl_3112_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 84097f7f00000000000000ffe98b6974
FF - user.js: extensions.BabylonToolbar.instlDay - 15556
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.112:39
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f0381dbd-e018-4e07-ae40-d96ab15083f0} - (no file)
WebBrowser-{F0381DBD-E018-4E07-AE40-D96AB15083F0} - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
SafeBoot-45284827.sys
AddRemove-HotspotShield - c:\program files\Hotspot Shield\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 22:30
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2228)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Web Assistant\ExtensionUpdaterService.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-08-15 22:42:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 21:42
.
Pre-Run: 67,368,992,768 bytes free
Post-Run: 73,844,371,456 bytes free
.
- - End Of File - - 16649CD0F03E155665EC71CFC80A99F9



AdChoices seems to be gone now which is awesome since it was the main problem I think. Incredibar's still there though.

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 15 August 2012 - 09:01 PM

Hello,

We we still have alot of work to do.


1.

\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:08:04.0486 4768 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Please run TdssKiller again. This time select cure or delete for this one only.

2.
Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Web Assistant 2.0.0.439
uTorrentControl2 Toolbar
Hotspot Shield 2.25


Additional instructions can be found here if needed.

3.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

DDS::
uStart Page = hxxp://search.babylon.com/?affID=113480&tt=010812_ctrl_3112_6&babsrc=HP_ss&mntrId=84097f7f00000000000000ffe98b6974
uInternet Settings,ProxyOverride = *.local

Firefox::
FF - ProfilePath - c:\users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113480&tt=010812_ctrl_3112_6&babsrc=KW_ss&mntrId=84097f7f00000000000000ffe98b6974&q=
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=adknlg&q=
FF - user.js: extensions.funmoods_i.id - 84097f7f00000000000000ffe98b6974
FF - user.js: extensions.funmoods_i.instlDay - 15409
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1616:33
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyHkYyTPv&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 84097f7f00000000000000ffe98b6974
FF - user.js: extensions.incredibar_i.instlDay - 15529
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:41
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyHkYyTPv
FF - user.js: extensions.incredibar_i.upn2n - 92261721081121861
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 169%5F2

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=010812_ctrl_3112_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 84097f7f00000000000000ffe98b6974
FF - user.js: extensions.BabylonToolbar.instlDay - 15556
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.112:39
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

4.
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
     - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2765711
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=113480&tt=010812_ctrl_3112_6&babsrc=HP_ss&mntrId=84097f7f00000000000000ffe98b6974
    IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=010812_ctrl_3112_6&babsrc=SP_ss&mntrId=84097f7f00000000000000ffe98b6974
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2765711
    IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
    IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyHkYyTPv&i=26
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    [2012/08/04 12:39:46 | 000,002,361 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2012/07/15 14:40:31 | 000,000,000 | ---D | M] (AF-HSS Community Toolbar) -- C:\Users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}(63)
    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd
    NetSvcs: FastUserSwitchingCompatibility -  File not found
    NetSvcs: Nla -  File not found
    NetSvcs: Ntmssvc -  File not found
    NetSvcs: NWCWorkstation -  File not found
    NetSvcs: Nwsapagent -  File not found
    NetSvcs: SRService -  File not found
    NetSvcs: WmdmPmSp -  File not found
    NetSvcs: LogonHours -  File not found
    NetSvcs: PCAudit -  File not found
    NetSvcs: helpsvc -  File not found
    NetSvcs: uploadmgr -  File not found
    
    :Files
    C:\Program Files\Hotspot Shield
    C:\Program Files\Web Assistant
    C:\Program Files\Giant Savings
    C:\Users\Pickles\AppData\Local\Giant Savings
    C:\Users\Pickles\AppData\Roaming\Babylon
    C:\ProgramData\Babylon
    C:\Users\Pickles\AppData\Roaming\Babylon
    C:\Users\Pickles\AppData\Roaming\uTorrent
    
    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
    [EMPTYFLASH] 
    [EMPTYJAVA]
    [DRIVES]
    [CREATERESTOREPOINT]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.


Things to include in your next reply::
TDSSkiller log
Combofix.txt
OTL fix log
How is your machine running now?

Edited by fireman4it, 15 August 2012 - 09:01 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 17 August 2012 - 11:13 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 stubaines

stubaines
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 19 August 2012 - 10:20 AM

Hi, sorry to disappear. I did step 1, 2 and 3 but then when my laptop reset it wouldn't let me into windows, saying that a file was missing and I needed to use my Windows CD to repair it. I had to back to parents house to get my Vista, which I couldn't do til this morning. Just repaired it and I can now access windows. The malware still seems to be there though.

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 19 August 2012 - 11:22 AM

Can you please post the logs along with exactly what it is doing.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 stubaines

stubaines
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 21 August 2012 - 07:12 AM

OK here's the TDSS txt from before my Windows broke and the OTL from this morning. Can't find the Combofix one from before, because it was when Combofix restarted that my laptop that Windows stopped working. Can try running it again if you want?

All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\system32\drivers\blbdrive.sys not found.
Service HssWd stopped successfully!
Service HssWd deleted successfully!
File C:\Program Files\Hotspot Shield\bin\hsswd.exe not found.
Service HssTrayService stopped successfully!
Service HssTrayService deleted successfully!
File C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE not found.
Service HssSrv stopped successfully!
Service HssSrv deleted successfully!
File C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe not found.
Service hshld stopped successfully!
Service hshld deleted successfully!
File C:\Program Files\Hotspot Shield\bin\openvpnas.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.
C:\Program Files\uTorrentControl2\prxtbuTor.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}(63)\searchplugin folder moved successfully.
C:\Users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}(63)\modules folder moved successfully.
C:\Users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}(63)\META-INF folder moved successfully.
C:\Users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}(63)\defaults folder moved successfully.
C:\Users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}(63)\components folder moved successfully.
C:\Users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}(63)\chrome folder moved successfully.
C:\Users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}(63) folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd not found.
FastUserSwitchingCompatibility removed from NetSvcs value successfully!
Nla removed from NetSvcs value successfully!
Ntmssvc removed from NetSvcs value successfully!
NWCWorkstation removed from NetSvcs value successfully!
Nwsapagent removed from NetSvcs value successfully!
SRService removed from NetSvcs value successfully!
WmdmPmSp removed from NetSvcs value successfully!
LogonHours removed from NetSvcs value successfully!
PCAudit removed from NetSvcs value successfully!
helpsvc removed from NetSvcs value successfully!
uploadmgr removed from NetSvcs value successfully!
========== FILES ==========
C:\Program Files\Hotspot Shield\log folder moved successfully.
C:\Program Files\Hotspot Shield\config\hss_data folder moved successfully.
C:\Program Files\Hotspot Shield\config folder moved successfully.
C:\Program Files\Hotspot Shield folder moved successfully.
C:\Program Files\Web Assistant\resources folder moved successfully.
C:\Program Files\Web Assistant\libraries folder moved successfully.
C:\Program Files\Web Assistant\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\Web Assistant\Firefox\defaults folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content\resources folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content\libraries folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome folder moved successfully.
C:\Program Files\Web Assistant\Firefox folder moved successfully.
C:\Program Files\Web Assistant folder moved successfully.
C:\Program Files\Giant Savings folder moved successfully.
C:\Users\Pickles\AppData\Local\Giant Savings\Chrome folder moved successfully.
C:\Users\Pickles\AppData\Local\Giant Savings folder moved successfully.
C:\Users\Pickles\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
File\Folder C:\Users\Pickles\AppData\Roaming\Babylon not found.
C:\Users\Pickles\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Pickles\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Pickles\AppData\Roaming\uTorrent folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Pickles
->Temp folder emptied: 3947699 bytes
->Temporary Internet Files folder emptied: 29305417 bytes
->FireFox cache emptied: 71874453 bytes
->Flash cache emptied: 57466 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 121324 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 100.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Pickles
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Pickles

User: Public

Total Java Files Cleaned = 0.00 mb

Error: Unable to interpret <[DRIVES]> in the current context!
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.57.0 log created on 08212012_125706

Files\Folders moved on Reboot...
C:\Users\Pickles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{15612F2C-7778-4AA0-AEBB-6E46D8162362}.tmp moved successfully.
C:\Users\Pickles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{35558B76-401F-4C6E-BDC4-546245E3EE8C}.tmp moved successfully.

PendingFileRenameOperations files...
File C:\Users\Pickles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{15612F2C-7778-4AA0-AEBB-6E46D8162362}.tmp not found!
File C:\Users\Pickles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{35558B76-401F-4C6E-BDC4-546245E3EE8C}.tmp not found!

Registry entries deleted on Reboot...

Attached Files


Edited by stubaines, 21 August 2012 - 07:23 AM.


#9 stubaines

stubaines
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 21 August 2012 - 07:24 AM

Struggled to fit this all in or attach it. First part attached to previous post...

12:03:31.0275 2632 PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
12:03:31.0275 2632 PptpMiniport - detected UnsignedFile.Multi.Generic (1)
12:03:31.0306 2632 [ 0e3cef5d28b40cf273281d620c50700a ] Processor C:\Windows\system32\drivers\processr.sys
12:03:31.0306 2632 Processor ( UnsignedFile.Multi.Generic ) - warning
12:03:31.0306 2632 Processor - detected UnsignedFile.Multi.Generic (1)
12:03:31.0353 2632 [ 213112e152e68f0e4705e36f052a2880 ] ProfSvc C:\Windows\system32\profsvc.dll
12:03:31.0400 2632 ProfSvc ( UnsignedFile.Multi.Generic ) - warning
12:03:31.0400 2632 ProfSvc - detected UnsignedFile.Multi.Generic (1)
12:03:31.0447 2632 [ c731b1fe449d4e9cea358c9d55b69be9 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:03:31.0447 2632 ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
12:03:31.0447 2632 ProtectedStorage - detected UnsignedFile.Multi.Generic (1)
12:03:31.0509 2632 [ b74edf14453c9987e99e66535047ebee ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:03:31.0540 2632 PSched ( UnsignedFile.Multi.Generic ) - warning
12:03:31.0540 2632 PSched - detected UnsignedFile.Multi.Generic (1)
12:03:31.0618 2632 [ 1962166e0ceb740704f30fa55ad3d509 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
12:03:31.0618 2632 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
12:03:31.0618 2632 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
12:03:31.0774 2632 [ ccdac889326317792480c0a67156a1ec ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:03:31.0962 2632 ql2300 ( UnsignedFile.Multi.Generic ) - warning
12:03:31.0962 2632 ql2300 - detected UnsignedFile.Multi.Generic (1)
12:03:32.0040 2632 [ 81a7e5c076e59995d54bc1ed3a16e60b ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:03:32.0071 2632 ql40xx ( UnsignedFile.Multi.Generic ) - warning
12:03:32.0071 2632 ql40xx - detected UnsignedFile.Multi.Generic (1)
12:03:32.0164 2632 [ ca61bdfd3713a7ce75f2812afc431594 ] QWAVE C:\Windows\system32\qwave.dll
12:03:32.0211 2632 QWAVE ( UnsignedFile.Multi.Generic ) - warning
12:03:32.0211 2632 QWAVE - detected UnsignedFile.Multi.Generic (1)
12:03:32.0274 2632 [ d2b3e2b7426dc23e185fbc73c8936c12 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:03:32.0289 2632 QWAVEdrv ( UnsignedFile.Multi.Generic ) - warning
12:03:32.0289 2632 QWAVEdrv - detected UnsignedFile.Multi.Generic (1)
12:03:32.0305 2632 [ bd7b30f55b3649506dd8b3d38f571d2a ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:03:32.0305 2632 RasAcd ( UnsignedFile.Multi.Generic ) - warning
12:03:32.0305 2632 RasAcd - detected UnsignedFile.Multi.Generic (1)
12:03:32.0336 2632 [ f14f4aab9f54d099fe99192bdb100ac9 ] RasAuto C:\Windows\System32\rasauto.dll
12:03:32.0367 2632 RasAuto ( UnsignedFile.Multi.Generic ) - warning
12:03:32.0367 2632 RasAuto - detected UnsignedFile.Multi.Generic (1)
12:03:32.0430 2632 [ 88587dd843e2059848995b407b67f6cf ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:03:32.0445 2632 Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
12:03:32.0445 2632 Rasl2tp - detected UnsignedFile.Multi.Generic (1)
12:03:32.0540 2632 [ 11d65e29bc9d1e4114d18fe68194394c ] RasMan C:\Windows\System32\rasmans.dll
12:03:32.0555 2632 RasMan ( UnsignedFile.Multi.Generic ) - warning
12:03:32.0555 2632 RasMan - detected UnsignedFile.Multi.Generic (1)
12:03:32.0633 2632 [ ccf4e9c6cbbac81437f88cb2ae0b6c96 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:03:32.0649 2632 RasPppoe ( UnsignedFile.Multi.Generic ) - warning
12:03:32.0649 2632 RasPppoe - detected UnsignedFile.Multi.Generic (1)
12:03:32.0665 2632 [ 54129c5d9581bbec8bd1ebd3ba813f47 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:03:32.0680 2632 rdbss ( UnsignedFile.Multi.Generic ) - warning
12:03:32.0680 2632 rdbss - detected UnsignedFile.Multi.Generic (1)
12:03:32.0743 2632 [ 794585276b5d7fca9f3fc15543f9f0b9 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:03:32.0758 2632 RDPCDD ( UnsignedFile.Multi.Generic ) - warning
12:03:32.0758 2632 RDPCDD - detected UnsignedFile.Multi.Generic (1)
12:03:32.0821 2632 [ e8bd98d46f2ed77132ba927fccb47d8b ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:03:32.0836 2632 rdpdr ( UnsignedFile.Multi.Generic ) - warning
12:03:32.0836 2632 rdpdr - detected UnsignedFile.Multi.Generic (1)
12:03:32.0836 2632 [ 980b56e2e273e19d3a9d72d5c420f008 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:03:32.0852 2632 RDPENCDD ( UnsignedFile.Multi.Generic ) - warning
12:03:32.0852 2632 RDPENCDD - detected UnsignedFile.Multi.Generic (1)
12:03:32.0867 2632 [ 8830e790a74a96605faba74f9665bb3c ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:03:32.0883 2632 RDPWD ( UnsignedFile.Multi.Generic ) - warning
12:03:32.0883 2632 RDPWD - detected UnsignedFile.Multi.Generic (1)
12:03:32.0914 2632 [ 6c1a43c589ee8011a1ebfd51c01b77ce ] RemoteAccess C:\Windows\System32\mprdim.dll
12:03:32.0930 2632 RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
12:03:32.0930 2632 RemoteAccess - detected UnsignedFile.Multi.Generic (1)
12:03:32.0961 2632 [ 9a043808667c8c1893da7275af373f0e ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:03:32.0992 2632 RemoteRegistry ( UnsignedFile.Multi.Generic ) - warning
12:03:32.0992 2632 RemoteRegistry - detected UnsignedFile.Multi.Generic (1)
12:03:33.0008 2632 [ 5123f83cbc4349d065534eeb6bbdc42b ] RpcLocator C:\Windows\system32\locator.exe
12:03:33.0023 2632 RpcLocator ( UnsignedFile.Multi.Generic ) - warning
12:03:33.0023 2632 RpcLocator - detected UnsignedFile.Multi.Generic (1)
12:03:33.0055 2632 [ 7b981222a257d076885bffb66f19b7ce ] RpcSs C:\Windows\system32\rpcss.dll
12:03:33.0070 2632 RpcSs ( UnsignedFile.Multi.Generic ) - warning
12:03:33.0070 2632 RpcSs - detected UnsignedFile.Multi.Generic (1)
12:03:33.0164 2632 [ 4ada96cdedca3ca8dd70f51575f6a7af ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
12:03:33.0179 2632 RSPCIESTOR ( UnsignedFile.Multi.Generic ) - warning
12:03:33.0179 2632 RSPCIESTOR - detected UnsignedFile.Multi.Generic (1)
12:03:33.0226 2632 [ 97e939d2128fec5d5a3e6e79b290a2f4 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:03:33.0242 2632 rspndr ( UnsignedFile.Multi.Generic ) - warning
12:03:33.0242 2632 rspndr - detected UnsignedFile.Multi.Generic (1)
12:03:33.0289 2632 [ 2d19a7469ea19993d0c12e627f4530bc ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
12:03:33.0304 2632 RTL8169 ( UnsignedFile.Multi.Generic ) - warning
12:03:33.0304 2632 RTL8169 - detected UnsignedFile.Multi.Generic (1)
12:03:33.0367 2632 [ c731b1fe449d4e9cea358c9d55b69be9 ] SamSs C:\Windows\system32\lsass.exe
12:03:33.0382 2632 SamSs ( UnsignedFile.Multi.Generic ) - warning
12:03:33.0382 2632 SamSs - detected UnsignedFile.Multi.Generic (1)
12:03:33.0914 2632 [ c7d53053541a448febb1373abbaf79ef ] SBAMSvc C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
12:03:34.0023 2632 SBAMSvc ( UnsignedFile.Multi.Generic ) - warning
12:03:34.0023 2632 SBAMSvc - detected UnsignedFile.Multi.Generic (1)
12:03:34.0163 2632 [ 3d6ba67c758735918e323d4d6f64449a ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
12:03:34.0163 2632 sbapifs ( UnsignedFile.Multi.Generic ) - warning
12:03:34.0163 2632 sbapifs - detected UnsignedFile.Multi.Generic (1)
12:03:34.0210 2632 [ 9c9bcc79aef0aa97f16766c498002d36 ] SbFw C:\Windows\system32\drivers\SbFw.sys
12:03:34.0210 2632 SbFw ( UnsignedFile.Multi.Generic ) - warning
12:03:34.0210 2632 SbFw - detected UnsignedFile.Multi.Generic (1)
12:03:34.0226 2632 [ f27b38d70b7621378161d6f48be04d2c ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
12:03:34.0226 2632 SBFWIMCL ( UnsignedFile.Multi.Generic ) - warning
12:03:34.0226 2632 SBFWIMCL - detected UnsignedFile.Multi.Generic (1)
12:03:34.0241 2632 [ f27b38d70b7621378161d6f48be04d2c ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
12:03:34.0241 2632 SBFWIMCLMP ( UnsignedFile.Multi.Generic ) - warning
12:03:34.0241 2632 SBFWIMCLMP - detected UnsignedFile.Multi.Generic (1)
12:03:34.0272 2632 [ 53e5e7dc26bb920b97f258bbd52abfdc ] sbhips C:\Windows\system32\drivers\sbhips.sys
12:03:34.0304 2632 sbhips ( UnsignedFile.Multi.Generic ) - warning
12:03:34.0304 2632 sbhips - detected UnsignedFile.Multi.Generic (1)
12:03:34.0350 2632 [ 3ce8f073a557e172b330109436984e30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:03:34.0350 2632 sbp2port ( UnsignedFile.Multi.Generic ) - warning
12:03:34.0350 2632 sbp2port - detected UnsignedFile.Multi.Generic (1)
12:03:34.0428 2632 [ 0505da5d357f18a5d42fc5dede6bc9a0 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
12:03:34.0428 2632 SBRE ( UnsignedFile.Multi.Generic ) - warning
12:03:34.0428 2632 SBRE - detected UnsignedFile.Multi.Generic (1)
12:03:34.0522 2632 [ 6468e2973e04525decc105947ddd0d34 ] SbTis C:\Windows\system32\drivers\sbtis.sys
12:03:34.0522 2632 SbTis ( UnsignedFile.Multi.Generic ) - warning
12:03:34.0522 2632 SbTis - detected UnsignedFile.Multi.Generic (1)
12:03:34.0600 2632 [ 565b4b9e5ad2f2f18a4f8aafa6c06bbb ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:03:34.0662 2632 SCardSvr ( UnsignedFile.Multi.Generic ) - warning
12:03:34.0662 2632 SCardSvr - detected UnsignedFile.Multi.Generic (1)
12:03:34.0896 2632 [ 886cec884b5be29ab9828b8ab46b11f7 ] Schedule C:\Windows\system32\schedsvc.dll
12:03:35.0162 2632 Schedule ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0162 2632 Schedule - detected UnsignedFile.Multi.Generic (1)
12:03:35.0208 2632 [ 3b68015683c27cb00c7a6b60a37cbcfd ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
12:03:35.0208 2632 SCMNdisP ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0208 2632 SCMNdisP - detected UnsignedFile.Multi.Generic (1)
12:03:35.0271 2632 [ 0600e04315fe543802a379d5d23c8be0 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:03:35.0286 2632 SCPolicySvc ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0286 2632 SCPolicySvc - detected UnsignedFile.Multi.Generic (1)
12:03:35.0318 2632 [ f7b6bf02240d0a764adf8c8966735552 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:03:35.0333 2632 SDRSVC ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0333 2632 SDRSVC - detected UnsignedFile.Multi.Generic (1)
12:03:35.0364 2632 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:03:35.0380 2632 secdrv ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0380 2632 secdrv - detected UnsignedFile.Multi.Generic (1)
12:03:35.0427 2632 [ 8388c4133ddbe62ad7bc3ec9f14271ed ] seclogon C:\Windows\system32\seclogon.dll
12:03:35.0442 2632 seclogon ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0442 2632 seclogon - detected UnsignedFile.Multi.Generic (1)
12:03:35.0520 2632 [ 34350ae2c1d33d21c7305f861bd8dad8 ] SENS C:\Windows\system32\sens.dll
12:03:35.0552 2632 SENS ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0552 2632 SENS - detected UnsignedFile.Multi.Generic (1)
12:03:35.0567 2632 [ 68e44e331d46f0fb38f0863a84cd1a31 ] Serenum C:\Windows\system32\drivers\serenum.sys
12:03:35.0583 2632 Serenum ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0583 2632 Serenum - detected UnsignedFile.Multi.Generic (1)
12:03:35.0614 2632 [ c70d69a918b178d3c3b06339b40c2e1b ] Serial C:\Windows\system32\drivers\serial.sys
12:03:35.0614 2632 Serial ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0614 2632 Serial - detected UnsignedFile.Multi.Generic (1)
12:03:35.0630 2632 [ 450accd77ec5cea720c1cdb9e26b953b ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:03:35.0645 2632 sermouse ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0645 2632 sermouse - detected UnsignedFile.Multi.Generic (1)
12:03:35.0801 2632 [ 9d38320bb32230349379df5ddbbf7fce ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
12:03:35.0817 2632 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0817 2632 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
12:03:35.0879 2632 [ 78878235da4df0d116e86837a0a21df8 ] SessionEnv C:\Windows\system32\sessenv.dll
12:03:35.0910 2632 SessionEnv ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0910 2632 SessionEnv - detected UnsignedFile.Multi.Generic (1)
12:03:35.0957 2632 [ 103b79418da647736ee95645f305f68a ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:03:35.0957 2632 sffdisk ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0957 2632 sffdisk - detected UnsignedFile.Multi.Generic (1)
12:03:35.0973 2632 [ 8fd08a310645fe872eeec6e08c6bf3ee ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:03:35.0973 2632 sffp_mmc ( UnsignedFile.Multi.Generic ) - warning
12:03:35.0973 2632 sffp_mmc - detected UnsignedFile.Multi.Generic (1)
12:03:35.0988 2632 [ 9cfa05fcfcb7124e69cfc812b72f9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:03:36.0004 2632 sffp_sd ( UnsignedFile.Multi.Generic ) - warning
12:03:36.0004 2632 sffp_sd - detected UnsignedFile.Multi.Generic (1)
12:03:36.0020 2632 [ 46ed8e91793b2e6f848015445a0ac188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:03:36.0035 2632 sfloppy ( UnsignedFile.Multi.Generic ) - warning
12:03:36.0035 2632 sfloppy - detected UnsignedFile.Multi.Generic (1)
12:03:36.0160 2632 [ 11aac56c04d26195d21c4f5229db4726 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:03:36.0222 2632 SharedAccess ( UnsignedFile.Multi.Generic ) - warning
12:03:36.0222 2632 SharedAccess - detected UnsignedFile.Multi.Generic (1)
12:03:36.0363 2632 [ b264dfa21677728613267fe63802b332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:03:36.0410 2632 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
12:03:36.0410 2632 ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
12:03:36.0472 2632 [ d2a595d6eebeeaf4334f8e50efbc9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:03:36.0472 2632 sisagp ( UnsignedFile.Multi.Generic ) - warning
12:03:36.0472 2632 sisagp - detected UnsignedFile.Multi.Generic (1)
12:03:36.0534 2632 [ cedd6f4e7d84e9f98b34b3fe988373aa ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:03:36.0534 2632 SiSRaid2 ( UnsignedFile.Multi.Generic ) - warning
12:03:36.0534 2632 SiSRaid2 - detected UnsignedFile.Multi.Generic (1)
12:03:36.0612 2632 [ df843c528c4f69d12ce41ce462e973a7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:03:36.0644 2632 SiSRaid4 ( UnsignedFile.Multi.Generic ) - warning
12:03:36.0644 2632 SiSRaid4 - detected UnsignedFile.Multi.Generic (1)
12:03:36.0831 2632 [ 7610645679bb5994210d21a347e0c479 ] slsvc C:\Windows\system32\SLsvc.exe
12:03:37.0346 2632 slsvc ( UnsignedFile.Multi.Generic ) - warning
12:03:37.0346 2632 slsvc - detected UnsignedFile.Multi.Generic (1)
12:03:37.0548 2632 [ 49670f3e42a0178a0ab425ae15d88e7c ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:03:37.0595 2632 SLUINotify ( UnsignedFile.Multi.Generic ) - warning
12:03:37.0595 2632 SLUINotify - detected UnsignedFile.Multi.Generic (1)
12:03:37.0626 2632 [ ac0d90738adb51a6fd12ff00874a2162 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:03:37.0658 2632 Smb ( UnsignedFile.Multi.Generic ) - warning
12:03:37.0658 2632 Smb - detected UnsignedFile.Multi.Generic (1)
12:03:37.0798 2632 [ 2a146a055b4401c16ee62d18b8e2a032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:03:37.0829 2632 SNMPTRAP ( UnsignedFile.Multi.Generic ) - warning
12:03:37.0829 2632 SNMPTRAP - detected UnsignedFile.Multi.Generic (1)
12:03:38.0001 2632 [ 426f9b029aa9162ceccf65369457d046 ] spldr C:\Windows\system32\drivers\spldr.sys
12:03:38.0001 2632 spldr ( UnsignedFile.Multi.Generic ) - warning
12:03:38.0001 2632 spldr - detected UnsignedFile.Multi.Generic (1)
12:03:38.0048 2632 [ da612ef2556776df2630b68bf2d48935 ] Spooler C:\Windows\System32\spoolsv.exe
12:03:38.0079 2632 Spooler ( UnsignedFile.Multi.Generic ) - warning
12:03:38.0079 2632 Spooler - detected UnsignedFile.Multi.Generic (1)
12:03:38.0172 2632 [ 038579c35f7cad4a4bbf735dbf83277d ] srv C:\Windows\system32\DRIVERS\srv.sys
12:03:38.0204 2632 srv ( UnsignedFile.Multi.Generic ) - warning
12:03:38.0204 2632 srv - detected UnsignedFile.Multi.Generic (1)
12:03:38.0266 2632 [ 6971a757af8cb5e2cbcbb76cc530db6c ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:03:38.0313 2632 srv2 ( UnsignedFile.Multi.Generic ) - warning
12:03:38.0313 2632 srv2 - detected UnsignedFile.Multi.Generic (1)
12:03:38.0360 2632 [ 9e1a4603b874eebce0298113951abefb ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:03:38.0406 2632 srvnet ( UnsignedFile.Multi.Generic ) - warning
12:03:38.0406 2632 srvnet - detected UnsignedFile.Multi.Generic (1)
12:03:38.0453 2632 [ 8d3e4baff8b3997138c38eb1b600519a ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:03:38.0469 2632 SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
12:03:38.0469 2632 SSDPSRV - detected UnsignedFile.Multi.Generic (1)
12:03:38.0640 2632 [ a941e099ef46e3cc12f898cbe1c39910 ] stisvc C:\Windows\System32\wiaservc.dll
12:03:38.0687 2632 stisvc ( UnsignedFile.Multi.Generic ) - warning
12:03:38.0687 2632 stisvc - detected UnsignedFile.Multi.Generic (1)
12:03:38.0828 2632 [ 1379bdb336f8158c176a465e30759f57 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:03:38.0828 2632 swenum ( UnsignedFile.Multi.Generic ) - warning
12:03:38.0828 2632 swenum - detected UnsignedFile.Multi.Generic (1)
12:03:38.0906 2632 [ 749ada8d6c18a08adfede69cbf5db2e0 ] swprv C:\Windows\System32\swprv.dll
12:03:39.0233 2632 swprv ( UnsignedFile.Multi.Generic ) - warning
12:03:39.0233 2632 swprv - detected UnsignedFile.Multi.Generic (1)
12:03:39.0311 2632 [ 192aa3ac01df071b541094f251deed10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:03:39.0327 2632 Symc8xx ( UnsignedFile.Multi.Generic ) - warning
12:03:39.0327 2632 Symc8xx - detected UnsignedFile.Multi.Generic (1)
12:03:39.0374 2632 [ 8c8eb8c76736ebaf3b13b633b2e64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:03:39.0389 2632 Sym_hi ( UnsignedFile.Multi.Generic ) - warning
12:03:39.0389 2632 Sym_hi - detected UnsignedFile.Multi.Generic (1)
12:03:39.0452 2632 [ 8072af52b5fd103bbba387a1e49f62cb ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:03:39.0467 2632 Sym_u3 ( UnsignedFile.Multi.Generic ) - warning
12:03:39.0467 2632 Sym_u3 - detected UnsignedFile.Multi.Generic (1)
12:03:39.0592 2632 [ c1fdff9afd8c6c905485981b41dcfb40 ] SysMain C:\Windows\system32\sysmain.dll
12:03:39.0686 2632 SysMain ( UnsignedFile.Multi.Generic ) - warning
12:03:39.0686 2632 SysMain - detected UnsignedFile.Multi.Generic (1)
12:03:39.0764 2632 [ 2dca225eae15f42c0933e998ee0231c3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:03:39.0826 2632 TabletInputService ( UnsignedFile.Multi.Generic ) - warning
12:03:39.0826 2632 TabletInputService - detected UnsignedFile.Multi.Generic (1)
12:03:39.0873 2632 [ 0c3b2a9c4bd2dd9a6c2e4084314dd719 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
12:03:39.0873 2632 taphss ( UnsignedFile.Multi.Generic ) - warning
12:03:39.0873 2632 taphss - detected UnsignedFile.Multi.Generic (1)
12:03:39.0951 2632 [ ef3dd33c740fc2f82e7e4622f1c49289 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:03:39.0998 2632 TapiSrv ( UnsignedFile.Multi.Generic ) - warning
12:03:39.0998 2632 TapiSrv - detected UnsignedFile.Multi.Generic (1)
12:03:40.0029 2632 [ 68fa52794ae9acc61bde16fe0956b414 ] TBS C:\Windows\System32\tbssvc.dll
12:03:40.0044 2632 TBS ( UnsignedFile.Multi.Generic ) - warning
12:03:40.0044 2632 TBS - detected UnsignedFile.Multi.Generic (1)
12:03:40.0356 2632 [ 4a82fa8f0df67aa354580c3faaf8bde3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:03:40.0778 2632 Tcpip ( UnsignedFile.Multi.Generic ) - warning
12:03:40.0778 2632 Tcpip - detected UnsignedFile.Multi.Generic (1)
12:03:41.0043 2632 [ 4a82fa8f0df67aa354580c3faaf8bde3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:03:41.0199 2632 Tcpip6 ( UnsignedFile.Multi.Generic ) - warning
12:03:41.0199 2632 Tcpip6 - detected UnsignedFile.Multi.Generic (1)
12:03:41.0308 2632 [ 5ce0c4a7b12d0067dad527d72b68c726 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:03:41.0355 2632 tcpipreg ( UnsignedFile.Multi.Generic ) - warning
12:03:41.0355 2632 tcpipreg - detected UnsignedFile.Multi.Generic (1)
12:03:41.0370 2632 [ 964248aef49c31fa6a93201a73ffaf50 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:03:41.0386 2632 TDPIPE ( UnsignedFile.Multi.Generic ) - warning
12:03:41.0386 2632 TDPIPE - detected UnsignedFile.Multi.Generic (1)
12:03:41.0433 2632 [ 7d2c1ae1648a60fce4aa0f7982e419d3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:03:41.0448 2632 TDTCP ( UnsignedFile.Multi.Generic ) - warning
12:03:41.0448 2632 TDTCP - detected UnsignedFile.Multi.Generic (1)
12:03:41.0511 2632 [ ab4fde8af4a0270a46a001c08cbce1c2 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:03:41.0542 2632 tdx ( UnsignedFile.Multi.Generic ) - warning
12:03:41.0542 2632 tdx - detected UnsignedFile.Multi.Generic (1)
12:03:41.0589 2632 [ 2c549bd9dd091fbfaa0a2a48e82ec2fb ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:03:41.0589 2632 TermDD ( UnsignedFile.Multi.Generic ) - warning
12:03:41.0589 2632 TermDD - detected UnsignedFile.Multi.Generic (1)
12:03:41.0760 2632 [ fad71c1e8e4047b154e899ae31eb8caa ] TermService C:\Windows\System32\termsrv.dll
12:03:41.0838 2632 TermService ( UnsignedFile.Multi.Generic ) - warning
12:03:41.0838 2632 TermService - detected UnsignedFile.Multi.Generic (1)
12:03:41.0885 2632 [ b264dfa21677728613267fe63802b332 ] Themes C:\Windows\system32\shsvcs.dll
12:03:41.0885 2632 Themes ( UnsignedFile.Multi.Generic ) - warning
12:03:41.0885 2632 Themes - detected UnsignedFile.Multi.Generic (1)
12:03:42.0010 2632 [ 9dfa3a459af0954aa85b4f7622ad87bb ] THREADORDER C:\Windows\system32\mmcss.dll
12:03:42.0010 2632 THREADORDER ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0010 2632 THREADORDER - detected UnsignedFile.Multi.Generic (1)
12:03:42.0072 2632 [ 6bba0582c0025d43729a1112d3b57897 ] TrkWks C:\Windows\System32\trkwks.dll
12:03:42.0072 2632 TrkWks ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0072 2632 TrkWks - detected UnsignedFile.Multi.Generic (1)
12:03:42.0182 2632 [ 34e388a395fedba1d0511ed39bbf4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:03:42.0197 2632 TrustedInstaller ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0197 2632 TrustedInstaller - detected UnsignedFile.Multi.Generic (1)
12:03:42.0244 2632 [ 29f0eca726f0d51f7e048bdb0b372f29 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:03:42.0275 2632 tssecsrv ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0275 2632 tssecsrv - detected UnsignedFile.Multi.Generic (1)
12:03:42.0322 2632 [ 65e953bc0084d44498b51f59784d2a82 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:03:42.0322 2632 tunmp ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0322 2632 tunmp - detected UnsignedFile.Multi.Generic (1)
12:03:42.0353 2632 [ 4a39bda5e0fd30bdf4884f9d33ae6105 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:03:42.0353 2632 tunnel ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0353 2632 tunnel - detected UnsignedFile.Multi.Generic (1)
12:03:42.0400 2632 [ c3ade15414120033a36c0f293d4a4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:03:42.0416 2632 uagp35 ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0416 2632 uagp35 - detected UnsignedFile.Multi.Generic (1)
12:03:42.0478 2632 [ 6348da98707ceda8a0dfb05820e17732 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:03:42.0494 2632 udfs ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0494 2632 udfs - detected UnsignedFile.Multi.Generic (1)
12:03:42.0587 2632 [ 24a333f4f14dcfb6ff6d5a1b9e5d79dd ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:03:42.0603 2632 UI0Detect ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0603 2632 UI0Detect - detected UnsignedFile.Multi.Generic (1)
12:03:42.0618 2632 [ 75e6890ebfce0841d3291b02e7a8bdb0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:03:42.0618 2632 uliagpkx ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0618 2632 uliagpkx - detected UnsignedFile.Multi.Generic (1)
12:03:42.0665 2632 [ 3cd4ea35a6221b85dcc25daa46313f8d ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:03:42.0681 2632 uliahci ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0681 2632 uliahci - detected UnsignedFile.Multi.Generic (1)
12:03:42.0696 2632 [ 8514d0e5cd0534467c5fc61be94a569f ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:03:42.0696 2632 UlSata ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0696 2632 UlSata - detected UnsignedFile.Multi.Generic (1)
12:03:42.0712 2632 [ 38c3c6e62b157a6bc46594fada45c62b ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:03:42.0728 2632 ulsata2 ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0728 2632 ulsata2 - detected UnsignedFile.Multi.Generic (1)
12:03:42.0743 2632 [ 3fb78f1d1dd86d87bececd9dffa24dd9 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:03:42.0759 2632 umbus ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0759 2632 umbus - detected UnsignedFile.Multi.Generic (1)
12:03:42.0868 2632 [ 8eb871a3deb6b3d5a85eb6ddfc390b59 ] upnphost C:\Windows\System32\upnphost.dll
12:03:42.0884 2632 upnphost ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0884 2632 upnphost - detected UnsignedFile.Multi.Generic (1)
12:03:42.0930 2632 [ 47f5f9d837d80ffd5882a14db9da0a67 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
12:03:42.0946 2632 upperdev ( UnsignedFile.Multi.Generic ) - warning
12:03:42.0946 2632 upperdev - detected UnsignedFile.Multi.Generic (1)
12:03:42.0993 2632 [ eafe1e00739afe6c51487a050e772e17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
12:03:43.0008 2632 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0008 2632 USBAAPL - detected UnsignedFile.Multi.Generic (1)
12:03:43.0040 2632 [ 8bd3ae150d97ba4e633c6c5c51b41ae1 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:03:43.0040 2632 usbccgp ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0040 2632 usbccgp - detected UnsignedFile.Multi.Generic (1)
12:03:43.0071 2632 [ e9476e6c486e76bc4898074768fb7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:03:43.0133 2632 usbcir ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0133 2632 usbcir - detected UnsignedFile.Multi.Generic (1)
12:03:43.0164 2632 [ 63fe924d8a1113c3ba6750693fbec7d3 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:03:43.0180 2632 usbehci ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0180 2632 usbehci - detected UnsignedFile.Multi.Generic (1)
12:03:43.0196 2632 [ 5edec5510592c905e91817707dce62a2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:03:43.0211 2632 usbhub ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0211 2632 usbhub - detected UnsignedFile.Multi.Generic (1)
12:03:43.0227 2632 [ 38dbc7dd6cc5a72011f187425384388b ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:03:43.0227 2632 usbohci ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0227 2632 usbohci - detected UnsignedFile.Multi.Generic (1)
12:03:43.0242 2632 [ b51e52acf758be00ef3a58ea452fe360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:03:43.0242 2632 usbprint ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0242 2632 usbprint - detected UnsignedFile.Multi.Generic (1)
12:03:43.0289 2632 [ c0488cc01a1c686b08a3d360c7f50324 ] usbser C:\Windows\system32\drivers\usbser.sys
12:03:43.0305 2632 usbser ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0305 2632 usbser - detected UnsignedFile.Multi.Generic (1)
12:03:43.0320 2632 [ e44f0d17be0908b58dcc99ccb99c6c32 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
12:03:43.0320 2632 UsbserFilt ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0320 2632 UsbserFilt - detected UnsignedFile.Multi.Generic (1)
12:03:43.0336 2632 [ fdbaabf07244c60b0f4e0a6e71a107c6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:03:43.0352 2632 USBSTOR ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0352 2632 USBSTOR - detected UnsignedFile.Multi.Generic (1)
12:03:43.0383 2632 [ 325dbbacb8a36af9988ccf40eac228cc ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:03:43.0383 2632 usbuhci ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0383 2632 usbuhci - detected UnsignedFile.Multi.Generic (1)
12:03:43.0430 2632 [ 0a6b81f01bc86399482e27e6fda7b33b ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:03:43.0445 2632 usbvideo ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0445 2632 usbvideo - detected UnsignedFile.Multi.Generic (1)
12:03:43.0476 2632 [ f79d0d7c9004474cb42746d9b2c30a2b ] UxSms C:\Windows\System32\uxsms.dll
12:03:43.0492 2632 UxSms ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0492 2632 UxSms - detected UnsignedFile.Multi.Generic (1)
12:03:43.0508 2632 [ c9d0bafee0d0a2681f048ca61bc0da96 ] vds C:\Windows\System32\vds.exe
12:03:43.0523 2632 vds ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0523 2632 vds - detected UnsignedFile.Multi.Generic (1)
12:03:43.0570 2632 [ 7d92be0028ecdedec74617009084b5ef ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:03:43.0586 2632 vga ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0586 2632 vga - detected UnsignedFile.Multi.Generic (1)
12:03:43.0601 2632 [ 17a8f877314e4067f8c8172cc6d9101c ] VgaSave C:\Windows\System32\drivers\vga.sys
12:03:43.0601 2632 VgaSave ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0601 2632 VgaSave - detected UnsignedFile.Multi.Generic (1)
12:03:43.0617 2632 [ 045d9961e591cf0674a920b6ba3ba5cb ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:03:43.0632 2632 viaagp ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0632 2632 viaagp - detected UnsignedFile.Multi.Generic (1)
12:03:43.0695 2632 [ 56a4de5f02f2e88182b0981119b4dd98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:03:43.0695 2632 ViaC7 ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0695 2632 ViaC7 - detected UnsignedFile.Multi.Generic (1)
12:03:43.0726 2632 [ fd2e3175fcada350c7ab4521dca187ec ] viaide C:\Windows\system32\drivers\viaide.sys
12:03:43.0726 2632 viaide ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0726 2632 viaide - detected UnsignedFile.Multi.Generic (1)
12:03:43.0804 2632 [ 103e84c95832d0ed93507997cc7b54e8 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:03:43.0835 2632 volmgr ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0835 2632 volmgr - detected UnsignedFile.Multi.Generic (1)
12:03:43.0866 2632 [ 294da8d3f965f6a8db934a83c7b461ff ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:03:43.0866 2632 volmgrx ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0866 2632 volmgrx - detected UnsignedFile.Multi.Generic (1)
12:03:43.0898 2632 [ 11ef6c1caef76b685233450a126125d6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:03:43.0913 2632 volsnap ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0913 2632 volsnap - detected UnsignedFile.Multi.Generic (1)
12:03:43.0929 2632 [ d984439746d42b30fc65a4c3546c6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:03:43.0929 2632 vsmraid ( UnsignedFile.Multi.Generic ) - warning
12:03:43.0929 2632 vsmraid - detected UnsignedFile.Multi.Generic (1)
12:03:44.0116 2632 [ e0e29d9ef2524abd11749c7c2fd7f607 ] VSS C:\Windows\system32\vssvc.exe
12:03:44.0163 2632 VSS ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0163 2632 VSS - detected UnsignedFile.Multi.Generic (1)
12:03:44.0178 2632 [ 62b0d0f6f5580d9d0dfa5e0b466ff2ed ] W32Time C:\Windows\system32\w32time.dll
12:03:44.0194 2632 W32Time ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0194 2632 W32Time - detected UnsignedFile.Multi.Generic (1)
12:03:44.0256 2632 [ 48dfee8f1af7c8235d4e626f0c4fe031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:03:44.0256 2632 WacomPen ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0256 2632 WacomPen - detected UnsignedFile.Multi.Generic (1)
12:03:44.0272 2632 [ 6e1a5be9a0605f3d932ff35fba2b22b3 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:03:44.0288 2632 Wanarp ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0288 2632 Wanarp - detected UnsignedFile.Multi.Generic (1)
12:03:44.0288 2632 [ 6e1a5be9a0605f3d932ff35fba2b22b3 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:03:44.0288 2632 Wanarpv6 ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0288 2632 Wanarpv6 - detected UnsignedFile.Multi.Generic (1)
12:03:44.0334 2632 [ c1b19162e0509ceab4cdf664e139d956 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:03:44.0334 2632 wcncsvc ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0334 2632 wcncsvc - detected UnsignedFile.Multi.Generic (1)
12:03:44.0350 2632 [ 11bcb7afcdd7aadacb5746f544d3a9c7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:03:44.0366 2632 WcsPlugInService ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0366 2632 WcsPlugInService - detected UnsignedFile.Multi.Generic (1)
12:03:44.0397 2632 [ afc5ad65b991c1e205cf25cfdbf7a6f4 ] Wd C:\Windows\system32\drivers\wd.sys
12:03:44.0397 2632 Wd ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0397 2632 Wd - detected UnsignedFile.Multi.Generic (1)
12:03:44.0506 2632 [ 9950e3d0f08141c7e89e64456ae7dc73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:03:44.0522 2632 Wdf01000 ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0522 2632 Wdf01000 - detected UnsignedFile.Multi.Generic (1)
12:03:44.0537 2632 [ 2a424b89b14ef17a3d06bcb5a8f79601 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:03:44.0553 2632 WdiServiceHost ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0553 2632 WdiServiceHost - detected UnsignedFile.Multi.Generic (1)
12:03:44.0553 2632 [ 2a424b89b14ef17a3d06bcb5a8f79601 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:03:44.0568 2632 WdiSystemHost ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0568 2632 WdiSystemHost - detected UnsignedFile.Multi.Generic (1)
12:03:44.0693 2632 [ efb3074bdbabe0a137d89d8e58f02392 ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
12:03:44.0709 2632 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0709 2632 Web Assistant Updater - detected UnsignedFile.Multi.Generic (1)
12:03:44.0771 2632 [ 01e41c264eedcb827820a1909162579f ] WebClient C:\Windows\System32\webclnt.dll
12:03:44.0787 2632 WebClient ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0787 2632 WebClient - detected UnsignedFile.Multi.Generic (1)
12:03:44.0818 2632 [ 9cf67ff7f8d34cbf115d0c278b9f74aa ] Wecsvc C:\Windows\system32\wecsvc.dll
12:03:44.0834 2632 Wecsvc ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0834 2632 Wecsvc - detected UnsignedFile.Multi.Generic (1)
12:03:44.0849 2632 [ b68cab45db1dab59d92acadfad6364a8 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:03:44.0865 2632 wercplsupport ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0865 2632 wercplsupport - detected UnsignedFile.Multi.Generic (1)
12:03:44.0896 2632 [ 36ba0707680ef4236fd752bee982cc25 ] WerSvc C:\Windows\System32\WerSvc.dll
12:03:44.0912 2632 WerSvc ( UnsignedFile.Multi.Generic ) - warning
12:03:44.0912 2632 WerSvc - detected UnsignedFile.Multi.Generic (1)
12:03:44.0990 2632 [ 5c7bdcf5864db00323fe2d90fa26a8a2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
12:03:45.0021 2632 winachsf ( UnsignedFile.Multi.Generic ) - warning
12:03:45.0021 2632 winachsf - detected UnsignedFile.Multi.Generic (1)
12:03:45.0130 2632 [ ec0180032c6d201ef26fad1a0c14e674 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:03:45.0146 2632 WinDefend ( UnsignedFile.Multi.Generic ) - warning
12:03:45.0146 2632 WinDefend - detected UnsignedFile.Multi.Generic (1)
12:03:45.0161 2632 WinHttpAutoProxySvc - ok
12:03:45.0286 2632 [ 38a7b89de4e3417c122317949667fdd8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:03:45.0302 2632 Winmgmt ( UnsignedFile.Multi.Generic ) - warning
12:03:45.0302 2632 Winmgmt - detected UnsignedFile.Multi.Generic (1)
12:03:45.0348 2632 [ 3f6823040030c3e4da1cf11cd40b7534 ] WinRM C:\Windows\system32\WsmSvc.dll
12:03:45.0442 2632 WinRM ( UnsignedFile.Multi.Generic ) - warning
12:03:45.0442 2632 WinRM - detected UnsignedFile.Multi.Generic (1)
12:03:45.0536 2632 [ 7640acea41348bfef34b76e245501261 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:03:45.0567 2632 Wlansvc ( UnsignedFile.Multi.Generic ) - warning
12:03:45.0567 2632 Wlansvc - detected UnsignedFile.Multi.Generic (1)
12:03:45.0629 2632 [ 701a9f884a294327e9141d73746ee279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:03:45.0645 2632 WmiAcpi ( UnsignedFile.Multi.Generic ) - warning
12:03:45.0645 2632 WmiAcpi - detected UnsignedFile.Multi.Generic (1)
12:03:45.0723 2632 [ a279323bee5fffafda222910bce92132 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:03:45.0723 2632 wmiApSrv ( UnsignedFile.Multi.Generic ) - warning
12:03:45.0723 2632 wmiApSrv - detected UnsignedFile.Multi.Generic (1)
12:03:46.0035 2632 [ acb2e63d50157e3ea7140f29d9e76a48 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:03:46.0160 2632 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
12:03:46.0160 2632 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
12:03:46.0222 2632 [ 3d3b3b80c12abe506f56930c46422c28 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:03:46.0269 2632 WPCSvc ( UnsignedFile.Multi.Generic ) - warning
12:03:46.0269 2632 WPCSvc - detected UnsignedFile.Multi.Generic (1)
12:03:46.0316 2632 [ c24844a1d0d9528b19d5bc266b8cd572 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:03:46.0362 2632 WPDBusEnum ( UnsignedFile.Multi.Generic ) - warning
12:03:46.0362 2632 WPDBusEnum - detected UnsignedFile.Multi.Generic (1)
12:03:46.0659 2632 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:03:46.0893 2632 WPFFontCache_v0400 ( UnsignedFile.Multi.Generic ) - warning
12:03:46.0893 2632 WPFFontCache_v0400 - detected UnsignedFile.Multi.Generic (1)
12:03:46.0940 2632 [ 84620aecdcfd2a7a14e6263927d8c0ed ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:03:46.0940 2632 ws2ifsl ( UnsignedFile.Multi.Generic ) - warning
12:03:46.0940 2632 ws2ifsl - detected UnsignedFile.Multi.Generic (1)
12:03:46.0986 2632 [ f97cbb919af6d0a6643d1a59c15014d1 ] wscsvc C:\Windows\system32\wscsvc.dll
12:03:47.0002 2632 wscsvc ( UnsignedFile.Multi.Generic ) - warning
12:03:47.0002 2632 wscsvc - detected UnsignedFile.Multi.Generic (1)
12:03:47.0002 2632 WSearch - ok
12:03:47.0127 2632 [ 76fbefab6677af9c498116f1aaea8bdb ] WSWNA3100 C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
12:03:47.0142 2632 WSWNA3100 ( UnsignedFile.Multi.Generic ) - warning
12:03:47.0142 2632 WSWNA3100 - detected UnsignedFile.Multi.Generic (1)
12:03:47.0236 2632 [ 6298277b73c77fa99106b271a7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
12:03:47.0298 2632 wuauserv ( UnsignedFile.Multi.Generic ) - warning
12:03:47.0298 2632 wuauserv - detected UnsignedFile.Multi.Generic (1)
12:03:47.0392 2632 [ a2aafcc8a204736296d937c7c545b53f ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:03:47.0408 2632 WUDFRd ( UnsignedFile.Multi.Generic ) - warning
12:03:47.0408 2632 WUDFRd - detected UnsignedFile.Multi.Generic (1)
12:03:47.0423 2632 [ db5bf5aab72b1b99b5331231d09ebb26 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:03:47.0486 2632 wudfsvc ( UnsignedFile.Multi.Generic ) - warning
12:03:47.0486 2632 wudfsvc - detected UnsignedFile.Multi.Generic (1)
12:03:47.0501 2632 ================ Scan global ===============================
12:03:47.0610 2632 (8cd98a8ec9cadaf4e051cdcac15c96c4) C:\Windows\system32\basesrv.dll
12:03:47.0673 2632 (e3f137adc0a9d7f3a2e4f557272fe6b3) C:\Windows\system32\winsrv.dll
12:03:47.0704 2632 (e3f137adc0a9d7f3a2e4f557272fe6b3) C:\Windows\system32\winsrv.dll
12:03:47.0735 2632 (329cf3c97ce4c19375c8abcabae258b0) C:\Windows\system32\services.exe
12:03:47.0751 2632 [Global] - ok
12:03:47.0751 2632 ================ Scan MBR ==================================
12:03:47.0751 2632 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:03:49.0342 2632 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:03:49.0342 2632 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:03:49.0342 2632 ================ Scan VBR ==================================
12:03:49.0358 2632 Boot (0x1200) (61895e1f9cb58a85f636b7cc8ee50d8c) \Device\Harddisk0\DR0\Partition1
12:03:49.0389 2632 \Device\Harddisk0\DR0\Partition1 - ok
12:03:49.0389 2632 ================ Scan active images ========================
12:03:49.0389 2632 ============================================================
12:03:49.0389 2632 Scan finished
12:03:49.0389 2632 ============================================================
12:03:49.0420 2604 Detected object count: 377
12:03:49.0420 2604 Actual detected object count: 377
12:04:58.0388 2604 ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0388 2604 ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0388 2604 Ad-Aware Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0388 2604 Ad-Aware Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0403 2604 AdobeARMservice ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0403 2604 AdobeARMservice ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0403 2604 adp94xx ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0403 2604 adp94xx ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0403 2604 adpahci ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0403 2604 adpahci ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0403 2604 adpu160m ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0403 2604 adpu160m ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0403 2604 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0403 2604 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0419 2604 AeLookupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0419 2604 AeLookupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0419 2604 AFD ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0419 2604 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0419 2604 agp440 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0419 2604 agp440 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0419 2604 aic78xx ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0419 2604 aic78xx ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0419 2604 ALG ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0419 2604 ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0419 2604 aliide ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0419 2604 aliide ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0434 2604 amdagp ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0434 2604 amdagp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0434 2604 amdide ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0434 2604 amdide ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0434 2604 AmdK7 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0434 2604 AmdK7 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0434 2604 AmdK8 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0434 2604 AmdK8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0434 2604 Appinfo ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0434 2604 Appinfo ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0434 2604 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0434 2604 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0450 2604 arc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0450 2604 arc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0450 2604 arcsas ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0450 2604 arcsas ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0450 2604 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0450 2604 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0450 2604 AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0450 2604 AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0450 2604 atapi ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0450 2604 atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0450 2604 Ati External Event Utility ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0450 2604 Ati External Event Utility ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0466 2604 atikmdag ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0466 2604 atikmdag ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:04:58.0466 2604 AtiPcie ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0466 2604 AtiPcie ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0466 2604 AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0466 2604 AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0466 2604 Audiosrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0466 2604 Audiosrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0466 2604 BCMH43XX ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0466 2604 BCMH43XX ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0481 2604 Beep ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0481 2604 Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0481 2604 BFE ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0481 2604 BFE ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0481 2604 BITS ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0481 2604 BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0481 2604 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0481 2604 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0481 2604 bowser ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0481 2604 bowser ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0481 2604 BrFiltLo ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0481 2604 BrFiltLo ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0497 2604 BrFiltUp ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0497 2604 BrFiltUp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0497 2604 Browser ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0497 2604 Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0497 2604 Brserid ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0497 2604 Brserid ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0497 2604 BrSerWdm ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0497 2604 BrSerWdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0497 2604 BrUsbMdm ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0497 2604 BrUsbMdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0512 2604 BrUsbSer ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0512 2604 BrUsbSer ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0512 2604 BTHMODEM ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0512 2604 BTHMODEM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0512 2604 cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0512 2604 cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0512 2604 cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0512 2604 cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0512 2604 CertPropSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0512 2604 CertPropSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0512 2604 circlass ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0512 2604 circlass ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0512 2604 CLFS ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0512 2604 CLFS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0528 2604 clr_optimization_v2.0.50727_32 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0528 2604 clr_optimization_v2.0.50727_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0528 2604 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0528 2604 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0528 2604 CmBatt ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0528 2604 CmBatt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0528 2604 cmdide ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0528 2604 cmdide ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0528 2604 Compbatt ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0528 2604 Compbatt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0528 2604 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0528 2604 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0544 2604 crcdisk ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0544 2604 crcdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0544 2604 Crusoe ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0544 2604 Crusoe ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0544 2604 CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0544 2604 CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0544 2604 DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0544 2604 DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0544 2604 DfsC ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0544 2604 DfsC ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0559 2604 DFSR ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0559 2604 DFSR ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0559 2604 Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0559 2604 Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0559 2604 disk ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0559 2604 disk ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0559 2604 Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0559 2604 Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0559 2604 dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0559 2604 dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0559 2604 DPS ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0559 2604 DPS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0575 2604 drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0575 2604 drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0575 2604 dtsoftbus01 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0575 2604 dtsoftbus01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0575 2604 DXGKrnl ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0575 2604 DXGKrnl ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0575 2604 E1G60 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0575 2604 E1G60 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0575 2604 EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0575 2604 EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0590 2604 Ecache ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0590 2604 Ecache ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0590 2604 ehRecvr ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0590 2604 ehRecvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0590 2604 ehSched ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0590 2604 ehSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0590 2604 ehstart ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0590 2604 ehstart ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0590 2604 elxstor ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0590 2604 elxstor ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0590 2604 EMDMgmt ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0590 2604 EMDMgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0606 2604 EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0606 2604 EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0606 2604 fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0606 2604 fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0606 2604 fdc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0606 2604 fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0606 2604 fdPHost ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0606 2604 fdPHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0606 2604 FDResPub ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0606 2604 FDResPub ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0622 2604 FileInfo ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0622 2604 FileInfo ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0622 2604 Filetrace ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0622 2604 Filetrace ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0622 2604 flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0622 2604 flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0622 2604 FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0622 2604 FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0622 2604 FontCache3.0.0.0 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0622 2604 FontCache3.0.0.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0622 2604 Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0622 2604 Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0637 2604 FwLnk ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0637 2604 FwLnk ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0637 2604 gagp30kx ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0637 2604 gagp30kx ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0637 2604 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0637 2604 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0637 2604 gpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0637 2604 gpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0637 2604 HdAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0637 2604 HdAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0653 2604 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0653 2604 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0653 2604 HidBth ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0653 2604 HidBth ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0653 2604 HidIr ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0653 2604 HidIr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0653 2604 hidserv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0653 2604 hidserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0653 2604 HidUsb ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0653 2604 HidUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0653 2604 hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0653 2604 hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0653 2604 HpCISSs ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0653 2604 HpCISSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0668 2604 HSFHWAZL ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0668 2604 HSFHWAZL ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0668 2604 HSF_DPV ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0668 2604 HSF_DPV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0668 2604 HssDrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0668 2604 HssDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0668 2604 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0668 2604 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0668 2604 i2omp ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0668 2604 i2omp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0684 2604 i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0684 2604 i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0684 2604 iaStorV ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0684 2604 iaStorV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0684 2604 idsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0684 2604 idsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0684 2604 iirsp ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0684 2604 iirsp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0684 2604 IKEEXT ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0684 2604 IKEEXT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0684 2604 intelide ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0684 2604 intelide ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0700 2604 intelppm ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0700 2604 intelppm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0700 2604 IPBusEnum ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0700 2604 IPBusEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0700 2604 IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0700 2604 IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0700 2604 iphlpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0700 2604 iphlpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0700 2604 IPMIDRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0700 2604 IPMIDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0700 2604 IPNAT ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0700 2604 IPNAT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0700 2604 iPod Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0700 2604 iPod Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0715 2604 IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0715 2604 IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0715 2604 isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0715 2604 isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0715 2604 iScsiPrt ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0715 2604 iScsiPrt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0715 2604 iteatapi ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0715 2604 iteatapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0715 2604 iteraid ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0715 2604 iteraid ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0715 2604 kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0715 2604 kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0731 2604 kbdhid ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0731 2604 kbdhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0731 2604 KeyIso ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0731 2604 KeyIso ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0731 2604 KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0731 2604 KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0731 2604 KtmRm ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0731 2604 KtmRm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0731 2604 LanmanServer ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0731 2604 LanmanServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0746 2604 LanmanWorkstation ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0746 2604 LanmanWorkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0746 2604 lltdio ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0746 2604 lltdio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0746 2604 lltdsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0746 2604 lltdsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0746 2604 lmhosts ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0746 2604 lmhosts ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0746 2604 LSI_FC ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0746 2604 LSI_FC ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0746 2604 LSI_SAS ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0746 2604 LSI_SAS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0746 2604 LSI_SCSI ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0746 2604 LSI_SCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0762 2604 luafv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0762 2604 luafv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0762 2604 McComponentHostService ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0762 2604 McComponentHostService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0762 2604 Mcx2Svc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0762 2604 Mcx2Svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0762 2604 megasas ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0762 2604 megasas ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0762 2604 MMCSS ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0762 2604 MMCSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0778 2604 Modem ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0778 2604 Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0778 2604 monitor ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0778 2604 monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0778 2604 mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0778 2604 mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0778 2604 mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0778 2604 mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0778 2604 MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0778 2604 MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0778 2604 MozillaMaintenance ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0778 2604 MozillaMaintenance ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0778 2604 mpio ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0778 2604 mpio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0793 2604 mpsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0793 2604 mpsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0793 2604 MpsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0793 2604 MpsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0793 2604 Mraid35x ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0793 2604 Mraid35x ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0793 2604 MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0793 2604 MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0793 2604 mrxsmb ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0793 2604 mrxsmb ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0793 2604 mrxsmb10 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0793 2604 mrxsmb10 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0809 2604 mrxsmb20 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0809 2604 mrxsmb20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0809 2604 msahci ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0809 2604 msahci ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0809 2604 msdsm ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0809 2604 msdsm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0809 2604 MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0809 2604 MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0809 2604 Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0809 2604 Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0824 2604 msisadrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0824 2604 msisadrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0824 2604 MSiSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0824 2604 MSiSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0824 2604 MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0824 2604 MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0824 2604 MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0824 2604 MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0824 2604 MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0824 2604 MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0824 2604 MsRPC ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0824 2604 MsRPC ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0840 2604 mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0840 2604 mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0840 2604 MSTEE ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0840 2604 MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0840 2604 Mup ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0840 2604 Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0840 2604 napagent ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0840 2604 napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0840 2604 NativeWifiP ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0840 2604 NativeWifiP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0840 2604 NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0840 2604 NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0856 2604 NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0856 2604 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0856 2604 Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0856 2604 Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0856 2604 NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0856 2604 NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0856 2604 NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0856 2604 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0856 2604 NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0856 2604 NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0871 2604 netbt ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0871 2604 netbt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0871 2604 Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0871 2604 Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0871 2604 Netman ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0871 2604 Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0871 2604 NetMsmqActivator ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0871 2604 NetMsmqActivator ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0871 2604 NetPipeActivator ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0871 2604 NetPipeActivator ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0871 2604 netprofm ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0871 2604 netprofm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0887 2604 NetTcpActivator ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0887 2604 NetTcpActivator ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0887 2604 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0887 2604 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0887 2604 nfrd960 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0887 2604 nfrd960 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0887 2604 NlaSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0887 2604 NlaSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0887 2604 nmwcd ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0887 2604 nmwcd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0902 2604 nmwcdc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0902 2604 nmwcdc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0902 2604 Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0902 2604 Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0902 2604 nsi ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0902 2604 nsi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0902 2604 nsiproxy ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0902 2604 nsiproxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0902 2604 Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0902 2604 Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0902 2604 ntrigdigi ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0902 2604 ntrigdigi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0918 2604 Null ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0918 2604 Null ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0918 2604 nvraid ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0918 2604 nvraid ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0918 2604 nvstor ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0918 2604 nvstor ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0918 2604 nv_agp ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0918 2604 nv_agp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0918 2604 odserv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0918 2604 odserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0918 2604 ohci1394 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0918 2604 ohci1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0934 2604 ose ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0934 2604 ose ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0934 2604 p2pimsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0934 2604 p2pimsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0934 2604 p2psvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0934 2604 p2psvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0934 2604 Parport ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0934 2604 Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0934 2604 partmgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0934 2604 partmgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0934 2604 Parvdm ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0934 2604 Parvdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0949 2604 PcaSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0949 2604 PcaSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0949 2604 pccsmcfd ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0949 2604 pccsmcfd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0949 2604 pci ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0949 2604 pci ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0949 2604 pciide ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0949 2604 pciide ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0949 2604 pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0949 2604 pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0965 2604 PEAUTH ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0965 2604 PEAUTH ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0965 2604 pla ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0965 2604 pla ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0965 2604 PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0965 2604 PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0965 2604 PNRPAutoReg ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0965 2604 PNRPAutoReg ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0965 2604 PNRPsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0965 2604 PNRPsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0965 2604 PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0965 2604 PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0980 2604 PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0980 2604 PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0980 2604 Processor ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0980 2604 Processor ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0980 2604 ProfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0980 2604 ProfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0980 2604 ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0980 2604 ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0980 2604 PSched ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0980 2604 PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0996 2604 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0996 2604 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0996 2604 ql2300 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0996 2604 ql2300 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0996 2604 ql40xx ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0996 2604 ql40xx ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0996 2604 QWAVE ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0996 2604 QWAVE ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0996 2604 QWAVEdrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0996 2604 QWAVEdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:58.0996 2604 RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:58.0996 2604 RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0012 2604 RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0012 2604 RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0012 2604 Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0012 2604 Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0012 2604 RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0012 2604 RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0012 2604 RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0012 2604 RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0012 2604 rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0012 2604 rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0027 2604 RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0027 2604 RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0027 2604 rdpdr ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0027 2604 rdpdr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0027 2604 RDPENCDD ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0027 2604 RDPENCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0027 2604 RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0027 2604 RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0027 2604 RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0027 2604 RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0027 2604 RemoteRegistry ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0027 2604 RemoteRegistry ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0043 2604 RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0043 2604 RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0043 2604 RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0043 2604 RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0043 2604 RSPCIESTOR ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0043 2604 RSPCIESTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0043 2604 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0043 2604 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0043 2604 RTL8169 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0043 2604 RTL8169 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0043 2604 SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0043 2604 SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0058 2604 SBAMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0058 2604 SBAMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0058 2604 sbapifs ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0058 2604 sbapifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0058 2604 SbFw ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0058 2604 SbFw ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0058 2604 SBFWIMCL ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0058 2604 SBFWIMCL ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0058 2604 SBFWIMCLMP ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0058 2604 SBFWIMCLMP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0074 2604 sbhips ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0074 2604 sbhips ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0074 2604 sbp2port ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0074 2604 sbp2port ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0074 2604 SBRE ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0074 2604 SBRE ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0074 2604 SbTis ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0074 2604 SbTis ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0074 2604 SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0074 2604 SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0090 2604 Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0090 2604 Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0090 2604 SCMNdisP ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0090 2604 SCMNdisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0090 2604 SCPolicySvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0090 2604 SCPolicySvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0090 2604 SDRSVC ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0090 2604 SDRSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0090 2604 secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0090 2604 secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0090 2604 seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0090 2604 seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0105 2604 SENS ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0105 2604 SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0105 2604 Serenum ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0105 2604 Serenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0105 2604 Serial ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0105 2604 Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0105 2604 sermouse ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0105 2604 sermouse ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0105 2604 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0105 2604 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0121 2604 SessionEnv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0121 2604 SessionEnv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0121 2604 sffdisk ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0121 2604 sffdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0121 2604 sffp_mmc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0121 2604 sffp_mmc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0121 2604 sffp_sd ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0121 2604 sffp_sd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0121 2604 sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0121 2604 sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0121 2604 SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0121 2604 SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0136 2604 ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0136 2604 ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0136 2604 sisagp ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0136 2604 sisagp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0136 2604 SiSRaid2 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0136 2604 SiSRaid2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0136 2604 SiSRaid4 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0136 2604 SiSRaid4 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0136 2604 slsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0136 2604 slsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0136 2604 SLUINotify ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0136 2604 SLUINotify ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0152 2604 Smb ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0152 2604 Smb ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0152 2604 SNMPTRAP ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0152 2604 SNMPTRAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0152 2604 spldr ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0152 2604 spldr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0152 2604 Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0152 2604 Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0152 2604 srv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0152 2604 srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0168 2604 srv2 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0168 2604 srv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0168 2604 srvnet ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0168 2604 srvnet ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0168 2604 SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0168 2604 SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0168 2604 stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0168 2604 stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0168 2604 swenum ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0168 2604 swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0168 2604 swprv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0168 2604 swprv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0183 2604 Symc8xx ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0183 2604 Symc8xx ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0183 2604 Sym_hi ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0183 2604 Sym_hi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0183 2604 Sym_u3 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0183 2604 Sym_u3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0183 2604 SysMain ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0183 2604 SysMain ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0183 2604 TabletInputService ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0183 2604 TabletInputService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0183 2604 taphss ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0183 2604 taphss ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0199 2604 TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0199 2604 TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0199 2604 TBS ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0199 2604 TBS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0199 2604 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0199 2604 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0199 2604 Tcpip6 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0199 2604 Tcpip6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0199 2604 tcpipreg ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0199 2604 tcpipreg ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0199 2604 TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0199 2604 TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0214 2604 TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0214 2604 TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0214 2604 tdx ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0214 2604 tdx ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0214 2604 TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0214 2604 TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0214 2604 TermService ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0214 2604 TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0214 2604 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0214 2604 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0230 2604 THREADORDER ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0230 2604 THREADORDER ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0230 2604 TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0230 2604 TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0230 2604 TrustedInstaller ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0230 2604 TrustedInstaller ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0230 2604 tssecsrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0230 2604 tssecsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0230 2604 tunmp ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0230 2604 tunmp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0230 2604 tunnel ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0230 2604 tunnel ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0246 2604 uagp35 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0246 2604 uagp35 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0246 2604 udfs ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0246 2604 udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0246 2604 UI0Detect ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0246 2604 UI0Detect ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0246 2604 uliagpkx ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0246 2604 uliagpkx ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0246 2604 uliahci ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0246 2604 uliahci ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0246 2604 UlSata ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0246 2604 UlSata ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0261 2604 ulsata2 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0261 2604 ulsata2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0261 2604 umbus ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0261 2604 umbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0261 2604 upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0261 2604 upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0261 2604 upperdev ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0261 2604 upperdev ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0261 2604 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0261 2604 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0277 2604 usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0277 2604 usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0277 2604 usbcir ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0277 2604 usbcir ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0277 2604 usbehci ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0277 2604 usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0277 2604 usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0277 2604 usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0277 2604 usbohci ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0277 2604 usbohci ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0277 2604 usbprint ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0277 2604 usbprint ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0292 2604 usbser ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0292 2604 usbser ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0292 2604 UsbserFilt ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0292 2604 UsbserFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0292 2604 USBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0292 2604 USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0292 2604 usbuhci ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0292 2604 usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0292 2604 usbvideo ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0292 2604 usbvideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0308 2604 UxSms ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0308 2604 UxSms ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0308 2604 vds ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0308 2604 vds ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0308 2604 vga ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0308 2604 vga ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0308 2604 VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0308 2604 VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0308 2604 viaagp ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0308 2604 viaagp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0308 2604 ViaC7 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0308 2604 ViaC7 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0324 2604 viaide ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0324 2604 viaide ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0324 2604 volmgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0324 2604 volmgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0324 2604 volmgrx ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0324 2604 volmgrx ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0324 2604 volsnap ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0324 2604 volsnap ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0324 2604 vsmraid ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0324 2604 vsmraid ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0339 2604 VSS ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0339 2604 VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0339 2604 W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0339 2604 W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0339 2604 WacomPen ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0339 2604 WacomPen ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0339 2604 Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0339 2604 Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0339 2604 Wanarpv6 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0339 2604 Wanarpv6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0339 2604 wcncsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0339 2604 wcncsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0355 2604 WcsPlugInService ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0355 2604 WcsPlugInService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0355 2604 Wd ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0355 2604 Wd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0355 2604 Wdf01000 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0355 2604 Wdf01000 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0355 2604 WdiServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0355 2604 WdiServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0355 2604 WdiSystemHost ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0355 2604 WdiSystemHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0355 2604 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0355 2604 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0370 2604 WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0370 2604 WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0370 2604 Wecsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0370 2604 Wecsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0370 2604 wercplsupport ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0370 2604 wercplsupport ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0370 2604 WerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0370 2604 WerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0370 2604 winachsf ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0370 2604 winachsf ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0386 2604 WinDefend ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0386 2604 WinDefend ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0386 2604 Winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0386 2604 Winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0386 2604 WinRM ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0386 2604 WinRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0386 2604 Wlansvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0386 2604 Wlansvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0386 2604 WmiAcpi ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0386 2604 WmiAcpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0386 2604 wmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0386 2604 wmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0402 2604 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0402 2604 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0402 2604 WPCSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0402 2604 WPCSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0402 2604 WPDBusEnum ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0402 2604 WPDBusEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0402 2604 WPFFontCache_v0400 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0402 2604 WPFFontCache_v0400 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0402 2604 ws2ifsl ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0402 2604 ws2ifsl ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0417 2604 wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0417 2604 wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0417 2604 WSWNA3100 ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0417 2604 WSWNA3100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0417 2604 wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0417 2604 wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0417 2604 WUDFRd ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0417 2604 WUDFRd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0417 2604 wudfsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:04:59.0417 2604 wudfsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:04:59.0480 2604 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
12:04:59.0480 2604 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
12:04:59.0526 2604 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
12:04:59.0542 2604 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:04:59.0573 2604 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:04:59.0589 2604 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:04:59.0589 2604 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:04:59.0604 2604 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:04:59.0620 2604 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:04:59.0620 2604 \Device\Harddisk0\DR0\TDLFS - deleted
12:04:59.0620 2604 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
12:05:06.0500 2812 Deinitialize success

Edited by stubaines, 21 August 2012 - 07:24 AM.


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 21 August 2012 - 04:24 PM

Hello,


Is it redirecting in all your browsers or just one of them? Firefox? Internet Explorer? Chrome?


Please post a new OTL log.

  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized



2.
Download the yorkyt.exe disinfection tool (1,31 MB).

Save the file to your hard disk; to the Windows Desktop, for example.
Double click the yorkyt.exe file.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
In order to ensure a full cleanup, run a scan of your PC with the antivirus installed.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 stubaines

stubaines
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 22 August 2012 - 06:26 PM

Followed all the steps, here's the logs. IE doesn't have the Babylon problem and I don't currently have Chrome installed. Firefox still seems to be infected though.

OTL logfile created on: 22/08/2012 12:41:13 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = c:\Users\Pickles\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 52.58% Memory free
3.96 Gb Paging File | 2.78 Gb Available in Paging File | 70.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 67.82 Gb Free Space | 45.95% Space Free | Partition Type: NTFS

Computer Name: PICKLES-PC | User Name: Pickles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 23:54:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- c:\Users\Pickles\Downloads\OTL.exe
PRC - [2012/07/30 08:26:04 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/09 17:53:46 | 000,201,112 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/03/29 12:43:58 | 020,670,304 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/02/20 05:09:40 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
PRC - [2010/01/20 18:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/04/16 13:53:46 | 001,079,808 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
PRC - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/03/26 19:41:50 | 001,232,896 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2008/03/19 16:24:20 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2008/03/10 10:58:18 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/02/22 10:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/01/29 17:00:40 | 000,430,080 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/01/09 15:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 14:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007/04/17 20:45:54 | 000,368,640 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/30 08:26:03 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/29 12:44:18 | 002,180,968 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\ThreatWork.dll
MOD - [2012/02/24 18:16:28 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2783.40072__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012/02/24 18:16:28 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2783.40327__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012/02/24 18:16:28 | 000,237,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2783.40029__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012/02/24 18:16:28 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2783.40085__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012/02/24 18:16:28 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2783.40293__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012/02/24 18:16:28 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2783.40043__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012/02/24 18:16:28 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2783.40250__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012/02/24 18:16:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2783.40064__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012/02/24 18:16:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2783.40085__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2012/02/24 18:16:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2783.40186__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012/02/24 18:16:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2783.40049__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012/02/24 18:16:27 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2783.40334__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012/02/24 18:16:26 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2783.40258__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2012/02/24 18:16:26 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2783.40265__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012/02/24 18:16:26 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2783.40257__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012/02/24 18:16:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2783.40320__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2012/02/24 18:16:25 | 000,790,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2783.40195__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012/02/24 18:16:25 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2783.40098__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012/02/24 18:16:25 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2783.40050__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012/02/24 18:16:25 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2783.40278__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012/02/24 18:16:25 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2783.40237__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2012/02/24 18:16:25 | 000,327,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2783.40180__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012/02/24 18:16:25 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2783.40105__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2012/02/24 18:16:25 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2783.40092__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012/02/24 18:16:25 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2783.40217__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012/02/24 18:16:25 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2783.40194__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012/02/24 18:16:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2783.40104__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012/02/24 18:16:25 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2783.40216__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012/02/24 18:16:25 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2783.40237__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012/02/24 18:16:24 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2783.40187__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012/02/24 18:16:24 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2783.40186__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012/02/24 18:16:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2783.40194__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012/02/24 18:16:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2729.30202__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012/02/24 18:16:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2729.30197__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012/02/24 18:16:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2729.30224__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012/02/24 18:16:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2729.30212__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012/02/24 18:16:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2729.30222__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012/02/24 18:16:24 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012/02/24 18:16:23 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2729.30178__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012/02/24 18:16:23 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012/02/24 18:16:23 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012/02/24 18:16:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012/02/24 18:16:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2729.30264__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012/02/24 18:16:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2729.30174__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012/02/24 18:16:23 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2729.30313__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012/02/24 18:16:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2729.30184__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012/02/24 18:16:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2729.30262__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2012/02/24 18:16:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2729.30259__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2012/02/24 18:16:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2729.30211__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012/02/24 18:16:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012/02/24 18:16:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2729.30185__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012/02/24 18:16:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2729.30207__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012/02/24 18:16:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2729.30242__90ba9c70f846762e\DEM.OS.dll
MOD - [2012/02/24 18:16:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2729.30256__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012/02/24 18:16:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012/02/24 18:16:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2729.30203__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012/02/24 18:16:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012/02/24 18:16:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2729.30241__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012/02/24 18:16:22 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012/02/24 18:16:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2012/02/24 18:16:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2729.30226__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012/02/24 18:16:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2729.30227__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012/02/24 18:16:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2729.30225__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012/02/24 18:16:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2729.30230__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012/02/24 18:16:22 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2783.40357__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012/02/24 18:16:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2729.30213__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012/02/24 18:16:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012/02/24 18:16:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2729.30259__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012/02/24 18:16:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2729.30228__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012/02/24 18:16:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2729.30212__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012/02/24 18:16:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2729.30176__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2012/02/24 18:16:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2012/02/24 18:16:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012/02/24 18:16:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2729.30208__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012/02/24 18:16:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2729.30201__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012/02/24 18:16:22 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2783.40019__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012/02/24 18:16:21 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2783.40314__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012/02/24 18:16:21 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2783.40312__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012/02/24 18:16:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012/02/24 18:16:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012/02/24 18:16:20 | 000,471,040 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2783.40058__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012/02/24 18:16:20 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2783.40305__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012/02/24 18:16:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2729.30193__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012/02/24 18:16:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2729.30209__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012/02/24 18:16:20 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2729.30258__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012/02/24 18:16:19 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2783.40021__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012/02/24 18:16:18 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2783.40037__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012/02/24 18:16:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2729.30214__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012/02/24 18:16:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2729.30205__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012/02/24 18:16:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2783.40313__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012/02/24 18:16:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2729.30243__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012/02/24 18:16:16 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2783.40022__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2012/02/24 18:16:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012/02/24 18:16:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2783.40021__90ba9c70f846762e\APM.Server.dll
MOD - [2012/02/24 18:16:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2783.40020__90ba9c70f846762e\AEM.Server.dll
MOD - [2012/02/21 04:57:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll
MOD - [2012/02/21 04:57:14 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll
MOD - [2012/02/21 04:56:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll
MOD - [2012/02/21 04:54:08 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
MOD - [2012/02/21 04:53:49 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll
MOD - [2012/02/21 04:53:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll
MOD - [2012/02/21 04:52:18 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
MOD - [2012/02/21 04:52:07 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/20 04:25:16 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/01/20 18:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
MOD - [2009/08/28 17:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2008/04/01 05:37:47 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/01/29 17:00:40 | 000,430,080 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
MOD - [2008/01/08 11:39:24 | 001,581,056 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 6\QtCore4.dll
MOD - [2007/12/12 13:46:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2007/12/04 22:47:40 | 000,131,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 6\Imageformats\qjpeg4.dll
MOD - [2007/12/04 22:36:04 | 006,434,816 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 6\QtGui4.dll
MOD - [2007/12/04 22:18:36 | 000,356,352 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 6\QtXml4.dll
MOD - [2006/10/27 16:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2006/10/26 22:30:42 | 000,065,312 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2006/10/26 14:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012/07/30 08:26:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/02/21 04:34:03 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/12 12:11:24 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2006/11/02 13:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/03/10 17:37:48 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/01/05 00:01:58 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2012/01/05 00:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/11/01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/11 16:26:04 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/02/15 12:37:10 | 000,251,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/11/06 09:37:20 | 000,699,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
DRV - [2008/04/01 05:37:47 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/01 05:37:47 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/01/19 19:20:54 | 000,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2006/11/20 15:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2765711

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/21 21:29:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/30 08:26:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/21 21:29:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/30 08:26:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/21 21:29:04 | 000,000,000 | ---D | M]

[2012/06/13 09:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pickles\AppData\Roaming\Mozilla\Extensions
[2012/06/13 09:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pickles\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2012/08/21 12:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions
[2012/07/18 00:59:28 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/07/24 06:01:23 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\firefox@ghostery.com
[2012/07/18 00:59:46 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/07/18 00:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/17 23:57:32 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012/06/11 14:52:10 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2012/06/11 14:52:09 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2012/06/11 14:52:09 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2012/06/11 14:52:09 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2012/06/11 14:52:09 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2012/06/11 14:52:09 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2012/06/11 14:52:08 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2012/07/30 08:26:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/14 23:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/05 00:02:04 | 000,001,847 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\privatesearch.xml
[2012/06/14 23:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2012/08/21 12:57:17 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files\Ad-Aware Antivirus\Engine\SBRC.exe (Sunbelt Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Pickles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E39DD75B-670B-44FF-A89B-5F4D1DF3CC79}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/21 12:57:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/20 12:40:50 | 000,000,000 | ---D | C] -- C:\Users\Pickles\Documents\16th Aug
[2012/08/16 12:22:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/16 12:11:46 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/08/16 11:46:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/15 22:33:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/15 22:11:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/15 22:11:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/15 22:11:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2012/08/15 22:11:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/15 22:11:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/15 22:10:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/13 11:54:02 | 000,000,000 | ---D | C] -- C:\Users\Pickles\Documents\13th Aug
[2012/08/04 12:39:37 | 000,000,000 | ---D | C] -- C:\Users\Pickles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
[2012/08/04 12:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\FLVPlayer
[2012/08/03 14:27:17 | 000,000,000 | ---D | C] -- C:\Users\Pickles\AppData\Roaming\PC Cleaners
[2012/08/03 14:27:06 | 000,000,000 | ---D | C] -- C:\Users\Pickles\AppData\Roaming\PCPro
[2012/08/03 14:27:05 | 004,269,368 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/08/03 14:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/08/02 12:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/01 16:47:26 | 000,000,000 | ---D | C] -- C:\Users\Pickles\Documents\1st Aug
[2012/07/25 11:43:17 | 000,000,000 | ---D | C] -- C:\Users\Pickles\Documents\25th July

========== Files - Modified Within 30 Days ==========

[2012/08/22 12:01:10 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/22 12:01:10 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/22 12:01:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/22 12:01:00 | 2010,779,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/21 13:50:23 | 000,667,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/21 13:50:23 | 000,125,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/21 12:57:17 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/08/15 18:29:12 | 248,274,086 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/15 12:15:57 | 000,000,156 | ---- | M] () -- C:\Users\Pickles\defogger_reenable
[2012/08/09 15:04:17 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/07 10:40:48 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/08/04 12:39:53 | 000,000,820 | ---- | M] () -- C:\user.js
[2012/08/04 12:39:37 | 000,000,842 | ---- | M] () -- C:\Users\Pickles\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
[2012/08/04 12:30:45 | 000,024,064 | ---- | M] () -- C:\Users\Pickles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/03 14:26:46 | 004,269,368 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/07/24 12:35:57 | 000,006,569 | ---- | M] () -- C:\Users\Pickles\AppData\Local\recently-used.xbel

========== Files Created - No Company Name ==========

[2012/08/15 22:11:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/15 22:11:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/15 22:11:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/15 22:11:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/15 22:11:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/15 12:15:55 | 000,000,156 | ---- | C] () -- C:\Users\Pickles\defogger_reenable
[2012/08/09 15:04:17 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 12:39:37 | 000,000,842 | ---- | C] () -- C:\Users\Pickles\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
[2012/07/24 12:35:57 | 000,006,569 | ---- | C] () -- C:\Users\Pickles\AppData\Local\recently-used.xbel
[2012/04/15 15:32:55 | 000,000,104 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2012/03/13 10:16:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012/02/21 21:19:19 | 000,000,552 | ---- | C] () -- C:\Users\Pickles\AppData\Local\d3d8caps.dat
[2012/02/20 02:37:43 | 000,024,064 | ---- | C] () -- C:\Users\Pickles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/18 12:16:43 | 000,000,680 | ---- | C] () -- C:\Users\Pickles\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/07/18 10:16:29 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Ad-Aware Antivirus
[2012/03/10 17:43:04 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\DAEMON Tools Lite
[2012/06/28 15:42:53 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\EVEMon
[2012/04/02 15:49:46 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Firestorm
[2012/06/13 09:49:57 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Greyfirst
[2012/02/27 00:49:31 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Nokia
[2012/03/04 16:24:44 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Nokia Multimedia Player
[2012/05/26 10:06:00 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\PacificPoker
[2012/08/03 14:27:17 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\PC Cleaners
[2012/02/27 00:49:47 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\PC Suite
[2012/08/03 14:27:18 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\PCPro
[2012/05/28 13:49:39 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\SecondLife
[2012/02/18 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\WinBatch
[2012/08/07 10:40:48 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/08/22 01:49:52 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< c:\windows\*. /SL >

< c:\windows\*. /RP >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012/07/18 10:16:29 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Ad-Aware Antivirus
[2012/02/20 12:00:48 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Adobe
[2012/03/23 14:47:42 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Apple Computer
[2012/02/24 18:23:17 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\ATI
[2012/03/10 17:43:04 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\DAEMON Tools Lite
[2012/02/27 03:22:00 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\DivX
[2012/06/28 15:42:53 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\EVEMon
[2012/04/02 15:49:46 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Firestorm
[2012/06/13 09:49:57 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Greyfirst
[2012/02/18 12:16:48 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Identities
[2012/02/18 12:19:38 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\InstallShield
[2012/02/18 15:10:27 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Macromedia
[2012/03/16 13:11:08 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Malwarebytes
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Media Center Programs
[2012/06/01 20:28:09 | 000,000,000 | --SD | M] -- C:\Users\Pickles\AppData\Roaming\Microsoft
[2012/02/18 14:01:03 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Mozilla
[2012/02/27 00:49:31 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Nokia
[2012/03/04 16:24:44 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Nokia Multimedia Player
[2012/05/26 10:06:00 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\PacificPoker
[2012/08/03 14:27:17 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\PC Cleaners
[2012/02/27 00:49:47 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\PC Suite
[2012/08/03 14:27:18 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\PCPro
[2012/05/28 13:49:39 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\SecondLife
[2012/05/27 16:59:24 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\Sony Corporation
[2012/07/03 21:29:09 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\vlc
[2012/02/18 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\WinBatch
[2012/07/03 21:50:49 | 000,000,000 | ---D | M] -- C:\Users\Pickles\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2012/04/11 21:08:20 | 000,255,376 | ---- | M] (Visicom Media Inc.) -- C:\Users\Pickles\AppData\Roaming\Mozilla\Firefox\Profiles\j2vqul8r.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< End of report >









OTL Extras logfile created on: 22/08/2012 12:41:13 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = c:\Users\Pickles\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 52.58% Memory free
3.96 Gb Paging File | 2.78 Gb Available in Paging File | 70.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 67.82 Gb Free Space | 45.95% Space Free | Partition Type: NTFS

Computer Name: PICKLES-PC | User Name: Pickles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AAE5A3C-FF8F-4596-B5D4-98DB2C36A82F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1121854B-1821-46FE-BDC8-27B8241D033B}" = lport=445 | protocol=6 | dir=in | app=system |
"{13616FD8-8B63-4B0D-99B4-CCEF20C4982E}" = rport=137 | protocol=17 | dir=out | app=system |
"{1FDADE90-FB0D-4B31-A2CC-AE7527F5FD90}" = rport=445 | protocol=6 | dir=out | app=system |
"{3332F55E-6FF1-4571-B7A4-6010C33E550F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{80CBB581-D22A-4031-9448-8DA8A2FEAEE4}" = rport=138 | protocol=17 | dir=out | app=system |
"{83AF9C38-1512-4652-B743-EB404FCCA243}" = lport=139 | protocol=6 | dir=in | app=system |
"{D2102596-141E-4368-99D5-BC4F49A6CABA}" = lport=138 | protocol=17 | dir=in | app=system |
"{D5FE45CB-3165-4AEE-AC5C-A9530E2788E8}" = rport=139 | protocol=6 | dir=out | app=system |
"{E603F579-3B48-405D-9662-21E49BA2918D}" = lport=137 | protocol=17 | dir=in | app=system |
"{E77CFE6E-4031-4AF4-A0AD-80D6C67B116A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BD39878-731C-4A25-B86B-8AA4ECD3FFCB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1323CF00-78CB-4430-8258-54EBB47B37C2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{1BB5EADC-0885-42B7-8D42-7FA86839D190}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{2AFE0978-F730-4B27-A661-8EA83FA0398B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{50EF9DE9-22A0-4CB9-8D11-958C9A3DA2B4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5A6094E8-9D5B-4CC0-80FA-29D26A352FAF}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{5CAB8D9F-B1AB-4CF2-A0CA-81D88B369CDE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{6401C6BC-3A68-446E-B29F-5F83858DEEB7}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{6E822650-C629-4125-835F-5C74A874CF90}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7766DBFE-014F-42BD-ADF8-CB439F40BB98}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{95A68DEA-0DF4-4149-A5CC-350298EDF0B0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BFE73983-CB1C-4DF2-A25C-A1ADFD4C22F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C63E28C3-DB0A-488B-AE1B-B515EC173EFC}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{D87F35AA-51D9-4B7C-8622-21E070DB0C5F}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{D9AC88FC-1B52-4BFB-A119-0987FDC29D91}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E41A52B7-173C-4563-AE06-CC3C9DC78436}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{2D289BE7-B054-405D-9401-531DB294CD86}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{4A7F879D-C533-430E-A440-AF7FF3CD8239}C:\program files\taldren\starfleet command ii\starfleet2.exe" = protocol=6 | dir=in | app=c:\program files\taldren\starfleet command ii\starfleet2.exe |
"TCP Query User{60F433F7-36FE-4E0A-A891-BD6805FEA43B}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{A5292A00-905A-4A43-9E10-ED2182DF82BD}C:\program files\phoenix viewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\phoenix viewer\slvoice.exe |
"TCP Query User{AE28510E-4F07-4C6A-9F3B-D4C1D97B3C7E}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{BB91F662-1D90-493D-BEA8-1122C7B74198}C:\users\pickles\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\pickles\downloads\utorrent.exe |
"TCP Query User{CD692034-3D30-4A50-923E-CA236C2561F8}C:\ccproxy\ccproxy.exe" = protocol=6 | dir=in | app=c:\ccproxy\ccproxy.exe |
"TCP Query User{D87C126F-1CCA-459E-A702-A6996D46E2FA}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{391F2374-D581-4639-B076-918C1A58D2B1}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{4CE897E4-F1EA-4038-BBF2-82D4F48FAA30}C:\program files\phoenix viewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\phoenix viewer\slvoice.exe |
"UDP Query User{65DBF1AB-27FE-4500-9E10-59A451E8907D}C:\ccproxy\ccproxy.exe" = protocol=17 | dir=in | app=c:\ccproxy\ccproxy.exe |
"UDP Query User{7FB3FFAE-5D85-42C3-8AF1-C2DC6BE9310D}C:\users\pickles\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\pickles\downloads\utorrent.exe |
"UDP Query User{8D10B666-55CB-4DE2-802E-16D1CA261DA0}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{93FA507E-A180-4D0A-B0C6-B3020D3CD0BC}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{C530BF7F-D383-4C5F-B348-1DB16A38C1E8}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{F919F457-FECB-447E-B362-F1A95BD6B641}C:\program files\taldren\starfleet command ii\starfleet2.exe" = protocol=17 | dir=in | app=c:\program files\taldren\starfleet command ii\starfleet2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F2B3DC-74F4-300D-D41A-B21B46101CA2}" = Skins
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.6.0.1600
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.439
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45ECDC05-71AC-6372-2A17-4139B6296F4F}" = ccc-core-static
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{526B6DD3-0C43-2C13-7DF8-44D20D4E9853}" = CCC Help English
"{63427619-C918-6F3C-7318-11DDA4975241}" = ATI Catalyst Install Manager
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DBBEC03-716B-7954-873A-B782100831C5}" = Catalyst Control Center Graphics Full New
"{70BCBA77-83D9-2075-1F99-69D65C44B422}" = Catalyst Control Center Graphics Full Existing
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ECE1045-66CB-2A70-7EAE-BE508AF95CF2}" = Catalyst Control Center Graphics Previews Vista
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9C05FA75-0337-4523-AA57-9D3511018887}" = Nokia PC Suite
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1819DF7-D6B1-27AA-3A3B-6560C348C386}" = Catalyst Control Center Core Implementation
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{cc937cbc-4be2-4227-9660-ff2f2a1d9467}" = Ad-Aware Antivirus
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C6}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{DDA258BA-57D9-A76C-84CB-F19571A45FC8}" = ccc-utility
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E70A3EE1-067D-8C6C-1C89-9F3A1BA4CF2C}" = Catalyst Control Center Graphics Light
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"888poker" = 888poker
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BASICR" = Microsoft Office Basic 2007
"Birth of the Federation" = Birth of the Federation
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CCProxy_is1" = CCProxy 7.2
"Celtx (2.9.1)" = Celtx (2.9.1)
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"EVEMon" = EVEMon
"Firestorm-Release" = Firestorm-Release (remove only)
"GIMP-2_is1" = GIMP 2.8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia PC Suite" = Nokia PC Suite
"Starfleet Command II" = Starfleet Command II
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VLC media player" = VLC media player 1.0.1
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FLV Player" = FLV Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16/08/2012 13:06:42 | Computer Name = Pickles-PC | Source = EventSystem | ID = 4621
Description =

Error - 17/08/2012 00:48:43 | Computer Name = Pickles-PC | Source = EventSystem | ID = 4621
Description =

Error - 19/08/2012 07:08:01 | Computer Name = Pickles-PC | Source = EventSystem | ID = 4621
Description =

Error - 19/08/2012 23:12:17 | Computer Name = Pickles-PC | Source = EventSystem | ID = 4621
Description =

Error - 20/08/2012 09:50:53 | Computer Name = Pickles-PC | Source = EventSystem | ID = 4621
Description =

Error - 21/08/2012 11:26:28 | Computer Name = Pickles-PC | Source = Application Error | ID = 1000
Description = Faulting application NDSTray.exe, version 7.0.1.11, time stamp 0x4784554e,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x7068186a, process id 0x5d8, application start time 0x01cd7fb14199a469.

Error - 21/08/2012 12:54:55 | Computer Name = Pickles-PC | Source = Application Error | ID = 1000
Description = Faulting application NDSTray.exe, version 7.0.1.11, time stamp 0x4784554e,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x7068186a, process id 0x6ac, application start time 0x01cd7fbd9a4041da.

Error - 21/08/2012 14:02:04 | Computer Name = Pickles-PC | Source = EventSystem | ID = 4621
Description =

Error - 21/08/2012 17:28:33 | Computer Name = Pickles-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16982, time stamp
0x4b2b56f5, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x00042e7b, process id 0x7d8, application
start time 0x01cd7fe3d4cc9453.

Error - 21/08/2012 20:49:46 | Computer Name = Pickles-PC | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 30/04/2012 17:58:55 | Computer Name = Pickles-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.

Error - 30/04/2012 17:58:55 | Computer Name = Pickles-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
5, function 0. Please contact your system vendor for technical assistance.

Error - 30/04/2012 17:58:55 | Computer Name = Pickles-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
6, function 0. Please contact your system vendor for technical assistance.

Error - 30/04/2012 18:00:27 | Computer Name = Pickles-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 30/04/2012 18:00:27 | Computer Name = Pickles-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 30/04/2012 18:00:27 | Computer Name = Pickles-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01/05/2012 03:00:20 | Computer Name = Pickles-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 01/05/2012 03:05:14 | Computer Name = Pickles-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 01/05/2012 05:05:14 | Computer Name = Pickles-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 01/05/2012 05:13:58 | Computer Name = Pickles-PC | Source = DCOM | ID = 10010
Description =


< End of report >

Edited by stubaines, 22 August 2012 - 06:27 PM.


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 22 August 2012 - 07:11 PM

1.
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2765711
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
    [2012/08/03 14:27:17 | 000,000,000 | ---D | C] -- C:\Users\Pickles\AppData\Roaming\PC Cleaners
    [2012/08/03 14:27:06 | 000,000,000 | ---D | C] -- C:\Users\Pickles\AppData\Roaming\PCPro
    [2012/08/03 14:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.



2.
Please uninstall and reinstall Firefox. Make sure to let it delete all files associated and settings.



Things to include in your next reply::
OTl fix log
Is Firefox still redirecting?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 stubaines

stubaines
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 23 August 2012 - 05:45 AM

OTL simply says...

Error: Unable to interpret <SRV - File not found [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2765711> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox> in the current context!
Error: Unable to interpret <[2012/08/03 14:27:17 | 000,000,000 | ---D | C] -- C:\Users\Pickles\AppData\Roaming\PC Cleaners> in the current context!
Error: Unable to interpret <[2012/08/03 14:27:06 | 000,000,000 | ---D | C] -- C:\Users\Pickles\AppData\Roaming\PCPro> in the current context!
Error: Unable to interpret <[2012/08/03 14:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data> in the current context!

OTL by OldTimer - Version 3.2.57.0 log created on 08232012_114414


Am I doing something wrong here?

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 23 August 2012 - 06:31 PM

Hello,


Please try this script instead.


:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2765711
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
[2012/08/03 14:27:17 | 000,000,000 | ---D | C] -- C:\Users\Pickles\AppData\Roaming\PC Cleaners
[2012/08/03 14:27:06 | 000,000,000 | ---D | C] -- C:\Users\Pickles\AppData\Roaming\PCPro
[2012/08/03 14:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 stubaines

stubaines
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 25 August 2012 - 05:39 AM

Here's the log, still got Babylon on FF

========== OTL ==========
Service Web Assistant Updater stopped successfully!
Service Web Assistant Updater deleted successfully!
File C:\Program Files\Web Assistant\ExtensionUpdaterService.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox not found.
C:\Users\Pickles\AppData\Roaming\PC Cleaners folder moved successfully.
C:\Users\Pickles\AppData\Roaming\PCPro\phone folder moved successfully.
C:\Users\Pickles\AppData\Roaming\PCPro folder moved successfully.
C:\ProgramData\PC1Data folder moved successfully.

OTL by OldTimer - Version 3.2.57.0 log created on 08252012_113115




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users