Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirected to click.livesearchnow.com


  • This topic is locked This topic is locked
54 replies to this topic

#1 napthali

napthali

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 28 November 2012 - 01:03 AM

Hello. When I try to follow a search link in Firefox I get redirected to http://click.livesearchnow.com instead. Can someone please help me out with this issue?

BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:05 PM

Posted 28 November 2012 - 10:40 PM

Hello napthali and welcome to Bleeping Computer! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.

==========

Step :step1:

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

==========

Step :step2:

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


==========

What I would like to see in your next reply!

  • The DDS log
  • The minimized attach.txt from the DDS scan
  • The aswMBR log (32-bit machines only)
bloopie

#3 napthali

napthali
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 28 November 2012 - 11:28 PM

Hi Bloopie,

Thanks for your help. I have not resolved the issue. I'm pretty sure I still have my original Windows CD. I didn't tell you this in my original post, but I'm running 32 bit Windows 7. Here are my logs:

The DDS Log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2
Run by JCAM at 23:11:02 on 2012-11-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4041 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\PROGRA~2\Ad-Aware Antivirus\AdAware.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\JCAM\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=6DF5CB7A7F2EE6BC7B99845090BFE0EC
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\MasterWriter 2.0\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\JCAM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{755016F6-4EA4-45A7-B0E7-9F3222D892DC} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JCAM\AppData\Roaming\Mozilla\Firefox\Profiles\441rv4ca.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\kSolo\npAVX.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\JCAM\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\JCAM\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\JCAM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\JCAM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-31 02:06; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\JCAM\AppData\Roaming\Mozilla\Firefox\Profiles\441rv4ca.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-17 55280]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-10-31 57976]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-9-20 1236368]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-3-17 92160]
R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2010-3-27 21520]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2010-8-4 14952]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-2-26 5017600]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-2-7 793048]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-11-29 74872]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-17 1692480]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;C:\Windows\System32\drivers\MAudioFastTrack.sys [2010-12-7 187912]
R3 RTL8023x64;Dynex DX-E102 PCI 10/100Mb Network Adapter Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2010-7-27 52736]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-17 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 CASprint;Sprint Con App Svc;C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2009-5-26 124160]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-7-23 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-20 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-3-20 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-24 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 iLokDrvr;Usb Driver;C:\Windows\System32\drivers\iLokDrvr.sys [2009-12-23 77656]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-3-17 138752]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-10-7 271640]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\System32\drivers\motodrv.sys [2007-10-10 52608]
S3 OV550I;35mm Film Scanner;C:\Windows\System32\drivers\FilmScan.sys [2008-2-21 196992]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2009-5-26 43032]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-10-31 60536]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-19 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-13 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-11-27 19:40:41 -------- d-----w- C:\Program Files\Enigma Software Group
2012-11-27 19:39:13 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-27 18:29:09 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2012-11-22 15:34:38 5885632 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-11-21 05:56:41 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-15 08:50:59 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 08:50:58 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 08:50:58 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 08:50:58 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 08:09:33 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 08:09:33 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 08:09:32 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-15 08:09:32 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-15 08:09:21 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-15 08:09:21 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 08:09:21 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-15 03:50:57 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-15 03:50:56 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-10-31 06:17:42 -------- d-----w- C:\Users\JCAM\AppData\Local\adawarebp
2012-10-31 06:08:01 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-10-31 06:08:00 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2012-10-31 06:08:00 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-10-31 06:07:08 -------- d-----w- C:\Users\JCAM\AppData\Local\Downloaded Installations
2012-10-31 06:06:42 -------- d-----w- C:\Users\JCAM\AppData\Roaming\blekko
2012-10-31 06:06:03 -------- d-----w- C:\Users\JCAM\AppData\Roaming\Ad-Aware Antivirus
2012-10-30 16:39:53 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A93C4AA-884B-4C91-AB6F-067713A0692F}\mpengine.dll
.
==================== Find3M ====================
.
2012-11-21 05:56:30 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-11-21 05:56:30 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-15 16:57:54 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-15 16:57:53 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-12 20:22:41 31 ----a-w- C:\Windows\SysWow64\wdsdtdsini.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 23:11:39.08 ===============


attach.txt from DDS

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/20/2010 1:46:02 AM
System Uptime: 11/28/2012 10:57:19 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0M017G
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz | CPU 1 | 2936/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 585 GiB total, 101.37 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626420&0#
Manufacturer: Generic-
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626420&0#
Service: WUDFRd
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Realtek High Definition Audio
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_102802AC&REV_1002\4&1244D14A&0&0001
Manufacturer: Realtek
Name: Realtek High Definition Audio
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_102802AC&REV_1002\4&1244D14A&0&0001
Service: IntcAzAudAddService
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Intel® High Definition Audio HDMI
Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2803&SUBSYS_80860101&REV_1000\4&1244D14A&0&0101
Manufacturer: Intel® Corporation
Name: Intel® High Definition Audio HDMI
PNP Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2803&SUBSYS_80860101&REV_1000\4&1244D14A&0&0101
Service: IntcHdmiAddService
.
==== System Restore Points ===================
.
RP381: 11/15/2012 3:01:39 AM - Windows Update
RP382: 11/21/2012 12:54:28 AM - Installed Java 7 Update 9
RP383: 11/27/2012 2:39:33 PM - Installed SpyHunter
RP384: 11/27/2012 3:50:53 PM - Removed SpyHunter
RP385: 11/28/2012 3:00:12 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
1ClickDownload
35mm Film Scanner X64
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Design Premium
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Media Player
Adobe Photoshop CS2
Adobe Reader X (10.1.4)
Adobe Stock Photos 1.0
Adobe Widget Browser
AIM 7
AMR to MP3 Converter 1.4
Any Video Converter 3.0.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
AVI Converter v1.6 (Try)
AVI MPEG Video Converter
Bonjour
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CDex - Open Source Digital Audio CD Extractor
Cisco Connect
Combined Community Codec Pack 2009-09-09
Compatibility Pack for the 2007 Office system
Counter-Strike
Creative 3DMIDI Player
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative Diagnostics
Creative Media Toolbox 6
Creative Media Toolbox 6 (Shared Components)
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative System Information
Creative WaveStudio 7
D3DX10
Debut Video Capture Software
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center
Dolby Digital Live Pack
doubleTwist
Download Updater (AOL LLC)
Dropbox
DTS Connect Pack
DVD Architect Pro 5.0
Dynex DX-E102 PCI 10/100Mb Network Adapter
eLicenser Control
Facebook Plug-In
FileZilla Client 3.5.3
Final Draft
Final Draft 5
Free DigiRack Plug-Ins 8.0
Free WMA to MP3 Converter 1.16
GMATPrep™
Google Chrome
Google Gears
Google Talk Plugin
Google Update Helper
GoToAssist 8.0.0.514
GoToMeeting 4.8.0.721
HijackThis 2.0.2
Identity Finder
Intel® Graphics Media Accelerator Driver
InterLok Driver Kit
Interlok driver setup x64
iTunes
J2SE Runtime Environment 5.0 Update 4
Java 7 Update 9
Java Auto Updater
Java™ 6 Update 17 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
kSolo Recorder
Live 8.0.4
Logitech Webcam Software
LWS Twitter
LWS Webcam Software
M-Audio FastTrack Driver 6.0.6 (x64)
Magic ISO Maker v5.5 (build 0274)
Malwarebytes Anti-Malware version 1.65.1.1000
MasterWriter 2.0
Melodyne 3.2 Demo
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MP3 to WAV Decoder
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicnotes Software Suite 1.5.3
MyPublisher
Native Instruments Absynth 5
Native Instruments Battery 3
Native Instruments Controller Editor
Native Instruments FM8
Native Instruments Guitar Rig 4
Native Instruments Komplete 6
Native Instruments Kontakt 4
Native Instruments Kore 2
Native Instruments Kore Player
Native Instruments Massive
Native Instruments Mikro Prism
Native Instruments Reaktor 5
Native Instruments Reaktor Factory Selection
Native Instruments Service Center
Native Instruments The Mouth
Native Instruments Urban Arsenal
OJOsoft Audio Converter
OpenAL
PC Tools Registry Mechanic 11.0
PDF Settings CS5
Picasa 3
PokerStars.net
PowerDVD DX
QuickTime
Realtek High Definition Audio Driver
RehearScore
Roxio Burn
Roxio RecordNow Copy
Roxio RecordNow Data
Scrivener
Scrivener for Windows Beta
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skype Click to Call
Skype™ 6.0
Sonic Foundry DVD Architect 1.0
Sonic Foundry Vegas 4.0
Sonic Update Manager
Sound Blaster X-Fi
Spotify
Sprint SmartView
Steam
Steinberg Cubase 5
The Management Scientist 6.0
TL Space Native 7.4
TuneUp Companion 2.2.7
TweetDeck
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vegas Pro 9.0 (64-bit)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.3
WildTangent Games
Windows 7 Codec Pack 2.6.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
Xilisoft Audio Converter Pro
Xilisoft DVD Copy 2
Xilisoft DVD Creator 6
Xilisoft DVD Ripper Ultimate 6
Xilisoft Video Converter Ultimate 6
Xvid 1.2.2 final uninstall
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
11/28/2012 9:27:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIHardwareService service.
11/28/2012 3:19:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service SBAMSvc with arguments "" in order to run the server: {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}
11/28/2012 3:19:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
11/28/2012 3:18:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ad-Aware service to connect.
11/28/2012 3:18:57 AM, Error: Service Control Manager [7000] - The Ad-Aware service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/28/2012 12:30:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
11/28/2012 10:58:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
11/28/2012 10:57:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 Lbd tcpipBM
11/28/2012 10:57:29 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\tcpipBM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/28/2012 10:57:29 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/27/2012 4:22:15 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
11/27/2012 1:25:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
11/26/2012 12:27:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007f (0x0000000000000008, 0x0000000080050031, 0x00000000000406f8, 0xfffff800032cf1f8). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112612-26098-01.
11/21/2012 8:15:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UMVPFSrv service.
11/21/2012 1:21:27 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
11/21/2012 1:15:36 AM, Error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================


I'm not including an aswMBR log because I'm on a 64 bit machine.

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:05 PM

Posted 29 November 2012 - 12:53 PM

Hi again,

Yes, your system is 64-bit so please do run aswMBR and post the log for me.

bloopie

#5 napthali

napthali
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 29 November 2012 - 12:57 PM

Here is the aswMBR log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-28 23:14:03
-----------------------------
23:14:03.447 OS Version: Windows x64 6.1.7601 Service Pack 1
23:14:03.447 Number of processors: 2 586 0x170A
23:14:03.452 ComputerName: JCAM-PC UserName: JCAM
23:14:04.942 Initialize success
23:14:53.148 AVAST engine defs: 12112801
23:15:03.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:15:03.598 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
23:15:03.608 Disk 0 MBR read successfully
23:15:03.613 Disk 0 MBR scan
23:15:03.618 Disk 0 Windows 7 default MBR code
23:15:03.623 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
23:15:03.628 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10942 MB offset 112640
23:15:03.638 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 599482 MB offset 22521856
23:15:03.673 Disk 0 scanning C:\Windows\system32\drivers
23:15:17.885 Service scanning
23:15:44.054 Modules scanning
23:15:44.064 Disk 0 trace - called modules:
23:15:44.074 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:15:44.084 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800615a060]
23:15:44.089 3 CLASSPNP.SYS[fffff880019ca43f] -> nt!IofCallDriver -> [0xfffffa8005c04580]
23:15:44.094 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005c06060]
23:15:45.724 AVAST engine scan C:\Windows
23:15:49.590 AVAST engine scan C:\Windows\system32
23:20:10.730 AVAST engine scan C:\Windows\system32\drivers
23:20:26.480 AVAST engine scan C:\Users\JCAM
23:57:18.737 AVAST engine scan C:\ProgramData
00:05:24.771 Scan finished successfully
00:14:03.619 Disk 0 MBR has been saved successfully to "C:\Users\JCAM\Desktop\MBR.dat"
00:14:03.629 The log file has been saved successfully to "C:\Users\JCAM\Desktop\aswMBR.txt"

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:05 PM

Posted 29 November 2012 - 01:16 PM

Hi again,

Run this for me next:

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note*** If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.

bloopie

#7 napthali

napthali
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 29 November 2012 - 01:24 PM

Thanks Bloopie. No malicious items were found. Here is the log:

13:20:28.0435 1472 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:20:28.0870 1472 ============================================================
13:20:28.0870 1472 Current date / time: 2012/11/29 13:20:28.0870
13:20:28.0870 1472 SystemInfo:
13:20:28.0870 1472
13:20:28.0870 1472 OS Version: 6.1.7601 ServicePack: 1.0
13:20:28.0870 1472 Product type: Workstation
13:20:28.0870 1472 ComputerName: JCAM-PC
13:20:28.0870 1472 UserName: JCAM
13:20:28.0870 1472 Windows directory: C:\Windows
13:20:28.0870 1472 System windows directory: C:\Windows
13:20:28.0870 1472 Running under WOW64
13:20:28.0870 1472 Processor architecture: Intel x64
13:20:28.0870 1472 Number of processors: 2
13:20:28.0870 1472 Page size: 0x1000
13:20:28.0870 1472 Boot type: Normal boot
13:20:28.0870 1472 ============================================================
13:20:30.0088 1472 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:20:30.0183 1472 ============================================================
13:20:30.0183 1472 \Device\Harddisk0\DR0:
13:20:30.0183 1472 MBR partitions:
13:20:30.0183 1472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x155F000
13:20:30.0183 1472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x157A800, BlocksNum 0x492DD000
13:20:30.0183 1472 ============================================================
13:20:30.0298 1472 C: <-> \Device\Harddisk0\DR0\Partition2
13:20:30.0298 1472 ============================================================
13:20:30.0298 1472 Initialize success
13:20:30.0298 1472 ============================================================
13:21:01.0579 4356 ============================================================
13:21:01.0579 4356 Scan started
13:21:01.0579 4356 Mode: Manual; SigCheck; TDLFS;
13:21:01.0579 4356 ============================================================
13:21:02.0371 4356 ================ Scan system memory ========================
13:21:02.0371 4356 System memory - ok
13:21:02.0371 4356 ================ Scan services =============================
13:21:02.0541 4356 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:21:02.0636 4356 1394ohci - ok
13:21:02.0711 4356 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys
13:21:02.0761 4356 61883 - ok
13:21:02.0806 4356 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:21:02.0821 4356 ACPI - ok
13:21:02.0866 4356 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:21:02.0906 4356 AcpiPmi - ok
13:21:03.0073 4356 [ C59992E25F4EBAD9E5C15B0D5D225F99 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
13:21:03.0123 4356 Ad-Aware Service - ok
13:21:03.0190 4356 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
13:21:03.0205 4356 adfs - ok
13:21:03.0320 4356 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
13:21:03.0360 4356 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
13:21:03.0360 4356 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
13:21:03.0495 4356 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:21:03.0515 4356 AdobeARMservice - ok
13:21:03.0640 4356 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:21:03.0655 4356 AdobeFlashPlayerUpdateSvc - ok
13:21:03.0700 4356 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:21:03.0720 4356 adp94xx - ok
13:21:03.0745 4356 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:21:03.0760 4356 adpahci - ok
13:21:03.0775 4356 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:21:03.0790 4356 adpu320 - ok
13:21:03.0800 4356 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:21:03.0845 4356 AeLookupSvc - ok
13:21:03.0900 4356 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
13:21:03.0990 4356 AERTFilters - ok
13:21:04.0055 4356 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:21:04.0095 4356 AFD - ok
13:21:04.0170 4356 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:21:04.0185 4356 agp440 - ok
13:21:04.0200 4356 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:21:04.0270 4356 ALG - ok
13:21:04.0335 4356 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:21:04.0345 4356 aliide - ok
13:21:04.0360 4356 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:21:04.0370 4356 amdide - ok
13:21:04.0400 4356 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:21:04.0450 4356 AmdK8 - ok
13:21:04.0480 4356 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:21:04.0525 4356 AmdPPM - ok
13:21:04.0597 4356 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:21:04.0612 4356 amdsata - ok
13:21:04.0627 4356 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:21:04.0642 4356 amdsbs - ok
13:21:04.0657 4356 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:21:04.0667 4356 amdxata - ok
13:21:04.0732 4356 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:21:04.0797 4356 AppID - ok
13:21:04.0822 4356 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:21:04.0888 4356 AppIDSvc - ok
13:21:04.0929 4356 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:21:04.0999 4356 Appinfo - ok
13:21:05.0112 4356 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:21:05.0137 4356 Apple Mobile Device - ok
13:21:05.0146 4356 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:21:05.0159 4356 arc - ok
13:21:05.0173 4356 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:21:05.0188 4356 arcsas - ok
13:21:05.0208 4356 ASPI32 - ok
13:21:05.0233 4356 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:21:05.0303 4356 AsyncMac - ok
13:21:05.0350 4356 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:21:05.0365 4356 atapi - ok
13:21:05.0425 4356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:21:05.0505 4356 AudioEndpointBuilder - ok
13:21:05.0544 4356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:21:05.0582 4356 AudioSrv - ok
13:21:05.0657 4356 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
13:21:05.0702 4356 Avc - ok
13:21:05.0772 4356 [ 155F536D6181508929F4FE177F4167CE ] AVCSTRM C:\Windows\system32\DRIVERS\avcstrm.sys
13:21:05.0812 4356 AVCSTRM - ok
13:21:05.0882 4356 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:21:05.0977 4356 AxInstSV - ok
13:21:06.0012 4356 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:21:06.0047 4356 b06bdrv - ok
13:21:06.0077 4356 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:21:06.0127 4356 b57nd60a - ok
13:21:06.0182 4356 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:21:06.0237 4356 BDESVC - ok
13:21:06.0257 4356 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:21:06.0312 4356 Beep - ok
13:21:06.0392 4356 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:21:06.0457 4356 BFE - ok
13:21:06.0527 4356 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:21:06.0627 4356 BITS - ok
13:21:06.0667 4356 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:21:06.0707 4356 blbdrive - ok
13:21:06.0817 4356 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:21:06.0857 4356 Bonjour Service - ok
13:21:06.0912 4356 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:21:06.0952 4356 bowser - ok
13:21:06.0997 4356 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:21:07.0037 4356 BrFiltLo - ok
13:21:07.0067 4356 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:21:07.0082 4356 BrFiltUp - ok
13:21:07.0132 4356 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:21:07.0167 4356 Browser - ok
13:21:07.0188 4356 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:21:07.0254 4356 Brserid - ok
13:21:07.0279 4356 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:21:07.0321 4356 BrSerWdm - ok
13:21:07.0336 4356 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:21:07.0371 4356 BrUsbMdm - ok
13:21:07.0418 4356 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:21:07.0438 4356 BrUsbSer - ok
13:21:07.0468 4356 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:21:07.0503 4356 BTHMODEM - ok
13:21:07.0565 4356 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:21:07.0620 4356 bthserv - ok
13:21:07.0725 4356 [ BD33F7A2F0628CD2C2D61C97313EF350 ] CASprint C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe
13:21:07.0932 4356 CASprint - ok
13:21:07.0942 4356 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:21:07.0987 4356 cdfs - ok
13:21:08.0052 4356 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:21:08.0087 4356 cdrom - ok
13:21:08.0157 4356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:21:08.0217 4356 CertPropSvc - ok
13:21:08.0237 4356 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:21:08.0272 4356 circlass - ok
13:21:08.0312 4356 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:21:08.0327 4356 CLFS - ok
13:21:08.0387 4356 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:21:08.0397 4356 clr_optimization_v2.0.50727_32 - ok
13:21:08.0437 4356 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:21:08.0447 4356 clr_optimization_v2.0.50727_64 - ok
13:21:08.0577 4356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:21:08.0592 4356 clr_optimization_v4.0.30319_32 - ok
13:21:08.0612 4356 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:21:08.0622 4356 clr_optimization_v4.0.30319_64 - ok
13:21:08.0642 4356 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:21:08.0657 4356 CmBatt - ok
13:21:08.0687 4356 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:21:08.0697 4356 cmdide - ok
13:21:08.0732 4356 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:21:08.0757 4356 CNG - ok
13:21:08.0762 4356 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:21:08.0772 4356 Compbatt - ok
13:21:08.0822 4356 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:21:08.0872 4356 CompositeBus - ok
13:21:08.0892 4356 COMSysApp - ok
13:21:08.0907 4356 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:21:08.0922 4356 crcdisk - ok
13:21:09.0029 4356 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
13:21:09.0283 4356 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:21:09.0283 4356 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:21:09.0318 4356 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
13:21:09.0343 4356 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:21:09.0343 4356 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:21:09.0413 4356 [ D03466C36EF0E5C7694FF38B45271D9D ] Creative Media Toolbox 6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
13:21:09.0713 4356 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:21:09.0713 4356 Creative Media Toolbox 6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:21:09.0788 4356 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:21:09.0859 4356 CryptSvc - ok
13:21:09.0909 4356 [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
13:21:09.0929 4356 CT20XUT - ok
13:21:09.0959 4356 [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
13:21:09.0969 4356 CT20XUT.SYS - ok
13:21:10.0024 4356 [ 397FBD4454E5B2FB77E55D1013DF548C ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
13:21:10.0059 4356 ctac32k - ok
13:21:10.0084 4356 [ 50A8CD4DF066FE57D0C473A2645988CC ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
13:21:10.0124 4356 ctaud2k - ok
13:21:10.0219 4356 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
13:21:10.0269 4356 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
13:21:10.0269 4356 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
13:21:10.0324 4356 [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
13:21:10.0409 4356 CTEXFIFX - ok
13:21:10.0444 4356 [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
13:21:10.0464 4356 CTEXFIFX.SYS - ok
13:21:10.0479 4356 [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
13:21:10.0494 4356 CTHWIUT - ok
13:21:10.0499 4356 [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
13:21:10.0509 4356 CTHWIUT.SYS - ok
13:21:10.0514 4356 [ 757776E207CA5E71E4A16BD1260AE1F2 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
13:21:10.0524 4356 ctprxy2k - ok
13:21:10.0534 4356 [ 9B111EE2F488A8D9C21A13ED4C777795 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
13:21:10.0559 4356 ctsfm2k - ok
13:21:10.0629 4356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:21:10.0689 4356 DcomLaunch - ok
13:21:10.0744 4356 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:21:10.0809 4356 defragsvc - ok
13:21:10.0874 4356 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:21:10.0929 4356 DfsC - ok
13:21:11.0004 4356 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:21:11.0064 4356 Dhcp - ok
13:21:11.0129 4356 [ FAA97C2E28A2A7AFBB156B78FF30F710 ] DigiNet C:\Windows\system32\DRIVERS\diginet.sys
13:21:11.0144 4356 DigiNet - ok
13:21:11.0164 4356 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:21:11.0224 4356 discache - ok
13:21:11.0259 4356 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:21:11.0269 4356 Disk - ok
13:21:11.0334 4356 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:21:11.0389 4356 Dnscache - ok
13:21:11.0479 4356 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
13:21:11.0494 4356 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
13:21:11.0494 4356 DockLoginService - detected UnsignedFile.Multi.Generic (1)
13:21:11.0544 4356 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:21:11.0609 4356 dot3svc - ok
13:21:11.0649 4356 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:21:11.0699 4356 DPS - ok
13:21:11.0739 4356 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:21:11.0774 4356 drmkaud - ok
13:21:11.0834 4356 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:21:11.0889 4356 DXGKrnl - ok
13:21:11.0909 4356 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:21:11.0974 4356 EapHost - ok
13:21:12.0054 4356 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:21:12.0149 4356 ebdrv - ok
13:21:12.0184 4356 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:21:12.0254 4356 EFS - ok
13:21:12.0309 4356 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:21:12.0441 4356 ehRecvr - ok
13:21:12.0466 4356 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:21:12.0501 4356 ehSched - ok
13:21:12.0541 4356 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:21:12.0566 4356 elxstor - ok
13:21:12.0581 4356 [ 683DCAF0D4EFC3F95A32E8924849202D ] emupia C:\Windows\system32\drivers\emupia2k.sys
13:21:12.0596 4356 emupia - ok
13:21:12.0611 4356 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:21:12.0651 4356 ErrDev - ok
13:21:12.0711 4356 esgiguard - ok
13:21:12.0763 4356 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:21:12.0823 4356 EventSystem - ok
13:21:12.0864 4356 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:21:12.0899 4356 exfat - ok
13:21:12.0929 4356 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:21:12.0989 4356 fastfat - ok
13:21:13.0069 4356 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:21:13.0149 4356 Fax - ok
13:21:13.0154 4356 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:21:13.0184 4356 fdc - ok
13:21:13.0224 4356 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:21:13.0264 4356 fdPHost - ok
13:21:13.0289 4356 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:21:13.0334 4356 FDResPub - ok
13:21:13.0369 4356 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:21:13.0389 4356 FileInfo - ok
13:21:13.0399 4356 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:21:13.0454 4356 Filetrace - ok
13:21:13.0459 4356 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:21:13.0469 4356 flpydisk - ok
13:21:13.0544 4356 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:21:13.0569 4356 FltMgr - ok
13:21:13.0639 4356 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:21:13.0724 4356 FontCache - ok
13:21:13.0804 4356 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:21:13.0814 4356 FontCache3.0.0.0 - ok
13:21:13.0834 4356 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:21:13.0849 4356 FsDepends - ok
13:21:13.0906 4356 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
13:21:13.0916 4356 fssfltr - ok
13:21:14.0103 4356 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:21:14.0204 4356 fsssvc - ok
13:21:14.0255 4356 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:21:14.0270 4356 Fs_Rec - ok
13:21:14.0325 4356 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:21:14.0340 4356 fvevol - ok
13:21:14.0365 4356 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:21:14.0410 4356 gagp30kx - ok
13:21:14.0457 4356 [ 73A2EC1A8DD15F85F92F8AC303A7E39B ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
13:21:14.0487 4356 GameConsoleService - ok
13:21:14.0569 4356 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:21:14.0579 4356 GEARAspiWDM - ok
13:21:14.0613 4356 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
13:21:14.0624 4356 GoToAssist - ok
13:21:14.0681 4356 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:21:14.0751 4356 gpsvc - ok
13:21:14.0929 4356 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:21:14.0939 4356 gupdate - ok
13:21:14.0969 4356 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:21:14.0979 4356 gupdatem - ok
13:21:15.0029 4356 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:21:15.0049 4356 gusvc - ok
13:21:15.0134 4356 [ 076F366B87575ADC7D152C7A34ACB3DC ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys
13:21:15.0226 4356 ha20x22k - ok
13:21:15.0251 4356 [ 4A7533EB52DC9D1847E7F78DEE1CE322 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
13:21:15.0301 4356 ha20x2k - ok
13:21:15.0316 4356 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:21:15.0386 4356 hcw85cir - ok
13:21:15.0456 4356 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:21:15.0496 4356 HdAudAddService - ok
13:21:15.0521 4356 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:21:15.0561 4356 HDAudBus - ok
13:21:15.0586 4356 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:21:15.0596 4356 HidBatt - ok
13:21:15.0606 4356 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:21:15.0621 4356 HidBth - ok
13:21:15.0631 4356 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:21:15.0646 4356 HidIr - ok
13:21:15.0676 4356 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:21:15.0731 4356 hidserv - ok
13:21:15.0818 4356 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:21:15.0833 4356 HidUsb - ok
13:21:15.0873 4356 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:21:15.0928 4356 hkmsvc - ok
13:21:15.0970 4356 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:21:16.0025 4356 HomeGroupListener - ok
13:21:16.0075 4356 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:21:16.0110 4356 HomeGroupProvider - ok
13:21:16.0155 4356 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:21:16.0170 4356 HpSAMD - ok
13:21:16.0225 4356 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:21:16.0285 4356 HTTP - ok
13:21:16.0322 4356 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:21:16.0332 4356 hwpolicy - ok
13:21:16.0387 4356 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:21:16.0417 4356 i8042prt - ok
13:21:16.0467 4356 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:21:16.0511 4356 iaStor - ok
13:21:16.0571 4356 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:21:16.0588 4356 iaStorV - ok
13:21:16.0615 4356 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:21:16.0727 4356 idsvc - ok
13:21:16.0886 4356 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:21:17.0055 4356 igfx - ok
13:21:17.0090 4356 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:21:17.0100 4356 iirsp - ok
13:21:17.0230 4356 [ A06EFD4965F8A3F97A8C9A291D032678 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
13:21:17.0245 4356 IJPLMSVC - ok
13:21:17.0305 4356 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:21:17.0377 4356 IKEEXT - ok
13:21:17.0464 4356 [ 4ACD420CB73BB482E3A8A7101FF1AB83 ] iLokDrvr C:\Windows\system32\DRIVERS\iLokDrvr.sys
13:21:17.0469 4356 iLokDrvr - ok
13:21:17.0534 4356 [ F2B52C7B1C8E6A4FC4C4564F4A421F23 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:21:17.0607 4356 IntcAzAudAddService - ok
13:21:17.0620 4356 [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
13:21:17.0696 4356 IntcHdmiAddService - ok
13:21:17.0751 4356 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:21:17.0771 4356 intelide - ok
13:21:17.0791 4356 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:21:17.0826 4356 intelppm - ok
13:21:17.0861 4356 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:21:17.0896 4356 IPBusEnum - ok
13:21:17.0956 4356 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:21:18.0006 4356 IpFilterDriver - ok
13:21:18.0066 4356 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:21:18.0101 4356 iphlpsvc - ok
13:21:18.0151 4356 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:21:18.0196 4356 IPMIDRV - ok
13:21:18.0236 4356 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:21:18.0286 4356 IPNAT - ok
13:21:18.0366 4356 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:21:18.0406 4356 iPod Service - ok
13:21:18.0491 4356 [ 02DEF37AB75E0032C50724646F708DE8 ] iPodDrv C:\Windows\system32\drivers\iPodDrv.sys
13:21:18.0775 4356 iPodDrv - ok
13:21:18.0800 4356 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:21:18.0876 4356 IRENUM - ok
13:21:18.0941 4356 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:21:18.0961 4356 isapnp - ok
13:21:19.0018 4356 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:21:19.0038 4356 iScsiPrt - ok
13:21:19.0063 4356 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:21:19.0073 4356 kbdclass - ok
13:21:19.0133 4356 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:21:19.0178 4356 kbdhid - ok
13:21:19.0203 4356 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:21:19.0213 4356 KeyIso - ok
13:21:19.0258 4356 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:21:19.0278 4356 KSecDD - ok
13:21:19.0328 4356 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:21:19.0343 4356 KSecPkg - ok
13:21:19.0353 4356 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:21:19.0428 4356 ksthunk - ok
13:21:19.0463 4356 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:21:19.0513 4356 KtmRm - ok
13:21:19.0543 4356 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:21:19.0598 4356 LanmanServer - ok
13:21:19.0725 4356 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:21:19.0872 4356 LanmanWorkstation - ok
13:21:19.0914 4356 Lbd - ok
13:21:19.0939 4356 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:21:19.0994 4356 lltdio - ok
13:21:20.0034 4356 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:21:20.0109 4356 lltdsvc - ok
13:21:20.0138 4356 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:21:20.0171 4356 lmhosts - ok
13:21:20.0193 4356 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:21:20.0203 4356 LSI_FC - ok
13:21:20.0208 4356 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:21:20.0218 4356 LSI_SAS - ok
13:21:20.0228 4356 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:21:20.0238 4356 LSI_SAS2 - ok
13:21:20.0253 4356 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:21:20.0268 4356 LSI_SCSI - ok
13:21:20.0298 4356 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:21:20.0353 4356 luafv - ok
13:21:20.0445 4356 [ B2085E335F2B57077B0CBADB6F1245CD ] lvpopf64 C:\Windows\system32\DRIVERS\lvpopf64.sys
13:21:20.0460 4356 lvpopf64 - ok
13:21:20.0540 4356 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
13:21:20.0550 4356 LVPr2M64 - ok
13:21:20.0620 4356 [ EF2BE2F45D4F06410A3BD2A3467325B0 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
13:21:20.0645 4356 LVRS64 - ok
13:21:20.0764 4356 [ AC22F92C6078640FE8A70D662A2F3AD5 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
13:21:20.0994 4356 LVUVC64 - ok
13:21:21.0031 4356 [ F2643036B225BA4621A965434478F35E ] MAUSBFASTTRACK C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
13:21:21.0051 4356 MAUSBFASTTRACK - ok
13:21:21.0106 4356 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:21:21.0136 4356 Mcx2Svc - ok
13:21:21.0171 4356 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:21:21.0181 4356 megasas - ok
13:21:21.0196 4356 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:21:21.0211 4356 MegaSR - ok
13:21:21.0271 4356 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:21:21.0281 4356 Microsoft Office Groove Audit Service - ok
13:21:21.0306 4356 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:21:21.0382 4356 MMCSS - ok
13:21:21.0403 4356 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:21:21.0453 4356 Modem - ok
13:21:21.0488 4356 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:21:21.0518 4356 monitor - ok
13:21:21.0588 4356 [ 07A02F0FE55AE183843EF627FEB85FE6 ] MotDev C:\Windows\system32\DRIVERS\motodrv.sys
13:21:21.0608 4356 MotDev - ok
13:21:21.0633 4356 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:21:21.0648 4356 mouclass - ok
13:21:21.0678 4356 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:21:21.0708 4356 mouhid - ok
13:21:21.0748 4356 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:21:21.0768 4356 mountmgr - ok
13:21:21.0797 4356 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:21:21.0810 4356 MozillaMaintenance - ok
13:21:21.0820 4356 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:21:21.0835 4356 mpio - ok
13:21:21.0840 4356 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:21:21.0875 4356 mpsdrv - ok
13:21:21.0930 4356 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:21:22.0015 4356 MpsSvc - ok
13:21:22.0060 4356 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:21:22.0105 4356 MRxDAV - ok
13:21:22.0160 4356 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:21:22.0205 4356 mrxsmb - ok
13:21:22.0265 4356 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:21:22.0285 4356 mrxsmb10 - ok
13:21:22.0300 4356 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:21:22.0310 4356 mrxsmb20 - ok
13:21:22.0360 4356 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:21:22.0370 4356 msahci - ok
13:21:22.0420 4356 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:21:22.0430 4356 msdsm - ok
13:21:22.0450 4356 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:21:22.0490 4356 MSDTC - ok
13:21:22.0575 4356 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
13:21:22.0590 4356 MSDV - ok
13:21:22.0600 4356 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:21:22.0630 4356 Msfs - ok
13:21:22.0640 4356 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:21:22.0690 4356 mshidkmdf - ok
13:21:22.0725 4356 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:21:22.0735 4356 msisadrv - ok
13:21:22.0765 4356 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:21:22.0805 4356 MSiSCSI - ok
13:21:22.0810 4356 msiserver - ok
13:21:22.0830 4356 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:21:22.0882 4356 MSKSSRV - ok
13:21:22.0927 4356 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:21:23.0002 4356 MSPCLOCK - ok
13:21:23.0022 4356 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:21:23.0072 4356 MSPQM - ok
13:21:23.0127 4356 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:21:23.0147 4356 MsRPC - ok
13:21:23.0157 4356 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:21:23.0167 4356 mssmbios - ok
13:21:23.0232 4356 [ 966EC55988D580B9823C453781309450 ] MSTAPE C:\Windows\system32\DRIVERS\mstape.sys
13:21:23.0267 4356 MSTAPE - ok
13:21:23.0302 4356 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:21:23.0342 4356 MSTEE - ok
13:21:23.0347 4356 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:21:23.0377 4356 MTConfig - ok
13:21:23.0407 4356 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:21:23.0417 4356 Mup - ok
13:21:23.0487 4356 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:21:23.0572 4356 napagent - ok
13:21:23.0607 4356 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:21:23.0652 4356 NativeWifiP - ok
13:21:23.0757 4356 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:21:23.0788 4356 NDIS - ok
13:21:23.0809 4356 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:21:23.0844 4356 NdisCap - ok
13:21:23.0864 4356 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:21:23.0894 4356 NdisTapi - ok
13:21:23.0954 4356 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:21:24.0014 4356 Ndisuio - ok
13:21:24.0059 4356 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:21:24.0124 4356 NdisWan - ok
13:21:24.0159 4356 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:21:24.0233 4356 NDProxy - ok
13:21:24.0256 4356 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:21:24.0321 4356 NetBIOS - ok
13:21:24.0356 4356 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:21:24.0421 4356 NetBT - ok
13:21:24.0441 4356 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:21:24.0456 4356 Netlogon - ok
13:21:24.0496 4356 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:21:24.0556 4356 Netman - ok
13:21:24.0581 4356 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:21:24.0661 4356 netprofm - ok
13:21:24.0701 4356 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:21:24.0711 4356 NetTcpPortSharing - ok
13:21:24.0711 4356 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:21:24.0726 4356 nfrd960 - ok
13:21:24.0911 4356 [ DE7A5AD69E0D9A40867A5E8A9675CC26 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
13:21:25.0518 4356 NIHardwareService ( UnsignedFile.Multi.Generic ) - warning
13:21:25.0518 4356 NIHardwareService - detected UnsignedFile.Multi.Generic (1)
13:21:25.0543 4356 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:21:25.0578 4356 NlaSvc - ok
13:21:25.0623 4356 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:21:25.0663 4356 Npfs - ok
13:21:25.0683 4356 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:21:25.0743 4356 nsi - ok
13:21:25.0763 4356 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:21:25.0818 4356 nsiproxy - ok
13:21:25.0898 4356 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:21:25.0958 4356 Ntfs - ok
13:21:25.0968 4356 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:21:26.0038 4356 Null - ok
13:21:26.0063 4356 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:21:26.0078 4356 nvraid - ok
13:21:26.0133 4356 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:21:26.0163 4356 nvstor - ok
13:21:26.0213 4356 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:21:26.0228 4356 nv_agp - ok
13:21:26.0293 4356 [ 952AB3BDEF38A7391AA05BC8C6028F15 ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys
13:21:26.0348 4356 NWADI - ok
13:21:26.0413 4356 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:21:26.0433 4356 odserv - ok
13:21:26.0483 4356 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:21:26.0508 4356 ohci1394 - ok
13:21:26.0563 4356 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:21:26.0573 4356 ose - ok
13:21:26.0593 4356 [ A29A80A1CF63D0DC27EEFCAF27D34664 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
13:21:26.0618 4356 ossrv - ok
13:21:26.0688 4356 [ 5F79934084DF6DC0635578864376CE54 ] OV550I C:\Windows\system32\Drivers\FilmScan.sys
13:21:26.0753 4356 OV550I - ok
13:21:26.0798 4356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:21:26.0858 4356 p2pimsvc - ok
13:21:26.0878 4356 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:21:26.0968 4356 p2psvc - ok
13:21:26.0994 4356 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:21:27.0006 4356 Parport - ok
13:21:27.0061 4356 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:21:27.0076 4356 partmgr - ok
13:21:27.0091 4356 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:21:27.0131 4356 PcaSvc - ok
13:21:27.0183 4356 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:21:27.0198 4356 pci - ok
13:21:27.0258 4356 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:21:27.0268 4356 pciide - ok
13:21:27.0283 4356 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:21:27.0298 4356 pcmcia - ok
13:21:27.0353 4356 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
13:21:27.0433 4356 pcouffin - ok
13:21:27.0503 4356 [ B5D3C24E4EA8E6D4850E83DAD8C510D4 ] PCTINDIS5X64 C:\Windows\system32\PCTINDIS5X64.SYS
13:21:27.0518 4356 PCTINDIS5X64 - ok
13:21:27.0593 4356 [ A0937771070BF59468B4939DD0AE59FD ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
13:21:27.0628 4356 PCToolsSSDMonitorSvc - ok
13:21:27.0638 4356 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:21:27.0648 4356 pcw - ok
13:21:27.0668 4356 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:21:27.0738 4356 PEAUTH - ok
13:21:27.0808 4356 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:21:27.0843 4356 PerfHost - ok
13:21:27.0913 4356 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:21:28.0018 4356 pla - ok
13:21:28.0063 4356 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:21:28.0133 4356 PlugPlay - ok
13:21:28.0153 4356 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:21:28.0168 4356 PNRPAutoReg - ok
13:21:28.0178 4356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:21:28.0193 4356 PNRPsvc - ok
13:21:28.0243 4356 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:21:28.0308 4356 PolicyAgent - ok
13:21:28.0353 4356 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:21:28.0408 4356 Power - ok
13:21:28.0443 4356 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:21:28.0503 4356 PptpMiniport - ok
13:21:28.0523 4356 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:21:28.0563 4356 Processor - ok
13:21:28.0628 4356 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:21:28.0698 4356 ProfSvc - ok
13:21:28.0708 4356 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:21:28.0723 4356 ProtectedStorage - ok
13:21:28.0788 4356 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:21:28.0843 4356 Psched - ok
13:21:28.0888 4356 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
13:21:28.0908 4356 PxHlpa64 - ok
13:21:28.0960 4356 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:21:29.0035 4356 ql2300 - ok
13:21:29.0045 4356 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:21:29.0060 4356 ql40xx - ok
13:21:29.0090 4356 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:21:29.0110 4356 QWAVE - ok
13:21:29.0120 4356 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:21:29.0165 4356 QWAVEdrv - ok
13:21:29.0195 4356 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:21:29.0225 4356 RasAcd - ok
13:21:29.0240 4356 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:21:29.0270 4356 RasAgileVpn - ok
13:21:29.0285 4356 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:21:29.0335 4356 RasAuto - ok
13:21:29.0375 4356 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:21:29.0425 4356 Rasl2tp - ok
13:21:29.0505 4356 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:21:29.0560 4356 RasMan - ok
13:21:29.0570 4356 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:21:29.0615 4356 RasPppoe - ok
13:21:29.0645 4356 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:21:29.0680 4356 RasSstp - ok
13:21:29.0725 4356 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:21:29.0795 4356 rdbss - ok
13:21:29.0815 4356 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:21:29.0850 4356 rdpbus - ok
13:21:29.0875 4356 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:21:29.0905 4356 RDPCDD - ok
13:21:29.0925 4356 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:21:29.0980 4356 RDPENCDD - ok
13:21:30.0015 4356 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:21:30.0061 4356 RDPREFMP - ok
13:21:30.0112 4356 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:21:30.0187 4356 RDPWD - ok
13:21:30.0242 4356 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:21:30.0262 4356 rdyboost - ok
13:21:30.0282 4356 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:21:30.0337 4356 RemoteAccess - ok
13:21:30.0382 4356 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:21:30.0452 4356 RemoteRegistry - ok
13:21:30.0557 4356 [ 0DE22421179D5A8440B68517DDF2B051 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
13:21:30.0567 4356 RimVSerPort - ok
13:21:30.0572 4356 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
13:21:30.0627 4356 ROOTMODEM - ok
13:21:30.0672 4356 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:21:30.0727 4356 RpcEptMapper - ok
13:21:30.0757 4356 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:21:30.0792 4356 RpcLocator - ok
13:21:30.0842 4356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:21:30.0882 4356 RpcSs - ok
13:21:30.0887 4356 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:21:30.0942 4356 rspndr - ok
13:21:31.0007 4356 [ 04C2D5BD8D0776320230978A0AEC3BD0 ] RTL8023x64 C:\Windows\system32\DRIVERS\Rtnic64.sys
13:21:31.0047 4356 RTL8023x64 - ok
13:21:31.0097 4356 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:21:31.0132 4356 RTL8167 - ok
13:21:31.0167 4356 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:21:31.0177 4356 SamSs - ok
13:21:31.0302 4356 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
13:21:31.0352 4356 SBAMSvc - ok
13:21:31.0372 4356 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
13:21:31.0382 4356 sbapifs - ok
13:21:31.0402 4356 [ B671EEF468D13016B9286F5835A06AE1 ] sbhips C:\Windows\system32\drivers\sbhips.sys
13:21:31.0412 4356 sbhips - ok
13:21:31.0447 4356 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:21:31.0467 4356 sbp2port - ok
13:21:31.0492 4356 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
13:21:31.0502 4356 SBRE - ok
13:21:31.0537 4356 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:21:31.0587 4356 SCardSvr - ok
13:21:31.0642 4356 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:21:31.0692 4356 scfilter - ok
13:21:31.0772 4356 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:21:31.0852 4356 Schedule - ok
13:21:31.0892 4356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:21:31.0917 4356 SCPolicySvc - ok
13:21:31.0967 4356 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:21:31.0992 4356 SDRSVC - ok
13:21:32.0017 4356 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:21:32.0047 4356 secdrv - ok
13:21:32.0097 4356 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:21:32.0127 4356 seclogon - ok
13:21:32.0152 4356 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:21:32.0199 4356 SENS - ok
13:21:32.0224 4356 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:21:32.0244 4356 SensrSvc - ok
13:21:32.0249 4356 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:21:32.0279 4356 Serenum - ok
13:21:32.0304 4356 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:21:32.0319 4356 Serial - ok
13:21:32.0364 4356 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:21:32.0399 4356 sermouse - ok
13:21:32.0454 4356 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:21:32.0519 4356 SessionEnv - ok
13:21:32.0559 4356 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:21:32.0594 4356 sffdisk - ok
13:21:32.0619 4356 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:21:32.0651 4356 sffp_mmc - ok
13:21:32.0681 4356 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:21:32.0726 4356 sffp_sd - ok
13:21:32.0746 4356 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:21:32.0781 4356 sfloppy - ok
13:21:32.0901 4356 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
13:21:32.0961 4356 SftService - ok
13:21:32.0998 4356 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:21:33.0033 4356 SharedAccess - ok
13:21:33.0095 4356 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:21:33.0131 4356 ShellHWDetection - ok
13:21:33.0150 4356 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:21:33.0179 4356 SiSRaid2 - ok
13:21:33.0188 4356 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:21:33.0202 4356 SiSRaid4 - ok
13:21:33.0357 4356 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:21:33.0415 4356 Skype C2C Service - ok
13:21:33.0514 4356 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:21:33.0519 4356 SkypeUpdate - ok
13:21:33.0539 4356 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:21:33.0574 4356 Smb - ok
13:21:33.0621 4356 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:21:33.0656 4356 SNMPTRAP - ok
13:21:33.0691 4356 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:21:33.0711 4356 spldr - ok
13:21:33.0773 4356 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:21:33.0813 4356 Spooler - ok
13:21:33.0903 4356 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:21:34.0040 4356 sppsvc - ok
13:21:34.0064 4356 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:21:34.0117 4356 sppuinotify - ok
13:21:34.0224 4356 [ 16F856310B21685121CAAAA92D84FE09 ] SprintRcAppSvc C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
13:21:34.0394 4356 SprintRcAppSvc - ok
13:21:34.0449 4356 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:21:34.0504 4356 srv - ok
13:21:34.0549 4356 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:21:34.0589 4356 srv2 - ok
13:21:34.0629 4356 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:21:34.0664 4356 srvnet - ok
13:21:34.0704 4356 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:21:34.0759 4356 SSDPSRV - ok
13:21:34.0779 4356 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:21:34.0814 4356 SstpSvc - ok
13:21:34.0844 4356 Steam Client Service - ok
13:21:34.0884 4356 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:21:34.0904 4356 stexstor - ok
13:21:34.0959 4356 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:21:35.0025 4356 stisvc - ok
13:21:35.0105 4356 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:21:35.0115 4356 swenum - ok
13:21:35.0235 4356 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:21:35.0290 4356 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
13:21:35.0290 4356 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
13:21:35.0375 4356 [ D294DB3E6B227BA511A454DF4B9A5856 ] swmsflt C:\Windows\System32\drivers\swmsflt.sys
13:21:35.0390 4356 swmsflt - ok
13:21:35.0415 4356 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:21:35.0485 4356 swprv - ok
13:21:35.0545 4356 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:21:35.0620 4356 SysMain - ok
13:21:35.0670 4356 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:21:35.0710 4356 TabletInputService - ok
13:21:35.0760 4356 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:21:35.0845 4356 TapiSrv - ok
13:21:35.0870 4356 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:21:35.0925 4356 TBS - ok
13:21:36.0040 4356 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:21:36.0115 4356 Tcpip - ok
13:21:36.0160 4356 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:21:36.0195 4356 TCPIP6 - ok
13:21:36.0200 4356 tcpipBM - ok
13:21:36.0250 4356 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:21:36.0290 4356 tcpipreg - ok
13:21:36.0340 4356 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:21:36.0395 4356 TDPIPE - ok
13:21:36.0445 4356 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:21:36.0460 4356 TDTCP - ok
13:21:36.0515 4356 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:21:36.0550 4356 tdx - ok
13:21:36.0597 4356 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:21:36.0617 4356 TermDD - ok
13:21:36.0687 4356 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:21:36.0779 4356 TermService - ok
13:21:36.0799 4356 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:21:36.0844 4356 Themes - ok
13:21:36.0911 4356 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:21:36.0946 4356 THREADORDER - ok
13:21:37.0006 4356 [ C676B0F52F2B6483AFB88F79CABB011E ] Tpkd C:\Windows\system32\drivers\Tpkd.sys
13:21:37.0031 4356 Tpkd - ok
13:21:37.0046 4356 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:21:37.0096 4356 TrkWks - ok
13:21:37.0166 4356 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:21:37.0211 4356 TrustedInstaller - ok
13:21:37.0251 4356 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:21:37.0328 4356 tssecsrv - ok
13:21:37.0413 4356 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:21:37.0438 4356 TsUsbFlt - ok
13:21:37.0518 4356 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:21:37.0598 4356 tunnel - ok
13:21:37.0638 4356 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:21:37.0648 4356 uagp35 - ok
13:21:37.0713 4356 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:21:37.0788 4356 udfs - ok
13:21:37.0813 4356 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:21:37.0828 4356 UI0Detect - ok
13:21:37.0873 4356 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:21:37.0883 4356 uliagpkx - ok
13:21:37.0938 4356 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:21:37.0983 4356 umbus - ok
13:21:38.0013 4356 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:21:38.0053 4356 UmPass - ok
13:21:38.0168 4356 [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
13:21:38.0193 4356 UMVPFSrv - ok
13:21:38.0208 4356 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:21:38.0263 4356 upnphost - ok
13:21:38.0343 4356 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:21:38.0373 4356 USBAAPL64 - ok
13:21:38.0473 4356 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:21:38.0518 4356 usbaudio - ok
13:21:38.0538 4356 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:21:38.0598 4356 usbccgp - ok
13:21:38.0655 4356 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:21:38.0670 4356 usbcir - ok
13:21:38.0685 4356 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:21:38.0720 4356 usbehci - ok
13:21:38.0765 4356 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:21:38.0820 4356 usbhub - ok
13:21:38.0845 4356 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:21:38.0860 4356 usbohci - ok
13:21:38.0885 4356 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:21:38.0920 4356 usbprint - ok
13:21:38.0985 4356 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:21:39.0021 4356 usbscan - ok
13:21:39.0051 4356 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:21:39.0106 4356 USBSTOR - ok
13:21:39.0111 4356 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:21:39.0146 4356 usbuhci - ok
13:21:39.0176 4356 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:21:39.0231 4356 UxSms - ok
13:21:39.0268 4356 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:21:39.0278 4356 VaultSvc - ok
13:21:39.0288 4356 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:21:39.0304 4356 vdrvroot - ok
13:21:39.0358 4356 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:21:39.0412 4356 vds - ok
13:21:39.0428 4356 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:21:39.0443 4356 vga - ok
13:21:39.0454 4356 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:21:39.0508 4356 VgaSave - ok
13:21:39.0551 4356 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:21:39.0566 4356 vhdmp - ok
13:21:39.0621 4356 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:21:39.0636 4356 viaide - ok
13:21:39.0676 4356 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:21:39.0691 4356 volmgr - ok
13:21:39.0736 4356 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:21:39.0751 4356 volmgrx - ok
13:21:39.0761 4356 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:21:39.0781 4356 volsnap - ok
13:21:39.0796 4356 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:21:39.0826 4356 vsmraid - ok
13:21:39.0896 4356 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:21:40.0006 4356 VSS - ok
13:21:40.0033 4356 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:21:40.0068 4356 vwifibus - ok
13:21:40.0108 4356 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:21:40.0148 4356 W32Time - ok
13:21:40.0153 4356 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:21:40.0200 4356 WacomPen - ok
13:21:40.0235 4356 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:21:40.0285 4356 WANARP - ok
13:21:40.0290 4356 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:21:40.0322 4356 Wanarpv6 - ok
13:21:40.0434 4356 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:21:40.0479 4356 WatAdminSvc - ok
13:21:40.0551 4356 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:21:40.0611 4356 wbengine - ok
13:21:40.0626 4356 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:21:40.0651 4356 WbioSrvc - ok
13:21:40.0691 4356 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:21:40.0746 4356 wcncsvc - ok
13:21:40.0766 4356 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:21:40.0786 4356 WcsPlugInService - ok
13:21:40.0801 4356 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:21:40.0818 4356 Wd - ok
13:21:40.0868 4356 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
13:21:41.0096 4356 WDC_SAM - ok
13:21:41.0151 4356 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:21:41.0186 4356 Wdf01000 - ok
13:21:41.0191 4356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:21:41.0278 4356 WdiServiceHost - ok
13:21:41.0283 4356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:21:41.0303 4356 WdiSystemHost - ok
13:21:41.0358 4356 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:21:41.0398 4356 WebClient - ok
13:21:41.0428 4356 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:21:41.0463 4356 Wecsvc - ok
13:21:41.0473 4356 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:21:41.0523 4356 wercplsupport - ok
13:21:41.0563 4356 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:21:41.0608 4356 WerSvc - ok
13:21:41.0628 4356 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:21:41.0663 4356 WfpLwf - ok
13:21:41.0688 4356 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
13:21:41.0698 4356 WimFltr - ok
13:21:41.0708 4356 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:21:41.0718 4356 WIMMount - ok
13:21:41.0733 4356 WinDefend - ok
13:21:41.0738 4356 WinHttpAutoProxySvc - ok
13:21:41.0783 4356 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:21:41.0818 4356 Winmgmt - ok
13:21:41.0898 4356 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:21:41.0988 4356 WinRM - ok
13:21:42.0068 4356 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:21:42.0093 4356 WinUsb - ok
13:21:42.0138 4356 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:21:42.0198 4356 Wlansvc - ok
13:21:42.0273 4356 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:21:42.0288 4356 wlcrasvc - ok
13:21:42.0413 4356 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:21:42.0483 4356 wlidsvc - ok
13:21:42.0548 4356 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:21:42.0588 4356 WmiAcpi - ok
13:21:42.0618 4356 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:21:42.0653 4356 wmiApSrv - ok
13:21:42.0693 4356 WMPNetworkSvc - ok
13:21:42.0708 4356 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:21:42.0723 4356 WPCSvc - ok
13:21:42.0763 4356 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:21:42.0783 4356 WPDBusEnum - ok
13:21:42.0803 4356 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:21:42.0833 4356 ws2ifsl - ok
13:21:42.0843 4356 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:21:42.0883 4356 wscsvc - ok
13:21:42.0893 4356 WSearch - ok
13:21:42.0968 4356 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:21:43.0033 4356 wuauserv - ok
13:21:43.0078 4356 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:21:43.0153 4356 WudfPf - ok
13:21:43.0223 4356 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:21:43.0253 4356 WUDFRd - ok
13:21:43.0303 4356 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:21:43.0333 4356 wudfsvc - ok
13:21:43.0363 4356 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:21:43.0423 4356 WwanSvc - ok
13:21:43.0463 4356 ================ Scan global ===============================
13:21:43.0478 4356 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:21:43.0528 4356 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:21:43.0548 4356 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:21:43.0573 4356 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:21:43.0598 4356 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:21:43.0598 4356 [Global] - ok
13:21:43.0603 4356 ================ Scan MBR ==================================
13:21:43.0608 4356 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:21:43.0965 4356 \Device\Harddisk0\DR0 - ok
13:21:43.0970 4356 ================ Scan VBR ==================================
13:21:43.0975 4356 [ CBFD230C81FF7EE92BC5F7D8175B5E8C ] \Device\Harddisk0\DR0\Partition1
13:21:43.0980 4356 \Device\Harddisk0\DR0\Partition1 - ok
13:21:44.0015 4356 [ 93E38F91C05573546374F2BAC6BDABCB ] \Device\Harddisk0\DR0\Partition2
13:21:44.0015 4356 \Device\Harddisk0\DR0\Partition2 - ok
13:21:44.0015 4356 ============================================================
13:21:44.0015 4356 Scan finished
13:21:44.0015 4356 ============================================================
13:21:44.0025 5636 Detected object count: 8
13:21:44.0025 5636 Actual detected object count: 8
13:22:01.0885 5636 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:01.0885 5636 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:01.0885 5636 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:01.0885 5636 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:01.0890 5636 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:01.0890 5636 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:01.0890 5636 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:01.0890 5636 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:01.0890 5636 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:01.0890 5636 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:01.0895 5636 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:01.0895 5636 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:01.0895 5636 NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:01.0895 5636 NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:01.0895 5636 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:01.0895 5636 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:37.0430 4200 Deinitialize success

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:05 PM

Posted 29 November 2012 - 02:05 PM

Hi again,

Thanks Bloopie.

My pleasure! :)

Not too much going on in your logs...only firefox is being redirected, correct?

Let's run these next:

Step :step1:

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

==========

Step :step2:

Now let me know if you're still being redirected, and if so try and run Firefox in safemode from the following link:

FF in SafeMode

Do your redirects stop when running FF in safemode?

bloopie

#9 napthali

napthali
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 29 November 2012 - 02:23 PM

Thanks Bloopie!

When I download AdwCleaner it doesn't allow me to open the program.

Both Chrome and FF are being redirected on my computer. Any other suggestions?

#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:05 PM

Posted 29 November 2012 - 02:35 PM

Hi again,

If you're being redirected in more than one browser, we'll take a different tact:

Step :step1:


  • Double click ListParts64.exe to launch the program.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post me the contents of the log.

==========

Step :step2:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

In your next reply, please include the following:

  • The ListParts log
  • The Combofix log
How is your computer running now? Still being redirected?

bloopie

#11 napthali

napthali
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 29 November 2012 - 03:11 PM

Thanks! It's also worth noting that pretty much anytime I try to do anything on FF it freezes up and gives me the "(Not Responding) error for 10-20 seconds.

Here is the ListParts Log:

ListParts by Farbar Version: 30-10-2012
Ran by JCAM (administrator) on 29-11-2012 at 14:44:24
Windows 7 (X64)
Running From: C:\Users\JCAM\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 49%
Total physical RAM: 6109.18 MB
Available physical RAM: 3076.3 MB
Total Pagefile: 12216.55 MB
Available Pagefile: 9229.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:585.43 GB) (Free:100.63 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 54 MB 31 KB
Partition 2 Primary 10 GB 55 MB
Partition 3 Primary 585 GB 10 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 10 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 585 GB Healthy Boot

======================================================================================================

****** End Of Log ******

Here is the Combofix log:


ComboFix 12-11-29.02 - JCAM 11/29/2012 15:02:08.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.3903 [GMT -5:00]
Running from: c:\users\JCAM\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\settings.bin
c:\users\JCAM\AppData\Roaming\adaware-installer-reboot-required.tmp
c:\users\JCAM\AppData\Roaming\inst.exe
c:\users\JCAM\g2mdlhlpx.exe
c:\users\JCAM\lame_enc_en.dll
c:\users\JCAM\lametritonus_en.dll
c:\windows\SysWow64\wdsdtdsini.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))
.
.
2012-11-29 20:07 . 2012-11-29 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 20:50 . 2012-11-28 20:50 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-27 19:40 . 2012-11-28 07:19 -------- d-----w- c:\program files\Enigma Software Group
2012-11-27 19:39 . 2012-11-27 20:51 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-27 18:29 . 2012-11-27 18:29 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2012-11-22 15:34 . 2012-11-22 15:34 5885632 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-11-21 05:56 . 2012-11-21 05:56 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-15 08:50 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 08:50 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 08:50 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 08:50 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 08:09 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 08:09 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 08:09 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 08:09 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 08:09 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 08:09 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 08:09 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 03:50 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 03:50 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-10-31 06:07 . 2012-10-31 06:07 -------- d-----w- c:\programdata\Lavasoft
2012-10-31 06:07 . 2012-10-31 06:07 -------- d-----w- c:\users\JCAM\AppData\Local\Downloaded Installations
2012-10-31 06:06 . 2012-10-31 06:06 -------- d-----w- c:\users\JCAM\AppData\Roaming\blekko
2012-10-31 06:06 . 2012-11-08 17:34 -------- d-----w- c:\users\JCAM\AppData\Roaming\Ad-Aware Antivirus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 05:56 . 2012-05-01 22:34 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-11-21 05:56 . 2010-04-28 08:08 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-15 16:57 . 2012-04-09 20:54 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-15 16:57 . 2011-06-15 16:18 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-15 08:12 . 2010-03-20 11:59 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-27 19:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 19:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 19:04 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-12 07:19 . 2012-10-30 16:39 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A93C4AA-884B-4C91-AB6F-067713A0692F}\mpengine.dll
2012-09-29 23:54 . 2010-10-11 17:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-10 19:56 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 19:56 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCAM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCAM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JCAM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"Spotify Web Helper"="c:\users\JCAM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-25 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616]
.
c:\users\JCAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2009-05-26 124160]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-07-23 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-03-20 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-03-20 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [2009-12-23 77656]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [2010-12-07 187912]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 52608]
R3 OV550I;35mm Film Scanner;c:\windows\system32\Drivers\FilmScan.sys [2008-02-22 196992]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-04-17 82816]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [2009-05-26 43032]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 21520]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-08-04 14952]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-02-26 5017600]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
S3 RTL8023x64;Dynex DX-E102 PCI 10/100Mb Network Adapter Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-07-23 52736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 47748798
*NewlyCreated* - ASWMBR
*Deregistered* - 47748798
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 16:57]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-29 23:33]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-29 23:33]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1460920170-2217796300-4059759859-1000Core.job
- c:\users\JCAM\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-20 05:57]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1460920170-2217796300-4059759859-1000UA.job
- c:\users\JCAM\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-20 05:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\JCAM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\JCAM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\JCAM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=6DF5CB7A7F2EE6BC7B99845090BFE0EC
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\JCAM\AppData\Roaming\Mozilla\Firefox\Profiles\441rv4ca.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-31 02:06; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\JCAM\AppData\Roaming\Mozilla\Firefox\Profiles\441rv4ca.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SBRegRebootCleaner - c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe
AddRemove-AVI Converter v1.6 (Try) - c:\progra~2\AVI Converter\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-29 15:09:41
ComboFix-quarantined-files.txt 2012-11-29 20:09
.
Pre-Run: 108,342,972,416 bytes free
Post-Run: 108,330,110,976 bytes free
.
- - End Of File - - 0C8C62F27059D3BC52E6434F705715BA

#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:05 PM

Posted 29 November 2012 - 06:29 PM

Hi again,

Okay, I'd like you to try another way to at least disable this issue. Please visit this website and follow the two methods listed there, and do not download anything...just follow method 1 & 2 and let me know how it goes.

==========

Next, I'd like you to boot into safemode and try again to run adwCleaner from Post #8 of this thread. If successful, then post the log in your next reply.

bloopie

#13 napthali

napthali
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 29 November 2012 - 08:49 PM

OK. I actually tried both of the PC Threat Removal methods before I posted on this site. I just tried again, but click.livesearchnow wasn't showing up in my Program list (so there was nothing for me to uninstall), nor was it showing up in any of my browsers like method 2 suggests. This was the case when I tried it today and when I tried it before posting on this site.

However, in safemode the adwCleaner did work. Here is the log:

# AdwCleaner v2.010 - Logfile created 11/29/2012 at 20:42:34
# Updated 29/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : JCAM - JCAM-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\JCAM\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Program Files (x86)\Common Files\FreeCause
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\ProgramData\Tarma Installer

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\JCAM\AppData\Roaming\Mozilla\Firefox\Profiles\441rv4ca.default\prefs.js

C:\Users\JCAM\AppData\Roaming\Mozilla\Firefox\Profiles\441rv4ca.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v23.0.1271.91

File : C:\Users\JCAM\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4512 octets] - [29/11/2012 20:42:34]

########## EOF - C:\AdwCleaner[S1].txt - [4572 octets] ##########



Thanks!

#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:05 PM

Posted 29 November 2012 - 11:49 PM

Hi again,

Good job! Let me know if you're still experiencing redirects with both browsers.

Run these two tools for me next from normal boot mode (be advised, both scans will take some time...usually two hours each, sometimes more):

Step :step1:

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Full Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

==========

Step :step2:

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

==========

In your next reply, please include the following:

  • The MBAM log
  • The ESET log
Still redirecting? How is the computer running now?

bloopie

#15 napthali

napthali
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 30 November 2012 - 06:15 PM

Thanks Bloopie! Before I ran these last two scans, I was still getting redirected on Chrome. I haven't had a redirect on FF since we started working on this, but I still run into the "(Not Responding)" issue on FF very frequently. Can you help at all with that or will that go away when we get rid of my malware?


Here is the MBAM log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.30.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
JCAM :: JCAM-PC [administrator]

11/30/2012 1:15:56 AM
mbam-log-2012-11-30 (01-15-56).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 557518
Time elapsed: 1 hour(s), 24 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


The ESET scan got to 99% in normal mode and then froze. After 10.5 hours I stopped it. It found 12 threats. Here is the log from that:

C:\Program Files (x86)\1ClickDownload\uninst.exe Win32/Adware.1ClickDownload application cleaned by deleting - quarantined
C:\Program Files (x86)\AudioConverter\AudioConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\FoxTabAudioConverter\AudioConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Users\JCAM\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdhggdggddjdhdcdfgddfdegbdfgg\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\JCAM\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdhggdggddjdhdcdfgddfdegbdfgg\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\JCAM\AppData\Local\TempImages\UpdateInstaller.exe a variant of Win32/Agent.SZW trojan cleaned by deleting - quarantined
C:\Users\JCAM\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\257e0a14-35f833eb probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\JCAM\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\3aff5a9-1468c865 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\JCAM\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\472aac2c-47399a76 a variant of Java/Exploit.CVE-2010-0094.O trojan deleted - quarantined
C:\Users\JCAM\AppData\Roaming\Mozilla\Firefox\Profiles\441rv4ca.default\extensions\ncrohnoqwe@ncrohnoqwe.org.xpi JS/Redirector.NCA trojan deleted - quarantined

I'm now running another ESET in safe mode.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users