Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google/firefox redirects but not every time


  • Please log in to reply
14 replies to this topic

#1 Lorettaar

Lorettaar

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 18 January 2013 - 07:18 PM

Hello,

My computer is redirecting for some searches, but not all. Doesn't mater which search engine I use. I can go directly to web-sites if I know the address and I have no problem.

Instead of going to the site it says mnstr2.com and then it posts links down the left hand side. If you hit the back browser it goes nowhere, but it then says livesearchnow.com.

Help, what can I do. Thanks.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:32 PM

Posted 18 January 2013 - 07:19 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Lorettaar

Lorettaar
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 18 January 2013 - 07:37 PM

Hello again,

Thanks for your help. I just ran the TDSSkiller, but I can't copy the report. When I highlight it, and right click nothing happens and I don't know how to get into my C drive for the report. It says no threats were found, neutralized or quarantined. Thanks again.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:32 PM

Posted 18 January 2013 - 08:09 PM

Go to next step

#5 Lorettaar

Lorettaar
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 19 January 2013 - 11:34 AM

Here we go:

9:29:49.0389 5720 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:29:51.0396 5720 ============================================================
19:29:51.0396 5720 Current date / time: 2013/01/18 19:29:51.0396
19:29:51.0396 5720 SystemInfo:
19:29:51.0396 5720
19:29:51.0396 5720 OS Version: 6.1.7601 ServicePack: 1.0
19:29:51.0396 5720 Product type: Workstation
19:29:51.0397 5720 ComputerName: TOSHIBAC650
19:29:51.0397 5720 UserName: Bill
19:29:51.0397 5720 Windows directory: C:\windows
19:29:51.0397 5720 System windows directory: C:\windows
19:29:51.0397 5720 Running under WOW64
19:29:51.0397 5720 Processor architecture: Intel x64
19:29:51.0397 5720 Number of processors: 2
19:29:51.0398 5720 Page size: 0x1000
19:29:51.0398 5720 Boot type: Normal boot
19:29:51.0398 5720 ============================================================
19:29:54.0871 5720 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:29:54.0911 5720 ============================================================
19:29:54.0911 5720 \Device\Harddisk0\DR0:
19:29:54.0926 5720 MBR partitions:
19:29:54.0926 5720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x235D7000
19:29:54.0926 5720 ============================================================
19:29:54.0970 5720 C: <-> \Device\Harddisk0\DR0\Partition1
19:29:54.0970 5720 ============================================================
19:29:54.0970 5720 Initialize success
19:29:54.0970 5720 ============================================================
19:30:09.0112 5400 ============================================================
19:30:09.0112 5400 Scan started
19:30:09.0112 5400 Mode: Manual; TDLFS;
19:30:09.0112 5400 ============================================================
19:30:09.0555 5400 ================ Scan system memory ========================
19:30:09.0555 5400 System memory - ok
19:30:09.0559 5400 ================ Scan services =============================
19:30:10.0371 5400 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:30:10.0377 5400 1394ohci - ok
19:30:10.0423 5400 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:30:10.0431 5400 ACPI - ok
19:30:10.0499 5400 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:30:10.0502 5400 AcpiPmi - ok
19:30:10.0656 5400 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:30:10.0659 5400 AdobeARMservice - ok
19:30:10.0848 5400 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:30:10.0854 5400 AdobeFlashPlayerUpdateSvc - ok
19:30:10.0925 5400 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
19:30:10.0935 5400 adp94xx - ok
19:30:10.0985 5400 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
19:30:10.0993 5400 adpahci - ok
19:30:11.0009 5400 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
19:30:11.0014 5400 adpu320 - ok
19:30:11.0070 5400 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:30:11.0072 5400 AeLookupSvc - ok
19:30:11.0127 5400 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
19:30:11.0137 5400 AFD - ok
19:30:11.0180 5400 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
19:30:11.0183 5400 agp440 - ok
19:30:11.0222 5400 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
19:30:11.0226 5400 ALG - ok
19:30:11.0250 5400 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
19:30:11.0253 5400 aliide - ok
19:30:11.0311 5400 [ 2F2E91FD092811353C3BC968BEC274D8 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
19:30:11.0317 5400 AMD External Events Utility - ok
19:30:11.0360 5400 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
19:30:11.0363 5400 amdide - ok
19:30:11.0382 5400 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
19:30:11.0385 5400 AmdK8 - ok
19:30:11.0694 5400 [ 194D76D2083318A2E7071A988E02ECF4 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
19:30:11.0924 5400 amdkmdag - ok
19:30:11.0986 5400 [ 1EEFFCE9A3A65A56A28793EAA3F57026 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
19:30:11.0994 5400 amdkmdap - ok
19:30:12.0041 5400 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
19:30:12.0045 5400 AmdPPM - ok
19:30:12.0065 5400 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:30:12.0069 5400 amdsata - ok
19:30:12.0104 5400 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
19:30:12.0109 5400 amdsbs - ok
19:30:12.0148 5400 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:30:12.0150 5400 amdxata - ok
19:30:12.0184 5400 [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7 ] amd_sata C:\windows\system32\DRIVERS\amd_sata.sys
19:30:12.0186 5400 amd_sata - ok
19:30:12.0204 5400 [ 23726116B4FBCC84FC45B95157C08F5F ] amd_xata C:\windows\system32\DRIVERS\amd_xata.sys
19:30:12.0207 5400 amd_xata - ok
19:30:12.0238 5400 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
19:30:12.0241 5400 AppID - ok
19:30:12.0276 5400 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:30:12.0280 5400 AppIDSvc - ok
19:30:12.0292 5400 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
19:30:12.0295 5400 Appinfo - ok
19:30:12.0358 5400 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:30:12.0361 5400 Apple Mobile Device - ok
19:30:12.0408 5400 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
19:30:12.0411 5400 arc - ok
19:30:12.0439 5400 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
19:30:12.0442 5400 arcsas - ok
19:30:12.0599 5400 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:30:12.0602 5400 aspnet_state - ok
19:30:12.0654 5400 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:30:12.0656 5400 AsyncMac - ok
19:30:12.0700 5400 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
19:30:12.0702 5400 atapi - ok
19:30:12.0774 5400 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:30:12.0798 5400 AudioEndpointBuilder - ok
19:30:12.0830 5400 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
19:30:12.0840 5400 AudioSrv - ok
19:30:12.0903 5400 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
19:30:12.0907 5400 AxInstSV - ok
19:30:12.0958 5400 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
19:30:12.0969 5400 b06bdrv - ok
19:30:13.0009 5400 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:30:13.0016 5400 b57nd60a - ok
19:30:13.0066 5400 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
19:30:13.0070 5400 BDESVC - ok
19:30:13.0087 5400 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:30:13.0089 5400 Beep - ok
19:30:13.0186 5400 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
19:30:13.0264 5400 BFE - ok
19:30:13.0673 5400 [ 652F4D186325B69FFE80EE18AE9ACC77 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121005.002\BHDrvx64.sys
19:30:13.0715 5400 BHDrvx64 - ok
19:30:13.0777 5400 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
19:30:13.0811 5400 BITS - ok
19:30:13.0866 5400 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:30:13.0868 5400 blbdrive - ok
19:30:13.0958 5400 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:30:13.0967 5400 Bonjour Service - ok
19:30:14.0008 5400 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:30:14.0012 5400 bowser - ok
19:30:14.0067 5400 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
19:30:14.0069 5400 BrFiltLo - ok
19:30:14.0084 5400 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
19:30:14.0086 5400 BrFiltUp - ok
19:30:14.0132 5400 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
19:30:14.0136 5400 Browser - ok
19:30:14.0165 5400 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\system32\Drivers\Brserid.sys
19:30:14.0172 5400 Brserid - ok
19:30:14.0189 5400 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:30:14.0192 5400 BrSerWdm - ok
19:30:14.0223 5400 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:30:14.0226 5400 BrUsbMdm - ok
19:30:14.0247 5400 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\system32\Drivers\BrUsbSer.sys
19:30:14.0250 5400 BrUsbSer - ok
19:30:14.0267 5400 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
19:30:14.0271 5400 BTHMODEM - ok
19:30:14.0328 5400 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
19:30:14.0332 5400 bthserv - ok
19:30:14.0399 5400 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
19:30:14.0403 5400 ccSet_NIS - ok
19:30:14.0425 5400 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:30:14.0429 5400 cdfs - ok
19:30:14.0496 5400 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:30:14.0510 5400 cdrom - ok
19:30:14.0585 5400 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
19:30:14.0588 5400 CertPropSvc - ok
19:30:14.0620 5400 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
19:30:14.0623 5400 circlass - ok
19:30:14.0687 5400 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
19:30:14.0695 5400 CLFS - ok
19:30:14.0769 5400 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:30:14.0773 5400 clr_optimization_v2.0.50727_32 - ok
19:30:14.0816 5400 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:30:14.0820 5400 clr_optimization_v2.0.50727_64 - ok
19:30:14.0901 5400 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:30:14.0905 5400 clr_optimization_v4.0.30319_32 - ok
19:30:14.0932 5400 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:30:14.0936 5400 clr_optimization_v4.0.30319_64 - ok
19:30:14.0985 5400 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:30:14.0988 5400 CmBatt - ok
19:30:15.0000 5400 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
19:30:15.0002 5400 cmdide - ok
19:30:15.0050 5400 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
19:30:15.0060 5400 CNG - ok
19:30:15.0152 5400 [ 99B1B888B793DE320C5479B3C953781F ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
19:30:15.0198 5400 CnxtHdAudService - ok
19:30:15.0252 5400 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
19:30:15.0255 5400 Compbatt - ok
19:30:15.0277 5400 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
19:30:15.0280 5400 CompositeBus - ok
19:30:15.0291 5400 COMSysApp - ok
19:30:15.0310 5400 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
19:30:15.0313 5400 crcdisk - ok
19:30:15.0365 5400 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
19:30:15.0370 5400 CryptSvc - ok
19:30:15.0490 5400 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:30:15.0514 5400 cvhsvc - ok
19:30:15.0589 5400 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
19:30:15.0602 5400 DcomLaunch - ok
19:30:15.0644 5400 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
19:30:15.0651 5400 defragsvc - ok
19:30:15.0689 5400 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:30:15.0693 5400 DfsC - ok
19:30:15.0736 5400 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
19:30:15.0743 5400 Dhcp - ok
19:30:15.0761 5400 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
19:30:15.0765 5400 discache - ok
19:30:15.0801 5400 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
19:30:15.0804 5400 Disk - ok
19:30:15.0847 5400 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:30:15.0853 5400 Dnscache - ok
19:30:15.0880 5400 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
19:30:15.0888 5400 dot3svc - ok
19:30:15.0917 5400 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
19:30:15.0922 5400 DPS - ok
19:30:15.0973 5400 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:30:15.0975 5400 drmkaud - ok
19:30:16.0015 5400 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:30:16.0044 5400 DXGKrnl - ok
19:30:16.0093 5400 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
19:30:16.0098 5400 EapHost - ok
19:30:16.0201 5400 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
19:30:16.0285 5400 ebdrv - ok
19:30:16.0374 5400 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:30:16.0385 5400 eeCtrl - ok
19:30:16.0424 5400 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
19:30:16.0427 5400 EFS - ok
19:30:16.0504 5400 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:30:16.0528 5400 ehRecvr - ok
19:30:16.0583 5400 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
19:30:16.0588 5400 ehSched - ok
19:30:16.0664 5400 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
19:30:16.0685 5400 elxstor - ok
19:30:16.0740 5400 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:30:16.0744 5400 EraserUtilRebootDrv - ok
19:30:16.0768 5400 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
19:30:16.0771 5400 ErrDev - ok
19:30:16.0846 5400 [ 5D82D501D2FEE413B1F45F0302B5802C ] ETD C:\windows\system32\DRIVERS\ETD.sys
19:30:16.0851 5400 ETD - ok
19:30:16.0911 5400 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
19:30:16.0920 5400 EventSystem - ok
19:30:16.0963 5400 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
19:30:16.0968 5400 exfat - ok
19:30:16.0987 5400 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
19:30:16.0993 5400 fastfat - ok
19:30:17.0055 5400 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
19:30:17.0078 5400 Fax - ok
19:30:17.0132 5400 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
19:30:17.0134 5400 fdc - ok
19:30:17.0182 5400 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
19:30:17.0186 5400 fdPHost - ok
19:30:17.0202 5400 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:30:17.0205 5400 FDResPub - ok
19:30:17.0232 5400 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:30:17.0235 5400 FileInfo - ok
19:30:17.0253 5400 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:30:17.0256 5400 Filetrace - ok
19:30:17.0295 5400 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
19:30:17.0297 5400 flpydisk - ok
19:30:17.0333 5400 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:30:17.0340 5400 FltMgr - ok
19:30:17.0404 5400 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
19:30:17.0440 5400 FontCache - ok
19:30:17.0475 5400 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:30:17.0478 5400 FontCache3.0.0.0 - ok
19:30:17.0509 5400 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:30:17.0513 5400 FsDepends - ok
19:30:17.0540 5400 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:30:17.0543 5400 Fs_Rec - ok
19:30:17.0568 5400 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:30:17.0574 5400 fvevol - ok
19:30:17.0628 5400 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
19:30:17.0630 5400 FwLnk - ok
19:30:17.0687 5400 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
19:30:17.0695 5400 gagp30kx - ok
19:30:17.0762 5400 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:30:17.0767 5400 GamesAppService - ok
19:30:17.0817 5400 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:30:17.0820 5400 GEARAspiWDM - ok
19:30:17.0873 5400 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
19:30:17.0897 5400 gpsvc - ok
19:30:17.0947 5400 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:30:17.0952 5400 gupdate - ok
19:30:17.0989 5400 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:30:17.0992 5400 gupdatem - ok
19:30:18.0025 5400 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:30:18.0031 5400 gusvc - ok
19:30:18.0083 5400 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:30:18.0085 5400 hcw85cir - ok
19:30:18.0117 5400 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:30:18.0126 5400 HdAudAddService - ok
19:30:18.0151 5400 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
19:30:18.0156 5400 HDAudBus - ok
19:30:18.0172 5400 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
19:30:18.0174 5400 HidBatt - ok
19:30:18.0191 5400 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
19:30:18.0196 5400 HidBth - ok
19:30:18.0246 5400 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
19:30:18.0249 5400 HidIr - ok
19:30:18.0296 5400 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
19:30:18.0300 5400 hidserv - ok
19:30:18.0333 5400 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
19:30:18.0336 5400 HidUsb - ok
19:30:18.0367 5400 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
19:30:18.0375 5400 hkmsvc - ok
19:30:18.0407 5400 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:30:18.0415 5400 HomeGroupListener - ok
19:30:18.0465 5400 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:30:18.0472 5400 HomeGroupProvider - ok
19:30:18.0534 5400 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:30:18.0542 5400 HpSAMD - ok
19:30:18.0706 5400 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:30:18.0754 5400 HTTP - ok
19:30:18.0787 5400 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:30:18.0833 5400 hwpolicy - ok
19:30:18.0907 5400 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
19:30:18.0911 5400 i8042prt - ok
19:30:18.0958 5400 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:30:18.0967 5400 iaStorV - ok
19:30:19.0022 5400 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:30:19.0047 5400 idsvc - ok
19:30:19.0154 5400 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121101.002\IDSvia64.sys
19:30:19.0178 5400 IDSVia64 - ok
19:30:19.0233 5400 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
19:30:19.0236 5400 iirsp - ok
19:30:19.0293 5400 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
19:30:19.0328 5400 IKEEXT - ok
19:30:19.0353 5400 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
19:30:19.0356 5400 intelide - ok
19:30:19.0383 5400 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
19:30:19.0386 5400 intelppm - ok
19:30:19.0411 5400 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:30:19.0417 5400 IPBusEnum - ok
19:30:19.0434 5400 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:30:19.0438 5400 IpFilterDriver - ok
19:30:19.0503 5400 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:30:19.0520 5400 iphlpsvc - ok
19:30:19.0570 5400 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:30:19.0574 5400 IPMIDRV - ok
19:30:19.0589 5400 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:30:19.0594 5400 IPNAT - ok
19:30:19.0664 5400 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:30:19.0698 5400 iPod Service - ok
19:30:19.0717 5400 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:30:19.0720 5400 IRENUM - ok
19:30:19.0734 5400 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:30:19.0737 5400 isapnp - ok
19:30:19.0771 5400 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:30:19.0779 5400 iScsiPrt - ok
19:30:19.0807 5400 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
19:30:19.0810 5400 kbdclass - ok
19:30:19.0828 5400 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
19:30:19.0831 5400 kbdhid - ok
19:30:19.0868 5400 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
19:30:19.0871 5400 KeyIso - ok
19:30:19.0906 5400 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:30:19.0911 5400 KSecDD - ok
19:30:19.0940 5400 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:30:19.0946 5400 KSecPkg - ok
19:30:19.0973 5400 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:30:19.0975 5400 ksthunk - ok
19:30:20.0013 5400 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
19:30:20.0034 5400 KtmRm - ok
19:30:20.0075 5400 [ 0E154DA6CA9105354A07D0C576804037 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
19:30:20.0079 5400 L1C - ok
19:30:20.0121 5400 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
19:30:20.0130 5400 LanmanServer - ok
19:30:20.0189 5400 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:30:20.0197 5400 LanmanWorkstation - ok
19:30:20.0253 5400 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:30:20.0257 5400 lltdio - ok
19:30:20.0302 5400 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
19:30:20.0313 5400 lltdsvc - ok
19:30:20.0338 5400 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:30:20.0342 5400 lmhosts - ok
19:30:20.0385 5400 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
19:30:20.0390 5400 LSI_FC - ok
19:30:20.0408 5400 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
19:30:20.0412 5400 LSI_SAS - ok
19:30:20.0438 5400 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
19:30:20.0441 5400 LSI_SAS2 - ok
19:30:20.0465 5400 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
19:30:20.0470 5400 LSI_SCSI - ok
19:30:20.0492 5400 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
19:30:20.0496 5400 luafv - ok
19:30:20.0587 5400 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
19:30:20.0596 5400 McComponentHostService - ok
19:30:20.0625 5400 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:30:20.0634 5400 Mcx2Svc - ok
19:30:20.0665 5400 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
19:30:20.0668 5400 megasas - ok
19:30:20.0719 5400 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
19:30:20.0727 5400 MegaSR - ok
19:30:20.0765 5400 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
19:30:20.0769 5400 MMCSS - ok
19:30:20.0788 5400 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
19:30:20.0791 5400 Modem - ok
19:30:20.0817 5400 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:30:20.0820 5400 monitor - ok
19:30:20.0849 5400 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:30:20.0852 5400 mouclass - ok
19:30:20.0884 5400 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
19:30:20.0887 5400 mouhid - ok
19:30:20.0903 5400 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:30:20.0907 5400 mountmgr - ok
19:30:20.0962 5400 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:30:20.0966 5400 MozillaMaintenance - ok
19:30:21.0003 5400 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
19:30:21.0008 5400 mpio - ok
19:30:21.0023 5400 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:30:21.0027 5400 mpsdrv - ok
19:30:21.0081 5400 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
19:30:21.0116 5400 MpsSvc - ok
19:30:21.0165 5400 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:30:21.0169 5400 MRxDAV - ok
19:30:21.0184 5400 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:30:21.0189 5400 mrxsmb - ok
19:30:21.0215 5400 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:30:21.0222 5400 mrxsmb10 - ok
19:30:21.0240 5400 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:30:21.0246 5400 mrxsmb20 - ok
19:30:21.0265 5400 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
19:30:21.0268 5400 msahci - ok
19:30:21.0285 5400 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:30:21.0290 5400 msdsm - ok
19:30:21.0328 5400 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
19:30:21.0335 5400 MSDTC - ok
19:30:21.0389 5400 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:30:21.0392 5400 Msfs - ok
19:30:21.0419 5400 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:30:21.0421 5400 mshidkmdf - ok
19:30:21.0438 5400 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:30:21.0441 5400 msisadrv - ok
19:30:21.0496 5400 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:30:21.0502 5400 MSiSCSI - ok
19:30:21.0514 5400 msiserver - ok
19:30:21.0546 5400 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:30:21.0549 5400 MSKSSRV - ok
19:30:21.0585 5400 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:30:21.0587 5400 MSPCLOCK - ok
19:30:21.0600 5400 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:30:21.0602 5400 MSPQM - ok
19:30:21.0660 5400 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:30:21.0669 5400 MsRPC - ok
19:30:21.0701 5400 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
19:30:21.0704 5400 mssmbios - ok
19:30:21.0720 5400 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:30:21.0722 5400 MSTEE - ok
19:30:21.0743 5400 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
19:30:21.0746 5400 MTConfig - ok
19:30:21.0772 5400 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
19:30:21.0776 5400 Mup - ok
19:30:21.0834 5400 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
19:30:21.0858 5400 napagent - ok
19:30:21.0941 5400 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:30:21.0948 5400 NativeWifiP - ok
19:30:22.0007 5400 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121101.032\ENG64.SYS
19:30:22.0011 5400 NAVENG - ok
19:30:22.0087 5400 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121101.032\EX64.SYS
19:30:22.0146 5400 NAVEX15 - ok
19:30:22.0222 5400 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
19:30:22.0256 5400 NDIS - ok
19:30:22.0302 5400 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:30:22.0305 5400 NdisCap - ok
19:30:22.0340 5400 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:30:22.0342 5400 NdisTapi - ok
19:30:22.0361 5400 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:30:22.0365 5400 Ndisuio - ok
19:30:22.0389 5400 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:30:22.0393 5400 NdisWan - ok
19:30:22.0429 5400 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:30:22.0432 5400 NDProxy - ok
19:30:22.0446 5400 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:30:22.0449 5400 NetBIOS - ok
19:30:22.0514 5400 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:30:22.0521 5400 NetBT - ok
19:30:22.0557 5400 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
19:30:22.0561 5400 Netlogon - ok
19:30:22.0617 5400 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
19:30:22.0627 5400 Netman - ok
19:30:22.0713 5400 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:30:22.0717 5400 NetMsmqActivator - ok
19:30:22.0730 5400 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:30:22.0733 5400 NetPipeActivator - ok
19:30:22.0787 5400 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
19:30:22.0798 5400 netprofm - ok
19:30:22.0810 5400 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:30:22.0813 5400 NetTcpActivator - ok
19:30:22.0832 5400 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:30:22.0835 5400 NetTcpPortSharing - ok
19:30:22.0888 5400 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
19:30:22.0891 5400 nfrd960 - ok
19:30:22.0950 5400 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
19:30:22.0954 5400 NIS - ok
19:30:23.0002 5400 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
19:30:23.0010 5400 NlaSvc - ok
19:30:23.0050 5400 Norton PC Checkup Application Launcher - ok
19:30:23.0089 5400 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:30:23.0092 5400 Npfs - ok
19:30:23.0134 5400 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
19:30:23.0139 5400 nsi - ok
19:30:23.0150 5400 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:30:23.0153 5400 nsiproxy - ok
19:30:23.0245 5400 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:30:23.0284 5400 Ntfs - ok
19:30:23.0314 5400 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
19:30:23.0316 5400 Null - ok
19:30:23.0337 5400 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
19:30:23.0342 5400 nvraid - ok
19:30:23.0359 5400 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
19:30:23.0366 5400 nvstor - ok
19:30:23.0385 5400 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:30:23.0389 5400 nv_agp - ok
19:30:23.0404 5400 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:30:23.0408 5400 ohci1394 - ok
19:30:23.0458 5400 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:30:23.0462 5400 ose - ok
19:30:23.0643 5400 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:30:23.0769 5400 osppsvc - ok
19:30:23.0840 5400 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:30:23.0847 5400 p2pimsvc - ok
19:30:23.0900 5400 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
19:30:23.0927 5400 p2psvc - ok
19:30:23.0966 5400 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
19:30:23.0970 5400 Parport - ok
19:30:24.0010 5400 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
19:30:24.0015 5400 partmgr - ok
19:30:24.0079 5400 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:30:24.0087 5400 PcaSvc - ok
19:30:24.0114 5400 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
19:30:24.0118 5400 PCCUJobMgr - ok
19:30:24.0151 5400 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
19:30:24.0157 5400 pci - ok
19:30:24.0170 5400 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
19:30:24.0172 5400 pciide - ok
19:30:24.0201 5400 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
19:30:24.0207 5400 pcmcia - ok
19:30:24.0222 5400 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
19:30:24.0225 5400 pcw - ok
19:30:24.0258 5400 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:30:24.0283 5400 PEAUTH - ok
19:30:24.0452 5400 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
19:30:24.0457 5400 PerfHost - ok
19:30:24.0537 5400 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
19:30:24.0540 5400 PGEffect - ok
19:30:24.0614 5400 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
19:30:24.0661 5400 pla - ok
19:30:24.0725 5400 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:30:24.0736 5400 PlugPlay - ok
19:30:24.0752 5400 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:30:24.0758 5400 PNRPAutoReg - ok
19:30:24.0784 5400 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:30:24.0791 5400 PNRPsvc - ok
19:30:24.0879 5400 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:30:24.0897 5400 PolicyAgent - ok
19:30:24.0919 5400 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
19:30:24.0927 5400 Power - ok
19:30:24.0981 5400 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:30:24.0985 5400 PptpMiniport - ok
19:30:25.0003 5400 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
19:30:25.0006 5400 Processor - ok
19:30:25.0086 5400 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
19:30:25.0094 5400 ProfSvc - ok
19:30:25.0113 5400 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:30:25.0117 5400 ProtectedStorage - ok
19:30:25.0154 5400 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:30:25.0158 5400 Psched - ok
19:30:25.0217 5400 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
19:30:25.0269 5400 ql2300 - ok
19:30:25.0309 5400 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
19:30:25.0314 5400 ql40xx - ok
19:30:25.0365 5400 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
19:30:25.0374 5400 QWAVE - ok
19:30:25.0391 5400 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:30:25.0395 5400 QWAVEdrv - ok
19:30:25.0410 5400 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:30:25.0413 5400 RasAcd - ok
19:30:25.0469 5400 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:30:25.0472 5400 RasAgileVpn - ok
19:30:25.0493 5400 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
19:30:25.0500 5400 RasAuto - ok
19:30:25.0552 5400 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:30:25.0557 5400 Rasl2tp - ok
19:30:25.0582 5400 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
19:30:25.0593 5400 RasMan - ok
19:30:25.0622 5400 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:30:25.0626 5400 RasPppoe - ok
19:30:25.0642 5400 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:30:25.0646 5400 RasSstp - ok
19:30:25.0679 5400 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:30:25.0686 5400 rdbss - ok
19:30:25.0701 5400 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
19:30:25.0704 5400 rdpbus - ok
19:30:25.0751 5400 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:30:25.0754 5400 RDPCDD - ok
19:30:25.0786 5400 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:30:25.0788 5400 RDPENCDD - ok
19:30:25.0818 5400 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:30:25.0820 5400 RDPREFMP - ok
19:30:25.0880 5400 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:30:25.0888 5400 RDPWD - ok
19:30:25.0912 5400 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:30:25.0918 5400 rdyboost - ok
19:30:25.0961 5400 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:30:25.0967 5400 RemoteAccess - ok
19:30:26.0006 5400 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:30:26.0013 5400 RemoteRegistry - ok
19:30:26.0044 5400 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:30:26.0052 5400 RpcEptMapper - ok
19:30:26.0101 5400 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
19:30:26.0105 5400 RpcLocator - ok
19:30:26.0134 5400 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
19:30:26.0150 5400 RpcSs - ok
19:30:26.0198 5400 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:30:26.0201 5400 rspndr - ok
19:30:26.0268 5400 [ 0E3DCF76F11DC431B088A2DFD7265CDA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
19:30:26.0274 5400 RSUSBSTOR - ok
19:30:26.0343 5400 [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
19:30:26.0378 5400 RTL8192Ce - ok
19:30:26.0413 5400 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
19:30:26.0416 5400 SamSs - ok
19:30:26.0445 5400 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:30:26.0449 5400 sbp2port - ok
19:30:26.0500 5400 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
19:30:26.0508 5400 SCardSvr - ok
19:30:26.0553 5400 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:30:26.0555 5400 scfilter - ok
19:30:26.0601 5400 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
19:30:26.0636 5400 Schedule - ok
19:30:26.0674 5400 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
19:30:26.0676 5400 SCPolicySvc - ok
19:30:26.0717 5400 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:30:26.0726 5400 SDRSVC - ok
19:30:26.0761 5400 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:30:26.0765 5400 secdrv - ok
19:30:26.0785 5400 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
19:30:26.0790 5400 seclogon - ok
19:30:26.0812 5400 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
19:30:26.0818 5400 SENS - ok
19:30:26.0850 5400 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:30:26.0855 5400 SensrSvc - ok
19:30:26.0884 5400 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
19:30:26.0886 5400 Serenum - ok
19:30:26.0931 5400 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
19:30:26.0935 5400 Serial - ok
19:30:26.0959 5400 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
19:30:26.0962 5400 sermouse - ok
19:30:27.0031 5400 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
19:30:27.0038 5400 SessionEnv - ok
19:30:27.0054 5400 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:30:27.0057 5400 sffdisk - ok
19:30:27.0074 5400 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:30:27.0076 5400 sffp_mmc - ok
19:30:27.0116 5400 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:30:27.0118 5400 sffp_sd - ok
19:30:27.0139 5400 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
19:30:27.0141 5400 sfloppy - ok
19:30:27.0223 5400 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
19:30:27.0254 5400 Sftfs - ok
19:30:27.0370 5400 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:30:27.0380 5400 sftlist - ok
19:30:27.0418 5400 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
19:30:27.0425 5400 Sftplay - ok
19:30:27.0471 5400 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
19:30:27.0474 5400 Sftredir - ok
19:30:27.0520 5400 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
19:30:27.0523 5400 Sftvol - ok
19:30:27.0586 5400 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:30:27.0591 5400 sftvsa - ok
19:30:27.0637 5400 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
19:30:27.0647 5400 SharedAccess - ok
19:30:27.0690 5400 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:30:27.0701 5400 ShellHWDetection - ok
19:30:27.0755 5400 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
19:30:27.0757 5400 SiSRaid2 - ok
19:30:27.0772 5400 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
19:30:27.0776 5400 SiSRaid4 - ok
19:30:27.0814 5400 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:30:27.0818 5400 Smb - ok
19:30:27.0915 5400 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:30:27.0920 5400 SNMPTRAP - ok
19:30:27.0961 5400 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
19:30:27.0967 5400 spldr - ok
19:30:28.0011 5400 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
19:30:28.0038 5400 Spooler - ok
19:30:28.0162 5400 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
19:30:28.0269 5400 sppsvc - ok
19:30:28.0325 5400 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:30:28.0331 5400 sppuinotify - ok
19:30:28.0788 5400 [ 4EDA91FF8EEE2196229AACCCC9F6952C ] SProtection C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe
19:30:28.0996 5400 SProtection - ok
19:30:29.0255 5400 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
19:30:29.0311 5400 SRTSP - ok
19:30:29.0386 5400 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
19:30:29.0389 5400 SRTSPX - ok
19:30:29.0422 5400 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
19:30:29.0432 5400 srv - ok
19:30:29.0463 5400 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:30:29.0472 5400 srv2 - ok
19:30:29.0490 5400 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:30:29.0495 5400 srvnet - ok
19:30:29.0549 5400 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:30:29.0557 5400 SSDPSRV - ok
19:30:29.0579 5400 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
19:30:29.0586 5400 SstpSvc - ok
19:30:29.0625 5400 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
19:30:29.0627 5400 stexstor - ok
19:30:29.0680 5400 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
19:30:29.0704 5400 stisvc - ok
19:30:29.0761 5400 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
19:30:29.0764 5400 swenum - ok
19:30:29.0837 5400 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
19:30:29.0858 5400 swprv - ok
19:30:29.0922 5400 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
19:30:29.0932 5400 SymDS - ok
19:30:30.0007 5400 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
19:30:30.0042 5400 SymEFA - ok
19:30:30.0083 5400 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
19:30:30.0089 5400 SymEvent - ok
19:30:30.0123 5400 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
19:30:30.0128 5400 SymIRON - ok
19:30:30.0161 5400 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
19:30:30.0171 5400 SymNetS - ok
19:30:30.0251 5400 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
19:30:30.0311 5400 SysMain - ok
19:30:30.0347 5400 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:30:30.0358 5400 TabletInputService - ok
19:30:30.0392 5400 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
19:30:30.0404 5400 TapiSrv - ok
19:30:30.0431 5400 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
19:30:30.0438 5400 TBS - ok
19:30:30.0521 5400 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:30:30.0592 5400 Tcpip - ok
19:30:30.0675 5400 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:30:30.0699 5400 TCPIP6 - ok
19:30:30.0728 5400 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:30:30.0732 5400 tcpipreg - ok
19:30:30.0782 5400 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
19:30:30.0785 5400 tdcmdpst - ok
19:30:30.0826 5400 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:30:30.0830 5400 TDPIPE - ok
19:30:30.0868 5400 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:30:30.0870 5400 TDTCP - ok
19:30:30.0896 5400 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:30:30.0910 5400 tdx - ok
19:30:30.0931 5400 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
19:30:30.0935 5400 TermDD - ok
19:30:30.0995 5400 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
19:30:31.0017 5400 TermService - ok
19:30:31.0038 5400 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
19:30:31.0048 5400 Themes - ok
19:30:31.0088 5400 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
19:30:31.0092 5400 THREADORDER - ok
19:30:31.0169 5400 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:30:31.0172 5400 TMachInfo - ok
19:30:31.0198 5400 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
19:30:31.0205 5400 TODDSrv - ok
19:30:31.0303 5400 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:30:31.0322 5400 TosCoSrv - ok
19:30:31.0416 5400 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:30:31.0420 5400 TOSHIBA HDD SSD Alert Service - ok
19:30:31.0477 5400 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
19:30:31.0483 5400 TrkWks - ok
19:30:31.0542 5400 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:30:31.0546 5400 TrustedInstaller - ok
19:30:31.0576 5400 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:30:31.0580 5400 tssecsrv - ok
19:30:31.0595 5400 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:30:31.0599 5400 TsUsbFlt - ok
19:30:31.0621 5400 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
19:30:31.0623 5400 TsUsbGD - ok
19:30:31.0663 5400 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:30:31.0668 5400 tunnel - ok
19:30:31.0703 5400 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:30:31.0706 5400 TVALZ - ok
19:30:31.0748 5400 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
19:30:31.0751 5400 uagp35 - ok
19:30:31.0781 5400 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:30:31.0788 5400 udfs - ok
19:30:31.0842 5400 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:30:31.0849 5400 UI0Detect - ok
19:30:31.0873 5400 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:30:31.0876 5400 uliagpkx - ok
19:30:31.0890 5400 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:30:31.0893 5400 umbus - ok
19:30:31.0907 5400 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
19:30:31.0909 5400 UmPass - ok
19:30:31.0941 5400 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
19:30:31.0952 5400 upnphost - ok
19:30:31.0998 5400 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
19:30:32.0001 5400 USBAAPL64 - ok
19:30:32.0050 5400 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:30:32.0070 5400 usbccgp - ok
19:30:32.0106 5400 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
19:30:32.0110 5400 usbcir - ok
19:30:32.0135 5400 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
19:30:32.0138 5400 usbehci - ok
19:30:32.0177 5400 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:30:32.0185 5400 usbhub - ok
19:30:32.0199 5400 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
19:30:32.0202 5400 usbohci - ok
19:30:32.0250 5400 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
19:30:32.0252 5400 usbprint - ok
19:30:32.0298 5400 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
19:30:32.0301 5400 usbscan - ok
19:30:32.0323 5400 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:30:32.0327 5400 USBSTOR - ok
19:30:32.0345 5400 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
19:30:32.0349 5400 usbuhci - ok
19:30:32.0401 5400 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
19:30:32.0407 5400 usbvideo - ok
19:30:32.0443 5400 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
19:30:32.0449 5400 UxSms - ok
19:30:32.0494 5400 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
19:30:32.0499 5400 VaultSvc - ok
19:30:32.0521 5400 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:30:32.0524 5400 vdrvroot - ok
19:30:32.0558 5400 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
19:30:32.0581 5400 vds - ok
19:30:32.0604 5400 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:30:32.0607 5400 vga - ok
19:30:32.0627 5400 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
19:30:32.0640 5400 VgaSave - ok
19:30:32.0692 5400 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:30:33.0516 5400 vhdmp - ok
19:30:33.0565 5400 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
19:30:33.0568 5400 viaide - ok
19:30:33.0590 5400 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:30:33.0594 5400 volmgr - ok
19:30:33.0635 5400 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:30:33.0644 5400 volmgrx - ok
19:30:33.0672 5400 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
19:30:33.0681 5400 volsnap - ok
19:30:33.0706 5400 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
19:30:33.0711 5400 vsmraid - ok
19:30:33.0800 5400 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
19:30:33.0849 5400 VSS - ok
19:30:33.0875 5400 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:30:33.0878 5400 vwifibus - ok
19:30:33.0933 5400 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:30:33.0936 5400 vwififlt - ok
19:30:33.0971 5400 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
19:30:33.0980 5400 W32Time - ok
19:30:34.0000 5400 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
19:30:34.0003 5400 WacomPen - ok
19:30:34.0058 5400 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
19:30:34.0063 5400 WajamUpdater - ok
19:30:34.0113 5400 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:30:34.0116 5400 WANARP - ok
19:30:34.0133 5400 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:30:34.0136 5400 Wanarpv6 - ok
19:30:34.0206 5400 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
19:30:34.0240 5400 WatAdminSvc - ok
19:30:34.0327 5400 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
19:30:34.0374 5400 wbengine - ok
19:30:34.0392 5400 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:30:34.0402 5400 WbioSrvc - ok
19:30:34.0421 5400 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
19:30:34.0433 5400 wcncsvc - ok
19:30:34.0449 5400 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:30:34.0454 5400 WcsPlugInService - ok
19:30:34.0524 5400 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
19:30:34.0527 5400 Wd - ok
19:30:34.0582 5400 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:30:34.0616 5400 Wdf01000 - ok
19:30:34.0655 5400 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:30:34.0664 5400 WdiServiceHost - ok
19:30:34.0679 5400 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:30:34.0685 5400 WdiSystemHost - ok
19:30:34.0750 5400 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
19:30:34.0759 5400 WebClient - ok
19:30:34.0792 5400 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:30:34.0806 5400 Wecsvc - ok
19:30:34.0839 5400 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:30:34.0847 5400 wercplsupport - ok
19:30:34.0892 5400 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
19:30:34.0899 5400 WerSvc - ok
19:30:34.0954 5400 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:30:34.0957 5400 WfpLwf - ok
19:30:34.0980 5400 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:30:34.0982 5400 WIMMount - ok
19:30:35.0006 5400 WinDefend - ok
19:30:35.0072 5400 WinHttpAutoProxySvc - ok
19:30:35.0162 5400 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:30:35.0168 5400 Winmgmt - ok
19:30:35.0260 5400 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
19:30:35.0308 5400 WinRM - ok
19:30:35.0400 5400 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
19:30:35.0435 5400 Wlansvc - ok
19:30:35.0518 5400 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:30:35.0520 5400 wlcrasvc - ok
19:30:35.0661 5400 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:30:35.0731 5400 wlidsvc - ok
19:30:35.0755 5400 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
19:30:35.0758 5400 WmiAcpi - ok
19:30:35.0819 5400 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:30:35.0825 5400 wmiApSrv - ok
19:30:35.0854 5400 WMPNetworkSvc - ok
19:30:35.0890 5400 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
19:30:35.0895 5400 WPCSvc - ok
19:30:35.0911 5400 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:30:35.0918 5400 WPDBusEnum - ok
19:30:35.0956 5400 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:30:35.0957 5400 ws2ifsl - ok
19:30:35.0985 5400 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
19:30:35.0991 5400 wscsvc - ok
19:30:36.0005 5400 WSearch - ok
19:30:36.0117 5400 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
19:30:36.0182 5400 wuauserv - ok
19:30:36.0209 5400 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:30:36.0211 5400 WudfPf - ok
19:30:36.0278 5400 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:30:36.0282 5400 WUDFRd - ok
19:30:36.0320 5400 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:30:36.0327 5400 wudfsvc - ok
19:30:36.0376 5400 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
19:30:36.0384 5400 WwanSvc - ok
19:30:36.0415 5400 ================ Scan global ===============================
19:30:36.0462 5400 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:30:36.0567 5400 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
19:30:36.0590 5400 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
19:30:36.0629 5400 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:30:36.0673 5400 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:30:36.0682 5400 [Global] - ok
19:30:36.0683 5400 ================ Scan MBR ==================================
19:30:36.0697 5400 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
19:30:37.0378 5400 \Device\Harddisk0\DR0 - ok
19:30:37.0379 5400 ================ Scan VBR ==================================
19:30:37.0416 5400 [ 0E8181833307AF9717CE06CA6178D97C ] \Device\Harddisk0\DR0\Partition1
19:30:37.0419 5400 \Device\Harddisk0\DR0\Partition1 - ok
19:30:37.0422 5400 ============================================================
19:30:37.0422 5400 Scan finished
19:30:37.0422 5400 ============================================================
19:30:37.0466 1984 Detected object count: 0
19:30:37.0466 1984 Actual detected object count: 0


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-18 19:46:08
-----------------------------
19:46:08.802 OS Version: Windows x64 6.1.7601 Service Pack 1
19:46:08.803 Number of processors: 2 586 0x200
19:46:08.855 ComputerName: TOSHIBAC650 UserName: Bill
19:46:11.815 Initialize success
19:47:43.827 AVAST engine defs: 13011802
19:47:47.653 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
19:47:47.661 Disk 0 Vendor: TOSHIBA_ AX00 Size: 305245MB BusType: 11
19:47:47.708 Disk 0 MBR read successfully
19:47:47.715 Disk 0 MBR scan
19:47:47.727 Disk 0 Windows VISTA default MBR code
19:47:47.766 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:47:47.813 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289710 MB offset 3074048
19:47:47.850 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14034 MB offset 596400128
19:47:47.928 Disk 0 scanning C:\windows\system32\drivers
19:48:09.269 Service scanning
19:49:15.305 Modules scanning
19:49:15.327 Disk 0 trace - called modules:
19:49:15.370 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
19:49:15.405 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80023e5060]
19:49:15.419 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80022d4040]
19:49:15.433 5 amd_xata.sys[fffff880011108b4] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa8001dda290]
19:49:19.172 AVAST engine scan C:\windows
19:49:23.300 AVAST engine scan C:\windows\system32
19:55:35.207 AVAST engine scan C:\windows\system32\drivers
19:56:08.816 AVAST engine scan C:\Users\Bill
19:56:10.036 File: C:\Users\Bill\AppData\Local\gnl.exe **INFECTED** Win32:Fareit-AS [Trj]
19:58:05.108 Disk 0 MBR has been saved successfully to "C:\Users\Bill\Documents\MBR.dat"
19:58:05.133 The log file has been saved successfully to "C:\Users\Bill\Documents\aswMBR.txt"


As of right now, I ran the ESET and it did find a threat, but when I clicked save to desktop or save to anyplace, it didn't work. I couldn't get it to save and now I can't find it. It took hours to do. I can try again, or if you know where I can find it, let me know. I am leaving in a few hours for NYC, so I won't be on my computer until Monday sometime. Thanks,

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:32 PM

Posted 19 January 2013 - 12:09 PM

Not needed

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 Lorettaar

Lorettaar
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 21 January 2013 - 06:26 PM

alwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.21.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bill :: TOSHIBAC650 [administrator]

1/21/2013 4:55:17 PM
mbam-log-2013-01-21 (16-55-17).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 370171
Time elapsed: 1 hour(s), 11 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolBox by Farbar Version:10-01-2013
Ran by Bill (administrator) on 21-01-2013 at 18:17:05
Running from "C:\Users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7FURQI85"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ToshibaC650
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hvc.rr.com

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 00-26-6C-16-10-8A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hvc.rr.com
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 44-6D-57-8D-B4-D8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a8e6:ecb2:562e:bf4b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, January 20, 2013 5:18:28 PM
Lease Expires . . . . . . . . . . : Tuesday, January 22, 2013 4:41:03 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 239365463
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-3E-8E-A2-44-6D-57-8D-B4-D8
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hvc.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hvc.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2372D3C7-AA04-49F7-B10C-946C3A6650A1}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:18ac:faff:e757:d6ef(Preferred)
Link-local IPv6 Address . . . . . : fe80::18ac:faff:e757:d6ef%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 209.18.47.61

Name: google.com
Addresses: 2607:f8b0:4004:802::1002
74.125.228.2
74.125.228.3
74.125.228.4
74.125.228.5
74.125.228.6
74.125.228.7
74.125.228.8
74.125.228.9
74.125.228.14
74.125.228.0
74.125.228.1


Pinging google.com [74.125.228.5] with 32 bytes of data:
Reply from 74.125.228.5: bytes=32 time=25ms TTL=53
Reply from 74.125.228.5: bytes=32 time=24ms TTL=53

Ping statistics for 74.125.228.5:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 25ms, Average = 24ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=130ms TTL=47
Reply from 98.138.253.109: bytes=32 time=198ms TTL=47

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 130ms, Maximum = 198ms, Average = 164ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...00 26 6c 16 10 8a ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
11...44 6d 57 8d b4 d8 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.103 281
192.168.1.103 255.255.255.255 On-link 192.168.1.103 281
192.168.1.255 255.255.255.255 On-link 192.168.1.103 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.103 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.103 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:18ac:faff:e757:d6ef/128
On-link
11 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::18ac:faff:e757:d6ef/128
On-link
11 281 fe80::a8e6:ecb2:562e:bf4b/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/21/2013 00:03:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8892

Error: (01/21/2013 00:03:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8892

Error: (01/21/2013 00:03:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/21/2013 00:03:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5460

Error: (01/21/2013 00:03:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5460

Error: (01/21/2013 00:03:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/21/2013 11:47:55 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (01/21/2013 04:16:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14118

Error: (01/21/2013 04:16:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14118

Error: (01/21/2013 04:16:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/21/2013 11:47:52 AM) (Source: DCOM) (User: )
Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (01/21/2013 11:47:49 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (01/21/2013 11:47:48 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (01/19/2013 08:15:01 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service.

Error: (01/19/2013 08:14:19 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

Error: (01/19/2013 03:59:35 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/18/2013 04:56:38 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/18/2013 08:14:51 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (01/16/2013 08:56:56 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (01/15/2013 04:53:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.


Microsoft Office Sessions:
=========================
Error: (01/21/2013 00:03:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8892

Error: (01/21/2013 00:03:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8892

Error: (01/21/2013 00:03:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/21/2013 00:03:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5460

Error: (01/21/2013 00:03:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5460

Error: (01/21/2013 00:03:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/21/2013 11:47:55 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (01/21/2013 04:16:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14118

Error: (01/21/2013 04:16:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14118

Error: (01/21/2013 04:16:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

Adobe AIR (Version: 3.4.0.2710)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader X (10.1.5) MUI (Version: 10.1.5)
AMD Media Foundation Decoders (Version: 1.0.60607.2201)
AMD VISION Engine Control Center (Version: 2011.0607.2212.38019)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
ATI Catalyst Install Manager (Version: 3.0.829.0)
Bejeweled 3 (Version: 2.2.0.97)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0607.2212.38019)
Catalyst Control Center InstallProxy (Version: 2011.0607.2212.38019)
Catalyst Control Center Localization All (Version: 2011.0607.2212.38019)
ccc-utility64 (Version: 2011.0607.2212.38019)
CCC Help Chinese Standard (Version: 2011.0607.2211.38019)
CCC Help Chinese Traditional (Version: 2011.0607.2211.38019)
CCC Help Czech (Version: 2011.0607.2211.38019)
CCC Help Danish (Version: 2011.0607.2211.38019)
CCC Help Dutch (Version: 2011.0607.2211.38019)
CCC Help English (Version: 2011.0607.2211.38019)
CCC Help Finnish (Version: 2011.0607.2211.38019)
CCC Help French (Version: 2011.0607.2211.38019)
CCC Help German (Version: 2011.0607.2211.38019)
CCC Help Greek (Version: 2011.0607.2211.38019)
CCC Help Hungarian (Version: 2011.0607.2211.38019)
CCC Help Italian (Version: 2011.0607.2211.38019)
CCC Help Japanese (Version: 2011.0607.2211.38019)
CCC Help Korean (Version: 2011.0607.2211.38019)
CCC Help Norwegian (Version: 2011.0607.2211.38019)
CCC Help Polish (Version: 2011.0607.2211.38019)
CCC Help Portuguese (Version: 2011.0607.2211.38019)
CCC Help Russian (Version: 2011.0607.2211.38019)
CCC Help Spanish (Version: 2011.0607.2211.38019)
CCC Help Swedish (Version: 2011.0607.2211.38019)
CCC Help Thai (Version: 2011.0607.2211.38019)
CCC Help Turkish (Version: 2011.0607.2211.38019)
Conexant HD Audio (Version: 8.54.1.0)
D3DX10 (Version: 15.4.2368.0902)
ESET Online Scanner v3
ETDWare PS/2-X64 8.0.8.0_R01 (Version: 8.0.8.0)
FATE - The Traitor Soul (Version: 2.2.0.95)
Google Chrome (Version: 24.0.1312.52)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.123)
Iminent (Version: 5.47.22.0)
Iminent Toolbar For Internet Explorer (Version: 3.26.0)
iTunes (Version: 10.7.0.21)
Jacquie Lawson London Advent Calendar (Version: 1.0.0)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
LEGO Island 2
Letters from Nowhere 2 (Version: 2.2.0.97)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
McAfee Security Scan Plus (Version: 3.0.285.6)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Age of Empires II
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 18.0.1 (x86 en-US) (Version: 18.0.1)
Mozilla Maintenance Service (Version: 18.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Norton Internet Security (Version: 19.9.0.9)
Penguins! (Version: 2.2.0.98)
Pirate101 (Version: 1.0.0)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Polar Bowler (Version: 2.2.0.97)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30124)
Realtek WLAN Driver (Version: 2.00.0016)
RollerCoaster Tycoon 3: Platinum (Version: 2.2.0.98)
Skype Launcher (Version: 2.01)
Tales of Lagoona (Version: 2.2.0.98)
Toshiba App Place (Version: 1.0.6.3)
TOSHIBA Application Installer (Version: 9.0.1.2)
TOSHIBA Assist (Version: 4.2.3.0)
Toshiba Book Place (Version: 3.0.9490)
TOSHIBA Bulletin Board (Version: 1.6.11.64)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA Face Recognition (Version: 3.1.17.64)
TOSHIBA Hardware Setup (Version: 2.1.0.3)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9)
Toshiba Laptop Checkup (Version: 2.0.13.11)
TOSHIBA Media Controller (Version: 1.0.87.4)
Toshiba Online Backup (Version: 2.0.0.31)
TOSHIBA Quality Application (Version: 1.0.4)
TOSHIBA Recovery Media Creator (Version: 2.1.5.5109a)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA Service Station (Version: 2.2.13)
TOSHIBA Supervisor Password (Version: 2.1.0.2)
TOSHIBA Value Added Package (Version: 1.6.1.64)
TOSHIBA Web Camera Application (Version: 2.0.3.3)
TOSHIBARegistration (Version: 1.0.7)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update Installer for WildTangent Games App
Wajam (Version: 1.49)
WildTangent Games (Version: 1.0.2.5)
WildTangent Games App (Toshiba Games) (Version: 4.0.10.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
Zuma's Revenge (Version: 2.2.0.98)

========================= Memory info: ===================================

Percentage of memory in use: 86%
Total physical RAM: 1638.87 MB
Available physical RAM: 219.88 MB
Total Pagefile: 3277.73 MB
Available Pagefile: 878.67 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.24 MB

========================= Partitions: =====================================

1 Drive c: (TI106302W0C) (Fixed) (Total:282.92 GB) (Free:232.29 GB) NTFS

========================= Users: ========================================

User accounts for \\TOSHIBAC650

Administrator Bill Guest

========================= Restore Points ==================================

21-12-2012 22:14:55 Installed Pirate101
25-12-2012 13:47:52 Windows Modules Installer
25-12-2012 13:56:50 Windows Update
28-12-2012 18:18:56 Windows Update
01-01-2013 14:54:26 Windows Update
04-01-2013 22:09:25 Windows Update
09-01-2013 02:46:39 Windows Update
15-01-2013 12:27:26 Windows Update
18-01-2013 13:27:48 Windows Update
19-01-2013 08:00:48 Windows Update

**** End of log ****


Farbar Service Scanner Version: 16-01-2013
Ran by Bill (administrator) on 21-01-2013 at 18:21:03
Running from "C:\Users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGR9QT4V"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



posting this first because the adware says it will delete anything that isn't saved so I want to make sure I don't loose these logs.

#8 Lorettaar

Lorettaar
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 21 January 2013 - 07:54 PM

And the rest of the logs


# AdwCleaner v2.107 - Logfile created 01/21/2013 at 18:27:58
# Updated 21/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Bill - TOSHIBAC650
# Boot Mode : Normal
# Running from : C:\Users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7FURQI85\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : SProtection
Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchTheWeb.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\IMinent toolbar
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Folder Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Folder Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Users\Bill\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Bill\AppData\Local\Temp\Iminent
Folder Deleted : C:\Users\Bill\AppData\Local\Temp\TempDir
Folder Deleted : C:\Users\Bill\AppData\Local\Wajam
Folder Deleted : C:\Users\Bill\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Bill\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\jwb4g6j5.default\CT3201318
Folder Deleted : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\jwb4g6j5.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}
Folder Deleted : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\jwb4g6j5.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
Folder Deleted : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\jwb4g6j5.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Deleted : HKLM\Software\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : HKLM\Software\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620
Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\Software\Umbrella
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.iminent.com/?appId=E39D8589-5E08-4F09-B7A3-1020DB1296A8 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\jwb4g6j5.default\prefs.js

Deleted : user_pref("CT3201318.1000082.isDisplayHidden", "true");
Deleted : user_pref("CT3201318.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3201318.1000234.TWC_TMP_city", "NEWBURGH");
Deleted : user_pref("CT3201318.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT3201318.1000234.TWC_locId", "CAXX1895");
Deleted : user_pref("CT3201318.1000234.TWC_location", "Newburgh, Canada");
Deleted : user_pref("CT3201318.1000234.TWC_region", "US");
Deleted : user_pref("CT3201318.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT3201318.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT3201318.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"35°F\",\"temperat[...]
Deleted : user_pref("CT3201318.CBOpenMAMSettings.enc", "MA==");
Deleted : user_pref("CT3201318.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3201318.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3201318.FirstTime", "true");
Deleted : user_pref("CT3201318.FirstTimeFF3", "true");
Deleted : user_pref("CT3201318.LoginRevertSettingsEnabled", true);
Deleted : user_pref("CT3201318.RevertSettingsEnabled", false);
Deleted : user_pref("CT3201318.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT320[...]
Deleted : user_pref("CT3201318.UserID", "UN05932729461499231");
Deleted : user_pref("CT3201318.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3201318.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3201318.cb_experience_000.enc", "MjI=");
Deleted : user_pref("CT3201318.cb_firstuse0100.enc", "MQ==");
Deleted : user_pref("CT3201318.cbcountry_001.enc", "VVM=");
Deleted : user_pref("CT3201318.cbfirsttime.enc", "V2VkIE5vdiAxNCAyMDEyIDE5OjM0OjA0IEdNVC0wNTAwIChFYXN0ZXJuIFN0[...]
Deleted : user_pref("CT3201318.enableAlerts", "always");
Deleted : user_pref("CT3201318.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT3201318.event_data.enc", "JTVCJTVE");
Deleted : user_pref("CT3201318.fired_events.enc", "AA==");
Deleted : user_pref("CT3201318.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3201318.fixPageNotFoundErrorByUser", "TRUE");
Deleted : user_pref("CT3201318.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3201318.fixUrls", true);
Deleted : user_pref("CT3201318.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc",[...]
Deleted : user_pref("CT3201318.installType", "Unknown");
Deleted : user_pref("CT3201318.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3201318.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3201318.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3201318.isNewTabEnabled", true);
Deleted : user_pref("CT3201318.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3201318.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3201318.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3201318.key_date.enc", "MTU=");
Deleted : user_pref("CT3201318.keyword", true);
Deleted : user_pref("CT3201318.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3201318.lastVersion", "10.14.40.128");
Deleted : user_pref("CT3201318.migrateAppsAndComponents", true);
Deleted : user_pref("CT3201318.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Deleted : user_pref("CT3201318.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"][...]
Deleted : user_pref("CT3201318.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Deleted : user_pref("CT3201318.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3201318.search.searchAppId", "129768733323172459");
Deleted : user_pref("CT3201318.search.searchCount", "0");
Deleted : user_pref("CT3201318.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3201318.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3201318.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3201318.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3201318.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3201318.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1352939635198");
Deleted : user_pref("CT3201318.serviceLayer_services_appsMetadata_lastUpdate", "1352939634903");
Deleted : user_pref("CT3201318.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1352939636867");
Deleted : user_pref("CT3201318.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358299181563");
Deleted : user_pref("CT3201318.serviceLayer_services_login_10.14.40.128_lastUpdate", "1358546664332");
Deleted : user_pref("CT3201318.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13529[...]
Deleted : user_pref("CT3201318.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13529[...]
Deleted : user_pref("CT3201318.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1352939637087");
Deleted : user_pref("CT3201318.serviceLayer_services_searchAPI_lastUpdate", "1352939633570");
Deleted : user_pref("CT3201318.serviceLayer_services_serviceMap_lastUpdate", "1358546662380");
Deleted : user_pref("CT3201318.serviceLayer_services_toolbarContextMenu_lastUpdate", "1352939636731");
Deleted : user_pref("CT3201318.serviceLayer_services_toolbarSettings_lastUpdate", "1358546664519");
Deleted : user_pref("CT3201318.serviceLayer_services_translation_lastUpdate", "1358546664255");
Deleted : user_pref("CT3201318.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Deleted : user_pref("CT3201318.serviceLayer_services_userApps_lastUpdate", "1353020186643");
Deleted : user_pref("CT3201318.settingsINI", true);
Deleted : user_pref("CT3201318.smartbar.CTID", "CT3201318");
Deleted : user_pref("CT3201318.smartbar.Uninstall", "0");
Deleted : user_pref("CT3201318.smartbar.homepage", true);
Deleted : user_pref("CT3201318.smartbar.toolbarName", "FLV Runner ");
Deleted : user_pref("CT3201318.toolbarBornServerTime", "15-11-2012");
Deleted : user_pref("CT3201318.toolbarCurrentServerTime", "16-1-2013");
Deleted : user_pref("CT3201318.url_history0001.enc", "aHR0cDovL2VtcGlyZS5nb29kZ2FtZXN0dWRpb3MuY29tLz9jb3VudHJ5[...]
Deleted : user_pref("CT3201318_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3201318");
Deleted : user_pref("browser.search.selectedEngine", "SearchTheWeb");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=13&CUI[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=13[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.machineId", "GL22HPRZCIOQXXYG5HC5LYDRYDWOQAQPDNT8RQV7XL1SM6MKI3TSLR/JANDFH4FNBL4[...]
Deleted : user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Deleted : user_pref("smartbar.originalSearchEngine", false);
Deleted : user_pref("browser.startup.homepage", "hxxp://search.iminent.com/?appId=E39D8589-5E08-4F09-B7A3-1020[...]

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.11] : homepage = "hxxp://search.iminent.com/?appId=E39D8589-5E08-4F09-B7A3-1020DB1296A8",
Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://search.iminent.com/?appId=E39D8589-5E08-4F09-B7A3-1[...]
Deleted [l.42] : keyword = "search.iminent.com",
Deleted [l.45] : search_url = "hxxp://search.iminent.com/?appId=E39D8589-5E08-4F09-B7A3-1020DB1296A8&ref=toolb[...]
Deleted [l.1768] : homepage = "hxxp://search.iminent.com/?appId=E39D8589-5E08-4F09-B7A3-1020DB1296A8",
Deleted [l.1984] : urls_to_restore_on_startup = [ "hxxp://search.iminent.com/?appId=E39D8589-5E08-4F09-B7A3-1020[...]

*************************

AdwCleaner[S2].txt - [39720 octets] - [21/01/2013 18:27:58]


########## EOF - C:\AdwCleaner[S2].txt - [39781 octets] ##########







Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.7 (01.21.2013:1)
OS: Windows 7 Home Premium x64
Ran by Bill on Mon 01/21/2013 at 19:02:29.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hello, I think this is it. I can't figure out how to extract and run the last program autorun. I click extract and it didn't give me a run option. Let me know if there is something I did wrong.

Thanks again. Loretta


~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Bill\AppData\Roaming\mozilla\firefox\profiles\jwb4g6j5.default\prefs.js

user_pref("iminent.webbooster.scripts.minibar.enabledAds", "false");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1354496690647");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent103", "1354766385813");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1354765297570");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent110", "1354765300566");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1354765297496");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1354765297599");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent122", "1354765297625");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1353884049318");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1353269039802");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1354765268639");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent110", "1354765272732");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1354765268609");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1354765268668");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1354765268694");
Emptied folder: C:\Users\Bill\AppData\Roaming\mozilla\firefox\profiles\jwb4g6j5.default\minidumps [21 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Bill\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/21/2013 at 19:35:47.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:32 PM

Posted 21 January 2013 - 09:14 PM

RKILL log?

Hello, I think this is it. I can't figure out how to extract and run the last program autorun. I click extract and it didn't give me a run option. Let me know if there is something I did wrong.


You should find AUTORUNS.EXE in the extracted folder.Launch it and perform the steps.

#10 Lorettaar

Lorettaar
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 21 January 2013 - 10:20 PM

Last scan I think. Hopefully I did this right because I went through it several times before I could figure out where is was stored. Also, not sure that this is applicable to the situation, but in between running all of these I was also trying to use my email and the computer kept freezing. I had to start and restart it several times and/or use task manager. Thanks.


HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ETDCtrl" "ETD Control Center" "ELAN Microelectronics Corp." "c:\program files\elantech\etdctrl.exe"
+ "SmartAudio" "SmartAudio Control Panel application" "Conexant systems, Inc." "c:\program files\conexant\saii\saiicpl.exe"
+ "TCrdMain" "TOSHIBA Flash Cards Main Module" "TOSHIBA Corporation" "c:\program files\toshiba\flashcards\tcrdmain.exe"
+ "TosNC" "Message Center" "TOSHIBA Corporation" "c:\program files\toshiba\bulletinboard\tosnccore.exe"
+ "TosReelTimeMonitor" "Monitor of TOSHIBA ReelTime" "TOSHIBA Corporation" "c:\program files\toshiba\reeltime\tosreeltimemonitor.exe"
+ "TosSENotify" "" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe"
+ "TosVolRegulator" " Toshiba Volume Regulator" "TOSHIBA Corporation" "c:\program files\toshiba\tosvolregulator\tosvolregulator.exe"
+ "TPwrMain" "TOSHIBA Power Saver" "TOSHIBA Corporation" "c:\program files\toshiba\power saver\tpwrmain.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "NortonOnlineBackupReminder" "Toshiba Online Backup Service" "Toshiba" "c:\program files (x86)\toshiba\toshiba online backup\activation\tobuactivation.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "ToshibaAppPlace" "Toshiba App Place" "Toshiba" "c:\program files (x86)\toshiba\toshiba app place\toshibaappplace.exe"
+ "ToshibaServiceStation" "TOSHIBA Service Station" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\toshibaservicestation.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "McAfee Security Scan Plus.lnk" "McAfee Security Scanner Scheduler" "McAfee, Inc." "c:\program files (x86)\mcafee security scan\3.0.285\ssscheduler.exe"
"C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "JL London Advent Calendar.lnk" "" "" "c:\program files (x86)\jl london advent calendar\jl london advent calendar.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Google Chrome" "Google Chrome" "Google Inc." "c:\program files (x86)\google\chrome\application\24.0.1312.52\installer\setup.exe"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
+ "WVFKTEP" "" "" "File not found: C:\Users\Bill\AppData\Roaming\el-GRA.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\19.9.0.9\navshext.dll"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\19.9.0.9\navshext.dll"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Norton Identity Protection" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\19.9.0.9\coieplg.dll"
+ "Norton Vulnerability Protection" "IPS Browser Helper DLL" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\19.9.0.9\ips\ipsbho.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\19.9.0.9\coieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Defender\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Norton Internet Security\Norton Error Analyzer" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\19.9.0.9\symerr.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "cvhsvc" "Client Virtualization Handler Service (unlocalized description)" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe"
+ "GamesAppService" "WT Games App Services" "WildTangent, Inc." "c:\program files (x86)\wildtangent games\app\gamesappservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "McComponentHostService" "McAfee Security Scan Component Host Service" "McAfee, Inc." "c:\program files (x86)\mcafee security scan\3.0.285\mcchsvc.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "NIS" "Norton Internet Security" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\19.9.0.9\ccsvchst.exe"
+ "Norton PC Checkup Application Launcher" "Provides consolidated application launching facility" "Symantec Corporation" "c:\program files (x86)\norton pc checkup\engine\2.0.13.11\symcpcculaunchsvc.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "PCCUJobMgr" "Job Manager service for common client services" "Symantec Corporation" "c:\program files (x86)\norton pc checkup\engine\2.0.13.11\ccsvchst.exe"
+ "sftlist" "Streams and manages applications." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftlist.exe"
+ "sftvsa" "Monitors global service events and launches virtual services." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftvsa.exe"
+ "TMachInfo" "TOSHIBA Machine Information Service" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe"
+ "TODDSrv" "TDCSrv Application" "TOSHIBA Corporation" "c:\windows\system32\toddsrv.exe"
+ "TosCoSrv" "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped." "TOSHIBA Corporation" "c:\program files\toshiba\power saver\toscosrv.exe"
+ "TOSHIBA HDD SSD Alert Service" "TOSHIBA HDD SSD Alert" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amd_sata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amd_sata.sys"
+ "amd_xata" "Stor Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amd_xata.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BHDrvx64" "SONAR Engine Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20121005.002\bhdrvx64.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "ccSet_NIS" "Common Client Settings Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1309000.009\ccsetx64.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "CnxtHdAudService" "64-bit High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdrt64.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "ETD" "ETD Kernel Center" "ELAN Microelectronics Corp." "c:\windows\system32\drivers\etd.sys"
+ "FwLnk" "TOSHIBA Firmware Linkage 64-bit Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\fwlnk.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "IDSVia64" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20121101.002\idsvia64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "L1C" "Atheros L1c PCI-E Gigabit Ethernet Controller" "Atheros Communications, Inc." "c:\windows\system32\drivers\l1c62x64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20121101.032\eng64.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20121101.032\ex64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PGEffect" "TOSHIBA Universal Camera Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\pgeffect.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "RTL8192Ce" "Realtek RTL81892CE NDIS Driverr" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8192ce.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1309000.009\srtsp64.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1309000.009\srtspx64.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SymDS" "Symantec Data Store" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1309000.009\symds64.sys"
+ "SymEFA" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1309000.009\symefa64.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys"
+ "SymIRON" "Iron Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1309000.009\ironx64.sys"
+ "SymNetS" "Network Security Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1309000.009\symnets.sys"
+ "tdcmdpst" "TOSHIBA ODD Writing Driver for x64." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys"
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\syswow64\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "VIDC.IV41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\syswow64\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\syswow64\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\syswow64\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\syswow64\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll"
+ "SFVCaptureFilter" "SmartFaceVCapt" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcapt.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Image Effects" "TimeStam Dynamic Link Library" "TOSHIBA CORPORATION." "c:\program files (x86)\toshiba\toshiba web camera application\pgtimefilter.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\syswow64\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\syswow64\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\syswow64\ir50_32.dll"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prdmowrapper.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\tprogmon.ax"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\twavconv.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "SmartFaceVCP" "SmartFaceVCP" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcp.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"C:\Users\Bill\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Calendar" "Browse the days of the calendar." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\Gadget.xml"
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\Gadget.xml"
+ "Weather" "See what the weather looks like around the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\Gadget.xml"

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:32 PM

Posted 21 January 2013 - 11:30 PM

Launch Autoruns and uncheck this entry
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "WVFKTEP" "" "" "File not found: C:\Users\Bill\AppData\Roaming\el-GRA.dll"

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#12 Lorettaar

Lorettaar
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 22 January 2013 - 08:38 AM

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/22/2013 08:37:05 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Bill\AppData\Local\Temp\Rar$EXa0.851\autoruns.exe (PID: 3144) [T-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/22/2013 08:37:50 AM
Execution time: 0 hours(s), 0 minute(s), and 45 seconds(s)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:32 PM

Posted 22 January 2013 - 12:13 PM

Still redirecting? which browser?

#14 Lorettaar

Lorettaar
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 22 January 2013 - 12:22 PM

Hello,

I think it's stopped. I usually use internet explorer, which is working fine now and I tried Mozilla as well and that seems to be fine also. I was told not to use internet explorer, that it isn't safe. Is that true? I was told to use Mozilla.

Anyway, thanks. I do have one other issue that maybe you can help me with. My computer seems to feeze often and it is very slow. Any suggestions? And should I download something to protect from whatever nonsense just happened? Your suggestions would be great. What was causing it to re-route? Thanks,

Loretta

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:32 PM

Posted 22 January 2013 - 12:25 PM

You have two antivirus:Mcafee & Norton.Uninstall both and install either Avast or microsoft security essentials.Make sure to use latest versions of IE or firefox.Regarding browser,firefox is much protective than IE.

You had browser redirect DLLs which was causing redirects.Let me know how system behaves we move to final task.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users