Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pretty sure I'm infected


  • Please log in to reply
11 replies to this topic

#1 Ericlis

Ericlis

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 10 March 2013 - 06:40 PM

Hoping y'all can help me out, working on a machine that I'm fairly certain is infected with some sort of malware bug, I've tried installing Ad-aware which i have had great success before using to clean systems, but on this one it will install but will not run, when you try to open it the process adaware.exe shows up in task manager for a few seconds then disapears, also in windows (xp sp3) the quick launch icons will disapear after a reboot and do not function when clicked on, same goes for desktop shortcuts or any startmenu items / shortcuts, only way to launch an application it to go directly to its directory and launch it from the exe, i have run a few other tools such as gmer and avast but shown no results.  kinda stumped on this one.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:10 PM

Posted 10 March 2013 - 07:08 PM

Sorryt about thecoding problem..

 

 

Lets try this

 

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2


  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.

Do not reboot the computer, you will need to run the application again.

 

 

 

TDSS Alt
Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
 
Do not change the default options on scan results.

 

 

 

 


MiniToolBox
Please download , save it to your desktop and run it.Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 

 

>>>

ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.


>>>>

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • [color=green]Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.

 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Ericlis

Ericlis
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 10 March 2013 - 11:34 PM

Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/10/2013 09:01:44 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\WINDOWS\system32\ICO.EXE (PID: 368) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\.exe\shell found and deleted!
 
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * C:\WINDOWS\System32\drivers\atapi.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\atapi.sys : 96,512 : 04/14/2008 00:10 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys : 96,512 : 04/14/2008 00:00 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys : 96,512 : 04/14/2008 00:10 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 03/10/2013 09:02:41 PM
Execution time: 0 hours(s), 0 minute(s), and 57 seconds(s)
 


21:03:29.0656 5200  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:03:30.0171 5200  ============================================================
21:03:30.0171 5200  Current date / time: 2013/03/10 21:03:30.0171
21:03:30.0171 5200  SystemInfo:
21:03:30.0171 5200  
21:03:30.0171 5200  OS Version: 5.1.2600 ServicePack: 3.0
21:03:30.0171 5200  Product type: Workstation
21:03:30.0171 5200  ComputerName: VOSTRO410
21:03:30.0171 5200  UserName: Alec
21:03:30.0171 5200  Windows directory: C:\WINDOWS
21:03:30.0171 5200  System windows directory: C:\WINDOWS
21:03:30.0171 5200  Processor architecture: Intel x86
21:03:30.0171 5200  Number of processors: 2
21:03:30.0171 5200  Page size: 0x1000
21:03:30.0171 5200  Boot type: Normal boot
21:03:30.0171 5200  ============================================================
21:03:31.0515 5200  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:03:31.0609 5200  ============================================================
21:03:31.0609 5200  \Device\Harddisk0\DR0:
21:03:31.0609 5200  MBR partitions:
21:03:31.0609 5200  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x25411F7A
21:03:31.0609 5200  ============================================================
21:03:31.0640 5200  C: <-> \Device\Harddisk0\DR0\Partition1
21:03:31.0640 5200  ============================================================
21:03:31.0640 5200  Initialize success
21:03:31.0640 5200  ============================================================
21:03:41.0796 5948  ============================================================
21:03:41.0796 5948  Scan started
21:03:41.0796 5948  Mode: Manual; TDLFS; 
21:03:41.0796 5948  ============================================================
21:03:42.0218 5948  ================ Scan system memory ========================
21:03:42.0218 5948  System memory - ok
21:03:42.0218 5948  ================ Scan services =============================
21:03:42.0437 5948  [ 1F61CACACB521215F39061789147968C ] a347bus         C:\WINDOWS\system32\DRIVERS\a347bus.sys
21:03:42.0437 5948  a347bus - ok
21:03:42.0453 5948  [ 113E4B318BBAA7483CA4E582A4D63F49 ] a347scsi        C:\WINDOWS\system32\Drivers\a347scsi.sys
21:03:42.0453 5948  a347scsi - ok
21:03:42.0453 5948  Abiosdsk - ok
21:03:42.0468 5948  abp480n5 - ok
21:03:42.0578 5948  [ 742270B18C1A04A5F06EE26F4472FF84 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:03:42.0578 5948  ACDaemon - ok
21:03:42.0609 5948  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:03:42.0609 5948  ACPI - ok
21:03:42.0640 5948  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
21:03:42.0640 5948  ACPIEC - ok
21:03:42.0703 5948  [ D22791FCF6AD10A5591C719C37457A24 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
21:03:42.0734 5948  Ad-Aware Service - ok
21:03:42.0859 5948  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:03:42.0859 5948  AdobeFlashPlayerUpdateSvc - ok
21:03:42.0875 5948  adpu160m - ok
21:03:42.0921 5948  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
21:03:42.0921 5948  aec - ok
21:03:42.0937 5948  [ A7B8A3A79D35215D798A300DF49ED23F ] Afc             C:\WINDOWS\system32\drivers\Afc.sys
21:03:42.0937 5948  Afc - ok
21:03:42.0968 5948  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
21:03:42.0984 5948  AFD - ok
21:03:42.0984 5948  Aha154x - ok
21:03:42.0984 5948  aic78u2 - ok
21:03:42.0984 5948  aic78xx - ok
21:03:43.0031 5948  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
21:03:43.0031 5948  Alerter - ok
21:03:43.0062 5948  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
21:03:43.0062 5948  ALG - ok
21:03:43.0078 5948  AliIde - ok
21:03:43.0078 5948  amsint - ok
21:03:43.0140 5948  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:03:43.0156 5948  Apple Mobile Device - ok
21:03:43.0171 5948  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
21:03:43.0171 5948  AppMgmt - ok
21:03:43.0171 5948  asc - ok
21:03:43.0187 5948  asc3350p - ok
21:03:43.0203 5948  asc3550 - ok
21:03:43.0312 5948  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:03:43.0312 5948  aspnet_state - ok
21:03:43.0343 5948  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:03:43.0343 5948  AsyncMac - ok
21:03:43.0375 5948  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
21:03:43.0390 5948  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9F3A2F5AA6875C72BF062C712CFA2674
21:03:43.0390 5948  atapi ( LockedFile.Multi.Generic ) - warning
21:03:43.0390 5948  atapi - detected LockedFile.Multi.Generic (1)
21:03:43.0390 5948  Atdisk - ok
21:03:43.0453 5948  [ 9EE109211CA9998E308608B537262385 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:03:43.0468 5948  Ati HotKey Poller - ok
21:03:43.0515 5948  [ B9CB37E2393FCA35D0505CDA5703CBDC ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe
21:03:43.0531 5948  ATI Smart - ok
21:03:43.0671 5948  [ E69B295083419E13521F01DF76F35DB0 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:03:43.0687 5948  ati2mtag - ok
21:03:43.0796 5948  [ EAECE4A0D90D6E1FBE068CCE9EFD73A0 ] AtiHdmiService  C:\WINDOWS\system32\drivers\AtiHdmi.sys
21:03:43.0796 5948  AtiHdmiService - ok
21:03:43.0828 5948  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:03:43.0828 5948  Atmarpc - ok
21:03:43.0859 5948  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:03:43.0859 5948  AudioSrv - ok
21:03:43.0890 5948  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
21:03:43.0890 5948  audstub - ok
21:03:43.0921 5948  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:03:43.0921 5948  Beep - ok
21:03:43.0984 5948  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:03:44.0000 5948  BITS - ok
21:03:44.0015 5948  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:03:44.0031 5948  Bonjour Service - ok
21:03:44.0062 5948  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
21:03:44.0062 5948  Browser - ok
21:03:44.0109 5948  [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb        C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
21:03:44.0109 5948  BrScnUsb - ok
21:03:44.0125 5948  [ 9F80879913DC2712FD0C4D734E3F519B ] BrSerIb         C:\WINDOWS\system32\DRIVERS\BrSerIb.sys
21:03:44.0125 5948  BrSerIb - ok
21:03:44.0140 5948  [ B67512DA42C0C90BF236D5485226C1C7 ] BrUsbSIb        C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys
21:03:44.0140 5948  BrUsbSIb - ok
21:03:44.0187 5948  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
21:03:44.0187 5948  BrYNSvc - ok
21:03:44.0234 5948  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
21:03:44.0234 5948  cbidf2k - ok
21:03:44.0250 5948  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:03:44.0250 5948  CCDECODE - ok
21:03:44.0250 5948  cd20xrnt - ok
21:03:44.0281 5948  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
21:03:44.0281 5948  Cdaudio - ok
21:03:44.0296 5948  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:03:44.0296 5948  Cdfs - ok
21:03:44.0328 5948  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:03:44.0343 5948  Cdrom - ok
21:03:44.0343 5948  cerc6 - ok
21:03:44.0343 5948  Changer - ok
21:03:44.0375 5948  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
21:03:44.0375 5948  CiSvc - ok
21:03:44.0500 5948  [ 6C99DE57C87D6F3EE85998A7E49F7BF9 ] CLDTVHNService  C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
21:03:44.0500 5948  CLDTVHNService - ok
21:03:44.0531 5948  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
21:03:44.0531 5948  ClipSrv - ok
21:03:44.0609 5948  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:03:44.0609 5948  clr_optimization_v2.0.50727_32 - ok
21:03:44.0656 5948  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:03:44.0656 5948  clr_optimization_v4.0.30319_32 - ok
21:03:44.0656 5948  CmdIde - ok
21:03:44.0656 5948  COMSysApp - ok
21:03:44.0671 5948  Cpqarray - ok
21:03:44.0734 5948  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:03:44.0734 5948  CryptSvc - ok
21:03:44.0750 5948  dac2w2k - ok
21:03:44.0750 5948  dac960nt - ok
21:03:44.0812 5948  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:03:44.0812 5948  DcomLaunch - ok
21:03:44.0828 5948  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:03:44.0828 5948  Dhcp - ok
21:03:44.0890 5948  [ A22D5A027F397E412CBB2D97E8661BFF ] Diag69xp        C:\WINDOWS\system32\Drivers\Diag69xp.sys
21:03:44.0890 5948  Diag69xp - ok
21:03:44.0921 5948  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:03:44.0921 5948  Disk - ok
21:03:44.0968 5948  [ A6BBCD37030EFF010EA1353DA2BB7221 ] Diskeeper       C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
21:03:44.0968 5948  Diskeeper - ok
21:03:44.0968 5948  dmadmin - ok
21:03:45.0015 5948  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:03:45.0015 5948  dmboot - ok
21:03:45.0031 5948  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
21:03:45.0031 5948  dmio - ok
21:03:45.0046 5948  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:03:45.0046 5948  dmload - ok
21:03:45.0093 5948  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:03:45.0093 5948  dmserver - ok
21:03:45.0140 5948  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:03:45.0140 5948  DMusic - ok
21:03:45.0203 5948  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:03:45.0203 5948  Dnscache - ok
21:03:45.0234 5948  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:03:45.0234 5948  Dot3svc - ok
21:03:45.0234 5948  dpti2o - ok
21:03:45.0234 5948  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:03:45.0234 5948  drmkaud - ok
21:03:45.0265 5948  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
21:03:45.0265 5948  EapHost - ok
21:03:45.0359 5948  [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
21:03:45.0359 5948  EPSON_PM_RPCV4_01 - ok
21:03:45.0390 5948  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
21:03:45.0390 5948  ERSvc - ok
21:03:45.0437 5948  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
21:03:45.0437 5948  Eventlog - ok
21:03:45.0484 5948  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
21:03:45.0484 5948  EventSystem - ok
21:03:45.0546 5948  [ 0DD24DABB0B8C4AC0D8F2EBF0492276A ] fanio           C:\WINDOWS\system32\drivers\fanio.sys
21:03:45.0546 5948  fanio - ok
21:03:45.0578 5948  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
21:03:45.0578 5948  Fastfat - ok
21:03:45.0625 5948  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:03:45.0625 5948  FastUserSwitchingCompatibility - ok
21:03:45.0625 5948  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
21:03:45.0625 5948  Fdc - ok
21:03:45.0640 5948  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:03:45.0640 5948  Fips - ok
21:03:45.0640 5948  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
21:03:45.0640 5948  Flpydisk - ok
21:03:45.0687 5948  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:03:45.0687 5948  FltMgr - ok
21:03:45.0765 5948  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:03:45.0765 5948  FontCache3.0.0.0 - ok
21:03:45.0781 5948  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:03:45.0781 5948  Fs_Rec - ok
21:03:45.0781 5948  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:03:45.0781 5948  Ftdisk - ok
21:03:45.0828 5948  [ 185ADA973B5020655CEE342059A86CBB ] GearAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:03:45.0828 5948  GearAspiWDM - ok
21:03:45.0875 5948  [ B6E01969246FCB67470E87E6957EE147 ] GEARSecurity    C:\WINDOWS\System32\GEARSec.exe
21:03:45.0875 5948  GEARSecurity - ok
21:03:45.0890 5948  [ 483924F92E55A5F9423201EC635E2CED ] gfibto          C:\WINDOWS\system32\drivers\gfibto.sys
21:03:45.0890 5948  gfibto - ok
21:03:46.0000 5948  [ 0B53F4306E17025E7685D18C3A77127E ] GoToMyPC        C:\Program Files\Citrix\GoToMyPC\g2svc.exe
21:03:46.0015 5948  GoToMyPC - ok
21:03:46.0031 5948  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:03:46.0031 5948  Gpc - ok
21:03:46.0125 5948  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:03:46.0125 5948  gupdate - ok
21:03:46.0140 5948  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:03:46.0140 5948  gupdatem - ok
21:03:46.0187 5948  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:03:46.0203 5948  gusvc - ok
21:03:46.0234 5948  [ 56BF27D7A539F9E6BBC1DE201ABA0EDF ] HdAudAddService C:\WINDOWS\system32\drivers\AtiHdAud.sys
21:03:46.0234 5948  HdAudAddService - ok
21:03:46.0265 5948  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:03:46.0265 5948  HDAudBus - ok
21:03:46.0312 5948  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:03:46.0312 5948  helpsvc - ok
21:03:46.0328 5948  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
21:03:46.0328 5948  HidServ - ok
21:03:46.0375 5948  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:03:46.0375 5948  hidusb - ok
21:03:46.0406 5948  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:03:46.0406 5948  hkmsvc - ok
21:03:46.0421 5948  hpn - ok
21:03:46.0453 5948  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:03:46.0468 5948  HTTP - ok
21:03:46.0500 5948  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:03:46.0500 5948  HTTPFilter - ok
21:03:46.0500 5948  i2omgmt - ok
21:03:46.0515 5948  i2omp - ok
21:03:46.0546 5948  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
21:03:46.0546 5948  i8042prt - ok
21:03:46.0609 5948  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:03:46.0609 5948  IDriverT - ok
21:03:46.0656 5948  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:03:46.0671 5948  idsvc - ok
21:03:46.0703 5948  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
21:03:46.0703 5948  Imapi - ok
21:03:46.0765 5948  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:03:46.0765 5948  ImapiService - ok
21:03:46.0765 5948  ini910u - ok
21:03:46.0921 5948  [ 811B31E0E0AC7BE484EFBFFC42AFCBBE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:03:46.0953 5948  IntcAzAudAddService - ok
21:03:46.0953 5948  IntelIde - ok
21:03:47.0015 5948  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:03:47.0015 5948  intelppm - ok
21:03:47.0031 5948  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:03:47.0031 5948  Ip6Fw - ok
21:03:47.0062 5948  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:03:47.0062 5948  IpFilterDriver - ok
21:03:47.0078 5948  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:03:47.0078 5948  IpInIp - ok
21:03:47.0109 5948  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:03:47.0109 5948  IpNat - ok
21:03:47.0156 5948  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:03:47.0156 5948  iPod Service - ok
21:03:47.0187 5948  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:03:47.0187 5948  IPSec - ok
21:03:47.0218 5948  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:03:47.0218 5948  IRENUM - ok
21:03:47.0250 5948  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:03:47.0250 5948  isapnp - ok
21:03:47.0328 5948  [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:03:47.0328 5948  JavaQuickStarterService - ok
21:03:47.0359 5948  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:03:47.0359 5948  Kbdclass - ok
21:03:47.0375 5948  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:03:47.0375 5948  kbdhid - ok
21:03:47.0437 5948  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:03:47.0437 5948  kmixer - ok
21:03:47.0453 5948  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:03:47.0453 5948  KSecDD - ok
21:03:47.0484 5948  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
21:03:47.0484 5948  LanmanServer - ok
21:03:47.0531 5948  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:03:47.0546 5948  lanmanworkstation - ok
21:03:47.0593 5948  [ 8F5795B166CBB50966E29982F8CDB310 ] LANPkt          C:\WINDOWS\system32\DRIVERS\LANPkt.sys
21:03:47.0593 5948  LANPkt - ok
21:03:47.0609 5948  lbrtfdc - ok
21:03:47.0671 5948  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
21:03:47.0671 5948  LmHosts - ok
21:03:47.0734 5948  [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS            C:\WINDOWS\system32\DRIVERS\lvrs.sys
21:03:47.0734 5948  LVRS - ok
21:03:47.0734 5948  LVUSBSta - ok
21:03:47.0906 5948  [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC           C:\WINDOWS\system32\DRIVERS\lvuvc.sys
21:03:47.0968 5948  LVUVC - ok
21:03:48.0015 5948  [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
21:03:48.0015 5948  MBAMSwissArmy - ok
21:03:48.0093 5948  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:03:48.0093 5948  MDM - ok
21:03:48.0125 5948  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
21:03:48.0125 5948  Messenger - ok
21:03:48.0140 5948  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
21:03:48.0140 5948  mnmdd - ok
21:03:48.0171 5948  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
21:03:48.0171 5948  mnmsrvc - ok
21:03:48.0203 5948  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
21:03:48.0203 5948  Modem - ok
21:03:48.0218 5948  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:03:48.0218 5948  Mouclass - ok
21:03:48.0265 5948  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:03:48.0265 5948  mouhid - ok
21:03:48.0281 5948  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:03:48.0281 5948  MountMgr - ok
21:03:48.0296 5948  [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:03:48.0312 5948  MozillaMaintenance - ok
21:03:48.0312 5948  mraid35x - ok
21:03:48.0312 5948  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:03:48.0328 5948  MRxDAV - ok
21:03:48.0359 5948  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:03:48.0359 5948  MRxSmb - ok
21:03:48.0390 5948  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
21:03:48.0390 5948  MSDTC - ok
21:03:48.0437 5948  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:03:48.0437 5948  Msfs - ok
21:03:48.0437 5948  MSIServer - ok
21:03:48.0468 5948  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:03:48.0468 5948  MSKSSRV - ok
21:03:48.0484 5948  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:03:48.0484 5948  MSPCLOCK - ok
21:03:48.0500 5948  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:03:48.0500 5948  MSPQM - ok
21:03:48.0515 5948  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:03:48.0515 5948  mssmbios - ok
21:03:48.0546 5948  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
21:03:48.0546 5948  MSTEE - ok
21:03:48.0562 5948  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
21:03:48.0562 5948  Mup - ok
21:03:48.0578 5948  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:03:48.0578 5948  NABTSFEC - ok
21:03:48.0593 5948  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:03:48.0593 5948  napagent - ok
21:03:48.0609 5948  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:03:48.0609 5948  NDIS - ok
21:03:48.0625 5948  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:03:48.0625 5948  NdisIP - ok
21:03:48.0671 5948  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:03:48.0671 5948  NdisTapi - ok
21:03:48.0718 5948  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:03:48.0718 5948  Ndisuio - ok
21:03:48.0718 5948  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:03:48.0718 5948  NdisWan - ok
21:03:48.0734 5948  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:03:48.0734 5948  NDProxy - ok
21:03:48.0750 5948  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:03:48.0750 5948  NetBIOS - ok
21:03:48.0750 5948  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:03:48.0765 5948  NetBT - ok
21:03:48.0781 5948  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:03:48.0796 5948  NetDDE - ok
21:03:48.0796 5948  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:03:48.0796 5948  NetDDEdsdm - ok
21:03:48.0828 5948  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:03:48.0828 5948  Netlogon - ok
21:03:48.0890 5948  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
21:03:48.0890 5948  Netman - ok
21:03:48.0937 5948  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:03:48.0937 5948  NetTcpPortSharing - ok
21:03:48.0984 5948  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
21:03:48.0984 5948  Nla - ok
21:03:49.0062 5948  [ 854BD283FC520B7B154D1586676057CF ] Norton Ghost    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
21:03:49.0109 5948  Norton Ghost - ok
21:03:49.0109 5948  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:03:49.0109 5948  Npfs - ok
21:03:49.0140 5948  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:03:49.0140 5948  Ntfs - ok
21:03:49.0171 5948  [ 8AD12622C7FA674CB9979E3448AB89C6 ] ntk_dtv         C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys
21:03:49.0171 5948  ntk_dtv - ok
21:03:49.0171 5948  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
21:03:49.0187 5948  NtLmSsp - ok
21:03:49.0203 5948  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
21:03:49.0203 5948  NtmsSvc - ok
21:03:49.0234 5948  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:03:49.0234 5948  Null - ok
21:03:49.0281 5948  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:03:49.0281 5948  NwlnkFlt - ok
21:03:49.0296 5948  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:03:49.0296 5948  NwlnkFwd - ok
21:03:49.0328 5948  [ 067DB5B067722997FCAFE1858163D411 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:03:49.0328 5948  ose - ok
21:03:49.0359 5948  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
21:03:49.0359 5948  Parport - ok
21:03:49.0359 5948  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:03:49.0375 5948  PartMgr - ok
21:03:49.0406 5948  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:03:49.0406 5948  ParVdm - ok
21:03:49.0406 5948  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:03:49.0406 5948  PCI - ok
21:03:49.0421 5948  PCIDump - ok
21:03:49.0421 5948  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
21:03:49.0421 5948  PCIIde - ok
21:03:49.0484 5948  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:03:49.0484 5948  Pcmcia - ok
21:03:49.0515 5948  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
21:03:49.0515 5948  pcouffin - ok
21:03:49.0531 5948  PDCOMP - ok
21:03:49.0531 5948  PDFRAME - ok
21:03:49.0546 5948  PDRELI - ok
21:03:49.0546 5948  PDRFRAME - ok
21:03:49.0546 5948  perc2 - ok
21:03:49.0562 5948  perc2hib - ok
21:03:49.0625 5948  [ F2B3785D7282BAC66D4B644FC88749F0 ] pfc             C:\WINDOWS\system32\drivers\pfc.sys
21:03:49.0625 5948  pfc - ok
21:03:49.0625 5948  PID_0928 - ok
21:03:49.0640 5948  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
21:03:49.0640 5948  PlugPlay - ok
21:03:49.0640 5948  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:03:49.0640 5948  PolicyAgent - ok
21:03:49.0656 5948  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:03:49.0656 5948  PptpMiniport - ok
21:03:49.0718 5948  [ 19B9004D21704DEE27D19B03B3AB15C0 ] PQIMount        C:\WINDOWS\system32\drivers\PQIMount.sys
21:03:49.0718 5948  PQIMount - ok
21:03:49.0750 5948  [ ABF46EC4E7708889FF13CAE8C136A1A4 ] PQV2i           C:\WINDOWS\system32\drivers\PQV2i.sys
21:03:49.0750 5948  PQV2i - ok
21:03:49.0750 5948  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:03:49.0750 5948  ProtectedStorage - ok
21:03:49.0750 5948  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:03:49.0750 5948  PSched - ok
21:03:49.0765 5948  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:03:49.0765 5948  Ptilink - ok
21:03:49.0765 5948  ql1080 - ok
21:03:49.0781 5948  Ql10wnt - ok
21:03:49.0781 5948  ql12160 - ok
21:03:49.0781 5948  ql1240 - ok
21:03:49.0781 5948  ql1280 - ok
21:03:49.0890 5948  [ AE845C6B4305AAD70B9FE2C1F2D4593D ] RapportIaso     c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
21:03:49.0906 5948  RapportIaso - ok
21:03:49.0921 5948  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:03:49.0921 5948  RasAcd - ok
21:03:49.0937 5948  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:03:49.0953 5948  RasAuto - ok
21:03:49.0953 5948  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:03:49.0953 5948  Rasl2tp - ok
21:03:49.0968 5948  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:03:49.0968 5948  RasMan - ok
21:03:49.0968 5948  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:03:49.0968 5948  RasPppoe - ok
21:03:49.0984 5948  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:03:49.0984 5948  Raspti - ok
21:03:50.0015 5948  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:03:50.0015 5948  Rdbss - ok
21:03:50.0015 5948  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:03:50.0015 5948  RDPCDD - ok
21:03:50.0046 5948  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:03:50.0046 5948  rdpdr - ok
21:03:50.0093 5948  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:03:50.0093 5948  RDPWD - ok
21:03:50.0125 5948  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:03:50.0125 5948  RDSessMgr - ok
21:03:50.0156 5948  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:03:50.0156 5948  redbook - ok
21:03:50.0171 5948  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:03:50.0171 5948  RemoteAccess - ok
21:03:50.0187 5948  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
21:03:50.0187 5948  RemoteRegistry - ok
21:03:50.0187 5948  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:03:50.0187 5948  RpcLocator - ok
21:03:50.0218 5948  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
21:03:50.0234 5948  RpcSs - ok
21:03:50.0250 5948  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
21:03:50.0265 5948  RSVP - ok
21:03:50.0296 5948  [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:03:50.0296 5948  RTLE8023xp - ok
21:03:50.0343 5948  [ B9CA69921379EA2931C4450FE975BCE7 ] RTLVLAN         C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
21:03:50.0343 5948  RTLVLAN - ok
21:03:50.0343 5948  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:03:50.0343 5948  SamSs - ok
21:03:50.0421 5948  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
21:03:50.0500 5948  SBAMSvc - ok
21:03:50.0515 5948  [ 862EEC4DFFF55AB124C9F4C758BECC39 ] sbaphd          C:\WINDOWS\system32\drivers\sbaphd.sys
21:03:50.0515 5948  sbaphd - ok
21:03:50.0531 5948  [ 87574F4C899E8AEDDDC1EDF71D3E045E ] sbapifs         C:\WINDOWS\system32\drivers\sbapifs.sys
21:03:50.0531 5948  sbapifs - ok
21:03:50.0562 5948  [ 729248B54AFF21E740054ACEBFDBCB1C ] SBKUPNT         C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
21:03:50.0562 5948  SBKUPNT - ok
21:03:50.0562 5948  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:03:50.0562 5948  SCardSvr - ok
21:03:50.0609 5948  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:03:50.0609 5948  Schedule - ok
21:03:50.0640 5948  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:03:50.0640 5948  Secdrv - ok
21:03:50.0671 5948  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:03:50.0671 5948  seclogon - ok
21:03:50.0687 5948  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
21:03:50.0687 5948  SENS - ok
21:03:50.0718 5948  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
21:03:50.0718 5948  Serial - ok
21:03:50.0781 5948  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:03:50.0781 5948  Sfloppy - ok
21:03:50.0812 5948  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:03:50.0812 5948  SharedAccess - ok
21:03:50.0828 5948  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:03:50.0843 5948  ShellHWDetection - ok
21:03:50.0843 5948  Simbad - ok
21:03:50.0890 5948  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:03:50.0890 5948  SkypeUpdate - ok
21:03:50.0937 5948  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:03:50.0937 5948  SLIP - ok
21:03:50.0968 5948  Sparrow - ok
21:03:51.0031 5948  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:03:51.0031 5948  splitter - ok
21:03:51.0062 5948  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:03:51.0062 5948  Spooler - ok
21:03:51.0093 5948  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:03:51.0093 5948  sr - ok
21:03:51.0140 5948  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:03:51.0140 5948  srservice - ok
21:03:51.0171 5948  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:03:51.0171 5948  Srv - ok
21:03:51.0187 5948  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:03:51.0187 5948  SSDPSRV - ok
21:03:51.0234 5948  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:03:51.0234 5948  stisvc - ok
21:03:51.0265 5948  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:03:51.0265 5948  streamip - ok
21:03:51.0296 5948  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:03:51.0296 5948  swenum - ok
21:03:51.0312 5948  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:03:51.0312 5948  swmidi - ok
21:03:51.0312 5948  SwPrv - ok
21:03:51.0312 5948  symc810 - ok
21:03:51.0328 5948  symc8xx - ok
21:03:51.0328 5948  sym_hi - ok
21:03:51.0343 5948  sym_u3 - ok
21:03:51.0375 5948  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:03:51.0375 5948  sysaudio - ok
21:03:51.0390 5948  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:03:51.0390 5948  SysmonLog - ok
21:03:51.0421 5948  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:03:51.0437 5948  TapiSrv - ok
21:03:51.0484 5948  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:03:51.0484 5948  Tcpip - ok
21:03:51.0515 5948  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:03:51.0531 5948  TDPIPE - ok
21:03:51.0531 5948  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:03:51.0531 5948  TDTCP - ok
21:03:51.0578 5948  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:03:51.0578 5948  TermDD - ok
21:03:51.0625 5948  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
21:03:51.0625 5948  TermService - ok
21:03:51.0671 5948  [ 9D4BBD6E27B5562AEA8295DE7134E386 ] thdudf          C:\WINDOWS\system32\DRIVERS\thdudf.sys
21:03:51.0671 5948  thdudf - ok
21:03:51.0671 5948  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:03:51.0671 5948  Themes - ok
21:03:51.0718 5948  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
21:03:51.0718 5948  TlntSvr - ok
21:03:51.0718 5948  TosIde - ok
21:03:51.0734 5948  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:03:51.0734 5948  TrkWks - ok
21:03:51.0750 5948  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:03:51.0750 5948  Udfs - ok
21:03:51.0750 5948  ultra - ok
21:03:51.0843 5948  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:03:51.0843 5948  UMVPFSrv - ok
21:03:51.0890 5948  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:03:51.0890 5948  Update - ok
21:03:51.0906 5948  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:03:51.0906 5948  upnphost - ok
21:03:51.0906 5948  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
21:03:51.0921 5948  UPS - ok
21:03:51.0953 5948  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
21:03:51.0953 5948  USBAAPL - ok
21:03:51.0968 5948  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
21:03:51.0968 5948  usbaudio - ok
21:03:52.0000 5948  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:03:52.0000 5948  usbccgp - ok
21:03:52.0046 5948  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:03:52.0046 5948  usbehci - ok
21:03:52.0046 5948  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:03:52.0046 5948  usbhub - ok
21:03:52.0062 5948  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:03:52.0062 5948  usbprint - ok
21:03:52.0109 5948  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:03:52.0109 5948  usbscan - ok
21:03:52.0109 5948  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:03:52.0109 5948  usbstor - ok
21:03:52.0140 5948  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:03:52.0140 5948  usbuhci - ok
21:03:52.0187 5948  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
21:03:52.0187 5948  usbvideo - ok
21:03:52.0265 5948  [ 9D19B042A4FD5C02195071EA2FE0C821 ] usnjsvc         C:\Program Files\Windows Live\Messenger\usnsvc.exe
21:03:52.0265 5948  usnjsvc - ok
21:03:52.0281 5948  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:03:52.0281 5948  VgaSave - ok
21:03:52.0296 5948  ViaIde - ok
21:03:52.0343 5948  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:03:52.0343 5948  VolSnap - ok
21:03:52.0343 5948  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
21:03:52.0359 5948  VSS - ok
21:03:52.0421 5948  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
21:03:52.0421 5948  W32Time - ok
21:03:52.0437 5948  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:03:52.0437 5948  Wanarp - ok
21:03:52.0437 5948  WDICA - ok
21:03:52.0500 5948  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:03:52.0500 5948  wdmaud - ok
21:03:52.0515 5948  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:03:52.0515 5948  WebClient - ok
21:03:52.0609 5948  [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend       C:\Program Files\Windows Defender\MsMpEng.exe
21:03:52.0609 5948  WinDefend - ok
21:03:52.0734 5948  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:03:52.0734 5948  winmgmt - ok
21:03:52.0781 5948  [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc      C:\Program Files\Windows Live\installer\WLSetupSvc.exe
21:03:52.0781 5948  WLSetupSvc - ok
21:03:52.0828 5948  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
21:03:52.0828 5948  WmdmPmSN - ok
21:03:52.0875 5948  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
21:03:52.0890 5948  Wmi - ok
21:03:52.0921 5948  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:03:52.0921 5948  WmiApSrv - ok
21:03:53.0000 5948  [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
21:03:53.0015 5948  WMPNetworkSvc - ok
21:03:53.0046 5948  [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:03:53.0078 5948  WpdUsb - ok
21:03:53.0171 5948  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:03:53.0203 5948  WPFFontCache_v0400 - ok
21:03:53.0234 5948  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:03:53.0234 5948  WS2IFSL - ok
21:03:53.0265 5948  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
21:03:53.0265 5948  wscsvc - ok
21:03:53.0281 5948  WSearch - ok
21:03:53.0296 5948  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:03:53.0296 5948  WSTCODEC - ok
21:03:53.0328 5948  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:03:53.0328 5948  wuauserv - ok
21:03:53.0359 5948  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:03:53.0359 5948  WudfPf - ok
21:03:53.0390 5948  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:03:53.0390 5948  WudfRd - ok
21:03:53.0421 5948  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
21:03:53.0421 5948  WudfSvc - ok
21:03:53.0437 5948  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:03:53.0453 5948  WZCSVC - ok
21:03:53.0468 5948  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:03:53.0484 5948  xmlprov - ok
21:03:53.0484 5948  ================ Scan global ===============================
21:03:53.0531 5948  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:03:53.0578 5948  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:03:53.0593 5948  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:03:53.0625 5948  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:03:53.0640 5948  [Global] - ok
21:03:53.0640 5948  ================ Scan MBR ==================================
21:03:53.0656 5948  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:03:53.0906 5948  \Device\Harddisk0\DR0 - ok
21:03:53.0906 5948  ================ Scan VBR ==================================
21:03:53.0906 5948  [ A679C39B3F46BF04BF7BD18B421BF074 ] \Device\Harddisk0\DR0\Partition1
21:03:53.0921 5948  \Device\Harddisk0\DR0\Partition1 - ok
21:03:53.0921 5948  ============================================================
21:03:53.0921 5948  Scan finished
21:03:53.0921 5948  ============================================================
21:03:53.0921 4900  Detected object count: 1
21:03:53.0921 4900  Actual detected object count: 1
21:03:58.0093 4900  atapi ( LockedFile.Multi.Generic ) - skipped by user
21:03:58.0093 4900  atapi ( LockedFile.Multi.Generic ) - User select action: Skip 
21:04:05.0109 2556  Deinitialize success


#4 Ericlis

Ericlis
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 10 March 2013 - 11:39 PM

# AdwCleaner v2.114 - Logfile created 03/10/2013 at 21:09:09
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Alec - VOSTRO410
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Alec\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\brgu5hli.default\extensions\pricepeep@getpricepeep.com.xpi
File Deleted : C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\brgu5hli.default\searchplugins\search.xml
File Deleted : C:\Documents and Settings\Alec\Local Settings\Application Data\funmoods.crx
File Deleted : C:\Documents and Settings\Alec\Local Settings\Application Data\funmoods-speeddial.crx
File Deleted : C:\Documents and Settings\All Users\Desktop\iLivid.lnk
Folder Deleted : C:\DOCUME~1\Alec\LOCALS~1\Temp\{66bd2442-241b-44cd-8c7a-b51037053cdb}
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z2ao9e5m.default\adawaretb
Folder Deleted : C:\Documents and Settings\Alec\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\brgu5hli.default\adawaretb
Folder Deleted : C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\brgu5hli.default\Conduit
Folder Deleted : C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\brgu5hli.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\brgu5hli.default\CT2548838
Folder Deleted : C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\brgu5hli.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}
Folder Deleted : C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\brgu5hli.default\extensions\crossriderapp4479@crossrider.com
Folder Deleted : C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\brgu5hli.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\brgu5hli.default\extensions\staged
Folder Deleted : C:\Documents and Settings\Alec\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Alec\Local Settings\Application Data\Giant Savings
Folder Deleted : C:\Documents and Settings\Alec\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\adawaretb
Folder Deleted : C:\Program Files\adawaretb
Folder Deleted : C:\Program Files\Ilivid
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Giant Savings
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2548838
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Giant Savings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v6.0.2900.5512
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v12.0 (en-US)
 
File : C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\brgu5hli.default\prefs.js
 
C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\brgu5hli.default\user.js ... Deleted !
 
Deleted : user_pref("CT2548838..clientLogIsEnabled", false);
Deleted : user_pref("CT2548838..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2548838..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2548838.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2548838.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2548838.CTID", "CT2548838");
Deleted : user_pref("CT2548838.CurrentServerDate", "6-3-2013");
Deleted : user_pref("CT2548838.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2548838.DialogsGetterLastCheckTime", "Mon Mar 04 2013 22:53:08 GMT-0600 (Central Standa[...]
Deleted : user_pref("CT2548838.DownloadReferralCookieData", "");
Deleted : user_pref("CT2548838.EMailNotifierPollDate", "Mon Nov 07 2011 10:47:36 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT2548838.ExternalComponentPollDate129315605408469349", "Wed Oct 12 2011 21:37:22 GMT-050[...]
Deleted : user_pref("CT2548838.ExternalComponentPollDate129601976232935581", "Tue Mar 05 2013 21:39:20 GMT-060[...]
Deleted : user_pref("CT2548838.FirstServerDate", "2-8-2011");
Deleted : user_pref("CT2548838.FirstTime", true);
Deleted : user_pref("CT2548838.FirstTimeFF3", true);
Deleted : user_pref("CT2548838.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2548838.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2548838.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2548838.HasUserGlobalKeys", true);
Deleted : user_pref("CT2548838.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2548838.HomepageBeforeUnload", "hxxps://www.att.com/olam/uverseDashboardAction.olamexec[...]
Deleted : user_pref("CT2548838.Initialize", true);
Deleted : user_pref("CT2548838.InitializeCommonPrefs", true);
Deleted : user_pref("CT2548838.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2548838.InstallationId", "TVersitybar.exe_CT2548838 .exe");
Deleted : user_pref("CT2548838.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2548838.InstalledDate", "Mon Aug 01 2011 20:42:08 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2548838.InvalidateCache", false);
Deleted : user_pref("CT2548838.IsAlertDBUpdated", true);
Deleted : user_pref("CT2548838.IsGrouping", false);
Deleted : user_pref("CT2548838.IsMulticommunity", false);
Deleted : user_pref("CT2548838.IsOpenThankYouPage", false);
Deleted : user_pref("CT2548838.IsOpenUninstallPage", true);
Deleted : user_pref("CT2548838.LanguagePackLastCheckTime", "Mon Mar 04 2013 22:53:07 GMT-0600 (Central Standar[...]
Deleted : user_pref("CT2548838.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2548838.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2548838.LastLogin_3.18.0.7", "Tue Mar 05 2013 21:31:21 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT2548838.LastLogin_3.2.1.3", "Mon Nov 07 2011 10:47:36 GMT-0600 (Central Standard Time)"[...]
Deleted : user_pref("CT2548838.LastLogin_3.9.0.3", "Mon Mar 04 2013 22:53:07 GMT-0600 (Central Standard Time)"[...]
Deleted : user_pref("CT2548838.LatestVersion", "3.18.0.7");
Deleted : user_pref("CT2548838.Locale", "en");
Deleted : user_pref("CT2548838.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2548838.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2548838.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2548838.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT2548838.RadioIsPodcast", false);
Deleted : user_pref("CT2548838.RadioLastCheckTime", "Mon Nov 07 2011 10:47:37 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT2548838.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2548838.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2548838.RadioMediaID", "9909");
Deleted : user_pref("CT2548838.RadioMediaType", "Media Player");
Deleted : user_pref("CT2548838.RadioMenuSelectedID", "EBRadioMenu_CT25488389909");
Deleted : user_pref("CT2548838.RadioStationName", "WQXR-FM%20NYC%20(Classical)");
Deleted : user_pref("CT2548838.RadioStationURL", "hxxp://htc-01.media.globix.net/COMP005996MOD1/meta/wqxr_live[...]
Deleted : user_pref("CT2548838.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2548838.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2548838.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2548838.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT254[...]
Deleted : user_pref("CT2548838.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2548838.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2548838.SearchInNewTabLastCheckTime", "Mon Mar 04 2013 22:53:05 GMT-0600 (Central Stand[...]
Deleted : user_pref("CT2548838.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2548838.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2548838.SearchProtectorEnabled", false);
Deleted : user_pref("CT2548838.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2548838.ServiceMapLastCheckTime", "Mon Mar 04 2013 22:53:06 GMT-0600 (Central Standard [...]
Deleted : user_pref("CT2548838.SettingsLastCheckTime", "Tue Mar 05 2013 21:31:19 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT2548838.SettingsLastUpdate", "1362498374");
Deleted : user_pref("CT2548838.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2548838.ThirdPartyComponentsLastCheck", "Mon Mar 04 2013 22:53:04 GMT-0600 (Central Sta[...]
Deleted : user_pref("CT2548838.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2548838.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2548838.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2548838");
Deleted : user_pref("CT2548838.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2548838.UserID", "UN17116404195849136");
Deleted : user_pref("CT2548838.ValidationData_Search", 0);
Deleted : user_pref("CT2548838.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2548838.WeatherNetwork", "");
Deleted : user_pref("CT2548838.WeatherPollDate", "Mon Nov 07 2011 10:47:36 GMT-0600 (Central Standard Time)");
Deleted : user_pref("CT2548838.WeatherUnit", "F");
Deleted : user_pref("CT2548838.alertChannelId", "941820");
Deleted : user_pref("CT2548838.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2548838.globalFirstTimeInfoLastCheckTime", "Mon Mar 04 2013 22:53:08 GMT-0600 (Central [...]
Deleted : user_pref("CT2548838.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2548838.initDone", true);
Deleted : user_pref("CT2548838.isAppTrackingManagerOn", false);
Deleted : user_pref("CT2548838.myStuffEnabled", true);
Deleted : user_pref("CT2548838.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2548838.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2548838.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2548838.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2548838.oldAppsList", "129117851804524181,129117851804836682,111,129601976232935581,129[...]
Deleted : user_pref("CT2548838.revertSettingsEnabled", false);
Deleted : user_pref("CT2548838.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2548838.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2548838.testingCtid", "");
Deleted : user_pref("CT2548838.toolbarAppMetaDataLastCheckTime", "Mon Mar 04 2013 22:53:07 GMT-0600 (Central S[...]
Deleted : user_pref("CT2548838.toolbarContextMenuLastCheckTime", "Mon Mar 04 2013 22:53:07 GMT-0600 (Central S[...]
Deleted : user_pref("CT2548838.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2548838");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2548838/CT2548838[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/941820/937604/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2548838", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2548838",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63455331608580[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2548838&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"94d[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Alec\\Application [...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2548838");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2548838");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Nov 07 2011 10:47:35 GMT-0600 (Centr[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Nov 07 2011 10:47:35 GMT-0600 (Central S[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "728cec8a-32a1-4622-be64-04546ac7a5cb");
Deleted : user_pref("CommunityToolbar.globalUserId", "1d144b46-3954-4667-a767-f3dab393f53d");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Mar 04 2013 22:53:0[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Mar 04 2013 22:53:06 GMT-0600 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "7b5dc246-44fb-4b89-bd23-28413b6269d1");
Deleted : user_pref("backup.old.browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1362459189);
Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 37);
Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1362459189");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1362459189");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.expiration", "Tue Mar 05 201[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.value", "%22%28function%28%2[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.expiration", "Tue Mar 05 2013 21:[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Mon Mar 11 2013 [...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1362540676");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.value", "%221361906498%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installtime.value", "%221361906375%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2258453%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1362459232439");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221242%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%22152553%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1362459209225");
Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons dis[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "88");
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Wed Mar 06[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 4);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 15);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 34);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 5);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jq[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 59);
Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 88);
Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
Deleted : user_pref("extensions.crossriderapp4479.bic", "13d38e55df464ae97b1783c1cc831f35");
Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1362459189);
Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22709011);
Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22709018);
Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
Deleted : user_pref("extensions.enabledAddons", "crossriderapp4479@crossrider.com:0.83.20,ffxtlbr@funmoods.com[...]
Deleted : user_pref("extensions.funmoods.aflt", "iron2");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "01C2AC0144E12E4756EC2BABBD86FA47");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.id", "00219B149E3B8AD4");
Deleted : user_pref("extensions.funmoods.instlDay", "15579");
Deleted : user_pref("extensions.funmoods.instlRef", "iron2");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:37:27");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=iron2&chnl=iron2&cd=2[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:37:27");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:37:27");
 
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z2ao9e5m.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v25.0.1364.97
 
File : C:\Documents and Settings\Alec\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.1993] : homepage = "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0BtCy[...]
 
-\\ Opera v [Unable to get version]
 
File : C:\Documents and Settings\Alec\Application Data\Opera\Opera\operaprefs.ini
 
Deleted : Home URL=hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0BtCyEzy0EtA[...]
 
*************************
 
AdwCleaner[S1].txt - [37494 octets] - [10/03/2013 21:09:09]
 
########## EOF - C:\AdwCleaner[S1].txt - [37555 octets] ##########


ESETscan

 

 

C:\Documents and Settings\Alec\My Documents\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\old D drive\Documents and Settings\Program Files\AWS\WeatherBug\MiniBugTransporter.dll Win32/Adware.WBug.A application cleaned by deleting - quarantined
C:\old D drive\New Folder\kf141.zip Win32/PSWTool.RAS.A application deleted - quarantined


For some reason it wont let me post the results of the minitoolbox scan  says I do not have permission for that action when posting that log


Edited by Ericlis, 10 March 2013 - 11:41 PM.


#5 Ericlis

Ericlis
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 10 March 2013 - 11:43 PM

MiniToolBox by Farbar  Version:05-03-2013
Ran by Alec (administrator) on 10-03-2013 at 21:07:39
Running from "C:\Documents and Settings\Alec\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.no_proxies_on", "*.local"
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC = Local Area Connection (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : vostro410
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Broadcast
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
        DNS Suffix Search List. . . . . . : gateway.2wire.net
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : gateway.2wire.net
 
        Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
 
        Physical Address. . . . . . . . . : 00-21-9B-14-9E-3B
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.65
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.254
 
        DHCP Server . . . . . . . . . . . : 192.168.1.254
 
        DNS Servers . . . . . . . . . . . : 192.168.1.254
 
        Lease Obtained. . . . . . . . . . : Sunday, March 10, 2013 6:30:07 PM
 
        Lease Expires . . . . . . . . . . : Monday, March 11, 2013 6:30:07 PM
 
Server:  homeportal
Address:  192.168.1.254
 
Name:    google.com
Addresses:  74.125.227.46, 74.125.227.32, 74.125.227.33, 74.125.227.34
 74.125.227.35, 74.125.227.36, 74.125.227.37, 74.125.227.38, 74.125.227.39
 74.125.227.40, 74.125.227.41
 
 
 
Pinging google.com [74.125.227.32] with 32 bytes of data:
 
 
 
Reply from 74.125.227.32: bytes=32 time=29ms TTL=52
 
Reply from 74.125.227.32: bytes=32 time=26ms TTL=54
 
 
 
Ping statistics for 74.125.227.32:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 26ms, Maximum = 29ms, Average = 27ms
 
Server:  homeportal
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  98.139.183.24, 206.190.36.45, 98.138.253.109
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
 
 
Reply from 206.190.36.45: bytes=32 time=128ms TTL=47
 
Reply from 206.190.36.45: bytes=32 time=130ms TTL=47
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 128ms, Maximum = 130ms, Average = 129ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 9b 14 9e 3b ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.65  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      169.254.0.0      255.255.0.0     192.168.1.65    192.168.1.65  20
      192.168.1.0    255.255.255.0     192.168.1.65    192.168.1.65  20
     192.168.1.65  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.1.255  255.255.255.255     192.168.1.65    192.168.1.65  20
        224.0.0.0        240.0.0.0     192.168.1.65    192.168.1.65  20
  255.255.255.255  255.255.255.255     192.168.1.65    192.168.1.65  1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/10/2013 08:30:43 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 25.0.1364.97, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/10/2013 08:24:16 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (03/10/2013 08:24:16 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (03/10/2013 08:08:16 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (03/10/2013 08:08:16 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (03/10/2013 06:30:34 PM) (Source: Norton Ghost) (User: )
Description: Description: An error occurred while starting Norton Ghost service. The following component is not installed correctly: Symantec.Ghost.Info.
 
Details: Unspecified error
 
Source: Norton Ghost
 
Error: (03/10/2013 06:30:16 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (03/10/2013 06:30:16 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (03/10/2013 06:30:16 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (03/10/2013 06:30:16 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
 
System errors:
=============
Error: (03/10/2013 06:31:32 PM) (Source: Service Control Manager) (User: )
Description: The Norton Ghost service terminated with service-specific error 2147500037 (0x80004005).
 
Error: (03/10/2013 06:31:03 PM) (Source: Service Control Manager) (User: )
Description: The Norton Ghost service terminated with service-specific error 2147500037 (0x80004005).
 
Error: (03/10/2013 01:41:42 PM) (Source: Service Control Manager) (User: )
Description: The Norton Ghost service terminated with service-specific error 2147500037 (0x80004005).
 
Error: (03/10/2013 01:41:09 PM) (Source: Service Control Manager) (User: )
Description: The Norton Ghost service terminated with service-specific error 2147500037 (0x80004005).
 
Error: (03/10/2013 11:05:59 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0
 
Error: (03/10/2013 11:05:06 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0
 
Error: (03/10/2013 11:04:16 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0
 
Error: (03/10/2013 00:26:58 AM) (Source: Service Control Manager) (User: )
Description: The Norton Ghost service terminated with service-specific error 2147500037 (0x80004005).
 
Error: (03/10/2013 00:26:27 AM) (Source: Service Control Manager) (User: )
Description: The Norton Ghost service terminated with service-specific error 2147500037 (0x80004005).
 
Error: (03/09/2013 08:26:15 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
 


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:10 PM

Posted 11 March 2013 - 07:31 PM

Ok, that's a lot of bad guys removed..

 

When we are done you should reinstall Norton ghost.

 

Can you get this part of the Minitoolbox log?

  • List last 10 Event Viewer log

  •  

  • List Installed Programs

  •  

  • List Users, Partitions and Memory size.

  •  

 

Please download Malwarebytes Anti-Malware  mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

[color=green]Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily or permit them to allow the changes.[/color]

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.

  • When the installation begins, follow the prompts and do not make any changes to default settings.

  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.

  • If an update is found, the program will automatically update itself. Press the OK button and continue.

  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in .

  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.

  • Click on the Scan button.

  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.

  • Make sure that everything is checked and then click Remove Selected.

  • When removal is completed, a log report will open in Notepad.

  • The log is automatically saved and can be viewed by clicking the Logs tab.

  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.

  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware. -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use [URL=http://helpdesk.malwarebytes.org/entries/20872371-use-chameleon-to-run-malwarebytes-on-infected-systems]Malwarebytes Chameleon[/URL] and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

 

How is it running now?


Edited by boopme, 11 March 2013 - 07:33 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Ericlis

Ericlis
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 12 March 2013 - 08:59 PM

When I try to run malwarebytes I get the following error

 

run-time error '372'

 

failed to load control 'webBrowser' from ieframe.dll  your version of ieframe.dll may be outdated. make sure you are using the version of the control that was provided with your application

 

same thing happens when i try to run with the Malwarebytes Chameleon


Edited by Ericlis, 12 March 2013 - 09:01 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:10 PM

Posted 12 March 2013 - 10:02 PM

Download lnk fix from here

 

http://www.dougknox.com/xp/fileassoc/linkfile_fix.zip

 

Extract and launch the key and click YES

 

Restart the PC and launch mbam.exe from its installation directory.It should work now.



#9 Ericlis

Ericlis
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 13 March 2013 - 07:42 PM

That did the trick, here is the log, it didnt find anything on the quickscan

 

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.14.01
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Alec :: VOSTRO410 [administrator]
 
3/13/2013 7:33:52 PM
mbam-log-2013-03-13 (19-33-52).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255125
Time elapsed: 7 minute(s), 55 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:10 PM

Posted 14 March 2013 - 09:14 AM

Can you get this part of the Minitoolbox log?

  • List last 10 Event Viewer log
     
  • List InstalledP rograms
     
  • List Users, Partitions and Memory size.

How is it running?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Ericlis

Ericlis
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 14 March 2013 - 01:22 PM

I can try to get it to post those parts,something in the log after copying and pasting into the reply box gives me a forum error

So far seems to be ok except for Internet explorer will hang on launch ( ie window will open then hangs and says not responding in taskmanager) and windows update won't load from the start menu link, those may be related issues though

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:10 PM

Posted 15 March 2013 - 03:02 PM

May be best to get a get a deeper look at what is going on inside. Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.


Include this link back to here...
http://www.bleepingcomputer.com/forums/t/488154/pretty-sure-im-infected/#entry3002967
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users