site Search:
Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
    All Forums Hot Topics Gallery
 
Forums >

Broadband Tech > Security > Security Cleanup > Redirects

Search Topic:
 Uniqs:
286		 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
AuthorAll Replies


ChristiMC

@comcast.net

Redirects

Hello All, I have been having problems with some redirects. I run Malwarebytes, it finds a couple things then deletes them. But the next day, it happens again. So, I ran ESET online scanner and it found 5 things (win32sirefef...etc) At that point I thought I better do the full deal (mandatory steps) and make sure that I have cleared out the issues.

One issue I had was I was unable to open my Norton. It would come uip with an "unspecified error". Not sure if that has anything to do with the redirects. Here are all the logs-

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Carnbarn :: CARNBARN-PC [administrator]

3/30/2013 10:22:47 AM
mbam-log-2013-03-30 (10-22-47).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 347998
Time elapsed: 45 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

# AdwCleaner v2.115 - Logfile created 03/30/2013 at 11:14:58
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Carnbarn - CARNBARN-PC
# Boot Mode : Normal
# Running from : C:\Users\Carnbarn\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\adawaretb
Folder Found : C:\Program Files (x86)\xfin_portal
Folder Found : C:\ProgramData\adawaretb
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\search protection
Folder Found : C:\Users\Carnbarn\AppData\LocalLow\adawaretb
Folder Found : C:\Users\Carnbarn\AppData\LocalLow\xfin_portal

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\xfin_portal
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal
Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKU\S-1-5-21-191043299-397355393-2937461882-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

OTL logfile created on: 3/30/2013 11:19:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carnbarn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 64.53% Memory free
7.83 Gb Paging File | 6.10 Gb Available in Paging File | 77.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 164.74 Gb Free Space | 64.82% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.80 Gb Free Space | 92.43% Space Free | Partition Type: NTFS

Computer Name: CARNBARN-PC | User Name: Carnbarn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/03/30 10:23:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carnbarn\Desktop\OTL.exe
PRC - [2013/02/21 05:37:06 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/02/21 05:37:04 | 018,814,816 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2013/02/11 03:47:42 | 000,673,192 | ---- | M] (Lavasoft.) -- C:\ProgramData\Search Protection\SearchProtection.exe
PRC - [2013/01/31 08:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/01/14 07:16:10 | 000,066,600 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2013/01/14 07:16:07 | 003,982,376 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/08/13 16:21:37 | 001,193,176 | ---- | M] () -- C:\Users\Carnbarn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2011/10/05 13:31:46 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
PRC - [2011/02/24 22:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/24 22:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 22:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/02/11 19:28:52 | 001,522,080 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2010/12/24 04:19:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/12/20 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/13 16:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
PRC - [2010/12/13 16:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
PRC - [2010/10/22 07:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
PRC - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/02/14 08:55:12 | 000,240,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll
MOD - [2013/02/14 08:55:11 | 001,358,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll
MOD - [2013/02/14 08:52:29 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/02/14 08:52:24 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013/02/14 08:52:22 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/14 08:52:08 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/14 07:16:09 | 000,014,888 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.XmlSerializers.dll
MOD - [2013/01/14 07:16:08 | 000,104,488 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
MOD - [2013/01/14 07:15:09 | 000,548,488 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll
MOD - [2013/01/10 06:39:36 | 001,707,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll
MOD - [2013/01/10 06:38:32 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 06:08:50 | 017,478,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll
MOD - [2013/01/10 06:08:36 | 002,347,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013/01/10 06:08:34 | 001,084,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll
MOD - [2013/01/10 06:03:49 | 000,256,000 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll
MOD - [2013/01/10 06:03:37 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 06:03:21 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/10 06:03:12 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/10 06:02:50 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 06:02:48 | 000,060,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll
MOD - [2013/01/10 06:02:47 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/10 06:02:37 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/10 06:02:34 | 000,684,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll
MOD - [2013/01/10 06:02:31 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 06:02:28 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 06:02:27 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 06:02:20 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/08/13 16:21:37 | 001,193,176 | ---- | M] () -- C:\Users\Carnbarn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/12/04 07:27:11 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/24 22:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/02/24 21:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/02/15 14:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 14:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 14:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 14:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 13:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/17 19:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/02/09 16:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2013/03/12 14:51:18 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/21 05:37:06 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013/01/14 07:16:10 | 000,066,600 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/24 22:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/12/20 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/13 16:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)
SRV - [2010/12/13 16:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/10/22 07:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe -- (EgisTec Service Help)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/26 14:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2013/03/15 09:30:29 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/01/28 19:25:20 | 000,045,968 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2013/01/05 21:39:40 | 000,026,448 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyCrypt64.sys -- (keycrypt)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/12 21:30:58 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/10/12 21:30:58 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/10/12 21:29:09 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/10/12 21:29:07 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/10/12 21:17:01 | 000,055,880 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\EgisTecFF.sys -- (EgisTecFF)
DRV:64bit: - [2011/10/12 21:11:19 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/10/12 21:11:19 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/10/12 21:11:19 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/09/19 21:04:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/19 21:04:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/25 03:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/18 01:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/24 04:19:56 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/22 05:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/29 23:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/31 03:36:56 | 000,035,952 | ---- | M] (Egis Technology Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2010/10/28 03:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/10/21 03:05:22 | 000,228,224 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2010/10/19 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/16 02:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV:64bit: - [2010/05/30 20:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/21 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 17:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = »www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···earchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = »www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···earchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = »lavasoft.blekko.com/ws/?source=f···chTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = »www.google.com/search?sourceid=i···=1I7LENN
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011/10/12 21:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/07/21 08:26:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012/07/23 04:02:53 | 000,000,000 | ---D | M]

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: »securesearch.lavasoft.com/?sourc···434CC588
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: »securesearch.lavasoft.com/?sourc···434CC588
CHR - Extension: YouTube = C:\Users\Carnbarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Carnbarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Carnbarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Carnbarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Norton Identity Protection = C:\Users\Carnbarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
CHR - Extension: Gmail = C:\Users\Carnbarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Carnbarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.111.1\NativeBHO.dll (WhiteSky)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat ()
O4 - HKCU..\Run: [Piriform] C:\Users\Carnbarn\AppData\Local\Piriform\lnpbjhbj.dll (Creative Technology Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Carnbarn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} »images3.pnimedia.com/ProductAsse···trol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D181A60-CA0D-407A-B3CD-88603A2D32F8}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll (Zemana Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/03/30 10:23:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carnbarn\Desktop\OTL.exe
[2013/03/30 10:11:06 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Carnbarn\Desktop\TFC.exe
[2013/03/30 09:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/03/30 07:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/03/30 07:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/30 07:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/03/30 07:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/30 07:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/03/30 07:34:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/28 16:33:57 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2013/03/25 16:51:30 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013/03/15 09:34:44 | 000,000,000 | ---D | C] -- C:\Users\Carnbarn\AppData\Roaming\LavasoftStatistics
[2013/03/15 09:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/03/15 09:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/03/15 09:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/03/15 09:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/03/15 09:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2013/03/15 09:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013/03/15 09:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\adawaretb
[2013/03/15 09:31:15 | 000,000,000 | ---D | C] -- C:\Users\Carnbarn\AppData\Local\adawarebp
[2013/03/15 09:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/03/15 09:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/03/15 09:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2013/03/15 09:30:29 | 000,047,496 | ---- | C] (GFI Software) -- C:\windows\SysNative\sbbd.exe
[2013/03/15 09:30:29 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/03/15 09:30:28 | 000,000,000 | ---D | C] -- C:\Users\Carnbarn\AppData\Roaming\Ad-Aware Antivirus
[2013/03/15 08:30:06 | 000,000,000 | ---D | C] -- C:\Users\Carnbarn\AppData\Local\Piriform
[2013/03/14 04:57:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/03/14 04:57:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/03/14 04:57:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/03/14 04:57:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/03/14 04:57:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/03/14 04:57:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/03/14 04:57:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/03/14 04:57:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/03/14 04:57:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/03/14 04:57:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/03/14 04:57:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/03/14 04:57:33 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/03/14 04:57:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/03/14 04:57:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/03/14 04:57:31 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/03/14 04:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/14 04:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/14 04:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/03 12:00:37 | 000,000,000 | ---D | C] -- C:\Users\Carnbarn\Desktop\Princess Party
[2013/03/01 11:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Users\Carnbarn\Documents\*.tmp files -> C:\Users\Carnbarn\Documents\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/03/30 11:19:13 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/30 11:19:13 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/30 11:17:54 | 000,726,270 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/03/30 11:17:54 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/03/30 11:17:54 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/03/30 11:12:23 | 000,570,667 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013/03/30 11:12:04 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/03/30 11:11:54 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/30 11:11:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/30 11:11:30 | 3153,702,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/30 10:51:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/30 10:24:02 | 000,000,902 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/30 10:23:51 | 000,890,798 | ---- | M] () -- C:\Users\Carnbarn\Desktop\SecurityCheck.exe
[2013/03/30 10:23:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carnbarn\Desktop\OTL.exe
[2013/03/30 10:23:06 | 000,609,993 | ---- | M] () -- C:\Users\Carnbarn\Desktop\adwcleaner.exe
[2013/03/30 10:11:07 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Carnbarn\Desktop\TFC.exe
[2013/03/30 07:37:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/28 15:40:41 | 000,147,484 | ---- | M] () -- C:\Users\Carnbarn\Desktop\531322_3078957432259_305673996_n[1].jpg
[2013/03/28 10:52:58 | 000,132,730 | ---- | M] () -- C:\Users\Carnbarn\Desktop\Gym Bday.JPG
[2013/03/28 06:07:23 | 000,000,438 | ---- | M] () -- C:\windows\SysWow64\WSCConfig.xml
[2013/03/19 15:31:42 | 000,148,572 | ---- | M] () -- C:\Users\Carnbarn\Desktop\FTF13F Offer_111503_2_3192013_33018 PM.pdf
[2013/03/17 18:13:55 | 000,086,519 | ---- | M] () -- C:\Users\Carnbarn\Desktop\307398_558070714211465_1686351065_n[1].jpg
[2013/03/15 09:30:29 | 000,047,496 | ---- | M] (GFI Software) -- C:\windows\SysNative\sbbd.exe
[2013/03/15 09:30:29 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/03/12 14:51:17 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/03/12 14:51:17 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/28 21:04:28 | 000,100,787 | ---- | M] () -- C:\Users\Carnbarn\Desktop\164438_159812477509327_1143714164_n[1].jpg
[1 C:\Users\Carnbarn\Documents\*.tmp files -> C:\Users\Carnbarn\Documents\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/03/30 10:23:51 | 000,890,798 | ---- | C] () -- C:\Users\Carnbarn\Desktop\SecurityCheck.exe
[2013/03/30 10:23:06 | 000,609,993 | ---- | C] () -- C:\Users\Carnbarn\Desktop\adwcleaner.exe
[2013/03/30 07:37:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/28 15:40:55 | 000,147,484 | ---- | C] () -- C:\Users\Carnbarn\Desktop\531322_3078957432259_305673996_n[1].jpg
[2013/03/28 10:52:58 | 000,132,730 | ---- | C] () -- C:\Users\Carnbarn\Desktop\Gym Bday.JPG
[2013/03/28 06:07:23 | 000,000,438 | ---- | C] () -- C:\windows\SysWow64\WSCConfig.xml
[2013/03/19 15:31:41 | 000,148,572 | ---- | C] () -- C:\Users\Carnbarn\Desktop\FTF13F Offer_111503_2_3192013_33018 PM.pdf
[2013/03/17 18:14:52 | 000,086,519 | ---- | C] () -- C:\Users\Carnbarn\Desktop\307398_558070714211465_1686351065_n[1].jpg
[2013/03/15 09:31:33 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/02/28 21:04:43 | 000,100,787 | ---- | C] () -- C:\Users\Carnbarn\Desktop\164438_159812477509327_1143714164_n[1].jpg
[2011/10/13 06:00:14 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll
[2011/10/13 06:00:14 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll
[2011/10/13 06:00:14 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll
[2011/10/13 06:00:14 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll
[2011/10/13 06:00:14 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE
[2011/10/13 06:00:14 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS
[2011/10/13 06:00:13 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll
[2011/10/13 06:00:13 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll
[2011/10/13 06:00:13 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe
[2011/10/13 06:00:13 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe
[2011/10/13 06:00:13 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE
[2011/10/13 06:00:13 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys
[2011/10/12 21:17:21 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011/10/12 21:17:20 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011/10/12 21:17:20 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/10/12 21:17:20 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/10/12 21:17:14 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/10/12 21:04:33 | 000,001,652 | ---- | C] () -- C:\windows\vm331Rmv.ini
[2011/10/12 21:04:33 | 000,001,652 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini
[2011/04/14 22:29:01 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011/04/14 22:28:23 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/14 22:28:18 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/04/14 22:28:13 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2013/03/28 16:28:07 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$595c496da99de0ec1411359079cdf9d2\@
[2013/03/28 17:44:22 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$595c496da99de0ec1411359079cdf9d2\L
[2013/03/29 06:29:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$595c496da99de0ec1411359079cdf9d2\U
[2013/03/28 16:28:09 | 000,000,804 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$595c496da99de0ec1411359079cdf9d2\L\00000004.@
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[2013/03/28 16:28:07 | 000,005,120 | -HS- | M] () -- C:\windows\assembly\GAC_32\Desktop.ini
[2013/03/28 16:28:07 | 000,006,144 | -HS- | M] () -- C:\windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"" = C:\Users\Carnbarn\AppData\Local\Temp\spvxpvr\sffuexd\wow64.dll -- [2013/03/14 15:40:41 | 000,002,560 | -HS- | M] ()

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$595c496da99de0ec1411359079cdf9d2\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2013/03/15 10:51:04 | 000,000,000 | ---D | M] -- C:\Users\Carnbarn\AppData\Roaming\Ad-Aware Antivirus
[2012/11/11 10:13:59 | 000,000,000 | ---D | M] -- C:\Users\Carnbarn\AppData\Roaming\CVS
[2013/03/30 11:13:30 | 000,000,000 | ---D | M] -- C:\Users\Carnbarn\AppData\Roaming\ID Vault
[2012/02/29 21:16:07 | 000,000,000 | ---D | M] -- C:\Users\Carnbarn\AppData\Roaming\SmartDraw
[2012/08/21 14:39:48 | 000,000,000 | ---D | M] -- C:\Users\Carnbarn\AppData\Roaming\Spotify
[2012/07/13 14:51:38 | 000,000,000 | ---D | M] -- C:\Users\Carnbarn\AppData\Roaming\Tific
[2012/04/20 16:37:32 | 000,000,000 | ---D | M] -- C:\Users\Carnbarn\AppData\Roaming\WeatherBug

[color=#E56717]========== Purity Check ==========[/color]

The ESET scan I did was clean.

Thanks for any help!!!
to forum · permalink · 2013-03-30 16:02:37 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

OTL Extras logfile created on: 3/30/2013 11:19:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carnbarn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 64.53% Memory free
7.83 Gb Paging File | 6.10 Gb Available in Paging File | 77.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 164.74 Gb Free Space | 64.82% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.80 Gb Free Space | 92.43% Space Free | Partition Type: NTFS

Computer Name: CARNBARN-PC | User Name: Carnbarn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F494B8A-D6E6-4540-9A74-F773B63164A6}" = Port Locker
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
"CCleaner" = CCleaner
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FB0C4D9-73BB-4D1A-8483-5D0BD53FACC0}" = Ad-Aware Antivirus
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1" = AntiLogger SDK version 1.4.6.637
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = ES603 WDM Driver
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ID Vault" = Constant Guard Protection Suite
"InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = EgisTec ES603 WDM Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"N360" = Norton Security Suite
"VeriFace" = VeriFace
"Video Mover_is1" = Video Mover
"WinLiveSuite" = Windows Live Essentials
"xfin_portal" = XFINITY Toolbar

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 3/16/2013 10:40:15 PM | Computer Name = Carnbarn-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5055

Error - 3/16/2013 10:40:16 PM | Computer Name = Carnbarn-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/16/2013 10:40:16 PM | Computer Name = Carnbarn-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6100

Error - 3/16/2013 10:40:16 PM | Computer Name = Carnbarn-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6100

Error - 3/17/2013 2:56:41 AM | Computer Name = Carnbarn-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/17/2013 2:56:41 AM | Computer Name = Carnbarn-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014

Error - 3/17/2013 2:56:41 AM | Computer Name = Carnbarn-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014

Error - 3/17/2013 2:56:42 AM | Computer Name = Carnbarn-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/17/2013 2:56:42 AM | Computer Name = Carnbarn-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2028

Error - 3/17/2013 2:56:42 AM | Computer Name = Carnbarn-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2028

[ System Events ]
Error - 10/7/2012 10:28:19 AM | Computer Name = Carnbarn-PC | Source = DCOM | ID = 10016
Description =

Error - 10/8/2012 7:29:40 AM | Computer Name = Carnbarn-PC | Source = DCOM | ID = 10016
Description =

Error - 10/8/2012 7:29:54 AM | Computer Name = Carnbarn-PC | Source = DCOM | ID = 10016
Description =

Error - 10/8/2012 7:30:09 AM | Computer Name = Carnbarn-PC | Source = DCOM | ID = 10016
Description =

Error - 10/9/2012 3:05:01 PM | Computer Name = Carnbarn-PC | Source = DCOM | ID = 10016
Description =

Error - 10/9/2012 3:05:11 PM | Computer Name = Carnbarn-PC | Source = DCOM | ID = 10016
Description =

Error - 10/9/2012 3:05:32 PM | Computer Name = Carnbarn-PC | Source = DCOM | ID = 10016
Description =

Error - 10/10/2012 7:33:33 AM | Computer Name = Carnbarn-PC | Source = DCOM | ID = 10016
Description =

Error - 10/10/2012 7:33:42 AM | Computer Name = Carnbarn-PC | Source = DCOM | ID = 10016
Description =

Error - 10/10/2012 7:33:57 AM | Computer Name = Carnbarn-PC | Source = DCOM | ID = 10016
Description =

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2013-03-30 18:15:50 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
[color=red]Windows Security Center service is not running! This report may not be accurate![/color]
Lavasoft Ad-Aware
Norton Security Suite
Antivirus up to date! (On Access scanning disabled!)
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Ad-Aware
Malwarebytes Anti-Malware version 1.70.0.1100
Java(TM) 6 Update 31
Java(TM) 7 Update 5
[color=red]Java version out of Date![/color]
Adobe Reader 10.1.6 [color=red]Adobe Reader out of Date![/color]
[u]````````Process Check: objlist.exe by Laurent````````[/u]
[color=red]Ad-Aware AAWService.exe is disabled![/color]
[color=red]Ad-Aware AAWTray.exe is disabled![/color]
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 5%
[u]````````````````````End of Log``````````````````````[/u]
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2013-03-30 18:16:09 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

reply to ChristiMC
If you could also download and run TDSS Killer (#4), posting the log in your next reply

We'll need the entire log, even if you 'think/see' nothing detected.

Don't make any further system changes at this time.

»Security Cleanup FAQ »Rootkit Detection Applications

to forum · permalink · 2013-03-30 18:20:19 ·


ChristiMC

@comcast.net

I downloaded the TDSS Killer and ran it...then clicked on "Report", which showed a long report. However, I am unable to right click copy it to post it. Did I download the wrong version or am I doing something wrong?

to forum · permalink · 2013-03-30 18:41:02 ·


ChristiMC

@comcast.net

Oops...my bad...I was able to find the report on the C Drive. Here it is-

to forum · permalink · 2013-03-30 19:00:59 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

15:32:00.0901 6104 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:32:01.0573 6104 ============================================================
15:32:01.0573 6104 Current date / time: 2013/03/30 15:32:01.0573
15:32:01.0573 6104 SystemInfo:
15:32:01.0573 6104
15:32:01.0573 6104 OS Version: 6.1.7601 ServicePack: 1.0
15:32:01.0573 6104 Product type: Workstation
15:32:01.0574 6104 ComputerName: CARNBARN-PC
15:32:01.0574 6104 UserName: Carnbarn
15:32:01.0574 6104 Windows directory: C:\windows
15:32:01.0574 6104 System windows directory: C:\windows
15:32:01.0574 6104 Running under WOW64
15:32:01.0574 6104 Processor architecture: Intel x64
15:32:01.0574 6104 Number of processors: 4
15:32:01.0574 6104 Page size: 0x1000
15:32:01.0574 6104 Boot type: Normal boot
15:32:01.0574 6104 ============================================================
15:32:02.0090 6104 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:32:02.0102 6104 ============================================================
15:32:02.0103 6104 \Device\Harddisk0\DR0:
15:32:02.0103 6104 MBR partitions:
15:32:02.0103 6104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
15:32:02.0103 6104 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800
15:32:02.0129 6104 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800
15:32:02.0129 6104 ============================================================
15:32:02.0177 6104 C: \Device\Harddisk0\DR0\Partition2
15:32:02.0238 6104 D: \Device\Harddisk0\DR0\Partition3
15:32:02.0238 6104 ============================================================
15:32:02.0239 6104 Initialize success
15:32:02.0239 6104 ============================================================
15:32:04.0529 3480 ============================================================
15:32:04.0529 3480 Scan started
15:32:04.0529 3480 Mode: Manual;
15:32:04.0529 3480 ============================================================
15:32:05.0506 3480 ================ Scan system memory ========================
15:32:05.0506 3480 System memory - ok
15:32:05.0507 3480 ================ Scan services =============================
15:32:05.0817 3480 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
15:32:05.0823 3480 1394ohci - ok
15:32:05.0878 3480 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
15:32:05.0885 3480 ACPI - ok
15:32:05.0907 3480 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
15:32:05.0909 3480 AcpiPmi - ok
15:32:05.0946 3480 [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
15:32:05.0948 3480 ACPIVPC - ok
15:32:06.0101 3480 [ D22791FCF6AD10A5591C719C37457A24 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
15:32:06.0136 3480 Ad-Aware Service - ok
15:32:06.0239 3480 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:32:06.0241 3480 AdobeARMservice - ok
15:32:06.0360 3480 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:32:06.0367 3480 AdobeFlashPlayerUpdateSvc - ok
15:32:06.0415 3480 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
15:32:06.0426 3480 adp94xx - ok
15:32:06.0452 3480 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
15:32:06.0459 3480 adpahci - ok
15:32:06.0490 3480 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
15:32:06.0495 3480 adpu320 - ok
15:32:06.0543 3480 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:32:06.0546 3480 AeLookupSvc - ok
15:32:06.0612 3480 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
15:32:06.0623 3480 AFD - ok
15:32:06.0707 3480 [ 7F1130830B3BA85921519A5616E29803 ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
15:32:06.0724 3480 AffinegyService - ok
15:32:06.0756 3480 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
15:32:06.0758 3480 agp440 - ok
15:32:06.0782 3480 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
15:32:06.0785 3480 ALG - ok
15:32:06.0798 3480 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
15:32:06.0800 3480 aliide - ok
15:32:06.0808 3480 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
15:32:06.0810 3480 amdide - ok
15:32:06.0829 3480 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
15:32:06.0831 3480 AmdK8 - ok
15:32:06.0842 3480 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
15:32:06.0845 3480 AmdPPM - ok
15:32:06.0851 3480 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
15:32:06.0854 3480 amdsata - ok
15:32:06.0872 3480 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
15:32:06.0876 3480 amdsbs - ok
15:32:06.0895 3480 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
15:32:06.0896 3480 amdxata - ok
15:32:06.0939 3480 [ A3AD44406CA340AB36B8C72C5D057ED5 ] AntiLog32 C:\windows\system32\drivers\AntiLog64.sys
15:32:06.0942 3480 AntiLog32 - ok
15:32:07.0012 3480 [ F9DAC844B1D370DA4C984D4C22F5E696 ] AntiSpywareService C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
15:32:07.0029 3480 AntiSpywareService - ok
15:32:07.0052 3480 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
15:32:07.0055 3480 AppID - ok
15:32:07.0084 3480 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
15:32:07.0086 3480 AppIDSvc - ok
15:32:07.0102 3480 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
15:32:07.0104 3480 Appinfo - ok
15:32:07.0164 3480 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:32:07.0168 3480 Apple Mobile Device - ok
15:32:07.0204 3480 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
15:32:07.0208 3480 arc - ok
15:32:07.0227 3480 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
15:32:07.0231 3480 arcsas - ok
15:32:07.0248 3480 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
15:32:07.0250 3480 AsyncMac - ok
15:32:07.0278 3480 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
15:32:07.0280 3480 atapi - ok
15:32:07.0321 3480 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:32:07.0331 3480 AudioEndpointBuilder - ok
15:32:07.0348 3480 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
15:32:07.0355 3480 AudioSrv - ok
15:32:07.0397 3480 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
15:32:07.0401 3480 AxInstSV - ok
15:32:07.0433 3480 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
15:32:07.0444 3480 b06bdrv - ok
15:32:07.0472 3480 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
15:32:07.0477 3480 b57nd60a - ok
15:32:07.0601 3480 [ B5D54119CE0BB77872C33A717CB76386 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
15:32:07.0734 3480 BCM43XX - ok
15:32:07.0771 3480 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
15:32:07.0773 3480 BDESVC - ok
15:32:07.0802 3480 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
15:32:07.0803 3480 Beep - ok
15:32:07.0878 3480 [ 299E54DB3638A18E47BD3A2D2EF499F7 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
15:32:07.0883 3480 Belkin Local Backup Service - ok
15:32:07.0900 3480 [ E62A04D615A8CAC83601E1F07C010D3C ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
15:32:07.0903 3480 Belkin Network USB Helper - ok
15:32:07.0943 3480 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
15:32:07.0946 3480 blbdrive - ok
15:32:08.0009 3480 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:32:08.0020 3480 Bonjour Service - ok
15:32:08.0059 3480 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
15:32:08.0062 3480 bowser - ok
15:32:08.0099 3480 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
15:32:08.0101 3480 BPntDrv - ok
15:32:08.0118 3480 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
15:32:08.0120 3480 BrFiltLo - ok
15:32:08.0143 3480 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
15:32:08.0145 3480 BrFiltUp - ok
15:32:08.0195 3480 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
15:32:08.0198 3480 Browser - ok
15:32:08.0228 3480 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
15:32:08.0236 3480 Brserid - ok
15:32:08.0243 3480 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
15:32:08.0246 3480 BrSerWdm - ok
15:32:08.0253 3480 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
15:32:08.0256 3480 BrUsbMdm - ok
15:32:08.0267 3480 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
15:32:08.0268 3480 BrUsbSer - ok
15:32:08.0315 3480 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
15:32:08.0316 3480 BthEnum - ok
15:32:08.0330 3480 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
15:32:08.0334 3480 BTHMODEM - ok
15:32:08.0344 3480 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
15:32:08.0349 3480 BthPan - ok
15:32:08.0404 3480 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
15:32:08.0412 3480 BTHPORT - ok
15:32:08.0458 3480 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
15:32:08.0460 3480 bthserv - ok
15:32:08.0498 3480 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
15:32:08.0502 3480 BTHUSB - ok
15:32:08.0524 3480 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
15:32:08.0527 3480 cdfs - ok
15:32:08.0555 3480 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
15:32:08.0560 3480 cdrom - ok
15:32:08.0577 3480 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
15:32:08.0582 3480 CertPropSvc - ok
15:32:08.0599 3480 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
15:32:08.0601 3480 circlass - ok
15:32:08.0627 3480 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
15:32:08.0633 3480 CLFS - ok
15:32:08.0724 3480 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:32:08.0727 3480 clr_optimization_v2.0.50727_32 - ok
15:32:08.0765 3480 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:32:08.0769 3480 clr_optimization_v2.0.50727_64 - ok
15:32:08.0843 3480 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:32:08.0848 3480 clr_optimization_v4.0.30319_32 - ok
15:32:08.0887 3480 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:32:08.0892 3480 clr_optimization_v4.0.30319_64 - ok
15:32:08.0924 3480 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
15:32:08.0926 3480 clwvd - ok
15:32:08.0956 3480 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
15:32:08.0959 3480 CmBatt - ok
15:32:08.0981 3480 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
15:32:08.0983 3480 cmdide - ok
15:32:09.0040 3480 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
15:32:09.0051 3480 CNG - ok
15:32:09.0077 3480 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
15:32:09.0080 3480 Compbatt - ok
15:32:09.0095 3480 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
15:32:09.0098 3480 CompositeBus - ok
15:32:09.0105 3480 COMSysApp - ok
15:32:09.0142 3480 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
15:32:09.0144 3480 crcdisk - ok
15:32:09.0185 3480 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
15:32:09.0191 3480 CryptSvc - ok
15:32:09.0250 3480 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
15:32:09.0293 3480 DcomLaunch - ok
15:32:09.0346 3480 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
15:32:09.0355 3480 defragsvc - ok
15:32:09.0440 3480 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
15:32:09.0444 3480 DfsC - ok
15:32:09.0464 3480 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
15:32:09.0473 3480 Dhcp - ok
15:32:09.0511 3480 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
15:32:09.0513 3480 discache - ok
15:32:09.0526 3480 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
15:32:09.0528 3480 Disk - ok
15:32:09.0537 3480 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
15:32:09.0541 3480 Dnscache - ok
15:32:09.0586 3480 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
15:32:09.0591 3480 dot3svc - ok
15:32:09.0608 3480 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
15:32:09.0612 3480 DPS - ok
15:32:09.0629 3480 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
15:32:09.0632 3480 drmkaud - ok
15:32:09.0673 3480 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
15:32:09.0708 3480 DXGKrnl - ok
15:32:09.0735 3480 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
15:32:09.0739 3480 EapHost - ok
15:32:09.0828 3480 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
15:32:09.0941 3480 ebdrv - ok
15:32:10.0002 3480 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
15:32:10.0005 3480 EFS - ok
15:32:10.0068 3480 [ 2C1A297638E4319179A1112D4D6522B8 ] EgisTec Service C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
15:32:10.0079 3480 EgisTec Service - ok
15:32:10.0136 3480 [ 0AC3BAA7DF250C76DD9BCFC51565CB5F ] EgisTec Service Help C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
15:32:10.0144 3480 EgisTec Service Help - ok
15:32:10.0212 3480 [ 7745AAFFB61438C28C75E18CE98D4E64 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
15:32:10.0225 3480 EgisTec Ticket Service - ok
15:32:10.0268 3480 [ 33708C6D915F8DE734CF3ABB0731515B ] EgisTecFF C:\windows\system32\DRIVERS\EgisTecFF.sys
15:32:10.0270 3480 EgisTecFF - ok
15:32:10.0346 3480 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
15:32:10.0365 3480 ehRecvr - ok
15:32:10.0393 3480 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
15:32:10.0396 3480 ehSched - ok
15:32:10.0439 3480 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
15:32:10.0451 3480 elxstor - ok
15:32:10.0482 3480 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
15:32:10.0485 3480 ErrDev - ok
15:32:10.0553 3480 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
15:32:10.0564 3480 EventSystem - ok
15:32:10.0595 3480 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
15:32:10.0601 3480 exfat - ok
15:32:10.0626 3480 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
15:32:10.0631 3480 fastfat - ok
15:32:10.0660 3480 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
15:32:10.0671 3480 Fax - ok
15:32:10.0720 3480 [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon C:\windows\system32\drivers\fbfmon.sys
15:32:10.0723 3480 fbfmon - ok
15:32:10.0741 3480 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
15:32:10.0744 3480 fdc - ok
15:32:10.0764 3480 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
15:32:10.0766 3480 fdPHost - ok
15:32:10.0780 3480 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
15:32:10.0782 3480 FDResPub - ok
15:32:10.0818 3480 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
15:32:10.0820 3480 FileInfo - ok
15:32:10.0837 3480 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
15:32:10.0838 3480 Filetrace - ok
15:32:10.0854 3480 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
15:32:10.0856 3480 flpydisk - ok
15:32:10.0875 3480 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
15:32:10.0879 3480 FltMgr - ok
15:32:10.0947 3480 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
15:32:10.0989 3480 FontCache - ok
15:32:11.0057 3480 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:32:11.0060 3480 FontCache3.0.0.0 - ok
15:32:11.0097 3480 [ 1899D0FB4C5AD0D6D0BFA258C54903F7 ] FPSensor C:\windows\system32\Drivers\FPSensor.sys
15:32:11.0099 3480 FPSensor - ok
15:32:11.0121 3480 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
15:32:11.0124 3480 FsDepends - ok
15:32:11.0152 3480 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
15:32:11.0154 3480 Fs_Rec - ok
15:32:11.0203 3480 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
15:32:11.0209 3480 fvevol - ok
15:32:11.0232 3480 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
15:32:11.0235 3480 gagp30kx - ok
15:32:11.0266 3480 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:32:11.0269 3480 GEARAspiWDM - ok
15:32:11.0328 3480 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\windows\system32\drivers\gfibto.sys
15:32:11.0330 3480 gfibto - ok
15:32:11.0376 3480 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
15:32:11.0410 3480 gpsvc - ok
15:32:11.0540 3480 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:32:11.0544 3480 gupdate - ok
15:32:11.0591 3480 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:32:11.0592 3480 gupdatem - ok
15:32:11.0669 3480 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:32:11.0675 3480 gusvc - ok
15:32:11.0699 3480 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
15:32:11.0702 3480 hcw85cir - ok
15:32:11.0713 3480 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:32:11.0720 3480 HdAudAddService - ok
15:32:11.0751 3480 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
15:32:11.0755 3480 HDAudBus - ok
15:32:11.0770 3480 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
15:32:11.0772 3480 HidBatt - ok
15:32:11.0782 3480 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
15:32:11.0785 3480 HidBth - ok
15:32:11.0797 3480 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
15:32:11.0799 3480 HidIr - ok
15:32:11.0817 3480 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
15:32:11.0819 3480 hidserv - ok
15:32:11.0836 3480 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
15:32:11.0837 3480 HidUsb - ok
15:32:11.0864 3480 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
15:32:11.0866 3480 hkmsvc - ok
15:32:11.0883 3480 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:32:11.0887 3480 HomeGroupListener - ok
15:32:11.0919 3480 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:32:11.0927 3480 HomeGroupProvider - ok
15:32:11.0948 3480 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
15:32:11.0952 3480 HpSAMD - ok
15:32:11.0990 3480 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
15:32:12.0026 3480 HTTP - ok
15:32:12.0039 3480 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
15:32:12.0041 3480 hwpolicy - ok
15:32:12.0060 3480 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
15:32:12.0062 3480 i8042prt - ok
15:32:12.0110 3480 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
15:32:12.0117 3480 iaStor - ok
15:32:12.0163 3480 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
15:32:12.0174 3480 iaStorV - ok
15:32:12.0244 3480 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:32:12.0279 3480 idsvc - ok
15:32:12.0328 3480 [ 5949989FFE62C5EC8B91B9A37D658B90 ] IDVaultSvc C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
15:32:12.0330 3480 IDVaultSvc - ok
15:32:12.0587 3480 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
15:32:12.0833 3480 igfx - ok
15:32:12.0843 3480 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
15:32:12.0844 3480 iirsp - ok
15:32:12.0892 3480 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
15:32:12.0927 3480 IKEEXT - ok
15:32:13.0023 3480 [ 03076F51AF9F78A272CCCDE03E9340CE ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
15:32:13.0094 3480 IntcAzAudAddService - ok
15:32:13.0164 3480 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
15:32:13.0172 3480 IntcDAud - ok
15:32:13.0204 3480 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
15:32:13.0205 3480 intelide - ok
15:32:13.0217 3480 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
15:32:13.0220 3480 intelppm - ok
15:32:13.0250 3480 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
15:32:13.0254 3480 IPBusEnum - ok
15:32:13.0273 3480 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
15:32:13.0277 3480 IpFilterDriver - ok
15:32:13.0283 3480 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
15:32:13.0286 3480 IPMIDRV - ok
15:32:13.0293 3480 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
15:32:13.0296 3480 IPNAT - ok
15:32:13.0373 3480 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:32:13.0391 3480 iPod Service - ok
15:32:13.0401 3480 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
15:32:13.0404 3480 IRENUM - ok
15:32:13.0415 3480 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
15:32:13.0417 3480 isapnp - ok
15:32:13.0445 3480 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
15:32:13.0450 3480 iScsiPrt - ok
15:32:13.0498 3480 [ 54F694C6CD3A1149BA3A8BDACC83BADC ] ITMRTSVC C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
15:32:13.0502 3480 ITMRTSVC - ok
15:32:13.0553 3480 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
15:32:13.0556 3480 kbdclass - ok
15:32:13.0574 3480 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
15:32:13.0577 3480 kbdhid - ok
15:32:13.0634 3480 [ 0A0E659C3DEA3B5E59ECC9B31EC1A050 ] keycrypt C:\windows\system32\DRIVERS\KeyCrypt64.sys
15:32:13.0636 3480 keycrypt - ok
15:32:13.0647 3480 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
15:32:13.0649 3480 KeyIso - ok
15:32:13.0691 3480 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
15:32:13.0694 3480 KSecDD - ok
15:32:13.0718 3480 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
15:32:13.0723 3480 KSecPkg - ok
15:32:13.0739 3480 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
15:32:13.0741 3480 ksthunk - ok
15:32:13.0784 3480 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
15:32:13.0795 3480 KtmRm - ok
15:32:13.0849 3480 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
15:32:13.0860 3480 LanmanServer - ok
15:32:13.0889 3480 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:32:13.0895 3480 LanmanWorkstation - ok
15:32:13.0928 3480 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
15:32:13.0930 3480 LHDmgr - ok
15:32:13.0982 3480 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
15:32:13.0984 3480 lltdio - ok
15:32:14.0048 3480 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
15:32:14.0058 3480 lltdsvc - ok
15:32:14.0066 3480 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
15:32:14.0070 3480 lmhosts - ok
15:32:14.0129 3480 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:32:14.0135 3480 LMS - ok
15:32:14.0150 3480 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
15:32:14.0153 3480 LSI_FC - ok
15:32:14.0159 3480 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
15:32:14.0161 3480 LSI_SAS - ok
15:32:14.0170 3480 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
15:32:14.0171 3480 LSI_SAS2 - ok
15:32:14.0177 3480 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
15:32:14.0179 3480 LSI_SCSI - ok
15:32:14.0192 3480 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
15:32:14.0194 3480 luafv - ok
15:32:14.0216 3480 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
15:32:14.0219 3480 Mcx2Svc - ok
15:32:14.0232 3480 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
15:32:14.0234 3480 megasas - ok
15:32:14.0256 3480 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
15:32:14.0260 3480 MegaSR - ok
15:32:14.0279 3480 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
15:32:14.0281 3480 MEIx64 - ok
15:32:14.0310 3480 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
15:32:14.0313 3480 MMCSS - ok
15:32:14.0324 3480 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
15:32:14.0326 3480 Modem - ok
15:32:14.0370 3480 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
15:32:14.0372 3480 monitor - ok
15:32:14.0389 3480 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
15:32:14.0391 3480 mouclass - ok
15:32:14.0407 3480 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
15:32:14.0409 3480 mouhid - ok
15:32:14.0419 3480 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
15:32:14.0421 3480 mountmgr - ok
15:32:14.0441 3480 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
15:32:14.0444 3480 mpio - ok
15:32:14.0463 3480 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
15:32:14.0465 3480 mpsdrv - ok
15:32:14.0479 3480 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
15:32:14.0483 3480 MRxDAV - ok
15:32:14.0497 3480 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
15:32:14.0500 3480 mrxsmb - ok
15:32:14.0532 3480 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
15:32:14.0537 3480 mrxsmb10 - ok
15:32:14.0557 3480 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
15:32:14.0560 3480 mrxsmb20 - ok
15:32:14.0570 3480 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
15:32:14.0572 3480 msahci - ok
15:32:14.0588 3480 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
15:32:14.0591 3480 msdsm - ok
15:32:14.0615 3480 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
15:32:14.0619 3480 MSDTC - ok
15:32:14.0642 3480 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
15:32:14.0644 3480 Msfs - ok
15:32:14.0653 3480 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
15:32:14.0655 3480 mshidkmdf - ok
15:32:14.0672 3480 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
15:32:14.0674 3480 msisadrv - ok
15:32:14.0714 3480 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
15:32:14.0721 3480 MSiSCSI - ok
15:32:14.0728 3480 msiserver - ok
15:32:14.0752 3480 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
15:32:14.0753 3480 MSKSSRV - ok
15:32:14.0765 3480 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
15:32:14.0766 3480 MSPCLOCK - ok
15:32:14.0790 3480 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
15:32:14.0792 3480 MSPQM - ok
15:32:14.0816 3480 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
15:32:14.0822 3480 MsRPC - ok
15:32:14.0836 3480 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
15:32:14.0837 3480 mssmbios - ok
15:32:14.0851 3480 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
15:32:14.0853 3480 MSTEE - ok
15:32:14.0871 3480 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
15:32:14.0872 3480 MTConfig - ok
15:32:14.0886 3480 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
15:32:14.0888 3480 Mup - ok
15:32:14.0912 3480 [ 9B1EAC6FAF6F37305E822F5588DC8056 ] mwlPSDFilter C:\windows\system32\DRIVERS\mwlPSDFilter.sys
15:32:14.0914 3480 mwlPSDFilter - ok
15:32:14.0930 3480 [ AD55C1524B296280ED9C6E0D730D35DA ] mwlPSDNServ C:\windows\system32\DRIVERS\mwlPSDNServ.sys
15:32:14.0932 3480 mwlPSDNServ - ok
15:32:14.0946 3480 [ 2B599E6EC8843637BDD62E7F8F3BA201 ] mwlPSDVDisk C:\windows\system32\DRIVERS\mwlPSDVDisk.sys
15:32:14.0948 3480 mwlPSDVDisk - ok
15:32:14.0976 3480 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
15:32:14.0985 3480 napagent - ok
15:32:15.0004 3480 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
15:32:15.0009 3480 NativeWifiP - ok
15:32:15.0063 3480 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
15:32:15.0082 3480 NDIS - ok
15:32:15.0103 3480 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
15:32:15.0104 3480 NdisCap - ok
15:32:15.0124 3480 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
15:32:15.0126 3480 NdisTapi - ok
15:32:15.0136 3480 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
15:32:15.0138 3480 Ndisuio - ok
15:32:15.0151 3480 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
15:32:15.0154 3480 NdisWan - ok
15:32:15.0159 3480 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
15:32:15.0161 3480 NDProxy - ok
15:32:15.0179 3480 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
15:32:15.0180 3480 NetBIOS - ok
15:32:15.0188 3480 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
15:32:15.0192 3480 NetBT - ok
15:32:15.0202 3480 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
15:32:15.0204 3480 Netlogon - ok
15:32:15.0244 3480 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
15:32:15.0251 3480 Netman - ok
15:32:15.0274 3480 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
15:32:15.0282 3480 netprofm - ok
15:32:15.0305 3480 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:32:15.0307 3480 NetTcpPortSharing - ok
15:32:15.0329 3480 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
15:32:15.0331 3480 nfrd960 - ok
15:32:15.0385 3480 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
15:32:15.0395 3480 NlaSvc - ok
15:32:15.0402 3480 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
15:32:15.0404 3480 Npfs - ok
15:32:15.0413 3480 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
15:32:15.0416 3480 nsi - ok
15:32:15.0432 3480 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
15:32:15.0433 3480 nsiproxy - ok
15:32:15.0525 3480 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
15:32:15.0584 3480 Ntfs - ok
15:32:15.0618 3480 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
15:32:15.0620 3480 Null - ok
15:32:15.0640 3480 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
15:32:15.0643 3480 nvraid - ok
15:32:15.0668 3480 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
15:32:15.0671 3480 nvstor - ok
15:32:15.0693 3480 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
15:32:15.0695 3480 nv_agp - ok
15:32:15.0777 3480 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:32:15.0787 3480 odserv - ok
15:32:15.0806 3480 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
15:32:15.0810 3480 ohci1394 - ok
15:32:15.0857 3480 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:32:15.0861 3480 ose - ok
15:32:15.0900 3480 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
15:32:15.0909 3480 p2pimsvc - ok
15:32:15.0939 3480 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
15:32:15.0950 3480 p2psvc - ok
15:32:15.0958 3480 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
15:32:15.0961 3480 Parport - ok
15:32:16.0007 3480 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
15:32:16.0010 3480 partmgr - ok
15:32:16.0029 3480 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
15:32:16.0037 3480 PcaSvc - ok
15:32:16.0063 3480 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
15:32:16.0068 3480 pci - ok
15:32:16.0089 3480 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
15:32:16.0091 3480 pciide - ok
15:32:16.0114 3480 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
15:32:16.0120 3480 pcmcia - ok
15:32:16.0136 3480 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
15:32:16.0139 3480 pcw - ok
15:32:16.0161 3480 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
15:32:16.0170 3480 PEAUTH - ok
15:32:16.0242 3480 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
15:32:16.0246 3480 PerfHost - ok
15:32:16.0316 3480 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
15:32:16.0351 3480 pla - ok
15:32:16.0387 3480 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
15:32:16.0396 3480 PlugPlay - ok
15:32:16.0408 3480 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
15:32:16.0412 3480 PNRPAutoReg - ok
15:32:16.0432 3480 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
15:32:16.0437 3480 PNRPsvc - ok
15:32:16.0470 3480 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
15:32:16.0478 3480 PolicyAgent - ok
15:32:16.0515 3480 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
15:32:16.0521 3480 Power - ok
15:32:16.0548 3480 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
15:32:16.0551 3480 PptpMiniport - ok
15:32:16.0581 3480 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
15:32:16.0584 3480 Processor - ok
15:32:16.0636 3480 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
15:32:16.0645 3480 ProfSvc - ok
15:32:16.0658 3480 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
15:32:16.0660 3480 ProtectedStorage - ok
15:32:16.0670 3480 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
15:32:16.0673 3480 Psched - ok
15:32:16.0720 3480 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
15:32:16.0753 3480 ql2300 - ok
15:32:16.0766 3480 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
15:32:16.0769 3480 ql40xx - ok
15:32:16.0798 3480 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
15:32:16.0804 3480 QWAVE - ok
15:32:16.0821 3480 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
15:32:16.0823 3480 QWAVEdrv - ok
15:32:16.0842 3480 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
15:32:16.0843 3480 RasAcd - ok
15:32:16.0872 3480 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
15:32:16.0873 3480 RasAgileVpn - ok
15:32:16.0891 3480 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
15:32:16.0895 3480 RasAuto - ok
15:32:16.0913 3480 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
15:32:16.0915 3480 Rasl2tp - ok
15:32:16.0939 3480 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
15:32:16.0945 3480 RasMan - ok
15:32:16.0962 3480 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
15:32:16.0965 3480 RasPppoe - ok
15:32:16.0994 3480 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
15:32:16.0996 3480 RasSstp - ok
15:32:17.0020 3480 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
15:32:17.0024 3480 rdbss - ok
15:32:17.0042 3480 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
15:32:17.0044 3480 rdpbus - ok
15:32:17.0064 3480 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
15:32:17.0066 3480 RDPCDD - ok
15:32:17.0085 3480 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
15:32:17.0087 3480 RDPENCDD - ok
15:32:17.0102 3480 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
15:32:17.0103 3480 RDPREFMP - ok
15:32:17.0156 3480 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
15:32:17.0162 3480 RDPWD - ok
15:32:17.0173 3480 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
15:32:17.0177 3480 rdyboost - ok
15:32:17.0234 3480 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
15:32:17.0241 3480 RemoteAccess - ok
15:32:17.0296 3480 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
15:32:17.0306 3480 RemoteRegistry - ok
15:32:17.0351 3480 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
15:32:17.0354 3480 RFCOMM - ok
15:32:17.0376 3480 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
15:32:17.0378 3480 RpcEptMapper - ok
15:32:17.0409 3480 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
15:32:17.0411 3480 RpcLocator - ok
15:32:17.0472 3480 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
15:32:17.0483 3480 RpcSs - ok
15:32:17.0501 3480 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
15:32:17.0505 3480 rspndr - ok
15:32:17.0542 3480 [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
15:32:17.0549 3480 RSUSBVSTOR - ok
15:32:17.0609 3480 [ 20A466B9EA2BD828C0EC723F99B8CFE7 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
15:32:17.0616 3480 RTL8167 - ok
15:32:17.0646 3480 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
15:32:17.0649 3480 SamSs - ok
15:32:17.0779 3480 [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
15:32:17.0874 3480 SBAMSvc - ok
15:32:17.0933 3480 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
15:32:17.0935 3480 sbp2port - ok
15:32:17.0965 3480 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
15:32:17.0970 3480 SCardSvr - ok
15:32:17.0986 3480 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
15:32:17.0987 3480 scfilter - ok
15:32:18.0019 3480 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
15:32:18.0055 3480 Schedule - ok
15:32:18.0088 3480 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
15:32:18.0089 3480 SCPolicySvc - ok
15:32:18.0103 3480 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
15:32:18.0108 3480 SDRSVC - ok
15:32:18.0126 3480 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
15:32:18.0127 3480 secdrv - ok
15:32:18.0164 3480 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
15:32:18.0171 3480 seclogon - ok
15:32:18.0191 3480 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
15:32:18.0195 3480 SENS - ok
15:32:18.0238 3480 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
15:32:18.0242 3480 SensrSvc - ok
15:32:18.0280 3480 [ CB624C0035412AF0DEBEC78C41F5CA1B ]
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2013-03-30 19:01:24 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

Serenum C:\windows\system32\drivers\serenum.sys
15:32:18.0282 3480 Serenum - ok
15:32:18.0302 3480 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
15:32:18.0305 3480 Serial - ok
15:32:18.0319 3480 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
15:32:18.0321 3480 sermouse - ok
15:32:18.0348 3480 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
15:32:18.0351 3480 SessionEnv - ok
15:32:18.0367 3480 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
15:32:18.0368 3480 sffdisk - ok
15:32:18.0381 3480 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
15:32:18.0382 3480 sffp_mmc - ok
15:32:18.0397 3480 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
15:32:18.0399 3480 sffp_sd - ok
15:32:18.0442 3480 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
15:32:18.0443 3480 sfloppy - ok
15:32:18.0506 3480 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:32:18.0525 3480 ShellHWDetection - ok
15:32:18.0549 3480 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
15:32:18.0551 3480 SiSRaid2 - ok
15:32:18.0576 3480 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
15:32:18.0579 3480 SiSRaid4 - ok
15:32:18.0634 3480 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:32:18.0638 3480 SkypeUpdate - ok
15:32:18.0645 3480 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
15:32:18.0648 3480 Smb - ok
15:32:18.0668 3480 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
15:32:18.0671 3480 SNMPTRAP - ok
15:32:18.0712 3480 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
15:32:18.0713 3480 spldr - ok
15:32:18.0773 3480 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
15:32:18.0794 3480 Spooler - ok
15:32:18.0881 3480 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
15:32:18.0974 3480 sppsvc - ok
15:32:19.0012 3480 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
15:32:19.0015 3480 sppuinotify - ok
15:32:19.0056 3480 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
15:32:19.0062 3480 srv - ok
15:32:19.0083 3480 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
15:32:19.0089 3480 srv2 - ok
15:32:19.0095 3480 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
15:32:19.0098 3480 srvnet - ok
15:32:19.0110 3480 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
15:32:19.0115 3480 SSDPSRV - ok
15:32:19.0127 3480 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
15:32:19.0130 3480 SstpSvc - ok
15:32:19.0173 3480 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
15:32:19.0174 3480 stexstor - ok
15:32:19.0218 3480 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
15:32:19.0254 3480 stisvc - ok
15:32:19.0268 3480 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
15:32:19.0270 3480 swenum - ok
15:32:19.0348 3480 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
15:32:19.0369 3480 swprv - ok
15:32:19.0418 3480 [ 52EB25BD8AB4E331028C48B178441B36 ] sxuptp C:\windows\system32\DRIVERS\sxuptp.sys
15:32:19.0426 3480 sxuptp - ok
15:32:19.0479 3480 [ 08425CD92972C6430F350A9697F4A553 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
15:32:19.0515 3480 SynTP - ok
15:32:19.0565 3480 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
15:32:19.0607 3480 SysMain - ok
15:32:19.0662 3480 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
15:32:19.0666 3480 TabletInputService - ok
15:32:19.0688 3480 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
15:32:19.0694 3480 TapiSrv - ok
15:32:19.0726 3480 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
15:32:19.0730 3480 TBS - ok
15:32:19.0819 3480 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
15:32:19.0923 3480 Tcpip - ok
15:32:19.0953 3480 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
15:32:19.0965 3480 TCPIP6 - ok
15:32:19.0999 3480 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
15:32:20.0001 3480 tcpipreg - ok
15:32:20.0027 3480 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
15:32:20.0028 3480 TDPIPE - ok
15:32:20.0076 3480 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
15:32:20.0077 3480 TDTCP - ok
15:32:20.0097 3480 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
15:32:20.0101 3480 tdx - ok
15:32:20.0119 3480 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
15:32:20.0122 3480 TermDD - ok
15:32:20.0162 3480 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
15:32:20.0179 3480 TermService - ok
15:32:20.0191 3480 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
15:32:20.0195 3480 Themes - ok
15:32:20.0210 3480 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
15:32:20.0213 3480 THREADORDER - ok
15:32:20.0229 3480 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
15:32:20.0234 3480 TrkWks - ok
15:32:20.0287 3480 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:32:20.0292 3480 TrustedInstaller - ok
15:32:20.0317 3480 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
15:32:20.0320 3480 tssecsrv - ok
15:32:20.0347 3480 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
15:32:20.0350 3480 TsUsbFlt - ok
15:32:20.0368 3480 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
15:32:20.0370 3480 TsUsbGD - ok
15:32:20.0388 3480 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
15:32:20.0392 3480 tunnel - ok
15:32:20.0414 3480 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
15:32:20.0416 3480 uagp35 - ok
15:32:20.0442 3480 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
15:32:20.0448 3480 udfs - ok
15:32:20.0492 3480 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
15:32:20.0497 3480 UI0Detect - ok
15:32:20.0516 3480 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
15:32:20.0519 3480 uliagpkx - ok
15:32:20.0537 3480 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
15:32:20.0539 3480 umbus - ok
15:32:20.0557 3480 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
15:32:20.0559 3480 UmPass - ok
15:32:20.0666 3480 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:32:20.0776 3480 UNS - ok
15:32:20.0809 3480 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
15:32:20.0816 3480 upnphost - ok
15:32:20.0875 3480 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
15:32:20.0877 3480 USBAAPL64 - ok
15:32:20.0907 3480 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
15:32:20.0909 3480 usbccgp - ok
15:32:20.0921 3480 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
15:32:20.0924 3480 usbcir - ok
15:32:20.0943 3480 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
15:32:20.0945 3480 usbehci - ok
15:32:20.0962 3480 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
15:32:20.0967 3480 usbhub - ok
15:32:20.0987 3480 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
15:32:20.0988 3480 usbohci - ok
15:32:21.0005 3480 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
15:32:21.0006 3480 usbprint - ok
15:32:21.0016 3480 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
15:32:21.0018 3480 USBSTOR - ok
15:32:21.0031 3480 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
15:32:21.0032 3480 usbuhci - ok
15:32:21.0039 3480 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
15:32:21.0043 3480 usbvideo - ok
15:32:21.0081 3480 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
15:32:21.0084 3480 UxSms - ok
15:32:21.0090 3480 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
15:32:21.0092 3480 VaultSvc - ok
15:32:21.0127 3480 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
15:32:21.0128 3480 vdrvroot - ok
15:32:21.0206 3480 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
15:32:21.0239 3480 vds - ok
15:32:21.0271 3480 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
15:32:21.0273 3480 vga - ok
15:32:21.0287 3480 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
15:32:21.0289 3480 VgaSave - ok
15:32:21.0299 3480 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
15:32:21.0304 3480 vhdmp - ok
15:32:21.0321 3480 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
15:32:21.0322 3480 viaide - ok
15:32:21.0357 3480 [ B977390908F5FC42B66E74D1E96843E6 ] vm331avs C:\windows\system32\Drivers\vm331avs.sys
15:32:21.0360 3480 vm331avs - ok
15:32:21.0369 3480 [ 40C39413A2458016FF43444750F467CA ] vmuvcflt C:\windows\system32\Drivers\vmuvcflt.sys
15:32:21.0370 3480 vmuvcflt - ok
15:32:21.0417 3480 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
15:32:21.0419 3480 volmgr - ok
15:32:21.0439 3480 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
15:32:21.0445 3480 volmgrx - ok
15:32:21.0452 3480 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
15:32:21.0456 3480 volsnap - ok
15:32:21.0499 3480 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
15:32:21.0504 3480 vsmraid - ok
15:32:21.0577 3480 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
15:32:21.0633 3480 VSS - ok
15:32:21.0661 3480 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
15:32:21.0663 3480 vwifibus - ok
15:32:21.0680 3480 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
15:32:21.0682 3480 vwififlt - ok
15:32:21.0749 3480 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
15:32:21.0762 3480 W32Time - ok
15:32:21.0810 3480 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
15:32:21.0812 3480 WacomPen - ok
15:32:21.0832 3480 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
15:32:21.0836 3480 WANARP - ok
15:32:21.0846 3480 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
15:32:21.0849 3480 Wanarpv6 - ok
15:32:21.0908 3480 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
15:32:21.0940 3480 WatAdminSvc - ok
15:32:21.0985 3480 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
15:32:22.0021 3480 wbengine - ok
15:32:22.0059 3480 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
15:32:22.0065 3480 WbioSrvc - ok
15:32:22.0117 3480 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
15:32:22.0125 3480 wcncsvc - ok
15:32:22.0139 3480 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:32:22.0143 3480 WcsPlugInService - ok
15:32:22.0168 3480 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
15:32:22.0169 3480 Wd - ok
15:32:22.0236 3480 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
15:32:22.0271 3480 Wdf01000 - ok
15:32:22.0318 3480 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
15:32:22.0326 3480 WdiServiceHost - ok
15:32:22.0336 3480 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
15:32:22.0343 3480 WdiSystemHost - ok
15:32:22.0372 3480 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
15:32:22.0378 3480 WebClient - ok
15:32:22.0392 3480 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
15:32:22.0397 3480 Wecsvc - ok
15:32:22.0411 3480 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
15:32:22.0414 3480 wercplsupport - ok
15:32:22.0446 3480 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
15:32:22.0450 3480 WerSvc - ok
15:32:22.0505 3480 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
15:32:22.0506 3480 WfpLwf - ok
15:32:22.0526 3480 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
15:32:22.0529 3480 WIMMount - ok
15:32:22.0541 3480 WinHttpAutoProxySvc - ok
15:32:22.0639 3480 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
15:32:22.0646 3480 Winmgmt - ok
15:32:22.0715 3480 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
15:32:22.0764 3480 WinRM - ok
15:32:22.0822 3480 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
15:32:22.0823 3480 WinUsb - ok
15:32:22.0889 3480 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
15:32:22.0924 3480 Wlansvc - ok
15:32:22.0988 3480 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:32:22.0991 3480 wlcrasvc - ok
15:32:23.0081 3480 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:32:23.0139 3480 wlidsvc - ok
15:32:23.0169 3480 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
15:32:23.0171 3480 WmiAcpi - ok
15:32:23.0199 3480 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
15:32:23.0203 3480 wmiApSrv - ok
15:32:23.0229 3480 WMPNetworkSvc - ok
15:32:23.0293 3480 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
15:32:23.0299 3480 WPCSvc - ok
15:32:23.0323 3480 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
15:32:23.0331 3480 WPDBusEnum - ok
15:32:23.0352 3480 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
15:32:23.0353 3480 ws2ifsl - ok
15:32:23.0358 3480 WSearch - ok
15:32:23.0396 3480 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
15:32:23.0399 3480 wsvd - ok
15:32:23.0441 3480 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
15:32:23.0445 3480 WudfPf - ok
15:32:23.0470 3480 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
15:32:23.0476 3480 WUDFRd - ok
15:32:23.0523 3480 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
15:32:23.0529 3480 wudfsvc - ok
15:32:23.0559 3480 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
15:32:23.0567 3480 WwanSvc - ok
15:32:23.0578 3480 ================ Scan global ===============================
15:32:23.0665 3480 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
15:32:23.0715 3480 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
15:32:23.0738 3480 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
15:32:23.0801 3480 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
15:32:23.0832 3480 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
15:32:23.0841 3480 [Global] - ok
15:32:23.0842 3480 ================ Scan MBR ==================================
15:32:23.0878 3480 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:32:24.0115 3480 \Device\Harddisk0\DR0 - ok
15:32:24.0116 3480 ================ Scan VBR ==================================
15:32:24.0121 3480 [ 98FA3F14FB8204360C49CB171038B4AF ] \Device\Harddisk0\DR0\Partition1
15:32:24.0124 3480 \Device\Harddisk0\DR0\Partition1 - ok
15:32:24.0140 3480 [ 2DD0D39863ED2A06843474119C525CDA ] \Device\Harddisk0\DR0\Partition2
15:32:24.0143 3480 \Device\Harddisk0\DR0\Partition2 - ok
15:32:24.0178 3480 [ 7CDC6234FA3B01E9D8995C1480F31A51 ] \Device\Harddisk0\DR0\Partition3
15:32:24.0181 3480 \Device\Harddisk0\DR0\Partition3 - ok
15:32:24.0182 3480 ============================================================
15:32:24.0182 3480 Scan finished
15:32:24.0182 3480 ============================================================
15:32:24.0196 3188 Detected object count: 0
15:32:24.0196 3188 Actual detected object count: 0
15:34:07.0856 2272 Deinitialize success
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2013-03-30 19:01:33 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54

reply to ChristiMC
No worries..thanks for the add

Be patient, we'll get you reviewed soon, Christi

to forum · permalink · 2013-03-30 19:03:53 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

reply to ChristiMC
You ran AdwCleaner in Search mode, instead of delete mode. Please re-run AdwCleaner, this time press the 'Delete' button.

Post the new log in this thread and also advise if this fixed the redirect issue.

to forum · permalink · 2013-03-31 11:04:31 ·


ChristiMC

@comcast.net

Haven't had a redirect since I started the posting...but it was intermittent before then. Here is the new log-

# AdwCleaner v2.115 - Logfile created 03/31/2013 at 08:17:26
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Carnbarn - CARNBARN-PC
# Boot Mode : Normal
# Running from : C:\Users\Carnbarn\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\xfin_portal
Folder Deleted : C:\ProgramData\adawaretb
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\Users\Carnbarn\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Carnbarn\AppData\LocalLow\xfin_portal

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Carnbarn\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4665 octets] - [30/03/2013 11:14:58]
AdwCleaner[S1].txt - [4533 octets] - [31/03/2013 08:17:26]

########## EOF - C:\AdwCleaner[S1].txt - [4593 octets] ##########
to forum · permalink · 2013-03-31 11:23:22 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

reply to ChristiMC
Please run OTL again, and post the new log in this thread. Note that there will not be a new Extras log this time.

to forum · permalink · 2013-03-31 11:57:32 ·


ChristiMC

@comcast.net

Here it OTL log-

OTL logfile created on: 3/31/2013 8:59:58 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carnbarn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 60.40% Memory free
7.83 Gb Paging File | 5.80 Gb Available in Paging File | 74.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 164.40 Gb Free Space | 64.69% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.80 Gb Free Space | 92.43% Space Free | Partition Type: NTFS

Computer Name: CARNBARN-PC | User Name: Carnbarn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/03/30 10:23:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carnbarn\Desktop\OTL.exe
PRC - [2013/03/12 14:51:17 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2013/02/21 05:37:06 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/02/21 05:37:04 | 018,814,816 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2013/01/31 08:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/01/14 07:16:10 | 000,066,600 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2013/01/14 07:16:07 | 003,982,376 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/08/13 16:21:37 | 001,193,176 | ---- | M] () -- C:\Users\Carnbarn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2011/10/05 13:31:46 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
PRC - [2011/02/24 22:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/24 22:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 22:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/02/11 19:28:52 | 001,522,080 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2010/12/24 04:19:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/12/20 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/13 16:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
PRC - [2010/12/13 16:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
PRC - [2010/10/22 07:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
PRC - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/02/14 08:55:12 | 000,240,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll
MOD - [2013/02/14 08:55:11 | 001,358,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll
MOD - [2013/02/14 08:52:29 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/02/14 08:52:24 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013/02/14 08:52:22 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/14 08:52:08 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/14 07:16:09 | 000,014,888 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.XmlSerializers.dll
MOD - [2013/01/14 07:16:08 | 000,104,488 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
MOD - [2013/01/14 07:15:09 | 000,548,488 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll
MOD - [2013/01/10 06:39:36 | 001,707,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll
MOD - [2013/01/10 06:38:32 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 06:08:50 | 017,478,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll
MOD - [2013/01/10 06:08:36 | 002,347,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013/01/10 06:08:34 | 001,084,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll
MOD - [2013/01/10 06:03:49 | 000,256,000 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll
MOD - [2013/01/10 06:03:37 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 06:03:21 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/10 06:03:12 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/10 06:02:50 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 06:02:48 | 000,060,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll
MOD - [2013/01/10 06:02:47 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/10 06:02:37 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/10 06:02:34 | 000,684,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll
MOD - [2013/01/10 06:02:31 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 06:02:28 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 06:02:27 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 06:02:20 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/08/13 16:21:37 | 001,193,176 | ---- | M] () -- C:\Users\Carnbarn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/12/04 07:27:11 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/24 22:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/02/24 21:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/02/15 14:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 14:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 14:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 14:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 13:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/17 19:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/02/09 16:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2013/03/12 14:51:18 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/21 05:37:06 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013/01/14 07:16:10 | 000,066,600 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/24 22:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/12/20 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/13 16:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)
SRV - [2010/12/13 16:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/10/22 07:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe -- (EgisTec Service Help)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/26 14:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2013/03/15 09:30:29 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/01/28 19:25:20 | 000,045,968 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2013/01/05 21:39:40 | 000,026,448 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyCrypt64.sys -- (keycrypt)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/12 21:30:58 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/10/12 21:30:58 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/10/12 21:29:09 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/10/12 21:29:07 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/10/12 21:17:01 | 000,055,880 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\EgisTecFF.sys -- (EgisTecFF)
DRV:64bit: - [2011/10/12 21:11:19 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/10/12 21:11:19 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/10/12 21:11:19 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/09/19 21:04:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/19 21:04:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/25 03:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/18 01:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/24 04:19:56 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/22 05:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/29 23:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/31 03:36:56 | 000,035,952 | ---- | M] (Egis Technology Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2010/10/28 03:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/10/21 03:05:22 | 000,228,224 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2010/10/19 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/16 02:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV:64bit: - [2010/05/30 20:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/21 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 17:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = »www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···earchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = »www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···earchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = »www.google.com/search?sourceid=i···=1I7LENN
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011/10/12 21:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/07/21 08:26:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012/07/23 04:02:53 | 000,000,000 | ---D | M]

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: »securesearch.lavasoft.com/?sourc···434CC588
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: »securesearch.lavasoft.com/?sourc···434CC588
CHR - Extension: YouTube = C:\Users\Carnbarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Carnbarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Carnbarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Carnbarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Norton Identity Protection = C:\Users\Carnbarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
CHR - Extension: Gmail = C:\Users\Carnbarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Carnbarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.111.1\NativeBHO.dll (WhiteSky)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat File not found
O4 - HKCU..\Run: [Piriform] C:\Users\Carnbarn\AppData\Local\Piriform\lnpbjhbj.dll (Creative Technology Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Carnbarn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} »images3.pnimedia.com/ProductAsse···trol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D181A60-CA0D-407A-B3CD-88603A2D32F8}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll (Zemana Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/03/30 17:38:55 | 000,000,000 | ---D | C] -- C:\Users\Carnbarn\AppData\Local\{36D8DF95-A8A4-4E55-A7AA-4F1B54F4A593}
[2013/03/30 15:31:53 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Carnbarn\Desktop\tdsskiller.exe
[2013/03/30 10:23:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carnbarn\Desktop\OTL.exe
[2013/03/30 10:11:06 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Carnbarn\Desktop\TFC.exe
[2013/03/30 09:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/03/30 07:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/03/30 07:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/30 07:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/03/30 07:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/30 07:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/03/30 07:34:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/28 16:33:57 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2013/03/25 16:51:30 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013/03/15 09:34:44 | 000,000,000 | ---D | C] -- C:\Users\Carnbarn\AppData\Roaming\LavasoftStatistics
[2013/03/15 09:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/03/15 09:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/03/15 09:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/03/15 09:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/03/15 09:31:15 | 000,000,000 | ---D | C] -- C:\Users\Carnbarn\AppData\Local\adawarebp
[2013/03/15 09:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/03/15 09:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/03/15 09:30:29 | 000,047,496 | ---- | C] (GFI Software) -- C:\windows\SysNative\sbbd.exe
[2013/03/15 09:30:29 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/03/15 09:30:28 | 000,000,000 | ---D | C] -- C:\Users\Carnbarn\AppData\Roaming\Ad-Aware Antivirus
[2013/03/15 08:30:06 | 000,000,000 | ---D | C] -- C:\Users\Carnbarn\AppData\Local\Piriform
[2013/03/14 04:57:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/03/14 04:57:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/03/14 04:57:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/03/14 04:57:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/03/14 04:57:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/03/14 04:57:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/03/14 04:57:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/03/14 04:57:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/03/14 04:57:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/03/14 04:57:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/03/14 04:57:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/03/14 04:57:33 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/03/14 04:57:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/03/14 04:57:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/03/14 04:57:31 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/03/14 04:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/14 04:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/14 04:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/03 12:00:37 | 000,000,000 | ---D | C] -- C:\Users\Carnbarn\Desktop\Princess Party
[2013/03/01 11:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Users\Carnbarn\Documents\*.tmp files -> C:\Users\Carnbarn\Documents\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/03/31 08:51:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/31 08:25:58 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/31 08:25:58 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/31 08:24:44 | 000,726,270 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/03/31 08:24:44 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/03/31 08:24:44 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/03/31 08:24:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/31 08:19:07 | 000,564,179 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013/03/31 08:18:50 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/03/31 08:18:41 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/31 08:18:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/31 08:18:19 | 3153,702,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/30 17:41:22 | 000,134,270 | ---- | M] () -- C:\Users\Carnbarn\Desktop\Jack.JPG
[2013/03/30 15:31:53 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Carnbarn\Desktop\tdsskiller.exe
[2013/03/30 10:23:51 | 000,890,798 | ---- | M] () -- C:\Users\Carnbarn\Desktop\SecurityCheck.exe
[2013/03/30 10:23:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carnbarn\Desktop\OTL.exe
[2013/03/30 10:23:06 | 000,609,993 | ---- | M] () -- C:\Users\Carnbarn\Desktop\adwcleaner.exe
[2013/03/30 10:11:07 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Carnbarn\Desktop\TFC.exe
[2013/03/30 07:37:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/28 06:07:23 | 000,000,438 | ---- | M] () -- C:\windows\SysWow64\WSCConfig.xml
[2013/03/19 15:31:42 | 000,148,572 | ---- | M] () -- C:\Users\Carnbarn\Desktop\FTF13F Offer_111503_2_3192013_33018 PM.pdf
[2013/03/15 09:30:29 | 000,047,496 | ---- | M] (GFI Software) -- C:\windows\SysNative\sbbd.exe
[2013/03/15 09:30:29 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/03/12 14:51:17 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/03/12 14:51:17 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\Carnbarn\Documents\*.tmp files -> C:\Users\Carnbarn\Documents\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/03/30 17:38:26 | 000,134,270 | ---- | C] () -- C:\Users\Carnbarn\Desktop\Jack.JPG
[2013/03/30 10:23:51 | 000,890,798 | ---- | C] () -- C:\Users\Carnbarn\Desktop\SecurityCheck.exe
[2013/03/30 10:23:06 | 000,609,993 | ---- | C] () -- C:\Users\Carnbarn\Desktop\adwcleaner.exe
[2013/03/30 07:37:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/28 06:07:23 | 000,000,438 | ---- | C] () -- C:\windows\SysWow64\WSCConfig.xml
[2013/03/19 15:31:41 | 000,148,572 | ---- | C] () -- C:\Users\Carnbarn\Desktop\FTF13F Offer_111503_2_3192013_33018 PM.pdf
[2013/03/15 09:31:33 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2011/10/13 06:00:14 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll
[2011/10/13 06:00:14 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll
[2011/10/13 06:00:14 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll
[2011/10/13 06:00:14 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll
[2011/10/13 06:00:14 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE
[2011/10/13 06:00:14 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS
[2011/10/13 06:00:13 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll
[2011/10/13 06:00:13 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll
[2011/10/13 06:00:13 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe
[2011/10/13 06:00:13 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe
[2011/10/13 06:00:13 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE
[2011/10/13 06:00:13 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys
[2011/10/12 21:17:21 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011/10/12 21:17:20 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011/10/12 21:17:20 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/10/12 21:17:20 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/10/12 21:17:14 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/10/12 21:04:33 | 000,001,652 | ---- | C] () -- C:\windows\vm331Rmv.ini
[2011/10/12 21:04:33 | 000,001,652 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini
[2011/04/14 22:29:01 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011/04/14 22:28:23 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/14 22:28:18 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/04/14 22:28:13 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2013/03/28 16:28:07 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$595c496da99de0ec1411359079cdf9d2\@
[2013/03/28 17:44:22 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$595c496da99de0ec1411359079cdf9d2\L
[2013/03/29 06:29:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$595c496da99de0ec1411359079cdf9d2\U
[2013/03/28 16:28:09 | 000,000,804 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$595c496da99de0ec1411359079cdf9d2\L\00000004.@
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[2013/03/28 16:28:07 | 000,005,120 | -HS- | M] () -- C:\windows\assembly\GAC_32\Desktop.ini
[2013/03/28 16:28:07 | 000,006,144 | -HS- | M] () -- C:\windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"" = C:\Users\Carnbarn\AppData\Local\Temp\spvxpvr\sffuexd\wow64.dll -- [2013/03/14 15:40:41 | 000,002,560 | -HS- | M] ()

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$595c496da99de0ec1411359079cdf9d2\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2013/03/15 10:51:04 | 000,000,000 | ---D | M] -- C:\Users\Carnbarn\AppData\Roaming\Ad-Aware Antivirus
[2012/11/11 10:13:59 | 000,000,000 | ---D | M] -- C:\Users\Carnbarn\AppData\Roaming\CVS
[2013/03/31 08:20:32 | 000,000,000 | ---D | M] -- C:\Users\Carnbarn\AppData\Roaming\ID Vault
[2012/02/29 21:16:07 | 000,000,000 | ---D | M] -- C:\Users\Carnbarn\AppData\Roaming\SmartDraw
[2012/08/21 14:39:48 | 000,000,000 | ---D | M] -- C:\Users\Carnbarn\AppData\Roaming\Spotify
[2012/07/13 14:51:38 | 000,000,000 | ---D | M] -- C:\Users\Carnbarn\AppData\Roaming\Tific
[2012/04/20 16:37:32 | 000,000,000 | ---D | M] -- C:\Users\Carnbarn\AppData\Roaming\WeatherBug

[color=#E56717]========== Purity Check ==========[/color]
to forum · permalink · 2013-03-31 12:20:13 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

reply to ChristiMC
Everything looks clean. Security Check shows both AdAware AV and Norton Security Suite as being installed bot OTL only shows browser extensions. I don't see any active Norton services.

Did you have Norton installed then replace it?

to forum · permalink · 2013-03-31 12:45:27 ·


ChristiMC

@comcast.net

I actually have Norton through my Comcast account (the Comcast Constant Guard)..but I can't open it (the Norton). I guess I know why now Do you have any preferences? Norton or AdAware AV?

to forum · permalink · 2013-03-31 13:00:53 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to ChristiMC
Norton, most definitely. If you have issues installing the Comcast Norton program, post in the Comcast Security AntiVirus support forum.

Note: Do not install the full Constant Guard Suite. It's still a potential headache and there is little to be gained over just Norton, in my opinion.

If you need help installing jsut Norton, drop me a PM here and I'll give you a link to the instructions on the Comcast forums.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2013-03-31 22:14:23 ·


ChristiMC

@comcast.net

reply to ChristiMC

Click for full size
Yikes....So, I came home from Easter dinner to my AdAware showing this...so, did these trojans just reappear?
to forum · permalink · 2013-03-31 23:17:36 ·


ChristiMC

@comcast.net

reply to LoPhatPhuud
Okay...will get Norton up and running...still wondering about the "trojans" found my AdAware before I saw your reply

to forum · permalink · 2013-03-31 23:17:42 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to ChristiMC
Make sure you remove AdAware completely before installing Norton. Use a removal tool, if they offer one.

No idea on the trojans. They could be false positives but we do know they system is clean.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2013-04-01 10:36:43 ·


ChristiMC

@comcast.net

Thank you SOOO much! I rarely have to come to you guys...but I always know you will fix any issues

to forum · permalink · 2013-04-01 19:08:50 ·
Forums > Broadband Tech > Security > Security Cleanup

Sunday, 07-Apr 19:59:31 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics