1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser redirected to other websites

Discussion in 'Virus & Other Malware Removal' started by lrs255, Jan 1, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. lrs255

    lrs255 Thread Starter

    Joined:
    Nov 3, 2004
    Messages:
    84
    I am having problems being redirecting when clicking on links to go to websites. I have ran every program I can find and nothing seems to help. I will be sent to livesearchnow or scour or various other sites. Sometiimes it will go to the site I choose but most times it goes to something totally unrelated. Please help!
     
  2. lrs255

    lrs255 Thread Starter

    Joined:
    Nov 3, 2004
    Messages:
    84
    bump
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    f you follow the advice in the sticky at the top of the forum, you get better help, without us having to repeat the instructions after you have been waiting & slow it down even more

    follow advice here and post the logs those programs make
     
  4. lrs255

    lrs255 Thread Starter

    Joined:
    Nov 3, 2004
    Messages:
    84
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:43:25 PM, on 1/5/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\QuickTime\qttask.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Renea\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://excite.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray
    O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Event Reminder.lnk = C:\Program Files (x86)\Broderbund\PrintMaster\PMremind.exe
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: AD Blocker Service (ADBlockerSrv) - Unknown owner - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13549 bytes


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.10.2
    Run by Renea at 13:55:35 on 2013-01-05
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6209 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\QuickTime\qttask.exe
    C:\Program Files (x86)\iPod\bin\iPodService.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://excite.com/
    uSearch Bar = Preserve
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun: [NWEReboot] <no file>
    StartupFolder: C:\Users\Renea\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTR~1.LNK - C:\Program Files (x86)\Broderbund\PrintMaster\PMremind.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{744FF1F7-EB1B-4EB6-AEF1-4C82B07E25D2} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{BC18763E-D778-41FA-8588-1E55C2F77A29} : DHCPNameServer = 75.75.75.75 75.75.76.76
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll
    x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff10.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff6.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff7.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff8.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff9.dll
    FF - component: C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko5.dll
    FF - component: C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko6.dll
    FF - component: C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\extensions\{548f6736-8fe4-4680-82f2-170d6c07e1d2}\components\FFExternalAlert.dll
    FF - component: C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\extensions\{548f6736-8fe4-4680-82f2-170d6c07e1d2}\components\RadioWMPCore.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Renea\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
    FF - plugin: C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\plugins\np-mswmp.dll
    FF - plugin: C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\extensions\{548f6736-8fe4-4680-82f2-170d6c07e1d2}\plugins\np-mswmp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
    R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-1-14 72240]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-1-14 15920]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-19 55280]
    R1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-12-30 19280]
    R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2012-12-30 18768]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-12 312160]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-4 377936]
    R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\dddskx64.sys [2010-5-15 26024]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 ADBlockerSrv;AD Blocker Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-12-30 279368]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-19 202752]
    R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2012-12-30 23376]
    R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-20 735592]
    R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2012-12-30 17232]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-19 13336]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-11 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-11 682344]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-31 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-31 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-31 168384]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-5-27 118864]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-19 56344]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-3-19 233984]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-3-19 320040]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-11 24176]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
    S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
    .
    =============== Created Last 30 ================
    .
    2012-12-31 19:55:10 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2012-12-31 19:55:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2012-12-30 18:13:57 -------- d-----w- C:\Users\Renea\AppData\Roaming\Anvisoft
    2012-12-30 18:13:34 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
    2012-12-30 18:13:34 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
    2012-12-30 18:13:34 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
    2012-12-30 18:13:32 -------- d-----w- C:\ProgramData\Anvisoft
    2012-12-30 18:13:31 -------- d-----w- C:\Program Files (x86)\Anvisoft
    2012-12-12 03:20:45 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-12 02:37:23 -------- d-----w- C:\Users\Renea\AppData\Roaming\SUPERAntiSpyware.com
    2012-12-12 02:37:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-12-12 02:37:20 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-12-12 00:56:39 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-12-12 00:56:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-12-12 00:40:52 -------- d-----w- C:\Users\Renea\AppData\Roaming\SpeedyPC Software
    2012-12-12 00:40:52 -------- d-----w- C:\Users\Renea\AppData\Roaming\DriverCure
    2012-12-12 00:40:45 -------- d-----w- C:\ProgramData\SpeedyPC Software
    2012-12-12 00:17:01 -------- d-----w- C:\Users\Renea\AppData\Roaming\Malwarebytes
    2012-12-12 00:16:53 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-12-12 00:16:52 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-12 00:16:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    .
    ==================== Find3M ====================
    .
    2012-11-24 15:03:57 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-11-24 15:03:57 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-11-12 09:47:46 312160 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2012-10-07 22:05:18 85384 ----a-w- C:\Windows\System32\drivers\ftser2k.sys
    2012-10-07 22:05:18 75016 ----a-w- C:\Windows\System32\drivers\ftdibus.sys
    2012-10-07 22:05:18 65416 ----a-w- C:\Windows\System32\ftcserco.dll
    2012-10-07 22:05:18 55176 ----a-w- C:\Windows\System32\ftserui2.dll
    2012-10-07 22:05:18 256392 ----a-w- C:\Windows\System32\ftd2xx.dll
    2012-10-07 22:05:18 218504 ----a-w- C:\Windows\SysWow64\ftd2xx.dll
    2012-10-07 22:05:18 214920 ----a-w- C:\Windows\System32\FTLang.dll
    2012-10-07 22:05:18 108936 ----a-w- C:\Windows\System32\ftbusui.dll
    .
    ============= FINISH: 13:56:15.33 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/12/2010 2:23:25 PM
    System Uptime: 1/4/2013 1:03:07 AM (36 hours ago)
    .
    Motherboard: Dell Inc. | | 0T568R
    Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | CPU 1 | 2660/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 922 GiB total, 872.096 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP192: 12/11/2012 9:21:12 PM - Removed Comcast Desktop Software (v1.2.1)
    RP193: 12/11/2012 10:19:25 PM - Installed Java 7 Update 10
    RP194: 12/19/2012 2:02:35 AM - Scheduled Checkpoint
    RP195: 12/26/2012 4:25:46 PM - Scheduled Checkpoint
    RP196: 12/31/2012 4:28:27 PM - Installed HiJackThis
    RP197: 1/5/2013 1:41:44 PM - Removed HiJackThis
    .
    ==== Installed Programs ======================
    .
    AD Blocker
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop 7.0
    Adobe Reader 9.4.5
    Adobe Shockwave Player 11.5
    Anvi Smart Defender 1.8
    ArcSoft MediaImpression for Kodak
    ATI Catalyst Control Center
    AVG 2011
    AVS Audio Converter version 6.2
    Bejeweled 2 Deluxe
    Canon CanoScan LiDE 210 User Registration
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 4.0
    Canon Solution Menu EX
    CanoScan LiDE 210 Scanner Driver
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compatibility Pack for the 2007 Office system
    ConvertHelper 2.2
    Coupon Printer for Windows
    Cricut (TM) Driver v2.01
    Cricut Craft Room®
    Debut Video Capture Software
    Dell Dock
    Dell Edoc Viewer
    Dell Support Center (Support Software)
    DirectXInstallService
    DVD43 Plug-in v1.0.0.5
    DVDFab 7.0.9.3 (08/08/2010)
    EMC 10 Content
    EMCGadgets64
    GoToAssist 8.0.0.514
    Intel(R) Control Center
    Intel(R) Rapid Storage Technology
    iPod for Windows 2006-03-23
    iTunes
    Java 7 Update 10
    Java Auto Updater
    Java(TM) 6 Update 17 (64-bit)
    Java(TM) 6 Update 31
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Web Publishing Wizard 1.52
    Move Media Player
    Mozilla Firefox 13.0 (x86 en-US)
    Mozilla Maintenance Service
    MP4 MP3 Converter v4.1 build 1289
    MSVCRT
    Multimedia Card Reader
    Nero 7 Essentials
    Nero Backup Drivers
    OJOsoft Audio Converter
    Picaboo Desktop
    PowerDVD DX
    PrintMaster
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy CD and DVD Burning
    Roxio Express Labeler 3
    Roxio File Backup
    Roxio Update Manager
    Shutterfly Express Uploader
    Skins
    Sonic CinePlayer Decoder Pack
    Spybot - Search & Destroy
    Super Collapse II
    SUPERAntiSpyware
    SureThing CD Labeler Deluxe 4
    VD64Inst
    VirtualLab Client 5.5.17
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.11
    Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24)
    Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    WinZip 16.5
    Youtube Music Recorder 2.4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/1/2013 3:45:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
    1/1/2013 3:45:30 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.
    1/1/2013 3:45:14 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    .
    ==== End Of File ===========================



    GMER 2.0.18327 - http://www.gmer.net
    Rootkit scan 2013-01-05 14:03:44
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.05.0 931.51GB
    Running: kkc1qz0q.exe; Driver: C:\Users\Renea\AppData\Local\Temp\uglorpow.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077111401 2 bytes [11, 77]
    .text C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077111419 2 bytes [11, 77]
    .text C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077111431 2 bytes [11, 77]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771114dd 2 bytes [11, 77]
    .text C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771114f5 2 bytes [11, 77]
    .text C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007711150d 2 bytes [11, 77]
    .text C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077111525 2 bytes [11, 77]
    .text C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007711153d 2 bytes [11, 77]
    .text C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077111555 2 bytes [11, 77]
    .text C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007711156d 2 bytes [11, 77]
    .text C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077111585 2 bytes [11, 77]
    .text C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007711159d 2 bytes [11, 77]
    .text C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771115b5 2 bytes [11, 77]
    .text C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771115cd 2 bytes [11, 77]
    .text C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771116b2 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075e38b9a 5 bytes JMP 0000000163e8801f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075e52a3e 5 bytes JMP 0000000163faedc0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075e52a62 5 bytes JMP 0000000163da4d5b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075e7cc1a 5 bytes JMP 0000000163faed5d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075e7cf72 5 bytes JMP 0000000163faee23
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075e8fd61 5 bytes JMP 0000000163faecf2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075e8fe2d 5 bytes JMP 0000000163faec87
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075e8fe66 5 bytes JMP 0000000163faec25
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075e8fe8a 5 bytes JMP 0000000163faebc3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076ab9474 5 bytes JMP 0000000163faf94d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077111401 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077111419 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077111431 2 bytes [11, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771114dd 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771114f5 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007711150d 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077111525 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007711153d 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077111555 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007711156d 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077111585 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007711159d 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771115b5 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771115cd 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771116b2 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll!PropertySheetW 00000000726e7c30 5 bytes JMP 0000000163fb030e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll!PropertySheet 0000000072787bb2 5 bytes JMP 0000000163fb03af
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7080] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000767e9a4c 5 bytes JMP 0000000163fafa7f
    ? C:\Windows\system32\mssprxy.dll [7080] entry point in ".rdata" section 000000006aef71e6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075e38b9a 5 bytes JMP 0000000163e8801f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075e42902 5 bytes JMP 0000000163ddd8f2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075e43f54 5 bytes JMP 0000000163ddc69b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075e44858 5 bytes JMP 0000000163d9d8a9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000075e495fa 5 bytes JMP 0000000163fafa48
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000075e4b1dd 5 bytes JMP 0000000163fafa11
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!EndDialog 0000000075e4c184 5 bytes JMP 0000000163da5c9d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075e506b3 5 bytes JMP 0000000163e346db
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000075e50a8f 5 bytes JMP 0000000163ddc720
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000075e52174 5 bytes JMP 0000000163da4438
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075e52a3e 5 bytes JMP 0000000163faedc0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075e52a62 5 bytes JMP 0000000163da4d5b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000075e57051 5 bytes JMP 0000000163faf27b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075e5711b 5 bytes JMP 0000000163faf9da
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075e5f006 5 bytes JMP 0000000163e79a6c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075e60efc 5 bytes JMP 0000000163e981d8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!SendInput 0000000075e6195e 5 bytes JMP 0000000163fb01a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000075e624db 5 bytes JMP 0000000163faf5e0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075e79c8d 5 bytes JMP 0000000163fb0200
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075e7cc1a 5 bytes JMP 0000000163faed5d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075e7cf72 5 bytes JMP 0000000163faee23
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075e8fd61 5 bytes JMP 0000000163faecf2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075e8fe2d 5 bytes JMP 0000000163faec87
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075e8fe66 5 bytes JMP 0000000163faec25
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075e8fe8a 5 bytes JMP 0000000163faebc3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075e9044f 5 bytes JMP 0000000163fb0533
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000768f5b88 5 bytes JMP 0000000163faf137
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769457fc 5 bytes JMP 0000000163e88b0d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076a53e59 5 bytes JMP 0000000163faf19f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076a53eae 5 bytes JMP 0000000163fafd19
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076a54731 5 bytes JMP 0000000163fafc7f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076a55dee 5 bytes JMP 0000000163fafcca
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076ab9474 5 bytes JMP 0000000163faf94d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077111401 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077111419 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077111431 2 bytes [11, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771114dd 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771114f5 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007711150d 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077111525 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007711153d 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077111555 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007711156d 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077111585 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007711159d 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771115b5 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771115cd 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771116b2 2 bytes [11, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll!PropertySheetW 00000000726e7c30 5 bytes JMP 0000000163fb030e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll!PropertySheet 0000000072787bb2 5 bytes JMP 0000000163fb03af
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000767e9a4c 5 bytes JMP 0000000163fafa7f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6920] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000767f40fc 5 bytes JMP 0000000163fafb19
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe[6992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077111401 2 bytes [11, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe[6992] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077111419 2 bytes [11, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe[6992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077111431 2 bytes [11, 77]
    .text ... * 9
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe[6992] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771114dd 2 bytes [11, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe[6992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771114f5 2 bytes [11, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe[6992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007711150d 2 bytes [11, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe[6992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077111525 2 bytes [11, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe[6992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007711153d 2 bytes [11, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe[6992] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077111555 2 bytes [11, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe[6992] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007711156d 2 bytes [11, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe[6992] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077111585 2 bytes [11, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe[6992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007711159d 2 bytes [11, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe[6992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771115b5 2 bytes [11, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe[6992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771115cd 2 bytes [11, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe[6992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771116b2 2 bytes [11, 77]

    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files\Dell\DellDock\DockLogin.exe [1360:1376] 0000000075c37587
    Thread C:\Program Files\Dell\DellDock\DockLogin.exe [1360:1780] 00000000771a1c7f
    Thread C:\Program Files\Dell\DellDock\DockLogin.exe [1360:6380] 00000000771a2c91
    Thread C:\Windows\System32\spoolsv.exe [1640:1904] 000007fef91710c8
    Thread C:\Windows\System32\spoolsv.exe [1640:1912] 000007fef9136144
    Thread C:\Windows\System32\spoolsv.exe [1640:1916] 000007fef8f25fd0
    Thread C:\Windows\System32\spoolsv.exe [1640:1920] 000007fef8f13438
    Thread C:\Windows\System32\spoolsv.exe [1640:1924] 000007fef8f263ec
    Thread C:\Windows\System32\spoolsv.exe [1640:1932] 000007fef9215e5c
    Thread C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [1448:2920] 000000006f530650
    Thread C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [1448:2924] 000000006f530650
    Thread C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [1448:2968] 000000006f3ca3d3
    Thread C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [1448:2556] 000000006f3674f8
    Thread C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [1448:2740] 000000006f37396f
    Thread C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [1448:2744] 000000006f2e1020
    Thread C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [1448:2700] 000000006f2e1020
    Thread C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [1448:2988] 000000006f0c8dd0
    Thread C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [1448:3048] 000000006f0c8dd0
    Thread C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [1448:3064] 000000006f0c8dd0
    Thread C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [1448:2712] 000000006f0c8dd0
    Thread C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [1448:3184] 000000006f05b8d0
    Thread C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [1448:3188] 000000006f05b8d0
    Thread C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [1448:3192] 000000006f05b8d0
    Thread C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2452:3716] 000000006eee32fb
    Thread C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2452:3820] 000000006ebdb7d6
    Thread C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [3880:3976] 000007fefa836204
    Thread C:\Windows\system32\WUDFHost.exe [3916:3988] 000007fef59824a0
    Thread C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [3100:4396] 000007fefa171ebc
    Thread C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [1012:4460] 000000006cdf783c
    Thread C:\Program Files\Dell\DellDock\DellDock.exe [3548:5704] 000007fefaa92a74
    Thread C:\Program Files\Dell\DellDock\DellDock.exe [3548:5912] 0000000180002800
    Thread C:\Program Files\Dell\DellDock\DellDock.exe [3548:5916] 000000018000d620
    Thread C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [3736:4804] 00000000716834bf
    Thread C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [3736:4808] 0000000071721e83
    Thread C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [3736:4848] 00000000654b1bf0
    Thread C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [3736:3532] 000000006eee32fb
    Thread C:\Program Files (x86)\AVG\AVG10\avgtray.exe [3460:4240] 000000006f3ca3d3
    Thread C:\Program Files (x86)\AVG\AVG10\avgtray.exe [3460:4244] 000000006f3674f8
    Thread C:\Program Files (x86)\AVG\AVG10\avgtray.exe [3460:4252] 000000006f37396f
    Thread C:\Program Files (x86)\AVG\AVG10\avgtray.exe [3460:4256] 000000006f2e1020
    Thread C:\Program Files (x86)\AVG\AVG10\avgtray.exe [3460:4260] 000000006f2e1020
    Thread C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac [3892:5876] 000000006eee32fb
    Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4100:3520] 000000006eee32fb
    Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4100:540] 0000000071d86f14
    Thread C:\Windows\system32\svchost.exe [4920:6020] 000007feeb065b84
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4624:5256] 000007fefaa92a74
    Thread C:\Windows\System32\svchost.exe [5136:3580] 000007fef7ff9874
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5392:5952] 000007fefaa92a74
    Thread C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [5576:4632] 000000006eee32fb
    Thread C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [5576:3488] 0000000073871c2f
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:3660] 00000000671fa680
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:6904] 00000000671ebc66
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:6768] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:5588] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:1456] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:5552] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:3588] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:6184] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:6108] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:548] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:1272] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:6420] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:7128] 00000000771a1c7f
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:600] 000000006d1d2f69
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:5508] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:196] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:564] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:2384] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:7056] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:6584] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:1192] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:3776] 00000000771a2c91
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:4956] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:6612] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:6552] 000000006eee32fb
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:6856] 0000000074d794d3
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:5900] 00000000721d2733
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:6964] 00000000771a17d9
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:7132] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:2948] 000000007312c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:4720] 0000000071d86f14
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:6152] 00000000771a2c91
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4368:6320] 00000000771a2c91
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6344:2940] 00000000671ebc66
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6344:6216] 000000006d1d2f69
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6344:2552] 000000006cdf783c
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6344:6848] 00000000771a1c7f
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6344:3872] 00000000771a17d9
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6344:5824] 00000000771a2c91
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6344:4496] 00000000771a2c91
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6568:7040] 00000000671ebc66
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6568:6232] 000000006d1d2f69
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6568:5520] 000000006391cb60
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6568:5444] 000000006391cb60
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6568:5828] 000000006391cb60
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6568:3328] 000000006391cb60
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6568:5872] 000000006391cb60
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6568:3684] 00000000771a17d9
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6568:3812] 00000000771a2c91
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6568:6776] 00000000771a2c91
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1640] 000007fef9220000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [1884] 00000000760f0000
    Library ? (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [1212] 000007fef68b0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [1448] 0000000076600000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2060] 00000000760f0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2188] 0000000076610000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2196] 0000000072230000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2452] 00000000760f0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2652] 00000000702e0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2844] 0000000072230000
    Library ? (*** suspicious ***) @ C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [3880] 000007fefa560000
    Library ? (*** suspicious ***) @ C:\Windows\system32\WUDFHost.exe [3916] 000007fefc440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [1012] 000000006d940000
    Library ? (*** suspicious ***) @ C:\Program Files\Dell\DellDock\DellDock.exe [3548] 000007fefbc60000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [3668] 0000000071d50000
    Library ? (*** suspicious ***) @ c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3724] 000007fef3030000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [3736] 00000000722c0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\iPod\bin\iPodService.exe [3444] 00000000760f0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG10\avgtray.exe [3460] 0000000074e50000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [4004] 0000000072c10000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac [3892] 00000000726a0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe [2432] 000000006cdb0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4100] 00000000722c0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe [4328] 00000000760f0000
    Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [4920] 000007fef4170000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4624] 000007fef31c0000
    Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [5136] 000007fefc900000
    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [5392] 000007fee9220000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [5576] 00000000721b0000

    ---- EOF - GMER 2.0 ----
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    next step

    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  6. lrs255

    lrs255 Thread Starter

    Joined:
    Nov 3, 2004
    Messages:
    84
    I ran TDSS Killer but it found no threats.. The log is below:



    11:27:19.0183 5044 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    11:27:19.0657 5044 ============================================================
    11:27:19.0657 5044 Current date / time: 2013/01/06 11:27:19.0657
    11:27:19.0657 5044 SystemInfo:
    11:27:19.0657 5044
    11:27:19.0657 5044 OS Version: 6.1.7600 ServicePack: 0.0
    11:27:19.0657 5044 Product type: Workstation
    11:27:19.0657 5044 ComputerName: RENEA-PC
    11:27:19.0658 5044 UserName: Renea
    11:27:19.0658 5044 Windows directory: C:\Windows
    11:27:19.0658 5044 System windows directory: C:\Windows
    11:27:19.0658 5044 Running under WOW64
    11:27:19.0658 5044 Processor architecture: Intel x64
    11:27:19.0658 5044 Number of processors: 8
    11:27:19.0658 5044 Page size: 0x1000
    11:27:19.0658 5044 Boot type: Normal boot
    11:27:19.0658 5044 ============================================================
    11:27:19.0993 5044 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:27:20.0017 5044 ============================================================
    11:27:20.0017 5044 \Device\Harddisk0\DR0:
    11:27:20.0017 5044 MBR partitions:
    11:27:20.0017 5044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x37000, BlocksNum 0x1339000
    11:27:20.0017 5044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1370000, BlocksNum 0x73396000
    11:27:20.0017 5044 ============================================================
    11:27:20.0036 5044 C: <-> \Device\Harddisk0\DR0\Partition2
    11:27:20.0036 5044 ============================================================
    11:27:20.0036 5044 Initialize success
    11:27:20.0036 5044 ============================================================
    11:27:22.0570 6536 ============================================================
    11:27:22.0570 6536 Scan started
    11:27:22.0570 6536 Mode: Manual;
    11:27:22.0570 6536 ============================================================
    11:27:22.0909 6536 ================ Scan system memory ========================
    11:27:22.0909 6536 System memory - ok
    11:27:22.0910 6536 ================ Scan services =============================
    11:27:22.0975 6536 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    11:27:22.0979 6536 !SASCORE - ok
    11:27:23.0096 6536 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    11:27:23.0100 6536 1394ohci - ok
    11:27:23.0159 6536 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    11:27:23.0162 6536 ACDaemon - ok
    11:27:23.0176 6536 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    11:27:23.0180 6536 ACPI - ok
    11:27:23.0202 6536 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    11:27:23.0206 6536 AcpiPmi - ok
    11:27:23.0289 6536 [ ED6D98E58406F2779C844943076EB4EE ] ADBlockerSrv C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
    11:27:23.0294 6536 ADBlockerSrv - ok
    11:27:23.0321 6536 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    11:27:23.0331 6536 adp94xx - ok
    11:27:23.0348 6536 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    11:27:23.0355 6536 adpahci - ok
    11:27:23.0374 6536 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    11:27:23.0379 6536 adpu320 - ok
    11:27:23.0403 6536 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    11:27:23.0404 6536 AeLookupSvc - ok
    11:27:23.0479 6536 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
    11:27:23.0481 6536 Afc - ok
    11:27:23.0502 6536 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
    11:27:23.0512 6536 AFD - ok
    11:27:23.0527 6536 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    11:27:23.0531 6536 agp440 - ok
    11:27:23.0542 6536 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    11:27:23.0545 6536 ALG - ok
    11:27:23.0563 6536 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    11:27:23.0566 6536 aliide - ok
    11:27:23.0591 6536 [ 0D3E12216D6F956F05B0B555D53D7ABB ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    11:27:23.0595 6536 AMD External Events Utility - ok
    11:27:23.0618 6536 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    11:27:23.0620 6536 amdide - ok
    11:27:23.0631 6536 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    11:27:23.0634 6536 AmdK8 - ok
    11:27:23.0648 6536 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    11:27:23.0652 6536 AmdPPM - ok
    11:27:23.0668 6536 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
    11:27:23.0672 6536 amdsata - ok
    11:27:23.0686 6536 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    11:27:23.0690 6536 amdsbs - ok
    11:27:23.0705 6536 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
    11:27:23.0706 6536 amdxata - ok
    11:27:23.0724 6536 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
    11:27:23.0727 6536 AppID - ok
    11:27:23.0752 6536 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    11:27:23.0754 6536 AppIDSvc - ok
    11:27:23.0768 6536 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
    11:27:23.0770 6536 Appinfo - ok
    11:27:23.0784 6536 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    11:27:23.0788 6536 arc - ok
    11:27:23.0803 6536 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    11:27:23.0807 6536 arcsas - ok
    11:27:23.0851 6536 [ 7F906B6F61531F3CB0B07622FE6FD70A ] asdnet C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys
    11:27:23.0853 6536 asdnet - ok
    11:27:23.0867 6536 [ 44837F1CB5BD166A7BD8869F9E86E907 ] asdrm C:\Windows\system32\DRIVERS\asdrm.sys
    11:27:23.0868 6536 asdrm - ok
    11:27:23.0885 6536 [ 88390FE440DCC3F10556AE41F4EDFCA1 ] asdrs C:\Windows\system32\DRIVERS\asdrs.sys
    11:27:23.0887 6536 asdrs - ok
    11:27:23.0913 6536 [ 568B0D8B88DACCF1F4D48E362C69BD62 ] asdsrv C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
    11:27:23.0921 6536 asdsrv - ok
    11:27:23.0940 6536 [ 2D6D1BCBE6B7D0688681CE71C4A4C828 ] asdws C:\Windows\system32\DRIVERS\asdws.sys
    11:27:23.0942 6536 asdws - ok
    11:27:23.0958 6536 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    11:27:23.0960 6536 AsyncMac - ok
    11:27:23.0981 6536 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    11:27:23.0983 6536 atapi - ok
    11:27:24.0014 6536 [ E0FABC10635C670BD7D89FD214A405D7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
    11:27:24.0027 6536 athr - ok
    11:27:24.0056 6536 [ 506934DF94E3197F4A1BBE8FBEAB0CCD ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
    11:27:24.0058 6536 AtiHdmiService - ok
    11:27:24.0166 6536 [ 79CEB8D4F25CABE69F3762C90F5B06B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    11:27:24.0284 6536 atikmdag - ok
    11:27:24.0320 6536 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    11:27:24.0330 6536 AudioEndpointBuilder - ok
    11:27:24.0343 6536 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
    11:27:24.0348 6536 AudioSrv - ok
    11:27:24.0533 6536 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    11:27:24.0561 6536 AVGIDSAgent - ok
    11:27:24.0591 6536 [ E6671E90D38C88764412E07C9D9B3D63 ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    11:27:24.0593 6536 AVGIDSDriver - ok
    11:27:24.0624 6536 [ 1553B388E0F0462C25AD8F30C3C29E83 ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    11:27:24.0625 6536 AVGIDSEH - ok
    11:27:24.0641 6536 [ DCA426A66739E75F51A72160DFB945AD ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    11:27:24.0642 6536 AVGIDSFilter - ok
    11:27:24.0662 6536 [ 5D9D7009EDA9338F286730390DBEB5B6 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    11:27:24.0671 6536 Avgldx64 - ok
    11:27:24.0686 6536 [ 997D002827D3E3DCBBB25BF46DB161AB ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    11:27:24.0687 6536 Avgmfx64 - ok
    11:27:24.0720 6536 [ BCCFE3374C887075CDE2AC8FDB1CB2F8 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    11:27:24.0720 6536 Avgrkx64 - ok
    11:27:24.0730 6536 [ 0D49ADCEBE243B79366EA523B647519A ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    11:27:24.0733 6536 Avgtdia - ok
    11:27:24.0759 6536 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    11:27:24.0762 6536 avgwd - ok
    11:27:24.0791 6536 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    11:27:24.0795 6536 AxInstSV - ok
    11:27:24.0825 6536 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    11:27:24.0832 6536 b06bdrv - ok
    11:27:24.0861 6536 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:27:24.0867 6536 b57nd60a - ok
    11:27:24.0887 6536 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    11:27:24.0891 6536 BDESVC - ok
    11:27:24.0908 6536 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    11:27:24.0910 6536 Beep - ok
    11:27:24.0948 6536 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
    11:27:24.0959 6536 BFE - ok
    11:27:24.0992 6536 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
    11:27:24.0999 6536 BITS - ok
    11:27:25.0020 6536 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    11:27:25.0023 6536 blbdrive - ok
    11:27:25.0035 6536 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    11:27:25.0037 6536 bowser - ok
    11:27:25.0051 6536 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:27:25.0053 6536 BrFiltLo - ok
    11:27:25.0061 6536 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:27:25.0064 6536 BrFiltUp - ok
    11:27:25.0087 6536 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
    11:27:25.0091 6536 Browser - ok
    11:27:25.0109 6536 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    11:27:25.0116 6536 Brserid - ok
    11:27:25.0125 6536 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    11:27:25.0128 6536 BrSerWdm - ok
    11:27:25.0141 6536 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:27:25.0144 6536 BrUsbMdm - ok
    11:27:25.0158 6536 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    11:27:25.0160 6536 BrUsbSer - ok
    11:27:25.0171 6536 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    11:27:25.0175 6536 BTHMODEM - ok
    11:27:25.0202 6536 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    11:27:25.0206 6536 bthserv - ok
    11:27:25.0218 6536 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    11:27:25.0221 6536 cdfs - ok
    11:27:25.0246 6536 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    11:27:25.0251 6536 cdrom - ok
    11:27:25.0263 6536 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
    11:27:25.0266 6536 CertPropSvc - ok
    11:27:25.0275 6536 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    11:27:25.0279 6536 circlass - ok
    11:27:25.0298 6536 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    11:27:25.0304 6536 CLFS - ok
    11:27:25.0346 6536 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:27:25.0349 6536 clr_optimization_v2.0.50727_32 - ok
    11:27:25.0375 6536 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    11:27:25.0378 6536 clr_optimization_v2.0.50727_64 - ok
    11:27:25.0424 6536 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:27:25.0428 6536 clr_optimization_v4.0.30319_32 - ok
    11:27:25.0461 6536 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    11:27:25.0465 6536 clr_optimization_v4.0.30319_64 - ok
    11:27:25.0494 6536 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    11:27:25.0498 6536 CmBatt - ok
    11:27:25.0509 6536 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    11:27:25.0512 6536 cmdide - ok
    11:27:25.0530 6536 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
    11:27:25.0537 6536 CNG - ok
    11:27:25.0561 6536 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    11:27:25.0564 6536 Compbatt - ok
    11:27:25.0583 6536 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    11:27:25.0585 6536 CompositeBus - ok
    11:27:25.0590 6536 COMSysApp - ok
    11:27:25.0606 6536 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    11:27:25.0608 6536 crcdisk - ok
    11:27:25.0630 6536 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    11:27:25.0634 6536 CryptSvc - ok
    11:27:25.0669 6536 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
    11:27:25.0678 6536 DcomLaunch - ok
    11:27:25.0702 6536 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    11:27:25.0708 6536 defragsvc - ok
    11:27:25.0725 6536 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    11:27:25.0727 6536 DfsC - ok
    11:27:25.0750 6536 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
    11:27:25.0757 6536 Dhcp - ok
    11:27:25.0770 6536 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    11:27:25.0772 6536 discache - ok
    11:27:25.0794 6536 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    11:27:25.0796 6536 Disk - ok
    11:27:25.0813 6536 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    11:27:25.0817 6536 Dnscache - ok
    11:27:25.0851 6536 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
    11:27:25.0855 6536 DockLoginService - ok
    11:27:25.0870 6536 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
    11:27:25.0876 6536 dot3svc - ok
    11:27:25.0883 6536 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
    11:27:25.0886 6536 DPS - ok
    11:27:25.0909 6536 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    11:27:25.0911 6536 drmkaud - ok
    11:27:25.0944 6536 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    11:27:25.0955 6536 DXGKrnl - ok
    11:27:25.0968 6536 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    11:27:25.0970 6536 EapHost - ok
    11:27:26.0041 6536 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    11:27:26.0110 6536 ebdrv - ok
    11:27:26.0134 6536 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
    11:27:26.0137 6536 EFS - ok
    11:27:26.0189 6536 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    11:27:26.0197 6536 ehRecvr - ok
    11:27:26.0212 6536 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    11:27:26.0216 6536 ehSched - ok
    11:27:26.0263 6536 [ 4778EEECB75C6FB419745BEED3530B9D ] ElRawDisk C:\Windows\system32\drivers\dddskx64.sys
    11:27:26.0266 6536 ElRawDisk - ok
    11:27:26.0285 6536 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    11:27:26.0295 6536 elxstor - ok
    11:27:26.0312 6536 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    11:27:26.0315 6536 ErrDev - ok
    11:27:26.0338 6536 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    11:27:26.0344 6536 EventSystem - ok
    11:27:26.0361 6536 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    11:27:26.0364 6536 exfat - ok
    11:27:26.0379 6536 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    11:27:26.0382 6536 fastfat - ok
    11:27:26.0398 6536 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
    11:27:26.0405 6536 Fax - ok
    11:27:26.0411 6536 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    11:27:26.0414 6536 fdc - ok
    11:27:26.0425 6536 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    11:27:26.0427 6536 fdPHost - ok
    11:27:26.0449 6536 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    11:27:26.0452 6536 FDResPub - ok
    11:27:26.0471 6536 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    11:27:26.0473 6536 FileInfo - ok
    11:27:26.0486 6536 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    11:27:26.0488 6536 Filetrace - ok
    11:27:26.0504 6536 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    11:27:26.0507 6536 flpydisk - ok
    11:27:26.0525 6536 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    11:27:26.0529 6536 FltMgr - ok
    11:27:26.0558 6536 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
    11:27:26.0576 6536 FontCache - ok
    11:27:26.0610 6536 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    11:27:26.0613 6536 FontCache3.0.0.0 - ok
    11:27:26.0628 6536 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    11:27:26.0631 6536 FsDepends - ok
    11:27:26.0639 6536 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    11:27:26.0641 6536 Fs_Rec - ok
    11:27:26.0673 6536 [ 35FD2BB5131714E657B7AB3A78642854 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
    11:27:26.0677 6536 FTDIBUS - ok
    11:27:26.0706 6536 [ 196C9BDDBEF9B6D0973F398BEF5B2EEE ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
    11:27:26.0709 6536 FTSER2K - ok
    11:27:26.0726 6536 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    11:27:26.0730 6536 fvevol - ok
    11:27:26.0745 6536 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:27:26.0748 6536 gagp30kx - ok
    11:27:26.0771 6536 GEARAspiWDM - ok
    11:27:26.0813 6536 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    11:27:26.0815 6536 GoToAssist - ok
    11:27:26.0848 6536 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
    11:27:26.0855 6536 gpsvc - ok
    11:27:26.0870 6536 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    11:27:26.0874 6536 hcw85cir - ok
    11:27:26.0888 6536 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    11:27:26.0891 6536 HDAudBus - ok
    11:27:26.0907 6536 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    11:27:26.0910 6536 HECIx64 - ok
    11:27:26.0921 6536 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    11:27:26.0924 6536 HidBatt - ok
    11:27:26.0938 6536 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    11:27:26.0942 6536 HidBth - ok
    11:27:26.0958 6536 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    11:27:26.0961 6536 HidIr - ok
    11:27:26.0976 6536 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    11:27:26.0979 6536 hidserv - ok
    11:27:27.0007 6536 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    11:27:27.0009 6536 HidUsb - ok
    11:27:27.0033 6536 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
    11:27:27.0037 6536 hkmsvc - ok
    11:27:27.0065 6536 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    11:27:27.0071 6536 HomeGroupListener - ok
    11:27:27.0095 6536 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    11:27:27.0101 6536 HomeGroupProvider - ok
    11:27:27.0116 6536 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    11:27:27.0119 6536 HpSAMD - ok
    11:27:27.0153 6536 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    11:27:27.0165 6536 HTTP - ok
    11:27:27.0174 6536 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    11:27:27.0175 6536 hwpolicy - ok
    11:27:27.0191 6536 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    11:27:27.0195 6536 i8042prt - ok
    11:27:27.0217 6536 [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    11:27:27.0222 6536 iaStor - ok
    11:27:27.0257 6536 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    11:27:27.0259 6536 IAStorDataMgrSvc - ok
    11:27:27.0286 6536 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
    11:27:27.0294 6536 iaStorV - ok
    11:27:27.0350 6536 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    11:27:27.0353 6536 IDriverT - ok
    11:27:27.0401 6536 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    11:27:27.0411 6536 idsvc - ok
    11:27:27.0427 6536 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    11:27:27.0430 6536 iirsp - ok
    11:27:27.0479 6536 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    11:27:27.0481 6536 IJPLMSVC - ok
    11:27:27.0514 6536 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
    11:27:27.0528 6536 IKEEXT - ok
    11:27:27.0591 6536 [ EE64207F2F5C20BFE5F73DB2566C4601 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    11:27:27.0616 6536 IntcAzAudAddService - ok
    11:27:27.0640 6536 [ 49072EDBC5C2F964917D1B585C90ED0A ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    11:27:27.0644 6536 IntcDAud - ok
    11:27:27.0663 6536 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    11:27:27.0665 6536 intelide - ok
    11:27:27.0677 6536 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    11:27:27.0680 6536 intelppm - ok
    11:27:27.0695 6536 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    11:27:27.0699 6536 IPBusEnum - ok
    11:27:27.0728 6536 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:27:27.0732 6536 IpFilterDriver - ok
    11:27:27.0764 6536 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    11:27:27.0773 6536 iphlpsvc - ok
    11:27:27.0792 6536 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    11:27:27.0796 6536 IPMIDRV - ok
    11:27:27.0811 6536 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    11:27:27.0815 6536 IPNAT - ok
    11:27:27.0852 6536 [ 962BC769D1008D83F6A00B9DE887EEF4 ] iPodService C:\Program Files (x86)\iPod\bin\iPodService.exe
    11:27:27.0857 6536 iPodService - ok
    11:27:27.0872 6536 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    11:27:27.0874 6536 IRENUM - ok
    11:27:27.0886 6536 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    11:27:27.0889 6536 isapnp - ok
    11:27:27.0909 6536 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    11:27:27.0914 6536 iScsiPrt - ok
    11:27:27.0932 6536 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
    11:27:27.0937 6536 k57nd60a - ok
    11:27:27.0950 6536 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    11:27:27.0953 6536 kbdclass - ok
    11:27:27.0964 6536 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    11:27:27.0967 6536 kbdhid - ok
    11:27:27.0984 6536 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
    11:27:27.0986 6536 KeyIso - ok
    11:27:28.0000 6536 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    11:27:28.0002 6536 KSecDD - ok
    11:27:28.0013 6536 [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    11:27:28.0016 6536 KSecPkg - ok
    11:27:28.0026 6536 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    11:27:28.0029 6536 ksthunk - ok
    11:27:28.0055 6536 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    11:27:28.0064 6536 KtmRm - ok
    11:27:28.0098 6536 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\system32\srvsvc.dll
    11:27:28.0104 6536 LanmanServer - ok
    11:27:28.0115 6536 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    11:27:28.0120 6536 LanmanWorkstation - ok
    11:27:28.0145 6536 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    11:27:28.0148 6536 lltdio - ok
    11:27:28.0168 6536 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    11:27:28.0176 6536 lltdsvc - ok
    11:27:28.0197 6536 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    11:27:28.0200 6536 lmhosts - ok
    11:27:28.0223 6536 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:27:28.0227 6536 LSI_FC - ok
    11:27:28.0238 6536 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:27:28.0242 6536 LSI_SAS - ok
    11:27:28.0251 6536 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:27:28.0255 6536 LSI_SAS2 - ok
    11:27:28.0269 6536 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:27:28.0274 6536 LSI_SCSI - ok
    11:27:28.0280 6536 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    11:27:28.0282 6536 luafv - ok
    11:27:28.0315 6536 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    11:27:28.0316 6536 MBAMProtector - ok
    11:27:28.0368 6536 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    11:27:28.0373 6536 MBAMScheduler - ok
    11:27:28.0393 6536 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    11:27:28.0401 6536 MBAMService - ok
    11:27:28.0426 6536 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    11:27:28.0431 6536 Mcx2Svc - ok
    11:27:28.0447 6536 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    11:27:28.0450 6536 megasas - ok
    11:27:28.0467 6536 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    11:27:28.0473 6536 MegaSR - ok
    11:27:28.0508 6536 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    11:27:28.0511 6536 MMCSS - ok
    11:27:28.0522 6536 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    11:27:28.0525 6536 Modem - ok
    11:27:28.0546 6536 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    11:27:28.0549 6536 monitor - ok
    11:27:28.0559 6536 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    11:27:28.0561 6536 mouclass - ok
    11:27:28.0581 6536 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    11:27:28.0583 6536 mouhid - ok
    11:27:28.0592 6536 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    11:27:28.0593 6536 mountmgr - ok
    11:27:28.0634 6536 [ 6380FF81DD4D78B23398752D2F46EA43 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    11:27:28.0637 6536 MozillaMaintenance - ok
    11:27:28.0650 6536 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    11:27:28.0654 6536 mpio - ok
    11:27:28.0671 6536 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    11:27:28.0674 6536 mpsdrv - ok
    11:27:28.0704 6536 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
    11:27:28.0716 6536 MpsSvc - ok
    11:27:28.0733 6536 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    11:27:28.0736 6536 MRxDAV - ok
    11:27:28.0753 6536 [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:27:28.0755 6536 mrxsmb - ok
    11:27:28.0770 6536 [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:27:28.0774 6536 mrxsmb10 - ok
    11:27:28.0790 6536 [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:27:28.0793 6536 mrxsmb20 - ok
    11:27:28.0808 6536 [ BCCF16D5FB1109162380E3E28DC9E4E5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    11:27:28.0820 6536 msahci - ok
    11:27:28.0838 6536 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    11:27:28.0843 6536 msdsm - ok
    11:27:28.0858 6536 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    11:27:28.0862 6536 MSDTC - ok
    11:27:28.0880 6536 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    11:27:28.0881 6536 Msfs - ok
    11:27:28.0903 6536 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    11:27:28.0905 6536 mshidkmdf - ok
    11:27:28.0928 6536 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    11:27:28.0929 6536 msisadrv - ok
    11:27:28.0947 6536 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    11:27:28.0952 6536 MSiSCSI - ok
    11:27:28.0957 6536 msiserver - ok
    11:27:28.0981 6536 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    11:27:28.0983 6536 MSKSSRV - ok
    11:27:28.0988 6536 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    11:27:28.0990 6536 MSPCLOCK - ok
    11:27:29.0003 6536 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    11:27:29.0006 6536 MSPQM - ok
    11:27:29.0021 6536 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    11:27:29.0026 6536 MsRPC - ok
    11:27:29.0041 6536 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    11:27:29.0043 6536 mssmbios - ok
    11:27:29.0053 6536 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    11:27:29.0055 6536 MSTEE - ok
    11:27:29.0067 6536 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    11:27:29.0070 6536 MTConfig - ok
    11:27:29.0085 6536 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    11:27:29.0086 6536 Mup - ok
    11:27:29.0109 6536 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
    11:27:29.0117 6536 napagent - ok
    11:27:29.0141 6536 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    11:27:29.0147 6536 NativeWifiP - ok
    11:27:29.0172 6536 [ DACA803A8D732FE5EEAA024EC342F81D ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys
    11:27:29.0173 6536 NBVol - ok
    11:27:29.0202 6536 [ 6208F622E9E35860DFB0753DFF56F0C0 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys
    11:27:29.0203 6536 NBVolUp - ok
    11:27:29.0237 6536 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
    11:27:29.0250 6536 NDIS - ok
    11:27:29.0263 6536 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    11:27:29.0265 6536 NdisCap - ok
    11:27:29.0283 6536 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    11:27:29.0285 6536 NdisTapi - ok
    11:27:29.0302 6536 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    11:27:29.0305 6536 Ndisuio - ok
    11:27:29.0323 6536 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    11:27:29.0328 6536 NdisWan - ok
    11:27:29.0337 6536 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    11:27:29.0340 6536 NDProxy - ok
    11:27:29.0351 6536 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    11:27:29.0352 6536 NetBIOS - ok
    11:27:29.0367 6536 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    11:27:29.0372 6536 NetBT - ok
    11:27:29.0384 6536 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
    11:27:29.0386 6536 Netlogon - ok
    11:27:29.0414 6536 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    11:27:29.0422 6536 Netman - ok
    11:27:29.0434 6536 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    11:27:29.0440 6536 netprofm - ok
    11:27:29.0460 6536 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    11:27:29.0462 6536 NetTcpPortSharing - ok
    11:27:29.0472 6536 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    11:27:29.0475 6536 nfrd960 - ok
    11:27:29.0500 6536 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
    11:27:29.0507 6536 NlaSvc - ok
    11:27:29.0520 6536 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    11:27:29.0521 6536 Npfs - ok
    11:27:29.0539 6536 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    11:27:29.0543 6536 nsi - ok
    11:27:29.0553 6536 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    11:27:29.0555 6536 nsiproxy - ok
    11:27:29.0603 6536 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    11:27:29.0634 6536 Ntfs - ok
    11:27:29.0652 6536 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    11:27:29.0654 6536 Null - ok
    11:27:29.0674 6536 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
    11:27:29.0677 6536 nvraid - ok
    11:27:29.0687 6536 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
    11:27:29.0691 6536 nvstor - ok
    11:27:29.0717 6536 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
    11:27:29.0721 6536 nv_agp - ok
    11:27:29.0789 6536 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    11:27:29.0794 6536 odserv - ok
    11:27:29.0805 6536 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    11:27:29.0808 6536 ohci1394 - ok
    11:27:29.0836 6536 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:27:29.0839 6536 ose - ok
    11:27:29.0861 6536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    11:27:29.0868 6536 p2pimsvc - ok
    11:27:29.0889 6536 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    11:27:29.0898 6536 p2psvc - ok
    11:27:29.0913 6536 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    11:27:29.0917 6536 Parport - ok
    11:27:29.0933 6536 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    11:27:29.0935 6536 partmgr - ok
    11:27:29.0946 6536 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    11:27:29.0952 6536 PcaSvc - ok
    11:27:29.0962 6536 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
    11:27:29.0965 6536 pci - ok
    11:27:29.0983 6536 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    11:27:29.0985 6536 pciide - ok
    11:27:30.0000 6536 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    11:27:30.0004 6536 pcmcia - ok
    11:27:30.0036 6536 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
    11:27:30.0040 6536 pcouffin - ok
    11:27:30.0051 6536 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    11:27:30.0052 6536 pcw - ok
    11:27:30.0075 6536 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    11:27:30.0082 6536 PEAUTH - ok
    11:27:30.0158 6536 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    11:27:30.0162 6536 PerfHost - ok
    11:27:30.0202 6536 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
    11:27:30.0215 6536 pla - ok
    11:27:30.0242 6536 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    11:27:30.0247 6536 PlugPlay - ok
    11:27:30.0258 6536 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    11:27:30.0262 6536 PNRPAutoReg - ok
    11:27:30.0277 6536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    11:27:30.0282 6536 PNRPsvc - ok
    11:27:30.0313 6536 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    11:27:30.0323 6536 PolicyAgent - ok
    11:27:30.0353 6536 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    11:27:30.0359 6536 Power - ok
    11:27:30.0378 6536 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    11:27:30.0382 6536 PptpMiniport - ok
    11:27:30.0395 6536 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    11:27:30.0399 6536 Processor - ok
    11:27:30.0411 6536 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
    11:27:30.0417 6536 ProfSvc - ok
    11:27:30.0426 6536 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
    11:27:30.0428 6536 ProtectedStorage - ok
    11:27:30.0447 6536 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    11:27:30.0449 6536 Psched - ok
    11:27:30.0479 6536 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    11:27:30.0480 6536 PxHlpa64 - ok
    11:27:30.0530 6536 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    11:27:30.0554 6536 ql2300 - ok
    11:27:30.0565 6536 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    11:27:30.0567 6536 ql40xx - ok
    11:27:30.0583 6536 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    11:27:30.0587 6536 QWAVE - ok
    11:27:30.0596 6536 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    11:27:30.0598 6536 QWAVEdrv - ok
    11:27:30.0611 6536 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    11:27:30.0613 6536 RasAcd - ok
    11:27:30.0625 6536 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:27:30.0627 6536 RasAgileVpn - ok
    11:27:30.0638 6536 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    11:27:30.0641 6536 RasAuto - ok
    11:27:30.0656 6536 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:27:30.0660 6536 Rasl2tp - ok
    11:27:30.0676 6536 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
    11:27:30.0684 6536 RasMan - ok
    11:27:30.0700 6536 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    11:27:30.0703 6536 RasPppoe - ok
    11:27:30.0716 6536 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    11:27:30.0719 6536 RasSstp - ok
    11:27:30.0741 6536 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    11:27:30.0745 6536 rdbss - ok
    11:27:30.0757 6536 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    11:27:30.0760 6536 rdpbus - ok
    11:27:30.0782 6536 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:27:30.0785 6536 RDPCDD - ok
    11:27:30.0797 6536 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    11:27:30.0800 6536 RDPENCDD - ok
    11:27:30.0814 6536 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    11:27:30.0816 6536 RDPREFMP - ok
    11:27:30.0836 6536 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    11:27:30.0842 6536 RDPWD - ok
    11:27:30.0855 6536 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    11:27:30.0859 6536 rdyboost - ok
    11:27:30.0875 6536 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    11:27:30.0880 6536 RemoteAccess - ok
    11:27:30.0897 6536 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    11:27:30.0902 6536 RemoteRegistry - ok
    11:27:30.0928 6536 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    11:27:30.0931 6536 RimVSerPort - ok
    11:27:30.0947 6536 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
    11:27:30.0950 6536 ROOTMODEM - ok
    11:27:31.0039 6536 [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    11:27:31.0051 6536 RoxMediaDB10 - ok
    11:27:31.0065 6536 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    11:27:31.0067 6536 RpcEptMapper - ok
    11:27:31.0086 6536 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    11:27:31.0089 6536 RpcLocator - ok
    11:27:31.0109 6536 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
    11:27:31.0116 6536 RpcSs - ok
    11:27:31.0131 6536 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    11:27:31.0133 6536 rspndr - ok
    11:27:31.0135 6536 RxFilter - ok
    11:27:31.0151 6536 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
    11:27:31.0153 6536 SamSs - ok
    11:27:31.0216 6536 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    11:27:31.0234 6536 SASDIFSV - ok
    11:27:31.0256 6536 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    11:27:31.0269 6536 SASKUTIL - ok
    11:27:31.0287 6536 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    11:27:31.0291 6536 sbp2port - ok
    11:27:31.0303 6536 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    11:27:31.0309 6536 SCardSvr - ok
    11:27:31.0319 6536 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    11:27:31.0321 6536 scfilter - ok
    11:27:31.0349 6536 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
    11:27:31.0360 6536 Schedule - ok
    11:27:31.0391 6536 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
    11:27:31.0393 6536 SCPolicySvc - ok
    11:27:31.0404 6536 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    11:27:31.0410 6536 SDRSVC - ok
    11:27:31.0477 6536 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    11:27:31.0488 6536 SDScannerService - ok
    11:27:31.0542 6536 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    11:27:31.0556 6536 SDUpdateService - ok
    11:27:31.0594 6536 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    11:27:31.0595 6536 SDWSCService - ok
    11:27:31.0647 6536 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    11:27:31.0655 6536 SeaPort - ok
    11:27:31.0673 6536 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    11:27:31.0676 6536 secdrv - ok
    11:27:31.0687 6536 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
    11:27:31.0691 6536 seclogon - ok
    11:27:31.0702 6536 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    11:27:31.0705 6536 SENS - ok
    11:27:31.0719 6536 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    11:27:31.0723 6536 SensrSvc - ok
    11:27:31.0741 6536 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    11:27:31.0743 6536 Serenum - ok
    11:27:31.0755 6536 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    11:27:31.0759 6536 Serial - ok
    11:27:31.0780 6536 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    11:27:31.0783 6536 sermouse - ok
    11:27:31.0803 6536 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
    11:27:31.0808 6536 SessionEnv - ok
    11:27:31.0820 6536 SessionLauncher - ok
    11:27:31.0832 6536 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    11:27:31.0835 6536 sffdisk - ok
    11:27:31.0847 6536 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
    11:27:31.0849 6536 sffp_mmc - ok
    11:27:31.0860 6536 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    11:27:31.0862 6536 sffp_sd - ok
    11:27:31.0870 6536 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    11:27:31.0873 6536 sfloppy - ok
    11:27:31.0889 6536 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    11:27:31.0897 6536 SharedAccess - ok
    11:27:31.0927 6536 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    11:27:31.0936 6536 ShellHWDetection - ok
    11:27:31.0963 6536 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:27:31.0966 6536 SiSRaid2 - ok
    11:27:31.0979 6536 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    11:27:31.0983 6536 SiSRaid4 - ok
    11:27:32.0004 6536 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    11:27:32.0007 6536 Smb - ok
    11:27:32.0029 6536 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    11:27:32.0033 6536 SNMPTRAP - ok
    11:27:32.0039 6536 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    11:27:32.0040 6536 spldr - ok
    11:27:32.0056 6536 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
    11:27:32.0063 6536 Spooler - ok
    11:27:32.0139 6536 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
    11:27:32.0154 6536 sppsvc - ok
    11:27:32.0183 6536 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    11:27:32.0185 6536 sppuinotify - ok
    11:27:32.0239 6536 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    11:27:32.0242 6536 sprtsvc_DellSupportCenter - ok
    11:27:32.0261 6536 [ EC8F67289105BF270498095F14963464 ] srv C:\Windows\system32\DRIVERS\srv.sys
    11:27:32.0266 6536 srv - ok
    11:27:32.0308 6536 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    11:27:32.0313 6536 srv2 - ok
    11:27:32.0350 6536 [ 26E84D3649019C3244622E654DFCD75B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    11:27:32.0353 6536 srvnet - ok
    11:27:32.0370 6536 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    11:27:32.0376 6536 SSDPSRV - ok
    11:27:32.0388 6536 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    11:27:32.0392 6536 SstpSvc - ok
    11:27:32.0399 6536 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    11:27:32.0402 6536 stexstor - ok
    11:27:32.0426 6536 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
    11:27:32.0438 6536 stisvc - ok
    11:27:32.0490 6536 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    11:27:32.0493 6536 stllssvr - ok
    11:27:32.0503 6536 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    11:27:32.0505 6536 swenum - ok
    11:27:32.0525 6536 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    11:27:32.0535 6536 swprv - ok
    11:27:32.0574 6536 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
    11:27:32.0608 6536 SysMain - ok
    11:27:32.0623 6536 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
    11:27:32.0627 6536 TabletInputService - ok
    11:27:32.0643 6536 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
    11:27:32.0649 6536 TapiSrv - ok
    11:27:32.0661 6536 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    11:27:32.0665 6536 TBS - ok
    11:27:32.0702 6536 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    11:27:32.0713 6536 Tcpip - ok
    11:27:32.0764 6536 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    11:27:32.0774 6536 TCPIP6 - ok
    11:27:32.0781 6536 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    11:27:32.0783 6536 tcpipreg - ok
    11:27:32.0792 6536 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    11:27:32.0794 6536 TDPIPE - ok
    11:27:32.0803 6536 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    11:27:32.0805 6536 TDTCP - ok
    11:27:32.0811 6536 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    11:27:32.0814 6536 tdx - ok
    11:27:32.0830 6536 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    11:27:32.0832 6536 TermDD - ok
    11:27:32.0851 6536 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
    11:27:32.0861 6536 TermService - ok
    11:27:32.0864 6536 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    11:27:32.0866 6536 Themes - ok
    11:27:32.0874 6536 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    11:27:32.0875 6536 THREADORDER - ok
    11:27:32.0885 6536 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    11:27:32.0887 6536 TrkWks - ok
    11:27:32.0917 6536 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    11:27:32.0920 6536 TrustedInstaller - ok
    11:27:32.0932 6536 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:27:32.0935 6536 tssecsrv - ok
    11:27:32.0956 6536 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    11:27:32.0960 6536 tunnel - ok
    11:27:32.0972 6536 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    11:27:32.0975 6536 uagp35 - ok
    11:27:33.0002 6536 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    11:27:33.0007 6536 udfs - ok
    11:27:33.0025 6536 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    11:27:33.0029 6536 UI0Detect - ok
    11:27:33.0047 6536 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
    11:27:33.0051 6536 uliagpkx - ok
    11:27:33.0061 6536 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    11:27:33.0064 6536 umbus - ok
    11:27:33.0075 6536 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    11:27:33.0078 6536 UmPass - ok
    11:27:33.0092 6536 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    11:27:33.0100 6536 upnphost - ok
    11:27:33.0111 6536 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    11:27:33.0114 6536 usbccgp - ok
    11:27:33.0130 6536 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    11:27:33.0134 6536 usbcir - ok
    11:27:33.0148 6536 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    11:27:33.0151 6536 usbehci - ok
    11:27:33.0171 6536 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    11:27:33.0177 6536 usbhub - ok
    11:27:33.0190 6536 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    11:27:33.0193 6536 usbohci - ok
    11:27:33.0210 6536 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    11:27:33.0211 6536 usbprint - ok
    11:27:33.0228 6536 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    11:27:33.0230 6536 usbscan - ok
    11:27:33.0246 6536 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:27:33.0249 6536 USBSTOR - ok
    11:27:33.0259 6536 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    11:27:33.0262 6536 usbuhci - ok
    11:27:33.0281 6536 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    11:27:33.0283 6536 UxSms - ok
    11:27:33.0292 6536 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
    11:27:33.0293 6536 VaultSvc - ok
    11:27:33.0310 6536 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
    11:27:33.0311 6536 vdrvroot - ok
    11:27:33.0323 6536 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
    11:27:33.0327 6536 vds - ok
    11:27:33.0338 6536 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    11:27:33.0340 6536 vga - ok
    11:27:33.0360 6536 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    11:27:33.0363 6536 VgaSave - ok
    11:27:33.0375 6536 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
    11:27:33.0381 6536 vhdmp - ok
    11:27:33.0395 6536 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
    11:27:33.0398 6536 viaide - ok
    11:27:33.0419 6536 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
    11:27:33.0421 6536 volmgr - ok
    11:27:33.0435 6536 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    11:27:33.0440 6536 volmgrx - ok
    11:27:33.0469 6536 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
    11:27:33.0473 6536 volsnap - ok
    11:27:33.0488 6536 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    11:27:33.0492 6536 vsmraid - ok
    11:27:33.0531 6536 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
    11:27:33.0549 6536 VSS - ok
    11:27:33.0567 6536 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    11:27:33.0569 6536 vwifibus - ok
    11:27:33.0574 6536 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    11:27:33.0577 6536 vwififlt - ok
    11:27:33.0605 6536 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    11:27:33.0611 6536 W32Time - ok
    11:27:33.0626 6536 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    11:27:33.0629 6536 WacomPen - ok
    11:27:33.0646 6536 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    11:27:33.0650 6536 WANARP - ok
    11:27:33.0653 6536 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    11:27:33.0654 6536 Wanarpv6 - ok
    11:27:33.0690 6536 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
    11:27:33.0701 6536 wbengine - ok
    11:27:33.0711 6536 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    11:27:33.0715 6536 WbioSrvc - ok
    11:27:33.0724 6536 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    11:27:33.0729 6536 wcncsvc - ok
    11:27:33.0737 6536 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    11:27:33.0739 6536 WcsPlugInService - ok
    11:27:33.0752 6536 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    11:27:33.0754 6536 Wd - ok
    11:27:33.0769 6536 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    11:27:33.0774 6536 Wdf01000 - ok
    11:27:33.0780 6536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    11:27:33.0782 6536 WdiServiceHost - ok
    11:27:33.0785 6536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    11:27:33.0787 6536 WdiSystemHost - ok
    11:27:33.0801 6536 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
    11:27:33.0805 6536 WebClient - ok
    11:27:33.0828 6536 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    11:27:33.0835 6536 Wecsvc - ok
    11:27:33.0845 6536 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    11:27:33.0850 6536 wercplsupport - ok
    11:27:33.0856 6536 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    11:27:33.0860 6536 WerSvc - ok
    11:27:33.0867 6536 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    11:27:33.0870 6536 WfpLwf - ok
    11:27:33.0881 6536 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    11:27:33.0883 6536 WIMMount - ok
    11:27:33.0901 6536 WinDefend - ok
    11:27:33.0905 6536 WinHttpAutoProxySvc - ok
    11:27:33.0945 6536 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    11:27:33.0951 6536 Winmgmt - ok
    11:27:33.0997 6536 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
    11:27:34.0030 6536 WinRM - ok
    11:27:34.0076 6536 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    11:27:34.0079 6536 WinUsb - ok
    11:27:34.0108 6536 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    11:27:34.0122 6536 Wlansvc - ok
    11:27:34.0134 6536 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    11:27:34.0137 6536 WmiAcpi - ok
    11:27:34.0152 6536 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    11:27:34.0154 6536 wmiApSrv - ok
    11:27:34.0156 6536 WMPNetworkSvc - ok
    11:27:34.0171 6536 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    11:27:34.0174 6536 WPCSvc - ok
    11:27:34.0188 6536 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    11:27:34.0192 6536 WPDBusEnum - ok
    11:27:34.0204 6536 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    11:27:34.0207 6536 ws2ifsl - ok
    11:27:34.0219 6536 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    11:27:34.0225 6536 wscsvc - ok
    11:27:34.0230 6536 WSearch - ok
    11:27:34.0276 6536 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
    11:27:34.0324 6536 wuauserv - ok
    11:27:34.0334 6536 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    11:27:34.0336 6536 WudfPf - ok
    11:27:34.0359 6536 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:27:34.0363 6536 WUDFRd - ok
    11:27:34.0379 6536 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    11:27:34.0385 6536 wudfsvc - ok
    11:27:34.0396 6536 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    11:27:34.0402 6536 WwanSvc - ok
    11:27:34.0413 6536 ================ Scan global ===============================
    11:27:34.0424 6536 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    11:27:34.0436 6536 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
    11:27:34.0443 6536 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
    11:27:34.0450 6536 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    11:27:34.0465 6536 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    11:27:34.0468 6536 [Global] - ok
    11:27:34.0469 6536 ================ Scan MBR ==================================
    11:27:34.0476 6536 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    11:27:34.0679 6536 \Device\Harddisk0\DR0 - ok
    11:27:34.0679 6536 ================ Scan VBR ==================================
    11:27:34.0682 6536 [ 6140802688F31B587BAFCF108CF38B6C ] \Device\Harddisk0\DR0\Partition1
    11:27:34.0684 6536 \Device\Harddisk0\DR0\Partition1 - ok
    11:27:34.0695 6536 [ 5F722C06B0E4EF94B062E2016866EF2D ] \Device\Harddisk0\DR0\Partition2
    11:27:34.0698 6536 \Device\Harddisk0\DR0\Partition2 - ok
    11:27:34.0698 6536 ============================================================
    11:27:34.0699 6536 Scan finished
    11:27:34.0699 6536 ============================================================
    11:27:34.0710 6992 Detected object count: 0
    11:27:34.0710 6992 Actual detected object count: 0
    11:28:28.0631 6832 Deinitialize success
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    ok next step

    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  8. lrs255

    lrs255 Thread Starter

    Joined:
    Nov 3, 2004
    Messages:
    84
    I tried to download this program from the link you sent ( and several others) and it says it is Malware and AVG picks it up as a virus
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    That is a false alarm by AVG ( yet again )
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  10. lrs255

    lrs255 Thread Starter

    Joined:
    Nov 3, 2004
    Messages:
    84
    ComboFix 13-01-06.01 - Renea 01/07/2013 18:49:15.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6460 [GMT -5:00]
    Running from: c:\users\Renea\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Renea\AppData\Roaming\inst.exe
    c:\users\Renea\AppData\Roaming\MicroST
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-07 to 2013-01-07 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-07 23:52 . 2013-01-07 23:52 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-06 04:13 . 2013-01-06 04:13 -------- d-----w- c:\programdata\APN
    2012-12-31 19:55 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
    2012-12-31 19:55 . 2012-12-31 19:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2012-12-30 18:13 . 2013-01-07 23:45 -------- d-----w- c:\users\Renea\AppData\Roaming\Anvisoft
    2012-12-30 18:13 . 2012-12-30 18:13 -------- d-----w- c:\programdata\Anvisoft
    2012-12-30 18:13 . 2012-12-30 18:13 -------- d-----w- c:\program files (x86)\Anvisoft
    2012-12-12 03:20 . 2012-11-28 15:35 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-12 02:37 . 2012-12-12 02:37 -------- d-----w- c:\users\Renea\AppData\Roaming\SUPERAntiSpyware.com
    2012-12-12 02:37 . 2012-12-12 02:37 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-12-12 02:37 . 2012-12-12 02:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-12-12 00:56 . 2012-12-31 20:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-12-12 00:56 . 2012-12-31 19:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-12-12 00:40 . 2012-12-12 00:40 -------- d-----w- c:\users\Renea\AppData\Roaming\SpeedyPC Software
    2012-12-12 00:40 . 2012-12-12 00:40 -------- d-----w- c:\users\Renea\AppData\Roaming\DriverCure
    2012-12-12 00:40 . 2012-12-12 01:25 -------- d-----w- c:\programdata\SpeedyPC Software
    2012-12-12 00:17 . 2012-12-12 00:17 -------- d-----w- c:\users\Renea\AppData\Roaming\Malwarebytes
    2012-12-12 00:16 . 2013-01-01 20:45 -------- d-----w- c:\programdata\Malwarebytes
    2012-12-12 00:16 . 2012-12-31 21:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-12-12 00:16 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-11 23:24 . 2012-12-11 23:24 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-24 15:03 . 2012-11-24 15:04 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-11-24 15:03 . 2010-04-23 00:17 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-11-12 09:47 . 2012-11-12 09:47 312160 ----a-w- c:\windows\system32\drivers\avgldx64.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-05-21 1025264]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
    "Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
    "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
    "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2006-02-23 278528]
    "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2010-05-09 155648]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
    "NeroFilterCheck"="c:\program files (x86)\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
    .
    c:\users\Renea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-26 113664]
    Event Reminder.lnk - c:\program files (x86)\Broderbund\PrintMaster\PMremind.exe [2012-4-18 323584]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-19 202752]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - asdrs
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://excite.com/
    mLocal Page = c:\windows\system32\blank.htm
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-NWEReboot - (no file)
    Wow6432Node-HKLM-RunOnce-fonts101kmbp - c:\users\Renea\AppData\Local\Temp\BI_RunOnce.exe
    Notify-SDWinLogon - SDWinLogon.dll
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    Toolbar-Locked - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-01-07 19:01:36
    ComboFix-quarantined-files.txt 2013-01-08 00:01
    .
    Pre-Run: 940,899,995,648 bytes free
    Post-Run: 941,270,740,992 bytes free
    .
    - - End Of File - - A14847DDB7A30A0EF87B27CF80BE0EFF
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    it would make it so easy to fix this , if you turned off AVG & downloaded & ran adwcleaner
     
  12. lrs255

    lrs255 Thread Starter

    Joined:
    Nov 3, 2004
    Messages:
    84
    I did it. The post is listed below.

    # AdwCleaner v2.105 - Logfile created 01/08/2013 at 07:20:27
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium (64 bits)
    # User : Renea - RENEA-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Renea\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\ProgramData\APN
    Folder Found : C:\Users\Renea\AppData\Local\Conduit
    Folder Found : C:\Users\Renea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Folder Found : C:\Users\Renea\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\Conduit
    Folder Found : C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\ConduitCommon
    Folder Found : C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\CT2391419
    Folder Found : C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\CT2801948
    Folder Found : C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
    Folder Found : C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\extensions\{548f6736-8fe4-4680-82f2-170d6c07e1d2}

    ***** [Registry] *****

    Key Found : HKCU\Software\Conduit
    Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7600.16385

    [OK] Registry is clean.

    -\\ Mozilla Firefox v13.0 (en-US)

    File : C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\prefs.js

    Found : user_pref("CT2391419..clientLogIsEnabled", false);
    Found : user_pref("CT2391419..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Found : user_pref("CT2391419..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Found : user_pref("CT2391419.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Found : user_pref("CT2391419.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Found : user_pref("CT2391419.BrowserCompStateIsOpen_129683257846473394", true);
    Found : user_pref("CT2391419.CT2391419", "CT2391419");
    Found : user_pref("CT2391419.CurrentServerDate", "8-1-2013");
    Found : user_pref("CT2391419.DSInstall", false);
    Found : user_pref("CT2391419.DialogsAlignMode", "LTR");
    Found : user_pref("CT2391419.DialogsGetterLastCheckTime", "Tue Jan 08 2013 07:18:16 GMT-0500 (Eastern Standa[...]
    Found : user_pref("CT2391419.DownloadReferralCookieData", "");
    Found : user_pref("CT2391419.FirstServerDate", "15-6-2012");
    Found : user_pref("CT2391419.FirstTime", true);
    Found : user_pref("CT2391419.FirstTimeFF3", true);
    Found : user_pref("CT2391419.FirstTimeHiddenVer", true);
    Found : user_pref("CT2391419.FixPageNotFoundErrors", false);
    Found : user_pref("CT2391419.GroupingServerCheckInterval", 1440);
    Found : user_pref("CT2391419.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Found : user_pref("CT2391419.HPInstall", false);
    Found : user_pref("CT2391419.HasUserGlobalKeys", true);
    Found : user_pref("CT2391419.Initialize", true);
    Found : user_pref("CT2391419.InitializeCommonPrefs", true);
    Found : user_pref("CT2391419.InstallationAndCookieDataSentCount", 3);
    Found : user_pref("CT2391419.InstallationType", "Unknown");
    Found : user_pref("CT2391419.InstalledDate", "Thu Jun 14 2012 18:47:30 GMT-0400 (Eastern Daylight Time)");
    Found : user_pref("CT2391419.IsGrouping", false);
    Found : user_pref("CT2391419.IsInitSetupIni", true);
    Found : user_pref("CT2391419.IsMulticommunity", false);
    Found : user_pref("CT2391419.IsOpenThankYouPage", true);
    Found : user_pref("CT2391419.IsOpenUninstallPage", true);
    Found : user_pref("CT2391419.LanguagePackLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern Standar[...]
    Found : user_pref("CT2391419.LanguagePackReloadIntervalMM", 1440);
    Found : user_pref("CT2391419.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Found : user_pref("CT2391419.LastLogin_3.13.0.6", "Sun Jul 15 2012 09:28:04 GMT-0400 (Eastern Daylight Time)[...]
    Found : user_pref("CT2391419.LastLogin_3.14.1.0", "Tue Aug 21 2012 19:17:40 GMT-0400 (Eastern Daylight Time)[...]
    Found : user_pref("CT2391419.LastLogin_3.15.1.0", "Wed Nov 07 2012 07:40:13 GMT-0500 (Eastern Standard Time)[...]
    Found : user_pref("CT2391419.LastLogin_3.16.0.3", "Tue Jan 08 2013 07:18:16 GMT-0500 (Eastern Standard Time)[...]
    Found : user_pref("CT2391419.LatestVersion", "3.16.0.3");
    Found : user_pref("CT2391419.Locale", "en");
    Found : user_pref("CT2391419.MCDetectTooltipHeight", "83");
    Found : user_pref("CT2391419.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
    Found : user_pref("CT2391419.MCDetectTooltipWidth", "295");
    Found : user_pref("CT2391419.MyStuffEnabledAtInstallation", true);
    Found : user_pref("CT2391419.OriginalFirstVersion", "3.13.0.6");
    Found : user_pref("CT2391419.SearchCaption", "TranslatorBar 1.2 Customized Web Search");
    Found : user_pref("CT2391419.SearchFromAddressBarIsInit", true);
    Found : user_pref("CT2391419.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT239[...]
    Found : user_pref("CT2391419.SearchInNewTabEnabled", true);
    Found : user_pref("CT2391419.SearchInNewTabIntervalMM", 1440);
    Found : user_pref("CT2391419.SearchInNewTabLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern Stand[...]
    Found : user_pref("CT2391419.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Found : user_pref("CT2391419.SendProtectorDataViaLogin", true);
    Found : user_pref("CT2391419.ServiceMapLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern Standard [...]
    Found : user_pref("CT2391419.SettingsLastCheckTime", "Tue Jan 08 2013 07:18:16 GMT-0500 (Eastern Standard Ti[...]
    Found : user_pref("CT2391419.SettingsLastUpdate", "1357632204");
    Found : user_pref("CT2391419.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2391419&SearchSource=13");
    Found : user_pref("CT2391419.ToolbarShrinkedFromSetup", false);
    Found : user_pref("CT2391419.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2391419");
    Found : user_pref("CT2391419.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Found : user_pref("CT2391419.UserID", "UN90799533608513498");
    Found : user_pref("CT2391419.alertChannelId", "786146");
    Found : user_pref("CT2391419.components.1000034", false);
    Found : user_pref("CT2391419.components.1000515", false);
    Found : user_pref("CT2391419.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Found : user_pref("CT2391419.homepageProtectorEnableByLogin", true);
    Found : user_pref("CT2391419.initDone", true);
    Found : user_pref("CT2391419.myStuffEnabled", true);
    Found : user_pref("CT2391419.myStuffPublihserMinWidth", 400);
    Found : user_pref("CT2391419.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Found : user_pref("CT2391419.myStuffServiceIntervalMM", 1440);
    Found : user_pref("CT2391419.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Found : user_pref("CT2391419.navigateToUrlOnSearch", false);
    Found : user_pref("CT2391419.revertSettingsEnabled", false);
    Found : user_pref("CT2391419.searchProtectorDialogDelayInSec", 10);
    Found : user_pref("CT2391419.searchProtectorEnableByLogin", true);
    Found : user_pref("CT2391419.testingCtid", "");
    Found : user_pref("CT2391419.toolbarAppMetaDataLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern S[...]
    Found : user_pref("CT2391419.usagesFlag", 2);
    Found : user_pref("CT2801948..clientLogIsEnabled", false);
    Found : user_pref("CT2801948..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Found : user_pref("CT2801948..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Found : user_pref("CT2801948.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Found : user_pref("CT2801948.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Found : user_pref("CT2801948.BrowserCompStateIsOpen_1000515", true);
    Found : user_pref("CT2801948.BrowserCompStateIsOpen_129799503686523541", true);
    Found : user_pref("CT2801948.BrowserCompStateIsOpen_129815072111847605", true);
    Found : user_pref("CT2801948.CT2801948", "CT2801948");
    Found : user_pref("CT2801948.CurrentServerDate", "8-1-2013");
    Found : user_pref("CT2801948.DSInstall", false);
    Found : user_pref("CT2801948.DialogsAlignMode", "LTR");
    Found : user_pref("CT2801948.DialogsGetterLastCheckTime", "Tue Jan 08 2013 07:18:16 GMT-0500 (Eastern Standa[...]
    Found : user_pref("CT2801948.DownloadReferralCookieData", "");
    Found : user_pref("CT2801948.FirstServerDate", "15-6-2012");
    Found : user_pref("CT2801948.FirstTime", true);
    Found : user_pref("CT2801948.FirstTimeFF3", true);
    Found : user_pref("CT2801948.FirstTimeHiddenVer", true);
    Found : user_pref("CT2801948.FixPageNotFoundErrors", false);
    Found : user_pref("CT2801948.GroupingServerCheckInterval", 1440);
    Found : user_pref("CT2801948.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Found : user_pref("CT2801948.HPInstall", false);
    Found : user_pref("CT2801948.HasUserGlobalKeys", true);
    Found : user_pref("CT2801948.Initialize", true);
    Found : user_pref("CT2801948.InitializeCommonPrefs", true);
    Found : user_pref("CT2801948.InstallationAndCookieDataSentCount", 3);
    Found : user_pref("CT2801948.InstallationType", "Unknown");
    Found : user_pref("CT2801948.InstalledDate", "Thu Jun 14 2012 18:47:09 GMT-0400 (Eastern Daylight Time)");
    Found : user_pref("CT2801948.IsGrouping", false);
    Found : user_pref("CT2801948.IsInitSetupIni", true);
    Found : user_pref("CT2801948.IsMulticommunity", false);
    Found : user_pref("CT2801948.IsOpenThankYouPage", true);
    Found : user_pref("CT2801948.IsOpenUninstallPage", true);
    Found : user_pref("CT2801948.LanguagePackLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern Standar[...]
    Found : user_pref("CT2801948.LanguagePackReloadIntervalMM", 1440);
    Found : user_pref("CT2801948.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Found : user_pref("CT2801948.LastLogin_3.13.0.6", "Sun Jul 15 2012 09:28:04 GMT-0400 (Eastern Daylight Time)[...]
    Found : user_pref("CT2801948.LastLogin_3.14.1.0", "Tue Aug 21 2012 19:17:39 GMT-0400 (Eastern Daylight Time)[...]
    Found : user_pref("CT2801948.LastLogin_3.15.1.0", "Wed Nov 07 2012 07:40:13 GMT-0500 (Eastern Standard Time)[...]
    Found : user_pref("CT2801948.LastLogin_3.16.0.100", "Tue Jan 08 2013 07:18:16 GMT-0500 (Eastern Standard Tim[...]
    Found : user_pref("CT2801948.LastLogin_3.16.0.3", "Sun Dec 30 2012 23:45:12 GMT-0500 (Eastern Standard Time)[...]
    Found : user_pref("CT2801948.LatestVersion", "3.16.0.100");
    Found : user_pref("CT2801948.Locale", "en-us");
    Found : user_pref("CT2801948.MCDetectTooltipHeight", "83");
    Found : user_pref("CT2801948.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
    Found : user_pref("CT2801948.MCDetectTooltipWidth", "295");
    Found : user_pref("CT2801948.MyStuffEnabledAtInstallation", true);
    Found : user_pref("CT2801948.OriginalFirstVersion", "3.13.0.6");
    Found : user_pref("CT2801948.SearchCaption", "NCH EN Customized Web Search");
    Found : user_pref("CT2801948.SearchFromAddressBarIsInit", true);
    Found : user_pref("CT2801948.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...]
    Found : user_pref("CT2801948.SearchInNewTabEnabled", true);
    Found : user_pref("CT2801948.SearchInNewTabIntervalMM", 1440);
    Found : user_pref("CT2801948.SearchInNewTabLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern Stand[...]
    Found : user_pref("CT2801948.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Found : user_pref("CT2801948.SendProtectorDataViaLogin", true);
    Found : user_pref("CT2801948.ServiceMapLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern Standard [...]
    Found : user_pref("CT2801948.SettingsLastCheckTime", "Tue Jan 08 2013 07:18:16 GMT-0500 (Eastern Standard Ti[...]
    Found : user_pref("CT2801948.SettingsLastUpdate", "1357632205");
    Found : user_pref("CT2801948.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13");
    Found : user_pref("CT2801948.ToolbarShrinkedFromSetup", false);
    Found : user_pref("CT2801948.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801948");
    Found : user_pref("CT2801948.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Found : user_pref("CT2801948.UserID", "UN29993320948633506");
    Found : user_pref("CT2801948.alertChannelId", "1194029");
    Found : user_pref("CT2801948.components.1000515", true);
    Found : user_pref("CT2801948.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Found : user_pref("CT2801948.homepageProtectorEnableByLogin", true);
    Found : user_pref("CT2801948.initDone", true);
    Found : user_pref("CT2801948.myStuffEnabled", true);
    Found : user_pref("CT2801948.myStuffPublihserMinWidth", 400);
    Found : user_pref("CT2801948.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Found : user_pref("CT2801948.myStuffServiceIntervalMM", 1440);
    Found : user_pref("CT2801948.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Found : user_pref("CT2801948.navigateToUrlOnSearch", false);
    Found : user_pref("CT2801948.revertSettingsEnabled", false);
    Found : user_pref("CT2801948.searchProtectorDialogDelayInSec", 10);
    Found : user_pref("CT2801948.searchProtectorEnableByLogin", true);
    Found : user_pref("CT2801948.testingCtid", "");
    Found : user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern S[...]
    Found : user_pref("CT2801948.usagesFlag", 2);
    Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2391419/CT2391419[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2391419", [...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", [...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2391419",[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948",[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"3dc[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
    Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
    Found : user_pref("CommunityToolbar.ToolbarsList", "CT2801948,CT2391419");
    Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2801948,CT2391419");
    Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2801948,CT2391419");
    Found : user_pref("CommunityToolbar.globalUserId", "34a313fb-6a60-4860-b797-0e0527d6a117");
    Found : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
    Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Renea\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [16634 octets] - [08/01/2013 07:20:27]

    ########## EOF - C:\AdwCleaner[R1].txt - [16695 octets] ##########
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt

    and tell us if that has cured it
     
  14. lrs255

    lrs255 Thread Starter

    Joined:
    Nov 3, 2004
    Messages:
    84
    The log is listed below. I went online and did a few searches and am still be redirected. Do you think there is something wrong with Firefox Mozilla?


    # AdwCleaner v2.105 - Logfile created 01/08/2013 at 07:34:19
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium (64 bits)
    # User : Renea - RENEA-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Renea\Downloads\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\ProgramData\APN
    Deleted on reboot : C:\Users\Renea\AppData\Local\Conduit
    Deleted on reboot : C:\Users\Renea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Deleted on reboot : C:\Users\Renea\AppData\LocalLow\Conduit
    Deleted on reboot : C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\Conduit
    Deleted on reboot : C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\ConduitCommon
    Deleted on reboot : C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\CT2391419
    Deleted on reboot : C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\CT2801948
    Deleted on reboot : C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
    Deleted on reboot : C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\extensions\{548f6736-8fe4-4680-82f2-170d6c07e1d2}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7600.16385

    [OK] Registry is clean.

    -\\ Mozilla Firefox v13.0 (en-US)

    File : C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\prefs.js

    C:\Users\Renea\AppData\Roaming\Mozilla\Firefox\Profiles\ufsnt2lm.default\user.js ... Deleted !

    Deleted : user_pref("CT2391419..clientLogIsEnabled", false);
    Deleted : user_pref("CT2391419..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2391419..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2391419.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Deleted : user_pref("CT2391419.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2391419.BrowserCompStateIsOpen_129683257846473394", true);
    Deleted : user_pref("CT2391419.CT2391419", "CT2391419");
    Deleted : user_pref("CT2391419.CurrentServerDate", "8-1-2013");
    Deleted : user_pref("CT2391419.DSInstall", false);
    Deleted : user_pref("CT2391419.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2391419.DialogsGetterLastCheckTime", "Tue Jan 08 2013 07:18:16 GMT-0500 (Eastern Standa[...]
    Deleted : user_pref("CT2391419.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2391419.FirstServerDate", "15-6-2012");
    Deleted : user_pref("CT2391419.FirstTime", true);
    Deleted : user_pref("CT2391419.FirstTimeFF3", true);
    Deleted : user_pref("CT2391419.FirstTimeHiddenVer", true);
    Deleted : user_pref("CT2391419.FixPageNotFoundErrors", false);
    Deleted : user_pref("CT2391419.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2391419.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2391419.HPInstall", false);
    Deleted : user_pref("CT2391419.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2391419.Initialize", true);
    Deleted : user_pref("CT2391419.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2391419.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT2391419.InstallationType", "Unknown");
    Deleted : user_pref("CT2391419.InstalledDate", "Thu Jun 14 2012 18:47:30 GMT-0400 (Eastern Daylight Time)");
    Deleted : user_pref("CT2391419.IsGrouping", false);
    Deleted : user_pref("CT2391419.IsInitSetupIni", true);
    Deleted : user_pref("CT2391419.IsMulticommunity", false);
    Deleted : user_pref("CT2391419.IsOpenThankYouPage", true);
    Deleted : user_pref("CT2391419.IsOpenUninstallPage", true);
    Deleted : user_pref("CT2391419.LanguagePackLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern Standar[...]
    Deleted : user_pref("CT2391419.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2391419.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2391419.LastLogin_3.13.0.6", "Sun Jul 15 2012 09:28:04 GMT-0400 (Eastern Daylight Time)[...]
    Deleted : user_pref("CT2391419.LastLogin_3.14.1.0", "Tue Aug 21 2012 19:17:40 GMT-0400 (Eastern Daylight Time)[...]
    Deleted : user_pref("CT2391419.LastLogin_3.15.1.0", "Wed Nov 07 2012 07:40:13 GMT-0500 (Eastern Standard Time)[...]
    Deleted : user_pref("CT2391419.LastLogin_3.16.0.3", "Tue Jan 08 2013 07:18:16 GMT-0500 (Eastern Standard Time)[...]
    Deleted : user_pref("CT2391419.LatestVersion", "3.16.0.3");
    Deleted : user_pref("CT2391419.Locale", "en");
    Deleted : user_pref("CT2391419.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2391419.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
    Deleted : user_pref("CT2391419.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2391419.MyStuffEnabledAtInstallation", true);
    Deleted : user_pref("CT2391419.OriginalFirstVersion", "3.13.0.6");
    Deleted : user_pref("CT2391419.SearchCaption", "TranslatorBar 1.2 Customized Web Search");
    Deleted : user_pref("CT2391419.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2391419.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT239[...]
    Deleted : user_pref("CT2391419.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2391419.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2391419.SearchInNewTabLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern Stand[...]
    Deleted : user_pref("CT2391419.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2391419.SendProtectorDataViaLogin", true);
    Deleted : user_pref("CT2391419.ServiceMapLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern Standard [...]
    Deleted : user_pref("CT2391419.SettingsLastCheckTime", "Tue Jan 08 2013 07:18:16 GMT-0500 (Eastern Standard Ti[...]
    Deleted : user_pref("CT2391419.SettingsLastUpdate", "1357632204");
    Deleted : user_pref("CT2391419.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2391419&SearchSource=13");
    Deleted : user_pref("CT2391419.ToolbarShrinkedFromSetup", false);
    Deleted : user_pref("CT2391419.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2391419");
    Deleted : user_pref("CT2391419.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Deleted : user_pref("CT2391419.UserID", "UN90799533608513498");
    Deleted : user_pref("CT2391419.alertChannelId", "786146");
    Deleted : user_pref("CT2391419.components.1000034", false);
    Deleted : user_pref("CT2391419.components.1000515", false);
    Deleted : user_pref("CT2391419.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Deleted : user_pref("CT2391419.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT2391419.initDone", true);
    Deleted : user_pref("CT2391419.myStuffEnabled", true);
    Deleted : user_pref("CT2391419.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2391419.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2391419.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2391419.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2391419.navigateToUrlOnSearch", false);
    Deleted : user_pref("CT2391419.revertSettingsEnabled", false);
    Deleted : user_pref("CT2391419.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT2391419.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT2391419.testingCtid", "");
    Deleted : user_pref("CT2391419.toolbarAppMetaDataLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern S[...]
    Deleted : user_pref("CT2391419.usagesFlag", 2);
    Deleted : user_pref("CT2801948..clientLogIsEnabled", false);
    Deleted : user_pref("CT2801948..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2801948..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2801948.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Deleted : user_pref("CT2801948.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2801948.BrowserCompStateIsOpen_1000515", true);
    Deleted : user_pref("CT2801948.BrowserCompStateIsOpen_129799503686523541", true);
    Deleted : user_pref("CT2801948.BrowserCompStateIsOpen_129815072111847605", true);
    Deleted : user_pref("CT2801948.CT2801948", "CT2801948");
    Deleted : user_pref("CT2801948.CurrentServerDate", "8-1-2013");
    Deleted : user_pref("CT2801948.DSInstall", false);
    Deleted : user_pref("CT2801948.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2801948.DialogsGetterLastCheckTime", "Tue Jan 08 2013 07:18:16 GMT-0500 (Eastern Standa[...]
    Deleted : user_pref("CT2801948.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2801948.FirstServerDate", "15-6-2012");
    Deleted : user_pref("CT2801948.FirstTime", true);
    Deleted : user_pref("CT2801948.FirstTimeFF3", true);
    Deleted : user_pref("CT2801948.FirstTimeHiddenVer", true);
    Deleted : user_pref("CT2801948.FixPageNotFoundErrors", false);
    Deleted : user_pref("CT2801948.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2801948.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2801948.HPInstall", false);
    Deleted : user_pref("CT2801948.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2801948.Initialize", true);
    Deleted : user_pref("CT2801948.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2801948.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT2801948.InstallationType", "Unknown");
    Deleted : user_pref("CT2801948.InstalledDate", "Thu Jun 14 2012 18:47:09 GMT-0400 (Eastern Daylight Time)");
    Deleted : user_pref("CT2801948.IsGrouping", false);
    Deleted : user_pref("CT2801948.IsInitSetupIni", true);
    Deleted : user_pref("CT2801948.IsMulticommunity", false);
    Deleted : user_pref("CT2801948.IsOpenThankYouPage", true);
    Deleted : user_pref("CT2801948.IsOpenUninstallPage", true);
    Deleted : user_pref("CT2801948.LanguagePackLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern Standar[...]
    Deleted : user_pref("CT2801948.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2801948.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2801948.LastLogin_3.13.0.6", "Sun Jul 15 2012 09:28:04 GMT-0400 (Eastern Daylight Time)[...]
    Deleted : user_pref("CT2801948.LastLogin_3.14.1.0", "Tue Aug 21 2012 19:17:39 GMT-0400 (Eastern Daylight Time)[...]
    Deleted : user_pref("CT2801948.LastLogin_3.15.1.0", "Wed Nov 07 2012 07:40:13 GMT-0500 (Eastern Standard Time)[...]
    Deleted : user_pref("CT2801948.LastLogin_3.16.0.100", "Tue Jan 08 2013 07:18:16 GMT-0500 (Eastern Standard Tim[...]
    Deleted : user_pref("CT2801948.LastLogin_3.16.0.3", "Sun Dec 30 2012 23:45:12 GMT-0500 (Eastern Standard Time)[...]
    Deleted : user_pref("CT2801948.LatestVersion", "3.16.0.100");
    Deleted : user_pref("CT2801948.Locale", "en-us");
    Deleted : user_pref("CT2801948.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2801948.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
    Deleted : user_pref("CT2801948.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2801948.MyStuffEnabledAtInstallation", true);
    Deleted : user_pref("CT2801948.OriginalFirstVersion", "3.13.0.6");
    Deleted : user_pref("CT2801948.SearchCaption", "NCH EN Customized Web Search");
    Deleted : user_pref("CT2801948.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2801948.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...]
    Deleted : user_pref("CT2801948.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2801948.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2801948.SearchInNewTabLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern Stand[...]
    Deleted : user_pref("CT2801948.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2801948.SendProtectorDataViaLogin", true);
    Deleted : user_pref("CT2801948.ServiceMapLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern Standard [...]
    Deleted : user_pref("CT2801948.SettingsLastCheckTime", "Tue Jan 08 2013 07:18:16 GMT-0500 (Eastern Standard Ti[...]
    Deleted : user_pref("CT2801948.SettingsLastUpdate", "1357632205");
    Deleted : user_pref("CT2801948.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13");
    Deleted : user_pref("CT2801948.ToolbarShrinkedFromSetup", false);
    Deleted : user_pref("CT2801948.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801948");
    Deleted : user_pref("CT2801948.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Deleted : user_pref("CT2801948.UserID", "UN29993320948633506");
    Deleted : user_pref("CT2801948.alertChannelId", "1194029");
    Deleted : user_pref("CT2801948.components.1000515", true);
    Deleted : user_pref("CT2801948.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Deleted : user_pref("CT2801948.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT2801948.initDone", true);
    Deleted : user_pref("CT2801948.myStuffEnabled", true);
    Deleted : user_pref("CT2801948.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2801948.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2801948.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2801948.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2801948.navigateToUrlOnSearch", false);
    Deleted : user_pref("CT2801948.revertSettingsEnabled", false);
    Deleted : user_pref("CT2801948.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT2801948.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT2801948.testingCtid", "");
    Deleted : user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Mon Jan 07 2013 18:34:47 GMT-0500 (Eastern S[...]
    Deleted : user_pref("CT2801948.usagesFlag", 2);
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2391419/CT2391419[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2391419", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2391419",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"3dc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2801948,CT2391419");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2801948,CT2391419");
    Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2801948,CT2391419");
    Deleted : user_pref("CommunityToolbar.globalUserId", "34a313fb-6a60-4860-b797-0e0527d6a117");
    Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
    Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Renea\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [16763 octets] - [08/01/2013 07:20:27]
    AdwCleaner[S1].txt - [17217 octets] - [08/01/2013 07:34:19]

    ########## EOF - C:\AdwCleaner[S1].txt - [17278 octets] ##########
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Is only happening in FF or in all browsers

    Download OTScanIt.exe to your Desktop
    • Close any open browsers.
    • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
    • Double-click on OTS.exe to start the program.
    • In the Files Age drop down box click 90
    • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Browser redirected websites
  1. Brigham
    Replies:
    1
    Views:
    424
  2. JimHebert
    Replies:
    9
    Views:
    793
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1083277

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice