TechSpot

Can't get to login

Solved
By GoneBaja
Sep 7, 2012
Topic Status:
Not open for further replies.
  1. I went through a virus removal process last week... very good thankyou.
    My friend is now home and she is having a weird symptom.

    Two sites secure sites are not allowing her to get to the login prompt.
    Her online banking.... and the administative backend of our website.

    is this related to any of the security that we added?
    WOT perhaps? No message appeared...

    Not sure how to investigate.

    thanks

    jp
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Scan for malware

    [​IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.
     
  3. GoneBaja

    GoneBaja TS Rookie Topic Starter Posts: 82

    Well, fortunately or unfortunately it did not find anything... hmmm

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.07.13

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Lana :: LANA-PC [administrator]

    07-09-2012 16:39:03
    mbam-log-2012-09-07 (16-39-03).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 220562
    Time elapsed: 4 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  4. GoneBaja

    GoneBaja TS Rookie Topic Starter Posts: 82

    And then...because we didn't get anywhere and Lana was anxious to do her banking... I thought I would try Firefox....guess who showed up after installing Mozilla....??

    Back to the search.iminent.com again....!!!
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
     
  6. GoneBaja

    GoneBaja TS Rookie Topic Starter Posts: 82

    21:17:18.0027 3508 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    21:17:18.0667 3508 ============================================================
    21:17:18.0667 3508 Current date / time: 2012/09/08 21:17:18.0667
    21:17:18.0667 3508 SystemInfo:
    21:17:18.0667 3508
    21:17:18.0667 3508 OS Version: 6.1.7601 ServicePack: 1.0
    21:17:18.0667 3508 Product type: Workstation
    21:17:18.0667 3508 ComputerName: LANA-PC
    21:17:18.0668 3508 UserName: Lana
    21:17:18.0668 3508 Windows directory: C:\Windows
    21:17:18.0668 3508 System windows directory: C:\Windows
    21:17:18.0668 3508 Running under WOW64
    21:17:18.0668 3508 Processor architecture: Intel x64
    21:17:18.0668 3508 Number of processors: 4
    21:17:18.0668 3508 Page size: 0x1000
    21:17:18.0668 3508 Boot type: Normal boot
    21:17:18.0668 3508 ============================================================
    21:17:19.0733 3508 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:17:19.0744 3508 ============================================================
    21:17:19.0744 3508 \Device\Harddisk0\DR0:
    21:17:19.0745 3508 MBR partitions:
    21:17:19.0745 3508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
    21:17:19.0745 3508 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x12A8F867
    21:17:19.0760 3508 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BB3ED82, BlocksNum 0x1E845EBF
    21:17:19.0760 3508 ============================================================
    21:17:19.0813 3508 C: <-> \Device\Harddisk0\DR0\Partition2
    21:17:19.0855 3508 D: <-> \Device\Harddisk0\DR0\Partition3
    21:17:19.0855 3508 ============================================================
    21:17:19.0855 3508 Initialize success
    21:17:19.0855 3508 ============================================================
    21:18:27.0335 1532 ============================================================
    21:18:27.0335 1532 Scan started
    21:18:27.0335 1532 Mode: Manual; SigCheck; TDLFS;
    21:18:27.0335 1532 ============================================================
    21:18:27.0806 1532 ================ Scan system memory ========================
    21:18:27.0806 1532 System memory - ok
    21:18:27.0807 1532 ================ Scan services =============================
    21:18:27.0964 1532 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    21:18:28.0083 1532 1394ohci - ok
    21:18:28.0113 1532 [ C49C56B35BFC6CDA8D1FDCAD2885568F ] Acceler C:\Windows\system32\DRIVERS\Acceler.sys
    21:18:28.0135 1532 Acceler - ok
    21:18:28.0156 1532 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    21:18:28.0177 1532 ACPI - ok
    21:18:28.0215 1532 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    21:18:28.0270 1532 AcpiPmi - ok
    21:18:28.0377 1532 [ 861D18775087A286F53ADE05D0F31396 ] ActService C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
    21:18:28.0402 1532 ActService ( UnsignedFile.Multi.Generic ) - warning
    21:18:28.0402 1532 ActService - detected UnsignedFile.Multi.Generic (1)
    21:18:28.0479 1532 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    21:18:28.0492 1532 AdobeARMservice - ok
    21:18:28.0610 1532 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    21:18:28.0635 1532 AdobeFlashPlayerUpdateSvc - ok
    21:18:28.0678 1532 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    21:18:28.0728 1532 adp94xx - ok
    21:18:28.0756 1532 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    21:18:28.0780 1532 adpahci - ok
    21:18:28.0795 1532 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    21:18:28.0814 1532 adpu320 - ok
    21:18:28.0837 1532 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    21:18:28.0893 1532 AeLookupSvc - ok
    21:18:28.0944 1532 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    21:18:29.0022 1532 AERTFilters - ok
    21:18:29.0072 1532 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    21:18:29.0127 1532 AFD - ok
    21:18:29.0166 1532 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    21:18:29.0193 1532 agp440 - ok
    21:18:29.0212 1532 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    21:18:29.0261 1532 ALG - ok
    21:18:29.0279 1532 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    21:18:29.0294 1532 aliide - ok
    21:18:29.0306 1532 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    21:18:29.0322 1532 amdide - ok
    21:18:29.0345 1532 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    21:18:29.0383 1532 AmdK8 - ok
    21:18:29.0405 1532 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    21:18:29.0457 1532 AmdPPM - ok
    21:18:29.0474 1532 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    21:18:29.0491 1532 amdsata - ok
    21:18:29.0509 1532 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    21:18:29.0528 1532 amdsbs - ok
    21:18:29.0539 1532 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    21:18:29.0554 1532 amdxata - ok
    21:18:29.0604 1532 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    21:18:29.0670 1532 AppID - ok
    21:18:29.0707 1532 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    21:18:29.0769 1532 AppIDSvc - ok
    21:18:29.0814 1532 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    21:18:29.0872 1532 Appinfo - ok
    21:18:29.0942 1532 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:18:29.0965 1532 Apple Mobile Device - ok
    21:18:30.0034 1532 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    21:18:30.0052 1532 arc - ok
    21:18:30.0060 1532 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    21:18:30.0077 1532 arcsas - ok
    21:18:30.0108 1532 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    21:18:30.0128 1532 aswFsBlk - ok
    21:18:30.0162 1532 [ 316271CC32FDFFFCDB30677684906D5E ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
    21:18:30.0187 1532 aswKbd - ok
    21:18:30.0221 1532 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    21:18:30.0250 1532 aswMonFlt - ok
    21:18:30.0302 1532 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
    21:18:30.0330 1532 aswRdr - ok
    21:18:30.0360 1532 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    21:18:30.0416 1532 aswSnx - ok
    21:18:30.0447 1532 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    21:18:30.0470 1532 aswSP - ok
    21:18:30.0481 1532 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    21:18:30.0497 1532 aswTdi - ok
    21:18:30.0521 1532 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    21:18:30.0599 1532 AsyncMac - ok
    21:18:30.0629 1532 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    21:18:30.0646 1532 atapi - ok
    21:18:30.0697 1532 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    21:18:30.0826 1532 AudioEndpointBuilder - ok
    21:18:30.0844 1532 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    21:18:30.0894 1532 AudioSrv - ok
    21:18:30.0942 1532 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    21:18:30.0966 1532 avast! Antivirus - ok
    21:18:31.0018 1532 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    21:18:31.0084 1532 AxInstSV - ok
    21:18:31.0209 1532 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    21:18:31.0325 1532 b06bdrv - ok
    21:18:31.0363 1532 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:18:31.0439 1532 b57nd60a - ok
    21:18:31.0478 1532 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    21:18:31.0519 1532 BDESVC - ok
    21:18:31.0529 1532 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    21:18:31.0584 1532 Beep - ok
    21:18:31.0643 1532 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    21:18:31.0740 1532 BFE - ok
    21:18:31.0772 1532 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
    21:18:31.0884 1532 BITS - ok
    21:18:31.0909 1532 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    21:18:31.0951 1532 blbdrive - ok
    21:18:32.0019 1532 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    21:18:32.0053 1532 Bonjour Service - ok
    21:18:32.0080 1532 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    21:18:32.0111 1532 bowser - ok
    21:18:32.0163 1532 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:18:32.0207 1532 BrFiltLo - ok
    21:18:32.0227 1532 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:18:32.0259 1532 BrFiltUp - ok
    21:18:32.0297 1532 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    21:18:32.0372 1532 BridgeMP - ok
    21:18:32.0403 1532 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    21:18:32.0446 1532 Browser - ok
    21:18:32.0465 1532 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    21:18:32.0515 1532 Brserid - ok
    21:18:32.0534 1532 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    21:18:32.0587 1532 BrSerWdm - ok
    21:18:32.0592 1532 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:18:32.0625 1532 BrUsbMdm - ok
    21:18:32.0643 1532 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    21:18:32.0677 1532 BrUsbSer - ok
    21:18:32.0713 1532 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    21:18:32.0763 1532 BthEnum - ok
    21:18:32.0778 1532 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    21:18:32.0826 1532 BTHMODEM - ok
    21:18:32.0855 1532 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    21:18:32.0909 1532 BthPan - ok
    21:18:32.0954 1532 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
    21:18:33.0025 1532 BTHPORT - ok
    21:18:33.0048 1532 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    21:18:33.0120 1532 bthserv - ok
    21:18:33.0147 1532 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
    21:18:33.0174 1532 BTHUSB - ok
    21:18:33.0203 1532 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
    21:18:33.0218 1532 btwaudio - ok
    21:18:33.0248 1532 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
    21:18:33.0273 1532 btwavdt - ok
    21:18:33.0329 1532 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    21:18:33.0368 1532 btwdins - ok
    21:18:33.0389 1532 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
    21:18:33.0399 1532 btwl2cap - ok
    21:18:33.0408 1532 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
    21:18:33.0421 1532 btwrchid - ok
    21:18:33.0445 1532 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    21:18:33.0563 1532 cdfs - ok
    21:18:33.0609 1532 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    21:18:33.0654 1532 cdrom - ok
    21:18:33.0694 1532 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    21:18:33.0773 1532 CertPropSvc - ok
    21:18:33.0805 1532 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    21:18:33.0829 1532 circlass - ok
    21:18:33.0861 1532 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    21:18:33.0884 1532 CLFS - ok
    21:18:33.0938 1532 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:18:33.0981 1532 clr_optimization_v2.0.50727_32 - ok
    21:18:34.0014 1532 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:18:34.0029 1532 clr_optimization_v2.0.50727_64 - ok
    21:18:34.0093 1532 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:18:34.0119 1532 clr_optimization_v4.0.30319_32 - ok
    21:18:34.0175 1532 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:18:34.0202 1532 clr_optimization_v4.0.30319_64 - ok
    21:18:34.0234 1532 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    21:18:34.0272 1532 CmBatt - ok
    21:18:34.0293 1532 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    21:18:34.0308 1532 cmdide - ok
    21:18:34.0338 1532 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    21:18:34.0384 1532 CNG - ok
    21:18:34.0404 1532 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    21:18:34.0418 1532 Compbatt - ok
    21:18:34.0445 1532 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    21:18:34.0487 1532 CompositeBus - ok
    21:18:34.0490 1532 COMSysApp - ok
    21:18:34.0508 1532 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    21:18:34.0525 1532 crcdisk - ok
    21:18:34.0555 1532 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    21:18:34.0576 1532 CryptSvc - ok
    21:18:34.0611 1532 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
    21:18:34.0659 1532 CtClsFlt - ok
    21:18:34.0699 1532 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    21:18:34.0798 1532 DcomLaunch - ok
    21:18:34.0823 1532 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    21:18:34.0910 1532 defragsvc - ok
    21:18:34.0933 1532 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    21:18:35.0006 1532 DfsC - ok
    21:18:35.0049 1532 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    21:18:35.0123 1532 Dhcp - ok
    21:18:35.0152 1532 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    21:18:35.0221 1532 discache - ok
    21:18:35.0251 1532 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    21:18:35.0275 1532 Disk - ok
    21:18:35.0303 1532 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    21:18:35.0342 1532 Dnscache - ok
    21:18:35.0407 1532 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
    21:18:35.0427 1532 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
    21:18:35.0427 1532 DockLoginService - detected UnsignedFile.Multi.Generic (1)
    21:18:35.0461 1532 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    21:18:35.0528 1532 dot3svc - ok
    21:18:35.0563 1532 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    21:18:35.0596 1532 Dot4 - ok
    21:18:35.0638 1532 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
    21:18:35.0682 1532 Dot4Print - ok
    21:18:35.0722 1532 [ 488669CD1CD3BDCFDD9A5FDA72209069 ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys
    21:18:35.0774 1532 Dot4Scan - ok
    21:18:35.0787 1532 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    21:18:35.0820 1532 dot4usb - ok
    21:18:35.0846 1532 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    21:18:35.0927 1532 DPS - ok
    21:18:35.0968 1532 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    21:18:36.0012 1532 drmkaud - ok
    21:18:36.0061 1532 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    21:18:36.0129 1532 DXGKrnl - ok
    21:18:36.0157 1532 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    21:18:36.0236 1532 EapHost - ok
    21:18:36.0402 1532 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    21:18:36.0538 1532 ebdrv - ok
    21:18:36.0575 1532 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    21:18:36.0620 1532 EFS - ok
    21:18:36.0683 1532 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    21:18:36.0745 1532 ehRecvr - ok
    21:18:36.0773 1532 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    21:18:36.0816 1532 ehSched - ok
    21:18:36.0864 1532 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    21:18:36.0913 1532 elxstor - ok
    21:18:36.0949 1532 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys
    21:18:36.0990 1532 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
    21:18:36.0990 1532 epmntdrv - detected UnsignedFile.Multi.Generic (1)
    21:18:37.0017 1532 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    21:18:37.0059 1532 ErrDev - ok
    21:18:37.0090 1532 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
    21:18:37.0129 1532 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
    21:18:37.0129 1532 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
    21:18:37.0169 1532 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    21:18:37.0255 1532 EventSystem - ok
    21:18:37.0352 1532 [ 51643EE2712D9212E1E53CA7E8D8EB4A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    21:18:37.0401 1532 EvtEng - ok
    21:18:37.0436 1532 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    21:18:37.0496 1532 exfat - ok
    21:18:37.0603 1532 [ BC680DC833672E54DB07F5F39D259B03 ] ezGOSvc C:\Windows\SysWOW64\ezGOSvc.dll
    21:18:37.0620 1532 ezGOSvc - ok
    21:18:37.0663 1532 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    21:18:37.0741 1532 fastfat - ok
    21:18:37.0799 1532 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    21:18:37.0874 1532 Fax - ok
    21:18:37.0895 1532 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    21:18:37.0936 1532 fdc - ok
    21:18:37.0956 1532 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    21:18:38.0012 1532 fdPHost - ok
    21:18:38.0020 1532 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    21:18:38.0067 1532 FDResPub - ok
    21:18:38.0090 1532 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    21:18:38.0106 1532 FileInfo - ok
    21:18:38.0118 1532 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    21:18:38.0191 1532 Filetrace - ok
    21:18:38.0279 1532 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    21:18:38.0325 1532 FLEXnet Licensing Service - ok
    21:18:38.0339 1532 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    21:18:38.0358 1532 flpydisk - ok
    21:18:38.0395 1532 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    21:18:38.0416 1532 FltMgr - ok
    21:18:38.0467 1532 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    21:18:38.0516 1532 FontCache - ok
    21:18:38.0564 1532 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:18:38.0586 1532 FontCache3.0.0.0 - ok
    21:18:38.0609 1532 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    21:18:38.0633 1532 FsDepends - ok
    21:18:38.0671 1532 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    21:18:38.0696 1532 Fs_Rec - ok
    21:18:38.0736 1532 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    21:18:38.0772 1532 fvevol - ok
    21:18:38.0792 1532 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:18:38.0808 1532 gagp30kx - ok
    21:18:38.0854 1532 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:18:38.0875 1532 GEARAspiWDM - ok
    21:18:38.0907 1532 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    21:18:38.0917 1532 GoToAssist - ok
    21:18:38.0967 1532 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    21:18:39.0077 1532 gpsvc - ok
    21:18:39.0157 1532 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:18:39.0182 1532 gupdate - ok
    21:18:39.0200 1532 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:18:39.0212 1532 gupdatem - ok
    21:18:39.0271 1532 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    21:18:39.0300 1532 gusvc - ok
    21:18:39.0325 1532 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    21:18:39.0366 1532 hcw85cir - ok
    21:18:39.0408 1532 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    21:18:39.0458 1532 HDAudBus - ok
    21:18:39.0489 1532 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    21:18:39.0516 1532 HECIx64 - ok
    21:18:39.0533 1532 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    21:18:39.0573 1532 HidBatt - ok
    21:18:39.0594 1532 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    21:18:39.0638 1532 HidBth - ok
    21:18:39.0660 1532 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    21:18:39.0688 1532 HidIr - ok
    21:18:39.0713 1532 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    21:18:39.0782 1532 hidserv - ok
    21:18:39.0823 1532 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
    21:18:39.0851 1532 HidUsb - ok
    21:18:39.0877 1532 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    21:18:39.0932 1532 hkmsvc - ok
    21:18:39.0965 1532 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    21:18:40.0015 1532 HomeGroupListener - ok
    21:18:40.0046 1532 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    21:18:40.0081 1532 HomeGroupProvider - ok
    21:18:40.0154 1532 [ D1E9CB573A9EDF7BE12E9C57F32E97F7 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
    21:18:40.0170 1532 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - warning
    21:18:40.0171 1532 HP LaserJet Service - detected UnsignedFile.Multi.Generic (1)
    21:18:40.0221 1532 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    21:18:40.0249 1532 HpSAMD - ok
    21:18:40.0290 1532 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    21:18:40.0386 1532 HTTP - ok
    21:18:40.0438 1532 [ 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
    21:18:40.0481 1532 hwdatacard - ok
    21:18:40.0510 1532 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    21:18:40.0534 1532 hwpolicy - ok
    21:18:40.0569 1532 [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
    21:18:40.0614 1532 hwusbdev - ok
    21:18:40.0752 1532 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    21:18:40.0809 1532 i8042prt - ok
    21:18:40.0848 1532 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    21:18:40.0890 1532 iaStorV - ok
    21:18:40.0949 1532 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    21:18:40.0978 1532 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    21:18:40.0978 1532 IDriverT - detected UnsignedFile.Multi.Generic (1)
    21:18:41.0048 1532 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:18:41.0107 1532 idsvc - ok
    21:18:41.0281 1532 [ 0372C154226F7074CD150F475A4870A6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    21:18:41.0491 1532 igfx - ok
    21:18:41.0513 1532 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    21:18:41.0528 1532 iirsp - ok
    21:18:41.0565 1532 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    21:18:41.0645 1532 IKEEXT - ok
    21:18:41.0670 1532 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
    21:18:41.0710 1532 Impcd - ok
    21:18:41.0746 1532 [ FD5EF1D0210CB9C0773BBA7CA360D762 ] InstallFilterService C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
    21:18:41.0765 1532 InstallFilterService ( UnsignedFile.Multi.Generic ) - warning
    21:18:41.0765 1532 InstallFilterService - detected UnsignedFile.Multi.Generic (1)
    21:18:41.0816 1532 [ 9C1D5314D42B7F1BD6AD6FB1BA8870A8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    21:18:41.0883 1532 IntcAzAudAddService - ok
    21:18:41.0907 1532 [ 49072EDBC5C2F964917D1B585C90ED0A ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    21:18:41.0939 1532 IntcDAud - ok
    21:18:41.0952 1532 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    21:18:41.0967 1532 intelide - ok
    21:18:41.0996 1532 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    21:18:42.0041 1532 intelppm - ok
    21:18:42.0073 1532 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    21:18:42.0134 1532 IPBusEnum - ok
    21:18:42.0162 1532 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:18:42.0233 1532 IpFilterDriver - ok
    21:18:42.0263 1532 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    21:18:42.0326 1532 iphlpsvc - ok
    21:18:42.0362 1532 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    21:18:42.0392 1532 IPMIDRV - ok
    21:18:42.0408 1532 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    21:18:42.0465 1532 IPNAT - ok
    21:18:42.0532 1532 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    21:18:42.0574 1532 iPod Service - ok
    21:18:42.0593 1532 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    21:18:42.0631 1532 IRENUM - ok
    21:18:42.0654 1532 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    21:18:42.0669 1532 isapnp - ok
    21:18:42.0689 1532 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    21:18:42.0710 1532 iScsiPrt - ok
    21:18:42.0724 1532 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    21:18:42.0740 1532 kbdclass - ok
    21:18:42.0772 1532 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    21:18:42.0801 1532 kbdhid - ok
    21:18:42.0821 1532 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    21:18:42.0838 1532 KeyIso - ok
    21:18:42.0850 1532 KMService - ok
    21:18:42.0885 1532 [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
    21:18:42.0910 1532 KMWDFILTER - ok
    21:18:42.0948 1532 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    21:18:42.0979 1532 KSecDD - ok
    21:18:42.0994 1532 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    21:18:43.0015 1532 KSecPkg - ok
    21:18:43.0032 1532 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    21:18:43.0085 1532 ksthunk - ok
    21:18:43.0121 1532 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    21:18:43.0186 1532 KtmRm - ok
    21:18:43.0222 1532 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    21:18:43.0281 1532 LanmanServer - ok
    21:18:43.0323 1532 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    21:18:43.0391 1532 LanmanWorkstation - ok
    21:18:43.0463 1532 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    21:18:43.0565 1532 lltdio - ok
    21:18:43.0580 1532 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    21:18:43.0632 1532 lltdsvc - ok
    21:18:43.0648 1532 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    21:18:43.0711 1532 lmhosts - ok
    21:18:43.0741 1532 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:18:43.0768 1532 LSI_FC - ok
    21:18:43.0780 1532 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:18:43.0797 1532 LSI_SAS - ok
    21:18:43.0813 1532 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:18:43.0830 1532 LSI_SAS2 - ok
    21:18:43.0846 1532 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:18:43.0863 1532 LSI_SCSI - ok
    21:18:43.0874 1532 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    21:18:43.0930 1532 luafv - ok
    21:18:43.0979 1532 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
    21:18:44.0018 1532 LVRS64 - ok
    21:18:44.0162 1532 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
    21:18:44.0332 1532 LVUVC64 - ok
    21:18:44.0366 1532 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    21:18:44.0402 1532 Mcx2Svc - ok
    21:18:44.0475 1532 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    21:18:44.0505 1532 MDM - ok
    21:18:44.0517 1532 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    21:18:44.0533 1532 megasas - ok
    21:18:44.0553 1532 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    21:18:44.0574 1532 MegaSR - ok
    21:18:44.0603 1532 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    21:18:44.0685 1532 MMCSS - ok
    21:18:44.0703 1532 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    21:18:44.0760 1532 Modem - ok
    21:18:44.0798 1532 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    21:18:44.0850 1532 monitor - ok
    21:18:44.0870 1532 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    21:18:44.0887 1532 mouclass - ok
    21:18:44.0909 1532 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    21:18:44.0952 1532 mouhid - ok
    21:18:44.0994 1532 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    21:18:45.0018 1532 mountmgr - ok
    21:18:45.0075 1532 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    21:18:45.0101 1532 MozillaMaintenance - ok
    21:18:45.0131 1532 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    21:18:45.0163 1532 mpio - ok
    21:18:45.0177 1532 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    21:18:45.0220 1532 mpsdrv - ok
    21:18:45.0315 1532 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    21:18:45.0420 1532 MpsSvc - ok
    21:18:45.0447 1532 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    21:18:45.0499 1532 MRxDAV - ok
    21:18:45.0531 1532 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:18:45.0566 1532 mrxsmb - ok
    21:18:45.0592 1532 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:18:45.0638 1532 mrxsmb10 - ok
    21:18:45.0654 1532 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:18:45.0679 1532 mrxsmb20 - ok
    21:18:45.0709 1532 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    21:18:45.0724 1532 msahci - ok
    21:18:45.0755 1532 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    21:18:45.0786 1532 msdsm - ok
    21:18:45.0812 1532 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    21:18:45.0837 1532 MSDTC - ok
    21:18:45.0875 1532 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    21:18:45.0919 1532 Msfs - ok
    21:18:45.0977 1532 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    21:18:46.0051 1532 mshidkmdf - ok
    21:18:46.0070 1532 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    21:18:46.0085 1532 msisadrv - ok
    21:18:46.0107 1532 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    21:18:46.0164 1532 MSiSCSI - ok
    21:18:46.0169 1532 msiserver - ok
    21:18:46.0192 1532 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    21:18:46.0241 1532 MSKSSRV - ok
    21:18:46.0275 1532 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    21:18:46.0340 1532 MSPCLOCK - ok
    21:18:46.0344 1532 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    21:18:46.0400 1532 MSPQM - ok
    21:18:46.0426 1532 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    21:18:46.0458 1532 MsRPC - ok
    21:18:46.0476 1532 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    21:18:46.0493 1532 mssmbios - ok
    21:18:46.0562 1532 MSSQL$ACT7 - ok
    21:18:46.0638 1532 [ 8E8E74C953EB0C4F8828D99D6F27FD6F ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
    21:18:46.0651 1532 MSSQLServerADHelper100 - ok
    21:18:46.0680 1532 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    21:18:46.0740 1532 MSTEE - ok
    21:18:46.0756 1532 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig
     
  7. GoneBaja

    GoneBaja TS Rookie Topic Starter Posts: 82

    C:\Windows\system32\DRIVERS\MTConfig.sys
    21:18:46.0792 1532 MTConfig - ok
    21:18:46.0808 1532 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    21:18:46.0827 1532 Mup - ok
    21:18:46.0853 1532 [ D285D0539016BE299A55FF997B44DA33 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    21:18:46.0873 1532 MyWiFiDHCPDNS - ok
    21:18:46.0901 1532 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    21:18:46.0973 1532 napagent - ok
    21:18:46.0998 1532 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    21:18:47.0043 1532 NativeWifiP - ok
    21:18:47.0077 1532 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    21:18:47.0123 1532 NDIS - ok
    21:18:47.0140 1532 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    21:18:47.0188 1532 NdisCap - ok
    21:18:47.0210 1532 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    21:18:47.0262 1532 NdisTapi - ok
    21:18:47.0289 1532 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    21:18:47.0344 1532 Ndisuio - ok
    21:18:47.0364 1532 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    21:18:47.0420 1532 NdisWan - ok
    21:18:47.0442 1532 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    21:18:47.0486 1532 NDProxy - ok
    21:18:47.0544 1532 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    21:18:47.0562 1532 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    21:18:47.0562 1532 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    21:18:47.0579 1532 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    21:18:47.0642 1532 NetBIOS - ok
    21:18:47.0669 1532 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    21:18:47.0735 1532 NetBT - ok
    21:18:47.0763 1532 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    21:18:47.0791 1532 Netlogon - ok
    21:18:47.0818 1532 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    21:18:47.0876 1532 Netman - ok
    21:18:47.0899 1532 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    21:18:47.0996 1532 netprofm - ok
    21:18:48.0053 1532 [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
    21:18:48.0118 1532 netr7364 - ok
    21:18:48.0141 1532 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:18:48.0157 1532 NetTcpPortSharing - ok
    21:18:48.0295 1532 [ 981736527B6384BD594B45B2C852432F ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
    21:18:48.0480 1532 NETw5s64 - ok
    21:18:48.0515 1532 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    21:18:48.0543 1532 nfrd960 - ok
    21:18:48.0583 1532 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    21:18:48.0645 1532 NlaSvc - ok
    21:18:48.0659 1532 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    21:18:48.0702 1532 Npfs - ok
    21:18:48.0722 1532 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    21:18:48.0783 1532 nsi - ok
    21:18:48.0799 1532 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    21:18:48.0867 1532 nsiproxy - ok
    21:18:48.0940 1532 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    21:18:49.0019 1532 Ntfs - ok
    21:18:49.0033 1532 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    21:18:49.0076 1532 Null - ok
    21:18:49.0093 1532 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    21:18:49.0112 1532 nvraid - ok
    21:18:49.0136 1532 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    21:18:49.0154 1532 nvstor - ok
    21:18:49.0172 1532 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    21:18:49.0190 1532 nv_agp - ok
    21:18:49.0262 1532 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    21:18:49.0304 1532 odserv - ok
    21:18:49.0334 1532 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    21:18:49.0363 1532 ohci1394 - ok
    21:18:49.0393 1532 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:18:49.0419 1532 ose - ok
    21:18:49.0464 1532 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    21:18:49.0528 1532 p2pimsvc - ok
    21:18:49.0557 1532 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    21:18:49.0619 1532 p2psvc - ok
    21:18:49.0667 1532 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    21:18:49.0709 1532 Parport - ok
    21:18:49.0738 1532 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    21:18:49.0756 1532 partmgr - ok
    21:18:49.0772 1532 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    21:18:49.0809 1532 PcaSvc - ok
    21:18:49.0832 1532 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    21:18:49.0849 1532 pci - ok
    21:18:49.0861 1532 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    21:18:49.0875 1532 pciide - ok
    21:18:49.0888 1532 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    21:18:49.0907 1532 pcmcia - ok
    21:18:49.0917 1532 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    21:18:49.0932 1532 pcw - ok
    21:18:49.0952 1532 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    21:18:50.0022 1532 PEAUTH - ok
    21:18:50.0095 1532 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    21:18:50.0138 1532 PerfHost - ok
    21:18:50.0188 1532 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    21:18:50.0270 1532 pla - ok
    21:18:50.0329 1532 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    21:18:50.0399 1532 PlugPlay - ok
    21:18:50.0499 1532 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    21:18:50.0515 1532 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    21:18:50.0515 1532 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    21:18:50.0538 1532 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    21:18:50.0581 1532 PNRPAutoReg - ok
    21:18:50.0602 1532 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    21:18:50.0630 1532 PNRPsvc - ok
    21:18:50.0659 1532 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    21:18:50.0719 1532 PolicyAgent - ok
    21:18:50.0738 1532 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    21:18:50.0799 1532 Power - ok
    21:18:50.0843 1532 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    21:18:50.0927 1532 PptpMiniport - ok
    21:18:50.0943 1532 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    21:18:50.0972 1532 Processor - ok
    21:18:51.0020 1532 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    21:18:51.0058 1532 ProfSvc - ok
    21:18:51.0071 1532 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    21:18:51.0089 1532 ProtectedStorage - ok
    21:18:51.0128 1532 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    21:18:51.0207 1532 Psched - ok
    21:18:51.0272 1532 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
    21:18:51.0296 1532 PSI - ok
    21:18:51.0331 1532 [ 7712267DBAD69820E0766B17D8F6543E ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    21:18:51.0351 1532 PSI_SVC_2 - ok
    21:18:51.0397 1532 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    21:18:51.0410 1532 PxHlpa64 - ok
    21:18:51.0452 1532 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    21:18:51.0508 1532 ql2300 - ok
    21:18:51.0521 1532 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    21:18:51.0539 1532 ql40xx - ok
    21:18:51.0563 1532 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    21:18:51.0592 1532 QWAVE - ok
    21:18:51.0603 1532 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    21:18:51.0642 1532 QWAVEdrv - ok
    21:18:51.0782 1532 [ 68B15A9A2A35D7AFA3BDA1FB9EDB84D0 ] RapportCerberus_32029 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus64_32029.sys
    21:18:51.0825 1532 RapportCerberus_32029 - ok
    21:18:51.0888 1532 [ 9F59CC485C023E2D41789AD31D5CCC2C ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
    21:18:51.0915 1532 RapportEI64 - ok
    21:18:51.0934 1532 [ 9AA4A536CEE7A09B2E03D4D423A9F718 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
    21:18:51.0956 1532 RapportKE64 - ok
    21:18:51.0993 1532 [ F05D972BC3E532210A9A35D35BA2E889 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    21:18:52.0059 1532 RapportMgmtService - ok
    21:18:52.0086 1532 [ E6BAEB47476AB92878BF613F538211DE ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
    21:18:52.0113 1532 RapportPG64 - ok
    21:18:52.0140 1532 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    21:18:52.0204 1532 RasAcd - ok
    21:18:52.0229 1532 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:18:52.0288 1532 RasAgileVpn - ok
    21:18:52.0314 1532 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    21:18:52.0381 1532 RasAuto - ok
    21:18:52.0408 1532 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:18:52.0475 1532 Rasl2tp - ok
    21:18:52.0506 1532 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    21:18:52.0568 1532 RasMan - ok
    21:18:52.0584 1532 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    21:18:52.0631 1532 RasPppoe - ok
    21:18:52.0652 1532 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    21:18:52.0732 1532 RasSstp - ok
    21:18:52.0760 1532 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    21:18:52.0822 1532 rdbss - ok
    21:18:52.0835 1532 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    21:18:52.0857 1532 rdpbus - ok
    21:18:52.0879 1532 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:18:52.0948 1532 RDPCDD - ok
    21:18:52.0967 1532 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    21:18:53.0038 1532 RDPENCDD - ok
    21:18:53.0053 1532 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    21:18:53.0098 1532 RDPREFMP - ok
    21:18:53.0124 1532 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    21:18:53.0145 1532 RDPWD - ok
    21:18:53.0180 1532 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    21:18:53.0200 1532 rdyboost - ok
    21:18:53.0291 1532 [ 3B71B5B91E7DCA93585D5A86C897ADC4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    21:18:53.0328 1532 RegSrvc - ok
    21:18:53.0358 1532 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    21:18:53.0426 1532 RemoteAccess - ok
    21:18:53.0452 1532 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    21:18:53.0545 1532 RemoteRegistry - ok
    21:18:53.0587 1532 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    21:18:53.0639 1532 RFCOMM - ok
    21:18:53.0645 1532 RimUsb - ok
    21:18:53.0687 1532 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    21:18:53.0705 1532 RimVSerPort - ok
    21:18:53.0736 1532 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
    21:18:53.0794 1532 RMCAST - ok
    21:18:53.0834 1532 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
    21:18:53.0889 1532 ROOTMODEM - ok
    21:18:53.0960 1532 RoxLiveShare9 - ok
    21:18:53.0996 1532 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    21:18:54.0066 1532 RpcEptMapper - ok
    21:18:54.0094 1532 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    21:18:54.0138 1532 RpcLocator - ok
    21:18:54.0176 1532 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    21:18:54.0227 1532 RpcSs - ok
    21:18:54.0267 1532 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    21:18:54.0350 1532 rspndr - ok
    21:18:54.0372 1532 [ 502B316947EA887CDDD325D4745EB7D0 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    21:18:54.0392 1532 RSUSBSTOR - ok
    21:18:54.0434 1532 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    21:18:54.0481 1532 RTL8167 - ok
    21:18:54.0522 1532 [ 216BBB8753FE1C9F79716AB8851FB4E1 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
    21:18:54.0568 1532 RTL8192su - ok
    21:18:54.0641 1532 [ 50BC0E3FF1C61FEA769949AB5355FD2A ] Sage ACT! Scheduler C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe
    21:18:54.0653 1532 Sage ACT! Scheduler ( UnsignedFile.Multi.Generic ) - warning
    21:18:54.0653 1532 Sage ACT! Scheduler - detected UnsignedFile.Multi.Generic (1)
    21:18:54.0668 1532 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    21:18:54.0686 1532 SamSs - ok
    21:18:54.0716 1532 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    21:18:54.0736 1532 sbp2port - ok
    21:18:54.0764 1532 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    21:18:54.0840 1532 SCardSvr - ok
    21:18:54.0883 1532 [ 07237C66E05DA6778E9F3CB67FA00736 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
    21:18:54.0911 1532 SCDEmu - ok
    21:18:54.0939 1532 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    21:18:55.0017 1532 scfilter - ok
    21:18:55.0067 1532 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    21:18:55.0162 1532 Schedule - ok
    21:18:55.0186 1532 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    21:18:55.0228 1532 SCPolicySvc - ok
    21:18:55.0270 1532 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    21:18:55.0308 1532 SDRSVC - ok
    21:18:55.0333 1532 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    21:18:55.0390 1532 secdrv - ok
    21:18:55.0403 1532 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    21:18:55.0460 1532 seclogon - ok
    21:18:55.0577 1532 [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    21:18:55.0638 1532 Secunia PSI Agent - ok
    21:18:55.0666 1532 [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
    21:18:55.0688 1532 Secunia Update Agent - ok
    21:18:55.0708 1532 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    21:18:55.0770 1532 SENS - ok
    21:18:55.0791 1532 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    21:18:55.0813 1532 SensrSvc - ok
    21:18:55.0842 1532 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    21:18:55.0861 1532 Serenum - ok
    21:18:55.0874 1532 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    21:18:55.0894 1532 Serial - ok
    21:18:55.0917 1532 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    21:18:55.0961 1532 sermouse - ok
    21:18:56.0008 1532 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    21:18:56.0065 1532 SessionEnv - ok
    21:18:56.0093 1532 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    21:18:56.0139 1532 sffdisk - ok
    21:18:56.0158 1532 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    21:18:56.0189 1532 sffp_mmc - ok
    21:18:56.0204 1532 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    21:18:56.0224 1532 sffp_sd - ok
    21:18:56.0234 1532 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    21:18:56.0252 1532 sfloppy - ok
    21:18:56.0349 1532 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    21:18:56.0427 1532 SftService - ok
    21:18:56.0458 1532 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    21:18:56.0522 1532 SharedAccess - ok
    21:18:56.0545 1532 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    21:18:56.0598 1532 ShellHWDetection - ok
    21:18:56.0625 1532 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:18:56.0641 1532 SiSRaid2 - ok
    21:18:56.0650 1532 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    21:18:56.0666 1532 SiSRaid4 - ok
    21:18:56.0795 1532 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    21:18:56.0895 1532 Skype C2C Service - ok
    21:18:56.0957 1532 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    21:18:56.0983 1532 SkypeUpdate - ok
    21:18:57.0009 1532 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    21:18:57.0065 1532 Smb - ok
    21:18:57.0098 1532 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    21:18:57.0127 1532 SNMPTRAP - ok
    21:18:57.0160 1532 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    21:18:57.0187 1532 spldr - ok
    21:18:57.0222 1532 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    21:18:57.0258 1532 Spooler - ok
    21:18:57.0351 1532 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    21:18:57.0499 1532 sppsvc - ok
    21:18:57.0515 1532 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    21:18:57.0562 1532 sppuinotify - ok
    21:18:57.0622 1532 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellComms C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
    21:18:57.0645 1532 sprtsvc_DellComms - ok
    21:18:57.0725 1532 [ 230C6AA1091190D2FDB40766CBD3DBBD ] SQLAgent$ACT7 C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE
    21:18:57.0759 1532 SQLAgent$ACT7 - ok
    21:18:57.0811 1532 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    21:18:57.0842 1532 SQLBrowser - ok
    21:18:57.0921 1532 [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    21:18:57.0946 1532 SQLWriter - ok
    21:18:57.0977 1532 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    21:18:58.0026 1532 srv - ok
    21:18:58.0053 1532 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    21:18:58.0100 1532 srv2 - ok
    21:18:58.0124 1532 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    21:18:58.0167 1532 srvnet - ok
    21:18:58.0207 1532 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    21:18:58.0285 1532 SSDPSRV - ok
    21:18:58.0303 1532 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    21:18:58.0350 1532 SstpSvc - ok
    21:18:58.0377 1532 [ C48E0745D33897C7A73394214F2B9B4F ] stdflt C:\Windows\system32\DRIVERS\stdflt.sys
    21:18:58.0388 1532 stdflt - ok
    21:18:58.0423 1532 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    21:18:58.0448 1532 stexstor - ok
    21:18:58.0483 1532 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    21:18:58.0533 1532 StillCam - ok
    21:18:58.0583 1532 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    21:18:58.0662 1532 stisvc - ok
    21:18:58.0689 1532 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    21:18:58.0714 1532 swenum - ok
    21:18:58.0758 1532 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    21:18:58.0858 1532 swprv - ok
    21:18:58.0904 1532 [ 639B57DC871BE4B86283027FAF1F4E30 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    21:18:58.0926 1532 SynTP - ok
    21:18:58.0988 1532 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    21:18:59.0083 1532 SysMain - ok
    21:18:59.0100 1532 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    21:18:59.0129 1532 TabletInputService - ok
    21:18:59.0142 1532 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    21:18:59.0206 1532 TapiSrv - ok
    21:18:59.0220 1532 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    21:18:59.0266 1532 TBS - ok
    21:18:59.0349 1532 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    21:18:59.0456 1532 Tcpip - ok
    21:18:59.0512 1532 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    21:18:59.0564 1532 TCPIP6 - ok
    21:18:59.0603 1532 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    21:18:59.0672 1532 tcpipreg - ok
    21:18:59.0695 1532 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    21:18:59.0739 1532 TDPIPE - ok
    21:18:59.0760 1532 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    21:18:59.0792 1532 TDTCP - ok
    21:18:59.0830 1532 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    21:18:59.0886 1532 tdx - ok
    21:18:59.0913 1532 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    21:18:59.0940 1532 TermDD - ok
    21:18:59.0968 1532 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    21:19:00.0079 1532 TermService - ok
    21:19:00.0102 1532 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    21:19:00.0157 1532 Themes - ok
    21:19:00.0188 1532 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    21:19:00.0247 1532 THREADORDER - ok
    21:19:00.0260 1532 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    21:19:00.0307 1532 TrkWks - ok
    21:19:00.0358 1532 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    21:19:00.0418 1532 TrustedInstaller - ok
    21:19:00.0446 1532 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:19:00.0514 1532 tssecsrv - ok
    21:19:00.0557 1532 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    21:19:00.0584 1532 TsUsbFlt - ok
    21:19:00.0627 1532 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    21:19:00.0692 1532 tunnel - ok
    21:19:00.0722 1532 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    21:19:00.0751 1532 uagp35 - ok
    21:19:00.0786 1532 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    21:19:00.0847 1532 udfs - ok
    21:19:00.0868 1532 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    21:19:00.0890 1532 UI0Detect - ok
    21:19:00.0926 1532 [ 363CFAE18844D91C7576BAA8ABFF8E4E ] UimBus C:\Windows\system32\DRIVERS\uimx64.sys
    21:19:00.0948 1532 UimBus - ok
    21:19:00.0972 1532 [ 322B82BBF5A182BFF4351F696B77782B ] Uim_IM C:\Windows\system32\Drivers\Uim_IMx64.sys
    21:19:01.0026 1532 Uim_IM - ok
    21:19:01.0047 1532 [ 42C9D0EFD8BB6D34D3A8686C8063B71A ] Uim_VIM C:\Windows\system32\Drivers\uim_vimx64.sys
    21:19:01.0071 1532 Uim_VIM - ok
    21:19:01.0082 1532 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    21:19:01.0099 1532 uliagpkx - ok
    21:19:01.0134 1532 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    21:19:01.0158 1532 umbus - ok
    21:19:01.0179 1532 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    21:19:01.0213 1532 UmPass - ok
    21:19:01.0260 1532 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    21:19:01.0305 1532 UMVPFSrv - ok
    21:19:01.0327 1532 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    21:19:01.0390 1532 upnphost - ok
    21:19:01.0438 1532 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    21:19:01.0476 1532 USBAAPL64 - ok
    21:19:01.0534 1532 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    21:19:01.0574 1532 usbaudio - ok
    21:19:01.0617 1532 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    21:19:01.0655 1532 usbccgp - ok
    21:19:01.0699 1532 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    21:19:01.0729 1532 usbcir - ok
    21:19:01.0746 1532 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    21:19:01.0766 1532 usbehci - ok
    21:19:01.0796 1532 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    21:19:01.0833 1532 usbhub - ok
    21:19:01.0860 1532 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    21:19:01.0896 1532 usbohci - ok
    21:19:01.0925 1532 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    21:19:01.0961 1532 usbprint - ok
    21:19:01.0986 1532 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    21:19:02.0017 1532 usbscan - ok
    21:19:02.0031 1532 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:19:02.0065 1532 USBSTOR - ok
    21:19:02.0080 1532 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    21:19:02.0114 1532 usbuhci - ok
    21:19:02.0169 1532 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    21:19:02.0207 1532 usbvideo - ok
    21:19:02.0234 1532 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    21:19:02.0310 1532 UxSms - ok
    21:19:02.0333 1532 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    21:19:02.0351 1532 VaultSvc - ok
    21:19:02.0377 1532 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    21:19:02.0404 1532 vdrvroot - ok
    21:19:02.0445 1532 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    21:19:02.0514 1532 vds - ok
    21:19:02.0532 1532 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    21:19:02.0554 1532 vga - ok
    21:19:02.0568 1532 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    21:19:02.0639 1532 VgaSave - ok
    21:19:02.0688 1532 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    21:19:02.0721 1532 vhdmp - ok
    21:19:02.0749 1532 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    21:19:02.0775 1532 viaide - ok
    21:19:02.0792 1532 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    21:19:02.0817 1532 volmgr - ok
    21:19:02.0852 1532 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    21:19:02.0889 1532 volmgrx - ok
    21:19:02.0907 1532 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    21:19:02.0927 1532 volsnap - ok
    21:19:02.0959 1532 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    21:19:02.0977 1532 vsmraid - ok
    21:19:03.0028 1532 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    21:19:03.0176 1532 VSS - ok
    21:19:03.0198 1532 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    21:19:03.0221 1532 vwifibus - ok
    21:19:03.0247 1532 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    21:19:03.0271 1532 vwififlt - ok
    21:19:03.0293 1532 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    21:19:03.0330 1532 vwifimp - ok
    21:19:03.0367 1532 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    21:19:03.0434 1532 W32Time - ok
    21:19:03.0461 1532 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    21:19:03.0479 1532 WacomPen - ok
    21:19:03.0507 1532 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    21:19:03.0573 1532 WANARP - ok
    21:19:03.0597 1532 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    21:19:03.0651 1532 Wanarpv6 - ok
    21:19:03.0705 1532 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    21:19:03.0757 1532 WatAdminSvc - ok
    21:19:03.0810 1532 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    21:19:03.0880 1532 wbengine - ok
    21:19:03.0899 1532 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    21:19:03.0930 1532 WbioSrvc - ok
    21:19:03.0966 1532 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    21:19:04.0010 1532 wcncsvc - ok
    21:19:04.0021 1532 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    21:19:04.0048 1532 WcsPlugInService - ok
    21:19:04.0060 1532 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    21:19:04.0074 1532 Wd - ok
    21:19:04.0095 1532 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    21:19:04.0131 1532 Wdf01000 - ok
    21:19:04.0149 1532 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    21:19:04.0189 1532 WdiServiceHost - ok
    21:19:04.0193 1532 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    21:19:04.0224 1532 WdiSystemHost - ok
    21:19:04.0254 1532 [ 7C2EF67B0A43C4DEB7EF932CEDA337D6 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
    21:19:04.0270 1532 wdkmd - ok
    21:19:04.0285 1532 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    21:19:04.0329 1532 WebClient - ok
    21:19:04.0351 1532 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    21:19:04.0413 1532 Wecsvc - ok
    21:19:04.0426 1532 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    21:19:04.0489 1532 wercplsupport - ok
    21:19:04.0510 1532 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    21:19:04.0574 1532 WerSvc - ok
    21:19:04.0606 1532 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    21:19:04.0648 1532 WfpLwf - ok
    21:19:04.0704 1532 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
    21:19:04.0722 1532 WimFltr - ok
    21:19:04.0735 1532 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    21:19:04.0753 1532 WIMMount - ok
    21:19:04.0784 1532 WinDefend - ok
    21:19:04.0789 1532 WinHttpAutoProxySvc - ok
    21:19:04.0834 1532 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    21:19:04.0888 1532 Winmgmt - ok
    21:19:04.0948 1532 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    21:19:05.0073 1532 WinRM - ok
    21:19:05.0102 1532 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    21:19:05.0144 1532 WinUsb - ok
    21:19:05.0184 1532 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    21:19:05.0235 1532 Wlansvc - ok
    21:19:05.0335 1532 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    21:19:05.0411 1532 wlidsvc - ok
    21:19:05.0448 1532 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    21:19:05.0471 1532 WmiAcpi - ok
    21:19:05.0496 1532 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    21:19:05.0528 1532 wmiApSrv - ok
    21:19:05.0542 1532 WMPNetworkSvc - ok
    21:19:05.0556 1532 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    21:19:05.0575 1532 WPCSvc - ok
    21:19:05.0605 1532 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    21:19:05.0629 1532 WPDBusEnum - ok
    21:19:05.0655 1532 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    21:19:05.0699 1532 ws2ifsl - ok
    21:19:05.0710 1532 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    21:19:05.0743 1532 wscsvc - ok
    21:19:05.0747 1532 WSearch - ok
    21:19:05.0815 1532 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    21:19:05.0906 1532 wuauserv - ok
    21:19:05.0932 1532 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    21:19:05.0989 1532 WudfPf - ok
    21:19:06.0025 1532 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:19:06.0085 1532 WUDFRd - ok
    21:19:06.0108 1532 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    21:19:06.0153 1532 wudfsvc - ok
    21:19:06.0167 1532 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    21:19:06.0205 1532 WwanSvc - ok
    21:19:06.0256 1532 ================ Scan global ===============================
    21:19:06.0281 1532 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    21:19:06.0315 1532 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    21:19:06.0326 1532 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    21:19:06.0345 1532 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    21:19:06.0378 1532 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    21:19:06.0386 1532 [Global] - ok
    21:19:06.0387 1532 ================ Scan MBR ==================================
    21:19:06.0396 1532 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    21:19:06.0983 1532 \Device\Harddisk0\DR0 - ok
    21:19:06.0983 1532 ================ Scan VBR ==================================
    21:19:07.0003 1532 [ EB92EE1BD4E0F2BD6EAA44342CF3F234 ] \Device\Harddisk0\DR0\Partition1
    21:19:07.0005 1532 \Device\Harddisk0\DR0\Partition1 - ok
    21:19:07.0008 1532 [ C7C75B8D16ED2E7E9DD2A07BF2931E1E ] \Device\Harddisk0\DR0\Partition2
    21:19:07.0010 1532 \Device\Harddisk0\DR0\Partition2 - ok
    21:19:07.0013 1532 [ 285A16982F0929BF519FE45B8549B6E9 ] \Device\Harddisk0\DR0\Partition3
    21:19:07.0015 1532 \Device\Harddisk0\DR0\Partition3 - ok
    21:19:07.0015 1532 ============================================================
    21:19:07.0015 1532 Scan finished
    21:19:07.0015 1532 ============================================================
    21:19:07.0028 6356 Detected object count: 10
    21:19:07.0028 6356 Actual detected object count: 10
    21:20:53.0652 6356 ActService ( UnsignedFile.Multi.Generic ) - skipped by user
    21:20:53.0652 6356 ActService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:20:53.0654 6356 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
    21:20:53.0654 6356 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:20:53.0655 6356 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
    21:20:53.0655 6356 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:20:53.0657 6356 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
    21:20:53.0657 6356 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:20:53.0658 6356 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - skipped by user
    21:20:53.0658 6356 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:20:53.0660 6356 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    21:20:53.0660 6356 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:20:53.0661 6356 InstallFilterService ( UnsignedFile.Multi.Generic ) - skipped by user
    21:20:53.0661 6356 InstallFilterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:20:53.0664 6356 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
    21:20:53.0664 6356 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:20:53.0664 6356 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
    21:20:53.0665 6356 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:20:53.0666 6356 Sage ACT! Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
    21:20:53.0666 6356 Sage ACT! Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:22:22.0544 2124 Deinitialize success
     
  8. GoneBaja

    GoneBaja TS Rookie Topic Starter Posts: 82

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-08 21:27:56
    -----------------------------
    21:27:56.406 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:27:56.406 Number of processors: 4 586 0x2502
    21:27:56.407 ComputerName: LANA-PC UserName: Lana
    21:27:58.212 Initialize success
    21:27:58.593 AVAST engine defs: 12090801
    21:30:24.446 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
    21:30:24.451 Disk 0 Vendor: ST9500420AS 0004SDM1 Size: 476940MB BusType: 11
    21:30:24.486 Disk 0 MBR read successfully
    21:30:24.491 Disk 0 MBR scan
    21:30:24.498 Disk 0 Windows 7 default MBR code
    21:30:24.508 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
    21:30:24.528 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 206848
    21:30:24.546 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 152863 MB offset 20686848
    21:30:24.552 Disk 0 Partition - 00 0F Extended LBA 249995 MB offset 464776515
    21:30:24.574 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 249995 MB offset 464776578
    21:30:24.621 Disk 0 scanning C:\Windows\system32\drivers
    21:30:35.177 Service scanning
    21:30:55.368 Modules scanning
    21:30:55.388 Disk 0 trace - called modules:
    21:30:55.428 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    21:30:55.438 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bfe060]
    21:30:55.450 3 CLASSPNP.SYS[fffff880019c943f] -> nt!IofCallDriver -> [0xfffffa8004aa4af0]
    21:30:55.460 5 stdflt.sys[fffff88001901a4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004933680]
    21:30:56.223 AVAST engine scan C:\Windows
    21:30:57.779 AVAST engine scan C:\Windows\system32
    21:33:32.337 AVAST engine scan C:\Windows\system32\drivers
    21:33:44.525 AVAST engine scan C:\Users\Lana
    21:38:36.341 AVAST engine scan C:\ProgramData
    22:10:59.284 Scan finished successfully
    22:22:36.088 Disk 0 MBR has been saved successfully to "D:\Desktop\MBR.dat"
    22:22:36.095 The log file has been saved successfully to "D:\Desktop\aswMBR.txt"
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I don't see anything really. I would say to contact Customer Service for those secure sites, if you can. They may have the solution. I wouldn't put it past them to block the accounts or your IP addresses due to the recent malware infection.
     
  10. GoneBaja

    GoneBaja TS Rookie Topic Starter Posts: 82

    Did I mention the Iminent tool bar showed up in Firefox when I installed it two days ago?
     
  11. GoneBaja

    GoneBaja TS Rookie Topic Starter Posts: 82

    Plus she did get in when she fired up Explorer and did her banking... ??? all weird to me.
     
     
  12. GoneBaja

    GoneBaja TS Rookie Topic Starter Posts: 82

    Hi Jay:

    Just thought I would try another thing... didn't realize that the external drive would need to be scanned seperately, so plugged it in and started with the Malware Bytes scan and the following is what was picked up.

    This must be how I reinfected the computer as I used this external to backup the system when I wanted to resize the HD.

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.07.13

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Lana :: LANA-PC [administrator]

    09-09-2012 16:02:58
    mbam-log-2012-09-09 (16-02-58).txt

    Scan type: Custom scan (F:\|)
    Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
    Objects scanned: 29281
    Time elapsed: 15 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 8
    F:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1088\A0298715.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    F:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1092\A0298926.exe (Worm.Palevo) -> Quarantined and deleted successfully.
    F:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1094\A0299349.exe (Trojan.Lame) -> Quarantined and deleted successfully.
    F:\3.PICTURES\My Pictures\2006_03_23\IMG_0403.JPG (Extension.Mismatch) -> Quarantined and deleted successfully.
    F:\3.PICTURES\My Pictures\2006_03_15\IMG_0268.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
    F:\svira\svira32.exe (Trojan.Inject) -> Quarantined and deleted successfully.
    F:\ravira\ravira32.exe (Worm.Palevo) -> Quarantined and deleted successfully.
    F:\novir\novir32.exe (Worm.Palevo) -> Quarantined and deleted successfully.

    (end)
    What next?
    Thank you!!! BTW
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    This:
    Would be reason it reinfected, because of a worm.

    Go ahead and run another MBAM scan, include all drives (full scan).
     
  14. GoneBaja

    GoneBaja TS Rookie Topic Starter Posts: 82

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.07.13

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Lana :: LANA-PC [administrator]

    10-09-2012 21:36:51
    mbam-log-2012-09-10 (21-36-51).txt

    Scan type: Full scan (C:\|D:\|F:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 521796
    Time elapsed: 1 hour(s), 52 minute(s), 53 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    D:\Pictures\3.PICTURES\My Pictures\2006_03_15\IMG_0268.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
    D:\Pictures\3.PICTURES\My Pictures\2006_03_23\IMG_0403.JPG (Extension.Mismatch) -> Quarantined and deleted successfully.

    (end)
    Seems to be clean, still having problems with Google Chrome logging in to two locals...the bank and our backend website administration...webadmin page just sits and does not go past the login, bank kicks you out.
    However Explorer works...
    Iminent Toolbar icon is gone from Firefox.... Firefox works for website backend admin......is it possible that the bank could flag the Google chrome browser on this machine and not allow it in? ..... it seems like the Chrome browser does some pretty tricky stuff.... as in, this machine was turned off, and I had not yet finished this post, when I turned it back on, the partially finished post came up... which was nice but...
    Should there be any further actions taken with this machine?
    Thanks!!
    jp
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    For the bank problem, once again:
    We can do this final scan, then we should finish up from here. Because malware is not becoming the issue anymore, and we deal with malware in this section, as you know...

    AdwCleaner Scan
    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
     
  16. GoneBaja

    GoneBaja TS Rookie Topic Starter Posts: 82

    Read you regarding the bank and other login issues....was thinking that might be the case... ADwCleaner results below.

    Thanks for your help


    # AdwCleaner v2.001 - Logfile created 09/12/2012 at 14:13:26
    # Updated 09/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Lana - LANA-PC
    # Boot Mode : Normal
    # Running from : D:\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchTheWeb.xml
    File Found : C:\Users\Lana\AppData\Roaming\Mozilla\Firefox\Profiles\yojeu7k8.default\searchplugins\SearchTheWeb.xml
    File Found : C:\Users\Public\Desktop\Babylon.lnk
    Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\adapter@babylontc.com
    Folder Found : C:\Program Files (x86)\Surf Canyon
    Folder Found : C:\Program Files\Babylon
    Folder Found : C:\ProgramData\~0
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
    Folder Found : C:\Users\Lana\AppData\Local\Babylon
    Folder Found : C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Folder Found : C:\Users\Lana\AppData\LocalLow\facemoods.com
    Folder Found : C:\Users\Lana\AppData\LocalLow\Toolbar4
    Folder Found : C:\Users\Lana\AppData\Roaming\Babylon

    ***** [Registry] *****

    Key Found : HKCU\Software\Babylon
    Key Found : HKCU\Software\Iminent
    Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
    Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Found : HKCU\Software\Surf Canyon
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\Software\BabylonToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
    Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\BabyDict
    Key Found : HKLM\SOFTWARE\Classes\BabyGloss
    Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
    Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
    Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
    Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
    Key Found : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
    Key Found : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
    Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
    Key Found : HKLM\SOFTWARE\Classes\Iminent
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
    Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
    Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
    Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
    Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
    Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
    Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
    Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
    Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
    Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
    Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
    Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
    Key Found : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings
    Key Found : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings.1
    Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
    Key Found : HKLM\Software\Freeze.com
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AAFFE112-08AB-4B91-8428-C008A22864FB}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
    Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Found : HKU\S-1-5-21-2805177739-2049661270-2716759522-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v15.0.1 (en-US)

    Profile name : default
    File : C:\Users\Lana\AppData\Roaming\Mozilla\Firefox\Profiles\yojeu7k8.default\prefs.js

    Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
    Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=10588&tl=gkn128707&tt=290712_acp_3[...]
    Found : user_pref("browser.search.defaultenginename", "SearchTheWeb");
    Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Found : user_pref("browser.search.selectedEngine", "SearchTheWeb");
    Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=10588&tl=gkn128707&tt=290712_acp_3112_2&b[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Found [l.16] : homepage = "hxxp://search.babylon.com/home?affID=10588&tl=gkn128707&tt=290712_acp_3112_2",
    Found [l.1498] : homepage = "hxxp://search.babylon.com/home?affID=10588&tl=gkn128707&tt=290712_acp_3112_2",

    *************************

    AdwCleaner[R1].txt - [30592 octets] - [12/09/2012 14:13:26]

    ########## EOF - C:\AdwCleaner[R1].txt - [30653 octets] ##########
     
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Time to get rid of Imminent...

    AdwCleaner Fix
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    Please post the log.
     
  18. GoneBaja

    GoneBaja TS Rookie Topic Starter Posts: 82

    The final chapter...?? Let's hope

    # AdwCleaner v2.001 - Logfile created 09/13/2012 at 18:03:18
    # Updated 09/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Lana - LANA-PC
    # Boot Mode : Normal
    # Running from : D:\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files\Babylon
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchTheWeb.xml
    File Deleted : C:\Users\Lana\AppData\Roaming\Mozilla\Firefox\Profiles\yojeu7k8.default\searchplugins\SearchTheWeb.xml
    File Deleted : C:\Users\Public\Desktop\Babylon.lnk
    Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\adapter@babylontc.com
    Folder Deleted : C:\Program Files (x86)\Surf Canyon
    Folder Deleted : C:\ProgramData\~0
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
    Folder Deleted : C:\Users\Lana\AppData\Local\Babylon
    Folder Deleted : C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Folder Deleted : C:\Users\Lana\AppData\LocalLow\facemoods.com
    Folder Deleted : C:\Users\Lana\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\Lana\AppData\Roaming\Babylon

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Babylon
    Key Deleted : HKCU\Software\Iminent
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Deleted : HKCU\Software\Surf Canyon
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BabylonToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
    Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
    Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
    Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
    Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
    Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
    Key Deleted : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
    Key Deleted : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
    Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
    Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
    Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
    Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings
    Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AAFFE112-08AB-4B91-8428-C008A22864FB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v15.0.1 (en-US)

    Profile name : default
    File : C:\Users\Lana\AppData\Roaming\Mozilla\Firefox\Profiles\yojeu7k8.default\prefs.js

    C:\Users\Lana\AppData\Roaming\Mozilla\Firefox\Profiles\yojeu7k8.default\user.js ... Deleted !

    Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
    Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=10588&tl=gkn128707&tt=290712_acp_3[...]
    Deleted : user_pref("browser.search.defaultenginename", "SearchTheWeb");
    Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Deleted : user_pref("browser.search.selectedEngine", "SearchTheWeb");
    Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=10588&tl=gkn128707&tt=290712_acp_3112_2&b[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Lana\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.16] : homepage = "hxxp://search.babylon.com/home?affID=10588&tl=gkn128707&tt=290712_acp_3112_2",
    Deleted [l.1513] : homepage = "hxxp://search.babylon.com/home?affID=10588&tl=gkn128707&tt=290712_acp_3112_2",

    *************************

    AdwCleaner[R1].txt - [30591 octets] - [12/09/2012 14:13:26]
    AdwCleaner[S1].txt - [31907 octets] - [13/09/2012 18:03:18]

    ########## EOF - C:\AdwCleaner[S1].txt - [31968 octets] ##########
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    If there are no more issues, then we shall finish up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  20. GoneBaja

    GoneBaja TS Rookie Topic Starter Posts: 82

    Results of screen317's Security Check version 0.99.49
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Secunia PSI (3.0.0.3001)
    Malwarebytes Anti-Malware version 1.62.0.1300
    Adobe Flash Player 11.4.402.265
    Adobe Reader X (10.1.4)
    Mozilla Firefox (15.0.1)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
     
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Any other questions before I mark this topic solved?
     
  22. GoneBaja

    GoneBaja TS Rookie Topic Starter Posts: 82

    I did a quick look around..opened Firefox and did a couple of searches, no Iminent came up.

    Went to the RB bank login using Chrome and was able to get into her account.... you may be interested to know that her MBNA account was compromised somewhere along the way...dunno if it was from this issue, dunno if there is a way to know...but she did receive a phone call that the account has been shut down due to fraudulent activity...

    I believe we you have solved this case for a second round.

    thanks so much!!

    jp
     
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yeah, I'd definitely recommend to get in touch with the bank and deal with that right away.

    This topic marked as solved, you're welcome! √
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.