Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redirect virus


  • Please log in to reply
9 replies to this topic

#1 thekaptn

thekaptn

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 26 July 2012 - 12:45 PM

I got a nasty little virus/rootkit that is redirecting my google search results. I currently use Trend Micro Titanium 2012 and a full scan found nothing. I then ran full scans with malwarebytes and superantispyware. They both found and removed some infected files and I thought my problem was solved, however it is not. I found a program called RegRun Reanimator and ran a scan with it. It found one suspicious file:

RegRun Reanimator - Scan for Malware... Start check 7/26/2012 at:12:49:05 PM
Prohibited:0 Suspicious:1 Warnings:0
Suspicious:Registry Run
Conduit=C:\USERS\JOEY\APPDATA\LOCAL\CRE\CONDUIT\RIHDQJS.DLL
Microsoft® Visual Studio Deployment Package Microsoft Corporation Microsoft® Visual Studio® 2010 10.0.30319.1

The program didn't give me a clear answer as to what I should do about this, as it only implies that it is suspicious.

Any help or advice would be appreciated! Thanks!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 PM

Posted 26 July 2012 - 01:42 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 thekaptn

thekaptn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 26 July 2012 - 03:04 PM

14:50:08.0828 5956 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:50:09.0085 5956 ============================================================
14:50:09.0085 5956 Current date / time: 2012/07/26 14:50:09.0085
14:50:09.0085 5956 SystemInfo:
14:50:09.0085 5956
14:50:09.0085 5956 OS Version: 6.1.7601 ServicePack: 1.0
14:50:09.0085 5956 Product type: Workstation
14:50:09.0086 5956 ComputerName: JOEY-PC
14:50:09.0086 5956 UserName: Joey
14:50:09.0086 5956 Windows directory: C:\Windows
14:50:09.0086 5956 System windows directory: C:\Windows
14:50:09.0086 5956 Running under WOW64
14:50:09.0086 5956 Processor architecture: Intel x64
14:50:09.0086 5956 Number of processors: 4
14:50:09.0086 5956 Page size: 0x1000
14:50:09.0086 5956 Boot type: Normal boot
14:50:09.0086 5956 ============================================================
14:50:10.0255 5956 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:50:10.0287 5956 ============================================================
14:50:10.0287 5956 \Device\Harddisk0\DR0:
14:50:10.0288 5956 MBR partitions:
14:50:10.0288 5956 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:50:10.0288 5956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
14:50:10.0288 5956 ============================================================
14:50:10.0325 5956 C: <-> \Device\Harddisk0\DR0\Partition1
14:50:10.0325 5956 ============================================================
14:50:10.0325 5956 Initialize success
14:50:10.0325 5956 ============================================================
14:50:14.0819 7048 ============================================================
14:50:14.0821 7048 Scan started
14:50:14.0821 7048 Mode: Manual;
14:50:14.0821 7048 ============================================================
14:50:19.0024 7048 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:50:19.0037 7048 !SASCORE - ok
14:50:19.0493 7048 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:50:19.0495 7048 1394ohci - ok
14:50:19.0545 7048 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:50:19.0548 7048 ACPI - ok
14:50:19.0558 7048 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:50:19.0559 7048 AcpiPmi - ok
14:50:19.0684 7048 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:50:19.0685 7048 AdobeARMservice - ok
14:50:19.0840 7048 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:50:19.0843 7048 AdobeFlashPlayerUpdateSvc - ok
14:50:19.0980 7048 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:50:20.0038 7048 adp94xx - ok
14:50:20.0205 7048 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:50:20.0209 7048 adpahci - ok
14:50:20.0253 7048 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:50:20.0255 7048 adpu320 - ok
14:50:20.0277 7048 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:50:20.0278 7048 AeLookupSvc - ok
14:50:20.0372 7048 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:50:20.0380 7048 AFD - ok
14:50:20.0429 7048 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:50:20.0433 7048 agp440 - ok
14:50:20.0510 7048 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:50:20.0513 7048 ALG - ok
14:50:20.0555 7048 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:50:20.0557 7048 aliide - ok
14:50:20.0617 7048 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
14:50:20.0618 7048 AMD External Events Utility - ok
14:50:20.0660 7048 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:50:20.0662 7048 amdide - ok
14:50:20.0708 7048 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
14:50:20.0709 7048 amdiox64 - ok
14:50:20.0807 7048 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:50:20.0810 7048 AmdK8 - ok
14:50:21.0207 7048 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
14:50:21.0372 7048 amdkmdag - ok
14:50:21.0855 7048 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
14:50:21.0862 7048 amdkmdap - ok
14:50:21.0920 7048 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:50:21.0923 7048 AmdPPM - ok
14:50:22.0024 7048 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:50:22.0028 7048 amdsata - ok
14:50:22.0052 7048 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:50:22.0057 7048 amdsbs - ok
14:50:22.0098 7048 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:50:22.0098 7048 amdxata - ok
14:50:22.0287 7048 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
14:50:22.0292 7048 Amsp - ok
14:50:22.0331 7048 AODDriver4.01 - ok
14:50:22.0379 7048 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:50:22.0383 7048 AppID - ok
14:50:22.0406 7048 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:50:22.0408 7048 AppIDSvc - ok
14:50:22.0534 7048 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:50:22.0536 7048 Appinfo - ok
14:50:22.0646 7048 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:50:22.0647 7048 Apple Mobile Device - ok
14:50:22.0706 7048 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:50:22.0707 7048 arc - ok
14:50:22.0751 7048 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:50:22.0752 7048 arcsas - ok
14:50:22.0797 7048 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:50:22.0798 7048 AsyncMac - ok
14:50:22.0834 7048 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:50:22.0834 7048 atapi - ok
14:50:22.0897 7048 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
14:50:22.0899 7048 AtiHDAudioService - ok
14:50:22.0997 7048 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:50:23.0008 7048 AudioEndpointBuilder - ok
14:50:23.0016 7048 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:50:23.0021 7048 AudioSrv - ok
14:50:23.0117 7048 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:50:23.0122 7048 AxInstSV - ok
14:50:23.0199 7048 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:50:23.0211 7048 b06bdrv - ok
14:50:23.0278 7048 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:50:23.0284 7048 b57nd60a - ok
14:50:23.0311 7048 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:50:23.0314 7048 BDESVC - ok
14:50:23.0367 7048 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:50:23.0368 7048 Beep - ok
14:50:23.0481 7048 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:50:23.0494 7048 BFE - ok
14:50:23.0544 7048 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:50:23.0554 7048 BITS - ok
14:50:23.0624 7048 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:50:23.0626 7048 blbdrive - ok
14:50:23.0739 7048 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:50:23.0747 7048 Bonjour Service - ok
14:50:23.0819 7048 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:50:23.0822 7048 bowser - ok
14:50:23.0838 7048 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:50:23.0841 7048 BrFiltLo - ok
14:50:23.0847 7048 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:50:23.0848 7048 BrFiltUp - ok
14:50:23.0886 7048 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:50:23.0888 7048 Browser - ok
14:50:23.0906 7048 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:50:23.0909 7048 Brserid - ok
14:50:23.0917 7048 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:50:23.0918 7048 BrSerWdm - ok
14:50:23.0922 7048 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:50:23.0924 7048 BrUsbMdm - ok
14:50:23.0999 7048 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:50:24.0002 7048 BrUsbSer - ok
14:50:24.0023 7048 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:50:24.0027 7048 BTHMODEM - ok
14:50:24.0056 7048 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:50:24.0057 7048 bthserv - ok
14:50:24.0111 7048 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:50:24.0113 7048 cdfs - ok
14:50:24.0174 7048 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:50:24.0179 7048 cdrom - ok
14:50:24.0281 7048 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:50:24.0284 7048 CertPropSvc - ok
14:50:24.0298 7048 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:50:24.0301 7048 circlass - ok
14:50:24.0327 7048 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:50:24.0334 7048 CLFS - ok
14:50:24.0404 7048 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:50:24.0408 7048 clr_optimization_v2.0.50727_32 - ok
14:50:24.0454 7048 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:50:24.0469 7048 clr_optimization_v2.0.50727_64 - ok
14:50:24.0671 7048 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:50:24.0673 7048 clr_optimization_v4.0.30319_32 - ok
14:50:24.0728 7048 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:50:24.0732 7048 clr_optimization_v4.0.30319_64 - ok
14:50:24.0786 7048 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:50:24.0788 7048 CmBatt - ok
14:50:24.0822 7048 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:50:24.0823 7048 cmdide - ok
14:50:24.0964 7048 cmudaxp (0367f029425cbd5506e8db2757ff3a8f) C:\Windows\system32\drivers\cmudaxp.sys
14:50:25.0013 7048 cmudaxp - ok
14:50:25.0486 7048 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:50:25.0493 7048 CNG - ok
14:50:25.0516 7048 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:50:25.0517 7048 Compbatt - ok
14:50:25.0569 7048 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:50:25.0572 7048 CompositeBus - ok
14:50:25.0596 7048 COMSysApp - ok
14:50:25.0636 7048 cpuz135 - ok
14:50:25.0652 7048 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:50:25.0654 7048 crcdisk - ok
14:50:25.0719 7048 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:50:25.0726 7048 CryptSvc - ok
14:50:25.0803 7048 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:50:25.0816 7048 DcomLaunch - ok
14:50:25.0862 7048 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:50:25.0868 7048 defragsvc - ok
14:50:25.0913 7048 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:50:25.0916 7048 DfsC - ok
14:50:25.0973 7048 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:50:25.0981 7048 Dhcp - ok
14:50:26.0006 7048 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:50:26.0014 7048 discache - ok
14:50:26.0064 7048 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:50:26.0067 7048 Disk - ok
14:50:26.0093 7048 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:50:26.0097 7048 Dnscache - ok
14:50:26.0138 7048 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:50:26.0142 7048 dot3svc - ok
14:50:26.0192 7048 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:50:26.0198 7048 DPS - ok
14:50:26.0249 7048 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:50:26.0252 7048 drmkaud - ok
14:50:26.0329 7048 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:50:26.0338 7048 DXGKrnl - ok
14:50:26.0366 7048 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:50:26.0368 7048 EapHost - ok
14:50:26.0463 7048 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:50:26.0580 7048 ebdrv - ok
14:50:27.0003 7048 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:50:27.0005 7048 EFS - ok
14:50:27.0162 7048 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:50:27.0175 7048 ehRecvr - ok
14:50:27.0198 7048 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:50:27.0199 7048 ehSched - ok
14:50:27.0295 7048 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:50:27.0307 7048 elxstor - ok
14:50:27.0349 7048 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:50:27.0352 7048 ErrDev - ok
14:50:27.0417 7048 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:50:27.0420 7048 EventSystem - ok
14:50:27.0438 7048 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:50:27.0440 7048 exfat - ok
14:50:27.0460 7048 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:50:27.0463 7048 fastfat - ok
14:50:27.0540 7048 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:50:27.0554 7048 Fax - ok
14:50:27.0573 7048 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:50:27.0574 7048 fdc - ok
14:50:27.0613 7048 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:50:27.0620 7048 fdPHost - ok
14:50:27.0633 7048 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:50:27.0637 7048 FDResPub - ok
14:50:27.0654 7048 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:50:27.0657 7048 FileInfo - ok
14:50:27.0668 7048 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:50:27.0670 7048 Filetrace - ok
14:50:27.0685 7048 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:50:27.0687 7048 flpydisk - ok
14:50:27.0758 7048 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:50:27.0764 7048 FltMgr - ok
14:50:27.0827 7048 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:50:27.0848 7048 FontCache - ok
14:50:27.0948 7048 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:50:27.0952 7048 FontCache3.0.0.0 - ok
14:50:27.0993 7048 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:50:27.0997 7048 FsDepends - ok
14:50:28.0038 7048 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:50:28.0040 7048 Fs_Rec - ok
14:50:28.0132 7048 Futuremark SystemInfo Service (ae6f0a6562d3eccd613de1fd8612ac4e) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
14:50:28.0174 7048 Futuremark SystemInfo Service - ok
14:50:28.0244 7048 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:50:28.0249 7048 fvevol - ok
14:50:28.0307 7048 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:50:28.0310 7048 gagp30kx - ok
14:50:28.0353 7048 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:50:28.0354 7048 GEARAspiWDM - ok
14:50:28.0423 7048 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:50:28.0439 7048 gpsvc - ok
14:50:28.0649 7048 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:50:28.0653 7048 gupdate - ok
14:50:28.0674 7048 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:50:28.0677 7048 gupdatem - ok
14:50:28.0722 7048 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:50:28.0728 7048 gusvc - ok
14:50:28.0755 7048 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:50:28.0758 7048 hcw85cir - ok
14:50:28.0829 7048 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:50:28.0837 7048 HdAudAddService - ok
14:50:28.0889 7048 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:50:28.0893 7048 HDAudBus - ok
14:50:28.0902 7048 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:50:28.0904 7048 HidBatt - ok
14:50:28.0939 7048 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:50:28.0942 7048 HidBth - ok
14:50:28.0952 7048 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:50:28.0955 7048 HidIr - ok
14:50:28.0978 7048 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:50:28.0980 7048 hidserv - ok
14:50:29.0062 7048 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:50:29.0064 7048 HidUsb - ok
14:50:29.0112 7048 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:50:29.0117 7048 hkmsvc - ok
14:50:29.0167 7048 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:50:29.0174 7048 HomeGroupListener - ok
14:50:29.0194 7048 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:50:29.0200 7048 HomeGroupProvider - ok
14:50:29.0244 7048 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:50:29.0248 7048 HpSAMD - ok
14:50:29.0330 7048 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:50:29.0340 7048 HTTP - ok
14:50:29.0383 7048 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:50:29.0383 7048 hwpolicy - ok
14:50:29.0479 7048 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:50:29.0483 7048 i8042prt - ok
14:50:29.0517 7048 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:50:29.0527 7048 iaStorV - ok
14:50:29.0635 7048 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:50:29.0644 7048 idsvc - ok
14:50:29.0694 7048 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:50:29.0695 7048 iirsp - ok
14:50:29.0768 7048 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:50:29.0785 7048 IKEEXT - ok
14:50:29.0829 7048 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:50:29.0830 7048 intelide - ok
14:50:29.0873 7048 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:50:29.0877 7048 intelppm - ok
14:50:29.0903 7048 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:50:29.0908 7048 IPBusEnum - ok
14:50:29.0949 7048 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:50:29.0953 7048 IpFilterDriver - ok
14:50:29.0988 7048 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:50:30.0002 7048 iphlpsvc - ok
14:50:30.0027 7048 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:50:30.0030 7048 IPMIDRV - ok
14:50:30.0050 7048 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:50:30.0054 7048 IPNAT - ok
14:50:30.0169 7048 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
14:50:30.0184 7048 iPod Service - ok
14:50:30.0242 7048 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:50:30.0244 7048 IRENUM - ok
14:50:30.0259 7048 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:50:30.0262 7048 isapnp - ok
14:50:30.0285 7048 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:50:30.0289 7048 iScsiPrt - ok
14:50:30.0309 7048 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:50:30.0309 7048 kbdclass - ok
14:50:30.0350 7048 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:50:30.0352 7048 kbdhid - ok
14:50:30.0374 7048 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:50:30.0375 7048 KeyIso - ok
14:50:30.0414 7048 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:50:30.0415 7048 KSecDD - ok
14:50:30.0495 7048 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:50:30.0499 7048 KSecPkg - ok
14:50:30.0579 7048 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:50:30.0585 7048 ksthunk - ok
14:50:30.0753 7048 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:50:30.0764 7048 KtmRm - ok
14:50:30.0859 7048 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:50:30.0867 7048 LanmanServer - ok
14:50:30.0922 7048 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:50:30.0928 7048 LanmanWorkstation - ok
14:50:30.0984 7048 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
14:50:30.0987 7048 LGBusEnum - ok
14:50:31.0040 7048 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
14:50:31.0043 7048 LGVirHid - ok
14:50:31.0087 7048 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:50:31.0089 7048 lltdio - ok
14:50:31.0132 7048 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:50:31.0140 7048 lltdsvc - ok
14:50:31.0170 7048 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:50:31.0174 7048 lmhosts - ok
14:50:31.0243 7048 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:50:31.0247 7048 LSI_FC - ok
14:50:31.0292 7048 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:50:31.0295 7048 LSI_SAS - ok
14:50:31.0343 7048 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:50:31.0347 7048 LSI_SAS2 - ok
14:50:31.0395 7048 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:50:31.0399 7048 LSI_SCSI - ok
14:50:31.0442 7048 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:50:31.0445 7048 luafv - ok
14:50:31.0488 7048 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:50:31.0493 7048 Mcx2Svc - ok
14:50:31.0507 7048 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:50:31.0508 7048 megasas - ok
14:50:31.0533 7048 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:50:31.0537 7048 MegaSR - ok
14:50:31.0590 7048 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:50:31.0594 7048 MMCSS - ok
14:50:31.0609 7048 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:50:31.0613 7048 Modem - ok
14:50:31.0649 7048 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:50:31.0652 7048 monitor - ok
14:50:31.0709 7048 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:50:31.0710 7048 mouclass - ok
14:50:31.0772 7048 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:50:31.0774 7048 mouhid - ok
14:50:31.0824 7048 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:50:31.0828 7048 mountmgr - ok
14:50:31.0930 7048 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:50:31.0934 7048 MozillaMaintenance - ok
14:50:31.0978 7048 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:50:31.0982 7048 mpio - ok
14:50:32.0000 7048 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:50:32.0003 7048 mpsdrv - ok
14:50:32.0074 7048 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:50:32.0092 7048 MpsSvc - ok
14:50:32.0148 7048 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:50:32.0152 7048 MRxDAV - ok
14:50:32.0169 7048 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:50:32.0172 7048 mrxsmb - ok
14:50:32.0192 7048 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:50:32.0194 7048 mrxsmb10 - ok
14:50:32.0214 7048 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:50:32.0217 7048 mrxsmb20 - ok
14:50:32.0255 7048 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:50:32.0257 7048 msahci - ok
14:50:32.0278 7048 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:50:32.0280 7048 msdsm - ok
14:50:32.0303 7048 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:50:32.0307 7048 MSDTC - ok
14:50:32.0329 7048 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:50:32.0330 7048 Msfs - ok
14:50:32.0338 7048 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:50:32.0338 7048 mshidkmdf - ok
14:50:32.0347 7048 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:50:32.0348 7048 msisadrv - ok
14:50:32.0408 7048 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:50:32.0413 7048 MSiSCSI - ok
14:50:32.0419 7048 msiserver - ok
14:50:32.0585 7048 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:50:32.0593 7048 MSKSSRV - ok
14:50:32.0618 7048 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:50:32.0620 7048 MSPCLOCK - ok
14:50:32.0628 7048 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:50:32.0629 7048 MSPQM - ok
14:50:32.0687 7048 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:50:32.0694 7048 MsRPC - ok
14:50:32.0722 7048 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:50:32.0723 7048 mssmbios - ok
14:50:32.0738 7048 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:50:32.0739 7048 MSTEE - ok
14:50:32.0752 7048 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:50:32.0753 7048 MTConfig - ok
14:50:32.0795 7048 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:50:32.0797 7048 Mup - ok
14:50:32.0815 7048 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:50:32.0822 7048 napagent - ok
14:50:32.0879 7048 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:50:32.0887 7048 NativeWifiP - ok
14:50:32.0980 7048 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:50:32.0999 7048 NDIS - ok
14:50:33.0052 7048 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:50:33.0054 7048 NdisCap - ok
14:50:33.0099 7048 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:50:33.0102 7048 NdisTapi - ok
14:50:33.0168 7048 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:50:33.0172 7048 Ndisuio - ok
14:50:33.0218 7048 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:50:33.0223 7048 NdisWan - ok
14:50:33.0263 7048 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:50:33.0265 7048 NDProxy - ok
14:50:33.0403 7048 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:50:33.0405 7048 NetBIOS - ok
14:50:33.0458 7048 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:50:33.0464 7048 NetBT - ok
14:50:33.0488 7048 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:50:33.0492 7048 Netlogon - ok
14:50:33.0574 7048 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:50:33.0584 7048 Netman - ok
14:50:33.0643 7048 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:50:33.0655 7048 netprofm - ok
14:50:33.0732 7048 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:50:33.0735 7048 NetTcpPortSharing - ok
14:50:33.0793 7048 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:50:33.0797 7048 nfrd960 - ok
14:50:33.0852 7048 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:50:33.0859 7048 NlaSvc - ok
14:50:33.0877 7048 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:50:33.0878 7048 Npfs - ok
14:50:33.0895 7048 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:50:33.0898 7048 nsi - ok
14:50:33.0908 7048 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:50:33.0909 7048 nsiproxy - ok
14:50:33.0968 7048 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:50:33.0999 7048 Ntfs - ok
14:50:34.0439 7048 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:50:34.0442 7048 Null - ok
14:50:34.0525 7048 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
14:50:34.0528 7048 nusb3hub - ok
14:50:34.0595 7048 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:50:34.0598 7048 nusb3xhc - ok
14:50:34.0654 7048 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:50:34.0659 7048 nvraid - ok
14:50:34.0683 7048 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:50:34.0688 7048 nvstor - ok
14:50:34.0707 7048 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:50:34.0710 7048 nv_agp - ok
14:50:34.0733 7048 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:50:34.0737 7048 ohci1394 - ok
14:50:34.0778 7048 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:50:34.0787 7048 p2pimsvc - ok
14:50:34.0837 7048 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:50:34.0843 7048 p2psvc - ok
14:50:34.0868 7048 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:50:34.0869 7048 Parport - ok
14:50:34.0932 7048 Partizan - ok
14:50:34.0987 7048 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:50:34.0989 7048 partmgr - ok
14:50:35.0007 7048 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:50:35.0014 7048 PcaSvc - ok
14:50:35.0062 7048 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:50:35.0067 7048 pci - ok
14:50:35.0084 7048 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:50:35.0085 7048 pciide - ok
14:50:35.0103 7048 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:50:35.0105 7048 pcmcia - ok
14:50:35.0117 7048 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:50:35.0117 7048 pcw - ok
14:50:35.0137 7048 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:50:35.0143 7048 PEAUTH - ok
14:50:35.0204 7048 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:50:35.0208 7048 PerfHost - ok
14:50:35.0342 7048 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:50:35.0372 7048 pla - ok
14:50:35.0423 7048 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:50:35.0429 7048 PlugPlay - ok
14:50:35.0450 7048 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:50:35.0453 7048 PNRPAutoReg - ok
14:50:35.0473 7048 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:50:35.0477 7048 PNRPsvc - ok
14:50:35.0498 7048 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:50:35.0504 7048 PolicyAgent - ok
14:50:35.0527 7048 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:50:35.0532 7048 Power - ok
14:50:35.0620 7048 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:50:35.0624 7048 PptpMiniport - ok
14:50:35.0652 7048 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:50:35.0655 7048 Processor - ok
14:50:35.0724 7048 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:50:35.0732 7048 ProfSvc - ok
14:50:35.0752 7048 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:50:35.0755 7048 ProtectedStorage - ok
14:50:35.0820 7048 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:50:35.0825 7048 Psched - ok
14:50:35.0892 7048 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:50:35.0923 7048 ql2300 - ok
14:50:36.0357 7048 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:50:36.0360 7048 ql40xx - ok
14:50:36.0394 7048 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:50:36.0402 7048 QWAVE - ok
14:50:36.0419 7048 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:50:36.0423 7048 QWAVEdrv - ok
14:50:36.0438 7048 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:50:36.0440 7048 RasAcd - ok
14:50:36.0502 7048 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:50:36.0504 7048 RasAgileVpn - ok
14:50:36.0719 7048 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:50:36.0725 7048 RasAuto - ok
14:50:36.0788 7048 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:50:36.0792 7048 Rasl2tp - ok
14:50:36.0818 7048 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:50:36.0828 7048 RasMan - ok
14:50:36.0882 7048 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:50:36.0884 7048 RasPppoe - ok
14:50:36.0930 7048 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:50:36.0933 7048 RasSstp - ok
14:50:36.0985 7048 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:50:36.0992 7048 rdbss - ok
14:50:37.0040 7048 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:50:37.0043 7048 rdpbus - ok
14:50:37.0065 7048 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:50:37.0067 7048 RDPCDD - ok
14:50:37.0104 7048 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:50:37.0104 7048 RDPENCDD - ok
14:50:37.0127 7048 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:50:37.0128 7048 RDPREFMP - ok
14:50:37.0170 7048 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:50:37.0173 7048 RDPWD - ok
14:50:37.0237 7048 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:50:37.0242 7048 rdyboost - ok
14:50:37.0265 7048 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:50:37.0268 7048 RemoteAccess - ok
14:50:37.0290 7048 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:50:37.0294 7048 RemoteRegistry - ok
14:50:37.0340 7048 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:50:37.0342 7048 RpcEptMapper - ok
14:50:37.0349 7048 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:50:37.0350 7048 RpcLocator - ok
14:50:37.0400 7048 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:50:37.0404 7048 RpcSs - ok
14:50:37.0460 7048 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:50:37.0464 7048 rspndr - ok
14:50:37.0527 7048 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:50:37.0532 7048 RTL8167 - ok
14:50:37.0559 7048 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:50:37.0562 7048 SamSs - ok
14:50:37.0635 7048 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:50:37.0644 7048 SASDIFSV - ok
14:50:37.0700 7048 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:50:37.0722 7048 SASKUTIL - ok
14:50:37.0759 7048 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:50:37.0762 7048 sbp2port - ok
14:50:37.0790 7048 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:50:37.0794 7048 SCardSvr - ok
14:50:37.0828 7048 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:50:37.0829 7048 scfilter - ok
14:50:37.0894 7048 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:50:37.0917 7048 Schedule - ok
14:50:37.0958 7048 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:50:37.0959 7048 SCPolicySvc - ok
14:50:37.0972 7048 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:50:37.0975 7048 SDRSVC - ok
14:50:38.0047 7048 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:50:38.0049 7048 secdrv - ok
14:50:38.0064 7048 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:50:38.0067 7048 seclogon - ok
14:50:38.0087 7048 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:50:38.0089 7048 SENS - ok
14:50:38.0132 7048 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:50:38.0137 7048 SensrSvc - ok
14:50:38.0185 7048 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:50:38.0188 7048 Serenum - ok
14:50:38.0239 7048 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:50:38.0240 7048 Serial - ok
14:50:38.0272 7048 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:50:38.0273 7048 sermouse - ok
14:50:38.0322 7048 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:50:38.0325 7048 SessionEnv - ok
14:50:38.0337 7048 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:50:38.0338 7048 sffdisk - ok
14:50:38.0352 7048 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:50:38.0353 7048 sffp_mmc - ok
14:50:38.0357 7048 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:50:38.0357 7048 sffp_sd - ok
14:50:38.0368 7048 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:50:38.0369 7048 sfloppy - ok
14:50:38.0390 7048 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:50:38.0395 7048 SharedAccess - ok
14:50:38.0440 7048 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:50:38.0447 7048 ShellHWDetection - ok
14:50:38.0666 7048 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:50:38.0668 7048 SiSRaid2 - ok
14:50:38.0718 7048 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:50:38.0727 7048 SiSRaid4 - ok
14:50:38.0857 7048 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:50:38.0858 7048 SkypeUpdate - ok
14:50:38.0902 7048 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:50:38.0906 7048 Smb - ok
14:50:38.0967 7048 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:50:38.0968 7048 SNMPTRAP - ok
14:50:38.0979 7048 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:50:38.0979 7048 spldr - ok
14:50:39.0028 7048 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:50:39.0032 7048 Spooler - ok
14:50:39.0142 7048 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:50:39.0158 7048 sppsvc - ok
14:50:39.0589 7048 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:50:39.0592 7048 sppuinotify - ok
14:50:39.0646 7048 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:50:39.0656 7048 srv - ok
14:50:39.0694 7048 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:50:39.0698 7048 srv2 - ok
14:50:39.0714 7048 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:50:39.0717 7048 srvnet - ok
14:50:39.0768 7048 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:50:39.0776 7048 SSDPSRV - ok
14:50:39.0806 7048 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:50:39.0811 7048 SstpSvc - ok
14:50:39.0838 7048 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:50:39.0841 7048 stexstor - ok
14:50:39.0911 7048 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:50:39.0919 7048 stisvc - ok
14:50:39.0941 7048 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:50:39.0941 7048 swenum - ok
14:50:39.0976 7048 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:50:39.0981 7048 swprv - ok
14:50:40.0052 7048 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:50:40.0076 7048 SysMain - ok
14:50:40.0704 7048 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:50:40.0711 7048 TabletInputService - ok
14:50:40.0733 7048 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:50:40.0739 7048 TapiSrv - ok
14:50:40.0881 7048 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:50:40.0887 7048 TBS - ok
14:50:41.0032 7048 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:50:41.0067 7048 Tcpip - ok
14:50:41.0572 7048 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:50:41.0582 7048 TCPIP6 - ok
14:50:41.0994 7048 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:50:41.0997 7048 tcpipreg - ok
14:50:42.0059 7048 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:50:42.0062 7048 TDPIPE - ok
14:50:42.0087 7048 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:50:42.0089 7048 TDTCP - ok
14:50:42.0129 7048 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:50:42.0133 7048 tdx - ok
14:50:42.0178 7048 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:50:42.0181 7048 TermDD - ok
14:50:42.0226 7048 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:50:42.0238 7048 TermService - ok
14:50:42.0259 7048 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:50:42.0262 7048 Themes - ok
14:50:42.0292 7048 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:50:42.0294 7048 THREADORDER - ok
14:50:42.0313 7048 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
14:50:42.0314 7048 tmactmon - ok
14:50:42.0336 7048 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
14:50:42.0337 7048 tmcomm - ok
14:50:42.0347 7048 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
14:50:42.0348 7048 tmevtmgr - ok
14:50:42.0362 7048 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
14:50:42.0363 7048 tmtdi - ok
14:50:42.0387 7048 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:50:42.0389 7048 TrkWks - ok
14:50:42.0443 7048 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:50:42.0446 7048 TrustedInstaller - ok
14:50:42.0508 7048 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:50:42.0512 7048 tssecsrv - ok
14:50:42.0617 7048 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:50:42.0622 7048 TsUsbFlt - ok
14:50:42.0679 7048 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:50:42.0683 7048 tunnel - ok
14:50:42.0711 7048 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:50:42.0714 7048 uagp35 - ok
14:50:42.0742 7048 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:50:42.0747 7048 udfs - ok
14:50:42.0773 7048 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:50:42.0776 7048 UI0Detect - ok
14:50:42.0811 7048 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:50:42.0813 7048 uliagpkx - ok
14:50:42.0859 7048 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:50:42.0862 7048 umbus - ok
14:50:42.0881 7048 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:50:42.0883 7048 UmPass - ok
14:50:42.0924 7048 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:50:42.0934 7048 upnphost - ok
14:50:42.0984 7048 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
14:50:42.0987 7048 USBAAPL64 - ok
14:50:43.0047 7048 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:50:43.0053 7048 usbaudio - ok
14:50:43.0069 7048 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:50:43.0073 7048 usbccgp - ok
14:50:43.0138 7048 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:50:43.0142 7048 usbcir - ok
14:50:43.0166 7048 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:50:43.0168 7048 usbehci - ok
14:50:43.0223 7048 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:50:43.0231 7048 usbhub - ok
14:50:43.0251 7048 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:50:43.0253 7048 usbohci - ok
14:50:43.0276 7048 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:50:43.0279 7048 usbprint - ok
14:50:43.0302 7048 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:50:43.0306 7048 USBSTOR - ok
14:50:43.0333 7048 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:50:43.0336 7048 usbuhci - ok
14:50:43.0371 7048 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:50:43.0376 7048 UxSms - ok
14:50:43.0403 7048 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:50:43.0407 7048 VaultSvc - ok
14:50:43.0453 7048 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:50:43.0457 7048 vdrvroot - ok
14:50:43.0513 7048 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:50:43.0527 7048 vds - ok
14:50:43.0574 7048 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:50:43.0577 7048 vga - ok
14:50:43.0603 7048 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:50:43.0606 7048 VgaSave - ok
14:50:43.0628 7048 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:50:43.0633 7048 vhdmp - ok
14:50:43.0649 7048 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:50:43.0652 7048 viaide - ok
14:50:43.0667 7048 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:50:43.0671 7048 volmgr - ok
14:50:43.0722 7048 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:50:43.0729 7048 volmgrx - ok
14:50:43.0752 7048 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:50:43.0756 7048 volsnap - ok
14:50:43.0801 7048 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:50:43.0803 7048 vsmraid - ok
14:50:43.0886 7048 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:50:43.0898 7048 VSS - ok
14:50:44.0331 7048 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:50:44.0333 7048 vwifibus - ok
14:50:44.0373 7048 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:50:44.0384 7048 W32Time - ok
14:50:44.0409 7048 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:50:44.0411 7048 WacomPen - ok
14:50:44.0721 7048 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:50:44.0724 7048 WANARP - ok
14:50:44.0743 7048 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:50:44.0746 7048 Wanarpv6 - ok
14:50:44.0847 7048 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:50:44.0876 7048 WatAdminSvc - ok
14:50:44.0954 7048 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:50:44.0986 7048 wbengine - ok
14:50:45.0419 7048 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:50:45.0427 7048 WbioSrvc - ok
14:50:45.0477 7048 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:50:45.0483 7048 wcncsvc - ok
14:50:45.0504 7048 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:50:45.0507 7048 WcsPlugInService - ok
14:50:45.0548 7048 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:50:45.0551 7048 Wd - ok
14:50:45.0576 7048 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:50:45.0583 7048 Wdf01000 - ok
14:50:45.0598 7048 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:50:45.0602 7048 WdiServiceHost - ok
14:50:45.0606 7048 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:50:45.0607 7048 WdiSystemHost - ok
14:50:45.0649 7048 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:50:45.0654 7048 WebClient - ok
14:50:45.0682 7048 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:50:45.0687 7048 Wecsvc - ok
14:50:45.0869 7048 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:50:45.0876 7048 wercplsupport - ok
14:50:45.0946 7048 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:50:45.0951 7048 WerSvc - ok
14:50:46.0033 7048 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:50:46.0034 7048 WfpLwf - ok
14:50:46.0052 7048 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:50:46.0054 7048 WIMMount - ok
14:50:46.0079 7048 WinDefend - ok
14:50:46.0094 7048 WinHttpAutoProxySvc - ok
14:50:46.0178 7048 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:50:46.0184 7048 Winmgmt - ok
14:50:46.0284 7048 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:50:46.0319 7048 WinRM - ok
14:50:46.0811 7048 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:50:46.0813 7048 WinUsb - ok
14:50:46.0863 7048 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:50:46.0874 7048 Wlansvc - ok
14:50:46.0897 7048 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:50:46.0898 7048 WmiAcpi - ok
14:50:46.0946 7048 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:50:46.0952 7048 wmiApSrv - ok
14:50:46.0979 7048 WMPNetworkSvc - ok
14:50:47.0003 7048 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:50:47.0006 7048 WPCSvc - ok
14:50:47.0039 7048 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:50:47.0043 7048 WPDBusEnum - ok
14:50:47.0063 7048 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:50:47.0064 7048 ws2ifsl - ok
14:50:47.0091 7048 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:50:47.0094 7048 wscsvc - ok
14:50:47.0098 7048 WSearch - ok
14:50:47.0202 7048 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:50:47.0242 7048 wuauserv - ok
14:50:47.0788 7048 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:50:47.0790 7048 WudfPf - ok
14:50:47.0833 7048 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:50:47.0835 7048 WUDFRd - ok
14:50:47.0859 7048 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:50:47.0862 7048 wudfsvc - ok
14:50:47.0893 7048 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:50:47.0897 7048 WwanSvc - ok
14:50:47.0949 7048 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:50:48.0023 7048 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:50:48.0023 7048 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:50:48.0032 7048 Boot (0x1200) (f3c417920ca0c5437c8d2c330b28d6da) \Device\Harddisk0\DR0\Partition0
14:50:48.0035 7048 \Device\Harddisk0\DR0\Partition0 - ok
14:50:48.0054 7048 Boot (0x1200) (314ac714a491ccb033585be261800884) \Device\Harddisk0\DR0\Partition1
14:50:48.0058 7048 \Device\Harddisk0\DR0\Partition1 - ok
14:50:48.0058 7048 ============================================================
14:50:48.0058 7048 Scan finished
14:50:48.0058 7048 ============================================================
14:50:48.0073 5272 Detected object count: 1
14:50:48.0073 5272 Actual detected object count: 1
14:52:02.0851 5272 \Device\Harddisk0\DR0\# - copied to quarantine
14:52:02.0857 5272 \Device\Harddisk0\DR0 - copied to quarantine
14:52:02.0923 5272 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:52:02.0946 5272 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:52:02.0958 5272 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:52:07.0376 5272 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:52:08.0384 5272 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:52:08.0643 5272 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:52:12.0486 5272 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:52:12.0503 5272 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:52:12.0556 5272 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:52:12.0588 5272 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:52:16.0136 5272 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:52:19.0892 5272 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:52:19.0930 5272 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:52:19.0947 5272 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:52:20.0072 5272 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:52:20.0076 5272 \Device\Harddisk0\DR0 - ok
14:52:20.0101 5272 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure


After running that my trend micro popped up and told me this

Date/Time,Affected Files,Threat,Source,Response
7/26/2012 2:52 PM,C:\TDSSKiller_Quarantine\26.07.2012_14.50.09\mbr0000\tdlfs0000\tsk0002.dta,TROJ_OLMARIK.OZ,Threat,Removed
7/26/2012 2:52 PM,C:\TDSSKiller_Quarantine\26.07.2012_14.50.09\mbr0000\tdlfs0000\tsk0004.dta,TROJ_OLMARIK.ERO,Threat,Removed
7/26/2012 2:52 PM,C:\TDSSKiller_Quarantine\26.07.2012_14.50.09\mbr0000\tdlfs0000\tsk0007.dta,RTKT_TDSS.BSS,Threat,Removed
7/26/2012 2:52 PM,C:\TDSSKiller_Quarantine\26.07.2012_14.50.09\mbr0000\tdlfs0000\tsk0007.dta,TROJ_ALUREON.DRY,Threat,Removed

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-26 14:54:20
-----------------------------
14:54:20.636 OS Version: Windows x64 6.1.7601 Service Pack 1
14:54:20.636 Number of processors: 4 586 0x403
14:54:20.636 ComputerName: JOEY-PC UserName: Joey
14:54:22.949 Initialize success
14:54:57.806 AVAST engine defs: 12072601
14:55:06.128 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:55:06.131 Disk 0 Vendor: ST500DM002-1BD142 KC43 Size: 476940MB BusType: 3
14:55:06.133 Device \Driver\atapi -> MajorFunction fffffa800e1d85e8
14:55:06.136 Disk 0 MBR read successfully
14:55:06.138 Disk 0 MBR scan
14:55:06.146 Disk 0 Windows 7 default MBR code
14:55:06.148 Disk 0 MBR hidden
14:55:06.174 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:55:06.189 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
14:55:06.216 Disk 0 scanning C:\Windows\system32\drivers
14:55:24.520 Service scanning
14:55:51.585 Modules scanning
14:55:51.602 Disk 0 trace - called modules:
14:55:51.947 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800ee34570]<<38512233.sys >>UNKNOWN [0xfffffa800e1d85e8]<<
14:55:51.957 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800dbe8060]
14:55:51.969 3 CLASSPNP.SYS[fffff880019a843f] -> nt!IofCallDriver -> [0xfffffa800d89f520]
14:55:51.980 5 ACPI.sys[fffff88000ee17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800d89d680]
14:55:51.987 \Driver\atapi[0xfffffa800ca1b5f0] -> IRP_MJ_CREATE -> 0xfffffa800e1d85e8
14:55:53.717 AVAST engine scan C:\Windows
14:55:56.106 AVAST engine scan C:\Windows\system32
15:00:09.458 AVAST engine scan C:\Windows\system32\drivers
15:00:42.243 AVAST engine scan C:\Users\Joey
15:06:55.697 Disk 0 MBR has been saved successfully to "C:\Users\Joey\Desktop\MBR.dat"
15:06:55.720 The log file has been saved successfully to "C:\Users\Joey\Desktop\aswMBR.txt"


C:\ProgramData\Microsoft\Windows\DRM\DA77.tmp.dat a variant of Win32/Kryptik.AIYZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_14.50.09\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_14.50.09\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_14.50.09\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_14.50.09\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\Users\Joey\AppData\Local\CRE\Conduit\rihdqjs.dll a variant of Win32/Kryptik.AIZP trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Joey\AppData\Local\CRE\Conduit\RIHDQJS.DLL.del a variant of Win32/Kryptik.AIZP trojan cleaned by deleting - quarantined
C:\Users\Joey\AppData\Local\Temp\NOD2BDD.tmp a variant of Win32/Kryptik.AIZP trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Joey\Downloads\freeripmp3-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 PM

Posted 26 July 2012 - 03:56 PM

download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

Edited by narenxp, 26 July 2012 - 03:57 PM.


#5 thekaptn

thekaptn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 26 July 2012 - 04:32 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Joey (administrator) on 26-07-2012 at 17:17:46
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Joey-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 6C-62-6D-53-02-9C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f053:f0f8:1197:7baf%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, July 26, 2012 5:07:36 PM
Lease Expires . . . . . . . . . . : Friday, July 27, 2012 5:07:36 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 241984109
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-95-6B-8E-6C-62-6D-53-02-9C
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{BB89D0EB-D27F-4C04-A4BA-1D02548CA3F9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:281b:174d:3f57:fefb(Preferred)
Link-local IPv6 Address . . . . . : fe80::281b:174d:3f57:fefb%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4006:802::1001
74.125.226.238
74.125.226.229
74.125.226.230
74.125.226.231
74.125.226.226
74.125.226.224
74.125.226.225
74.125.226.232
74.125.226.227
74.125.226.228
74.125.226.233


Pinging google.com [74.125.226.224] with 32 bytes of data:
Reply from 74.125.226.224: bytes=32 time=19ms TTL=55
Reply from 74.125.226.224: bytes=32 time=20ms TTL=55

Ping statistics for 74.125.226.224:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 20ms, Average = 19ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=55ms TTL=50
Reply from 98.139.183.24: bytes=32 time=53ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 53ms, Maximum = 55ms, Average = 54ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...6c 62 6d 53 02 9c ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 276
192.168.1.4 255.255.255.255 On-link 192.168.1.4 276
192.168.1.255 255.255.255.255 On-link 192.168.1.4 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:281b:174d:3f57:fefb/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::281b:174d:3f57:fefb/128
On-link
10 276 fe80::f053:f0f8:1197:7baf/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/26/2012 04:55:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xecdcbe6f
Faulting process id: 0xf0c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/26/2012 03:07:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/26/2012 03:07:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/23/2012 06:00:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5008

Error: (07/23/2012 06:00:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5008

Error: (07/23/2012 06:00:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2012 06:00:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3760

Error: (07/23/2012 06:00:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3760

Error: (07/23/2012 06:00:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2012 06:00:14 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2512


System errors:
=============
Error: (07/26/2012 05:07:32 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.01 service failed to start due to the following error:
%%3

Error: (07/26/2012 00:48:32 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.01 service failed to start due to the following error:
%%3

Error: (07/26/2012 02:53:34 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.01 service failed to start due to the following error:
%%3

Error: (07/26/2012 02:50:18 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (07/26/2012 02:50:18 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (07/26/2012 02:50:17 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Error: (07/26/2012 02:48:54 AM) (Source: DCOM) (User: )
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (07/26/2012 02:48:13 AM) (Source: Service Control Manager) (User: )
Description: The Skype Updater service failed to start due to the following error:
%%1053

Error: (07/26/2012 02:48:13 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.

Error: (07/26/2012 02:47:58 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (07/26/2012 04:55:54 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c0000005ecdcbe6ff0c01cd6b4e9f36a443\\.\globalroot\systemroot\svchost.exeunknown4a05704c-d764-11e1-9336-6c626d53029c

Error: (07/26/2012 03:07:31 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Joey\Downloads\esetsmartinstaller_enu.exe

Error: (07/26/2012 03:07:27 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Joey\Downloads\esetsmartinstaller_enu.exe

Error: (07/23/2012 06:00:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5008

Error: (07/23/2012 06:00:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5008

Error: (07/23/2012 06:00:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2012 06:00:15 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3760

Error: (07/23/2012 06:00:15 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3760

Error: (07/23/2012 06:00:15 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2012 06:00:14 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2512


=========================== Installed Programs ============================

3DMark 11 (Version: 1.0.3)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ASUS Xonar DS Audio Driver
Auslogics Disk Defrag (Version: version 3.4)
AVIcodec (remove only)
BitTorrent (Version: 7.6.1)
BitTorrentBar Toolbar (Version: 6.8.9.0)
Bonjour (Version: 3.0.0.10)
Diablo III (Version: 1.0.3.10485)
DivX Setup (Version: 2.6.1.3)
ESET Online Scanner v3
Freecorder 5 (Version: 5.11)
Freecorder Toolbar (Version: 6.8.10.401)
FreeRIP v3.63 (Version: 3.63)
Futuremark SystemInfo (Version: 4.9.0)
Google Chrome (Version: 20.0.1132.57)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.115)
Guild Wars 2
H.264 Encoder
HiJackThis (Version: 1.0.0)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
League of Legends (Version: 1.3)
Logitech Gaming Software 8.20 (Version: 8.20.74)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Media Player Classic - Home Cinema v1.5.2.3456 x64 (Version: 1.5.2.3456)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
Mumble 1.2.3 (Version: 1.2.3)
OpenAL
Pando Media Booster (Version: 2.6.0.2)
PS3 Media Server (Version: 1.50.0)
QuickTime (Version: 7.71.80.42)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.8 (Version: 5.8.158)
StarCraft II (Version: 1.4.4.22418)
Stereoscopic Player (Version: 1.8.0)
SUPERAntiSpyware (Version: 5.5.1006)
Trend Micro Titanium (Version: 5.00)
Trend Micro Titanium 2012 (Version: 5.2)
UnHackMe 5.99 release
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VLC media player 1.1.11 (Version: 1.1.11)
Winamp (Version: 5.623 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
World of Warcraft (Version: 5.0.1.15589)
World of Warcraft Beta (Version: 5.0.1.15799)

========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 16383.18 MB
Available physical RAM: 13615.63 MB
Total Pagefile: 32764.55 MB
Available Pagefile: 29870.72 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.45 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:59.49 GB) NTFS

========================= Users: ========================================

User accounts for \\JOEY-PC

Administrator Guest Joey


**** End of log ****

Farbar Service Scanner Version: 26-07-2012
Ran by Joey (administrator) on 26-07-2012 at 17:20:07
Running from "C:\Users\Joey\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

# AdwCleaner v1.703 - Logfile created 07/26/2012 at 17:21:04
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Joey - JOEY-PC
# Running from : C:\Users\Joey\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Joey\AppData\Local\Conduit
Folder Deleted : C:\Users\Joey\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Joey\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\f2k3avwk.default\ConduitCommon
Folder Deleted : C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\f2k3avwk.default\Smartbar
Folder Deleted : C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\f2k3avwk.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Deleted : C:\Program Files (x86)\Conduit
File Deleted : C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\f2k3avwk.default\searchplugins\Conduit.xml

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default
File : C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\f2k3avwk.default\prefs.js

Deleted : user_pref("CT1060933.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT1060933.1000082.state", "{\"state\":\"stopped\",\"text\":\"KFOG\",\"description\":\"KFO[...]
Deleted : user_pref("CT1060933.129677514212584059.APP_WIN_FEATURES", "resizable=no,scrollbars=no,titlebar=no,o[...]
Deleted : user_pref("CT1060933.129681785283868963.APP_WIN_FEATURES", "openposition=offset:50;50,savelocation=0[...]
Deleted : user_pref("CT1060933.129686665230467549.APP_WIN_FEATURES", "resizable=no,hscroll=no,vscroll=no,savel[...]
Deleted : user_pref("CT1060933.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1060933.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT1060933.FirstTime", "true");
Deleted : user_pref("CT1060933.FirstTimeFF3", "true");
Deleted : user_pref("CT1060933.NotificationsToShow_15651", "[{\"id\":\"15317\",\"channelId\":\"15651\",\"title[...]
Deleted : user_pref("CT1060933.PrintItGreenStatus", "true");
Deleted : user_pref("CT1060933.UserID", "UN43480187415016547");
Deleted : user_pref("CT1060933.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT1060933.autoDisableScopes", 10);
Deleted : user_pref("CT1060933.autocompletepro_enable_auto", "1");
Deleted : user_pref("CT1060933.cb_experience_000", "5");
Deleted : user_pref("CT1060933.cb_firstuse0100", "1");
Deleted : user_pref("CT1060933.cb_user_id_000", "CB526651126593_Firefox");
Deleted : user_pref("CT1060933.cbcountry_000", "US");
Deleted : user_pref("CT1060933.cbcountry_001", "US");
Deleted : user_pref("CT1060933.cbfirsttime", "Wed May 30 2012 22:17:53 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT1060933.defaultSearch", "false");
Deleted : user_pref("CT1060933.embeddedsData", "[{\"appId\":\"128280995260143876\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT1060933.enableAlerts", "false");
Deleted : user_pref("CT1060933.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT1060933.firstTimeDialogOpened", "true");
Deleted : user_pref("CT1060933.fixPageNotFoundError", "true");
Deleted : user_pref("CT1060933.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT1060933.fixUrls", true);
Deleted : user_pref("CT1060933.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT1060933.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT1060933.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1060933.isNewTabEnabled", true);
Deleted : user_pref("CT1060933.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT1060933.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT1060933.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.dailymotion.[...]
Deleted : user_pref("CT1060933.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT1060933.openThankYouPage", "false");
Deleted : user_pref("CT1060933.openUninstallPage", "true");
Deleted : user_pref("CT1060933.search.searchAppId", "128280995260143876");
Deleted : user_pref("CT1060933.search.searchCount", "0");
Deleted : user_pref("CT1060933.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT1060933.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1060933.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT1060933.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT1060933.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT1060933.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1341592112509");
Deleted : user_pref("CT1060933.serviceLayer_services_appTracking_lastUpdate", "1341591993078");
Deleted : user_pref("CT1060933.serviceLayer_services_appsMetadata_lastUpdate", "1342454528850");
Deleted : user_pref("CT1060933.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1341592112440");
Deleted : user_pref("CT1060933.serviceLayer_services_login_10.10.10.4_lastUpdate", "1341591992711");
Deleted : user_pref("CT1060933.serviceLayer_services_login_10.10.12.5_lastUpdate", "1342454529133");
Deleted : user_pref("CT1060933.serviceLayer_services_login_10.10.2.10_lastUpdate", "1340178661453");
Deleted : user_pref("CT1060933.serviceLayer_services_optimizer_lastUpdate", "1342337994689");
Deleted : user_pref("CT1060933.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1341592112552");
Deleted : user_pref("CT1060933.serviceLayer_services_searchAPI_lastUpdate", "1342454529214");
Deleted : user_pref("CT1060933.serviceLayer_services_serviceMap_lastUpdate", "1342454528423");
Deleted : user_pref("CT1060933.serviceLayer_services_toolbarContextMenu_lastUpdate", "1341592112516");
Deleted : user_pref("CT1060933.serviceLayer_services_toolbarSettings_lastUpdate", "1342454528987");
Deleted : user_pref("CT1060933.serviceLayer_services_translation_lastUpdate", "1342454528544");
Deleted : user_pref("CT1060933.settingsINI", true);
Deleted : user_pref("CT1060933.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT1060933.smartbar.CTID", "CT1060933");
Deleted : user_pref("CT1060933.smartbar.Uninstall", "0");
Deleted : user_pref("CT1060933.smartbar.toolbarName", "Freecorder ");
Deleted : user_pref("CT1060933.startPage", "false");
Deleted : user_pref("CT1060933.toolbarBornServerTime", "31-5-2012");
Deleted : user_pref("CT1060933.toolbarCurrentServerTime", "16-7-2012");
Deleted : user_pref("CT1060933.url_history0001", "hxxp://camswanted.com/cgi-bin/crtr/out.cgi?id=51&l=play:::cl[...]
Deleted : user_pref("CT2790392..clientLogIsEnabled", false);
Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2790392.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2790392.BrowserCompStateIsOpen_129633547190125290", true);
Deleted : user_pref("CT2790392.CTID", "CT2790392");
Deleted : user_pref("CT2790392.CurrentServerDate", "16-7-2012");
Deleted : user_pref("CT2790392.DSInstall", true);
Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2790392.DialogsGetterLastCheckTime", "Sun Jul 15 2012 03:39:51 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");
Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Mon Jul 16 2012 12:05:02 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 496);
Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Mon Jul 16 2012 12:00:02 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Mon Jul 16 2012 12:00:02 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Mon Jul 16 2012 12:00:02 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Mon Jul 16 2012 12:00:02 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Mon Jul 16 2012 12:00:02 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Mon Jul 16 2012 12:00:02 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Mon Jul 16 2012 12:00:02 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Mon Jul 16 2012 12:00:03 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Mon Jul 16 2012 12:00:03 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Mon Jul 16 2012 12:00:03 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Mon Jul 16 2012 12:00:03 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);
Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);
Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);
Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);
Deleted : user_pref("CT2790392.FirstServerDate", "31-5-2012");
Deleted : user_pref("CT2790392.FirstTime", true);
Deleted : user_pref("CT2790392.FirstTimeFF3", true);
Deleted : user_pref("CT2790392.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2790392.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2790392.HPInstall", false);
Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);
Deleted : user_pref("CT2790392.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2790392.HomepageBeforeUnload", "hxxp://www.google.com/");
Deleted : user_pref("CT2790392.Initialize", true);
Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);
Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2790392.InstallationType", "Unknown");
Deleted : user_pref("CT2790392.InstalledDate", "Wed May 30 2012 22:17:45 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2790392.IsAlertDBUpdated", true);
Deleted : user_pref("CT2790392.IsGrouping", false);
Deleted : user_pref("CT2790392.IsInitSetupIni", true);
Deleted : user_pref("CT2790392.IsMulticommunity", false);
Deleted : user_pref("CT2790392.IsOpenThankYouPage", true);
Deleted : user_pref("CT2790392.IsOpenUninstallPage", true);
Deleted : user_pref("CT2790392.IsProtectorsInit", true);
Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Mon Jul 16 2012 12:00:03 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2790392.LastLogin_3.13.0.6", "Mon Jul 16 2012 12:00:02 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2790392.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT2790392.Locale", "en");
Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2790392.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2790392.OriginalFirstVersion", "3.13.0.6");
Deleted : user_pref("CT2790392.SearchCaption", "BitTorrentBar Customized Web Search");
Deleted : user_pref("CT2790392.SearchEngineBeforeUnload", "BitTorrentBar Customized Web Search");
Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT279[...]
Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Mon Jul 16 2012 12:00:01 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2790392.SearchProtectorEnabled", true);
Deleted : user_pref("CT2790392.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2790392.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Mon Jul 16 2012 12:00:02 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Mon Jul 16 2012 12:00:01 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2790392.SettingsLastUpdate", "1340177243");
Deleted : user_pref("CT2790392.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13");
Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Sun Jul 15 2012 03:39:46 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2790392.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");
Deleted : user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2790392.UserID", "UN93213828224431930");
Deleted : user_pref("CT2790392.WeatherNetwork", "");
Deleted : user_pref("CT2790392.WeatherPollDate", "Mon Jul 16 2012 12:00:03 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2790392.WeatherUnit", "C");
Deleted : user_pref("CT2790392.alertChannelId", "1182482");
Deleted : user_pref("CT2790392.autoDisableScopes", -1);
Deleted : user_pref("CT2790392.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT2790392.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT2790392.backendstorage.cbfirsttime", "576564204D617920333020323031322032323A31373A35322[...]
Deleted : user_pref("CT2790392.backendstorage.url_history0001", "687474703A2F2F7777772E6461696C796D6F74696F6E2[...]
Deleted : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Fri Jul 06 2012 12:24:28 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2790392.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2790392.initDone", true);
Deleted : user_pref("CT2790392.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2790392.myStuffEnabled", true);
Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2790392.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2790392.oldAppsList", "129298377186075601,129298377186388102,1000234,129791371079091292[...]
Deleted : user_pref("CT2790392.revertSettingsEnabled", false);
Deleted : user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2790392.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2790392.testingCtid", "");
Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Mon Jul 16 2012 12:00:03 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Fri Jul 06 2012 12:24:28 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2790392.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "BitTorrentBar Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21b[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Joey\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2790392");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2790392");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2790392");
Deleted : user_pref("CommunityToolbar.globalUserId", "ce7637aa-693f-4691-8e1e-ab0dc4471c67");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2790392");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jul 15 2012 03:39:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jul 16 2012 12:00:15 GMT-040[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jul 16 2012 12:00:07 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "bcf6790f-d94e-4a52-b34f-16cabf64d829");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("browser.search.defaultthis.engineName", "BitTorrentBar Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&Sea[...]
Deleted : user_pref("browser.search.selectedEngine", "BitTorrentBar Customized Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=[...]

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",
Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT279039[...]

*************************

AdwCleaner[S1].txt - [23231 octets] - [26/07/2012 17:21:04]

########## EOF - C:\AdwCleaner[S1].txt - [23360 octets] ##########

I should also note that the original program (Regrun reanimator)that I tried using is starting up when I reboot and seems to be giving some error. I cannot uninstall this program as it is not in my listed programs. There is a folder in my documents called Regrun2 though.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 PM

Posted 26 July 2012 - 05:01 PM

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#7 thekaptn

thekaptn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 26 July 2012 - 06:05 PM

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Cmaudio8788" "CmiCnfg DLL" "C-Media Corporation" "c:\windows\syswow64\cmicnfgp.dll"
+ "Cmaudio8788GX" "HsMgr Application" "" "c:\windows\syswow64\hsmgr.exe"
+ "Cmaudio8788GX64" "HsMgr Application" "" "c:\windows\system\hsmgr64.exe"
+ "Launch LCore" "Logitech Gaming Framework" "Logitech Inc." "c:\program files\logitech gaming software\lcore.exe"
+ "Trend Micro Client Framework" "Trend Micro Client Session Agent Monitor" "Trend Micro Inc." "c:\program files\trend micro\uniclient\uifrmwrk\uiwatchdog.exe"
+ "Trend Micro Titanium" "Trend Micro Client Main Console" "Trend Micro Inc." "c:\program files\trend micro\titanium\uiframework\uiwinmgr.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "DivXUpdate" "DivX Update" "" "c:\program files (x86)\divx\divx update\divxupdate.exe"
+ "Freecorder FLV Service" "FLV Service for Freecorder" "Applian Technologies, Inc." "c:\program files (x86)\freecorder\flvsrvc.exe"
+ "NUSB3MON" "USB 3.0 Monitor" "Renesas Electronics Corporation" "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx\@UnHackMe" "" "" ""
+ "1" "Detects and removes rootkits" "Greatis Software" "c:\program files (x86)\unhackme\unhackme.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Conduit" "" "" "File not found: C:\Users\Joey\AppData\Local\CRE\Conduit\rihdqjs.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "tmbp" "Trend Micro Browser Plug-In (IE)" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\tmbpie64.dll"
+ "tmpx" "Trend Micro NSC IE Plug-In" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\tmieplg.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "TmdshellExt Class" "Trend Micro Client Shell Extension" "Trend Micro Inc." "c:\program files\trend micro\uniclient\uifrmwrk\tmdshell.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "TmdshellExt Class" "Trend Micro Client Shell Extension" "Trend Micro Inc." "c:\program files\trend micro\uniclient\uifrmwrk\tmdshell.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "TmBpIeBHO Class" "Trend Micro Browser Plug-In (IE)" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\tmbpie64.dll"
+ "TmIEPlugInBHO Class" "Trend Micro NSC IE Plug-In" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\tmieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "BitTorrentBar Toolbar" "Conduit Toolbar" "Conduit Ltd." "c:\program files (x86)\bittorrentbar\prxtbbitt.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "TmBpIeBHO Class" "Trend Micro Browser Plug-In (IE)" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\tmbpie32.dll"
+ "TmIEPlugInBHO Class" "Trend Micro NSC IE Plug-In" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\tmieplg32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "BitTorrentBar Toolbar" "Conduit Toolbar" "Conduit Ltd." "c:\program files (x86)\bittorrentbar\prxtbbitt.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
"Task Scheduler" "" "" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\UnHackMe Task Scheduler" "Detects Rootkits in background" "Greatis Software" "c:\program files (x86)\unhackme\hackmon.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore64.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "Amsp" "Manages Trend Micro security modules" "Trend Micro Inc." "c:\program files\trend micro\amsp\coreserviceshell.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "Futuremark SystemInfo Service" "Futuremark SystemInfo Service" "Futuremark Corporation" "c:\program files (x86)\futuremark\futuremark systeminfo\fmsisvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MozillaMaintenance" "" "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdiox64" "AMD IO Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdiox64.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "AODDriver4.01" "" "" "File not found: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AtiHDAudioService" "AMD High Definition Audio Function Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\atihdw76.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "cmudaxp" "C-Media Audio WDM Driver" "C-Media Inc" "c:\windows\system32\drivers\cmudaxp.sys"
+ "cpuz135" "" "" "File not found: C:\Windows\TEMP\cpuz135\cpuz135_x64.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LGBusEnum" "Logitech WingMan Virtual Bus Enumerator Driver" "Logitech Inc." "c:\windows\system32\drivers\lgbusenum.sys"
+ "LGVirHid" "Logitech GamePanel Virtual Hid Device Driver" "Logitech Inc." "c:\windows\system32\drivers\lgvirhid.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nusb3hub" "USB 3.0 Hub Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3hub.sys"
+ "nusb3xhc" "USB 3.0 Host Controller Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3xhc.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "Partizan" "" "" "File not found: system32\drivers\Partizan.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8101E/8168/8169 NDIS 6.20 64-bit Driver " "Realtek Corporation " "c:\windows\system32\drivers\rt64win7.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "tmactmon" "Trend Micro Activity Monitor Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmactmon.sys"
+ "tmcomm" "Trend Micro Common Engine Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmcomm.sys"
+ "tmevtmgr" "Trend Micro Event Manager Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmevtmgr.sys"
+ "tmtdi" "Trend Micro TDI Driver (amd64-fre)" "Trend Micro Inc." "c:\windows\system32\drivers\tmtdi.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "3dtv.at Audio Stream Switcher" "Stream Control Filters" "3dtv.at" "c:\program files (x86)\stereoscopic player\streamcontrol.dll"
+ "3dtv.at Effect Renderer" "Effect Control Filters" "3dtv.at" "c:\program files (x86)\stereoscopic player\fxc.dll"
+ "3dtv.at Effect Source" "Effect Control Filters" "3dtv.at" "c:\program files (x86)\stereoscopic player\fxc.dll"
+ "3dtv.at JPEG2000 Video Decoder" "JPEG2000 Video Decoder" "3dtv.at" "c:\program files (x86)\stereoscopic player\j2kdecoder.dll"
+ "3dtv.at Null Video Renderer" "Stereo Renderer" "3dtv.at" "c:\program files (x86)\stereoscopic player\srd.dll"
+ "3dtv.at Stereo Image Source" "Stereo Image Source" "3dtv.at" "c:\program files (x86)\stereoscopic player\sis.dll"
+ "3dtv.at Stereo Renderer" "Stereo Renderer" "3dtv.at" "c:\program files (x86)\stereoscopic player\srd.dll"
+ "3dtv.at Stereo Transformation" "Stereo Transformation" "3dtv.at" "c:\program files (x86)\stereoscopic player\stf.dll"
+ "3dtv.at Stereo Windows Media Source" "Stereo Windows Media Source" "3dtv.at" "c:\program files (x86)\stereoscopic player\wms.dll"
+ "3dtv.at Stream Control" "Stream Control Filters" "3dtv.at" "c:\program files (x86)\stereoscopic player\streamcontrol.dll"
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\client\wavdest.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "DC-Bass Source" "" "" "File not found: C:\Users\Joey\Downloads\DSFP-5.00\DirectShow FilterPack\BASS Source Filter\DCBassSource.ax"
+ "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx codec\divxdec.ax"
+ "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\divxdech264.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "LAV Audio Decoder" "" "" "File not found: C:\Users\Joey\Downloads\DSFP-5.00\DirectShow FilterPack\LAV Filters\LAVAudio.ax"
+ "LAV Splitter" "" "" "File not found: C:\Users\Joey\Downloads\DSFP-5.00\DirectShow FilterPack\LAV Filters\LAVSplitter.ax"
+ "LAV Splitter Source" "" "" "File not found: C:\Users\Joey\Downloads\DSFP-5.00\DirectShow FilterPack\LAV Filters\LAVSplitter.ax"
+ "LAV Video Decoder" "" "" "File not found: C:\Users\Joey\Downloads\DSFP-5.00\DirectShow FilterPack\LAV Filters\LAVVideo.ax"
+ "MPC - CDDA Reader" "" "" "File not found: C:\Users\Joey\Downloads\DSFP-5.00\DirectShow FilterPack\CDDA Source Filter\CDDAReader.ax"
+ "MPC - CDXA Reader" "" "" "File not found: C:\Users\Joey\Downloads\DSFP-5.00\DirectShow FilterPack\CDXA Source Filter\CDXAReader.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "TAK SourceFilter" "" "" "File not found: C:\Users\Joey\Downloads\DSFP-5.00\DirectShow FilterPack\TAK Source Filter\dsfTAKSource.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT Audio Mixer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT DV Extract" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT Format Conversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT Screen Capture filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "Partizan" "" "" "File not found: Partizan"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 PM

Posted 26 July 2012 - 06:27 PM

Uncheck this entry
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Conduit" "" "" "File not found: C:\Users\Joey\AppData\Local\CRE\Conduit\rihdqjs.dll"

Restart the PC,let me know if you have any current issues

#9 thekaptn

thekaptn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 26 July 2012 - 07:00 PM

Everything seems to be working A-OK now. Thanks so much narenxp for all your help. I really appreciate it and will be sure to follow up if any problems return.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 PM

Posted 26 July 2012 - 07:17 PM

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users