Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Viruses Found On Your Computer" Popup


  • Please log in to reply
17 replies to this topic

#1 bryhart

bryhart

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 02 August 2012 - 10:26 AM

Somewhere between 2-6 times a day I get a popup saying:

Viruses were found on your computer. "You need to clean the computer to prevent the system crash."

I have run MB and several other scans that all come back clen. What's next?

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 PM

Posted 02 August 2012 - 10:37 AM

What happens when you click on the popup?

#3 bryhart

bryhart
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 02 August 2012 - 11:17 AM

What happens when you click on the popup?


I don't. I kill iexplore from task manager.

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 PM

Posted 02 August 2012 - 11:38 AM

Reboot your computer. Then download Rkill from here:

http://www.bleepingcomputer.com/download/rkill/

Once downloaded, run it and post the log that pops up.

#5 bryhart

bryhart
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 02 August 2012 - 01:20 PM

Rkill 2.0.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/02/2012 11:18:41 AM in x86 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\TIREMOTE\TIRemoteService.exe (PID: 2404) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks.

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/02/2012 11:18:57 AM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 PM

Posted 02 August 2012 - 03:04 PM

Go here and run this scan:

http://www.eset.com/us/online-scanner/

You need to use Internet Explorer to use the above scanner.

If you have the ability to generate a log, please do so and post it here.

#7 bryhart

bryhart
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 02 August 2012 - 07:02 PM

I ran the eset online scan:

Scan results
No threats found.

Scanned Files: 160763
Infected Files: O
Cleaned files: 0
Total scan time: 00:54:42
Scan status: Finished

Not sure how to generate an actual log file.

#8 bryhart

bryhart
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 02 August 2012 - 11:12 PM

I was able to run ESET NOD32 Antivirus 4 and I found 2 "Infected" objects. I let the ESET program delete them. Here is the log:

C:\hiberfil.sys - error opening
C:\pagefile.sys - error opening
C:\PROT_INS.SYS - error reading
C:\Program Files\3ivx\3ivx MPEG-4 5.0.2\ReadMe.mht » MIME - is OK (internal scanning not performed)
C:\Users\name.replaced\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00663e » GZIP » f_00663e - archive damaged
C:\Users\name.replaced\AppData\Local\Microsoft\Outlook\name.replaced@genericcompanytech.com.ost - error reading
C:\Users\name.replaced\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\Users\name.replaced\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\Users\name.replaced\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\Users\name.replaced\AppData\Local\Temp\wecerr.txt » MIME - is OK (internal scanning not performed)
C:\Users\name.replaced\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\30e27d7b-1dffbfdb » ZIP » a/clau.class - probably a variant of Java/Exploit.Agent.NCV trojan
C:\Users\name.replaced\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\30e27d7b-1dffbfdb » ZIP » mauurzjhtklmzcr - a variant of Win32/Kryptik.AIAC trojan

C:\Users\name.replaced\Documents\_Oregon\Deliverables\Amend 2\Section 6\Weekly\2011\June 28th Weekly Status Meeting.txt » MIME - is OK (internal scanning not performed)
C:\Users\name.replaced\Documents\_Oregon\Status Reports\Weekly\June 28th Weekly Status Meeting.txt » MIME - is OK (internal scanning not performed)
C:\Users\name.replaced\Downloads\Windows Media Player Plug-ins\Codecs\3ivx_MPEG-4_502_trial_win.exe » NSIS » ReadMe.mht » MIME - is OK (internal scanning not performed)
C:\Users\Plano IT\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe » CAB » jusched - next archive volume not found
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\FW%20Data%20Conversion%20Plan%20Walkthrough0.eml » MIME - is OK (internal scanning not performed)
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\FW%20Data%20Conversion%20Plan%20Walkthrough1.eml » MIME - is OK (internal scanning not performed)
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\FW%20OJD%20Contract%20110217%20(genericcompany%20Technologies)%20-%20OJD%20deliverable%20acceptance0.eml » MIME - is OK (internal scanning not performed)
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\FW%20OJD%20Contract%20110217%20(genericcompany%20Technologies)%20-%20OJD%20deliverable%20acceptance1.eml » MIME - is OK (internal scanning not performed)
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\OJD%20Contract%20110217%20-%20Deliverable%2018.2.2.1.b%20-%20Administrative%20adjustment%20of%20due%20date1.eml » MIME - is OK (internal scanning not performed)
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\OJD%20Contract%20110217%20-%20Deliverable%207.2.1.1%20-%20Integrated%20Change%20Management%20Draft0.eml » MIME - is OK (internal scanning not performed)
C:\Users\name.replaced\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\30e27d7b-1dffbfdb » ZIP » a/clau.class - probably a variant of Java/Exploit.Agent.NCV trojan - was a part of the deleted object
C:\Users\name.replaced\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\30e27d7b-1dffbfdb » ZIP » mauurzjhtklmzcr - a variant of Win32/Kryptik.AIAC trojan - was a part of the deleted object


#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 PM

Posted 03 August 2012 - 05:20 AM

I am not seeing anything there that would cause this type of alert to appear.

Is this the exact error message word for word that you are seeing? "You need to clean the computer to prevent the system crash"

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 PM

Posted 03 August 2012 - 05:37 AM

Let's check a few things. First create an Autoruns log and post it as a reply to this topic. Autoruns can be downloaded from here:

http://live.sysinternals.com/autoruns.exe

Run it, let it populate for a few minutes and then click on File, Save, and change the file type to .txt and then save it somewhere.


Next, download TDSSkiller. Run the program and click on Change Parameters. Put a checkmark in Detect TDLFS file system and press the OK button. Then click on the Scan button. When done save and post the log report which is located in the root of your C: drive.

Finally download aswMBR and run it. When it starts it will prompt you to download the latest definitions. Please alllow it to do so. Once it is done, click on the Scan button and when finished click on Save Log. Please post this log as well.

#11 bryhart

bryhart
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 03 August 2012 - 09:44 AM

Let's check a few things. First create an Autoruns log and post it as a reply to this topic. Autoruns can be downloaded from here:

http://live.sysinternals.com/autoruns.exe


I can't get there...link seems to be broken

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 PM

Posted 03 August 2012 - 10:00 AM

Try this link:

http://download.sysinternals.com/files/Autoruns.zip

#13 bryhart

bryhart
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 03 August 2012 - 10:44 AM

Autorun Log:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\delltpad\apoint.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "Broadcom Wireless Manager UI" "DW WLAN Card Wireless Network Tray Applet" "Dell Inc." "c:\program files\dell\dw wlan card\wltray.exe"
+ "Check Point Endpoint Tray Application" "Check Point Endpoint Security" "Check Point Software Technologies LTD" "c:\program files\common files\check point\uiframework\cptray.exe"
+ "DBRMTray" "DbrmTrayicon" "Microsoft" "c:\dell\dbrm\reminder\dbrmtrayicon.exe"
+ "Dell Webcam Central" "WebcamDell2.exe" "Creative Technology Ltd" "c:\program files\dell webcam\dell webcam central\webcamdell2.exe"
+ "Desktop Disc Tool" "Roxio Burn Launcher" "" "c:\program files\roxio\oem\roxio burn\roxioburnlauncher.exe"
+ "egui" "ESET GUI" "ESET" "c:\program files\eset\eset nod32 antivirus\egui.exe"
+ "EzPrint" "" "" "c:\program files\lexmark pro800-pro900 series\ezprint.exe"
+ "googletalk" "Google Talk" "Google" "c:\program files\google\google talk\googletalk.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files\intel\intel® rapid storage technology\iastoricon.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "lxecmon.exe" "Printer Device Monitor" "" "c:\program files\lexmark pro800-pro900 series\lxecmon.exe"
+ "Malwarebytes' Anti-Malware" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamgui.exe"
+ "PDVD9LanguageShortcut" "PowerDVD Language Application" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\language\language.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "Pointsec Tray" "Full Disk Encryption, Tray program" "Check Point Software Tech Ltd" "c:\program files\pointsec\pointsec for pc\p95tray.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RemoteControl9" "PowerDVD RC Service" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\pdvd9serv.exe"
+ "RoxWatchTray" "RoxMMTrayApp Module" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\sharedcom\roxwatchtray12oem.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray.exe"
+ "USCService" "Dell Security Device and Task Status" "Broadcom Corporation" "c:\program files\dell\dell controlpoint\security manager\bcmdeviceandtaskstatusservice.exe"
+ "WavXMgr" "WavX Document Manager Application" "Wave Systems Corp." "c:\program files\wave systems corp\services manager\docmgr\bin\wavxdocmgr.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Bluetooth.lnk" "Bluetooth Tray Application" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\bttray.exe"
+ "Dell System Manager.lnk" "Dell System Manager" "Dell Inc." "c:\program files\dell\dell system manager\dcpsysmgr.exe"
+ "TdmNotify.lnk" "TdmNotify Module" "Wave Systems Corp." "c:\program files\wave systems corp\trusted drive manager\tdmnotify.exe"
"C:\Users\name.replaced\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "OneNote 2010 Screen Clipper and Launcher.lnk" "Microsoft OneNote Quick Launcher" "Microsoft Corporation" "c:\program files\microsoft office\office14\onenotem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\users\name.replaced\appdata\local\google\update\googleupdate.exe"
+ "GoToMeeting" "GoToMeeting" "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotomeeting\880\g2mstart.exe"
+ "msnmsgr" "Windows Live Messenger" "Microsoft Corporation" "c:\program files\windows live\messenger\msnmsgr.exe"
+ "OfficeSyncProcess" "Microsoft Office Document Cache" "Microsoft Corporation" "c:\program files\microsoft office\office14\msosync.exe"
+ "Steam" "Steam" "Valve Corporation" "c:\program files\steam\steam.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
+ "wlpg" "Windows Live Album Download Protocol Handler" "Microsoft Corporation" "c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "TextPad" "TextPad 32-bit shell extension DLL" "Helios Software Solutions" "c:\program files\textpad 5\system\shellext32.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "CirrusShellEx" "Beyond Compare" "Scooter Software" "c:\program files\beyond compare 3\bcshellex.dll"
+ "EncryptDocMgr" "ContextMenuItem Module" "Wave Systems Corp." "c:\program files\wave systems corp\services manager\docmgr\bin\contextmenuitem.dll"
+ "ESET Smart Security - Context Menu Shell Extension" "Shell Extension" "ESET" "c:\program files\eset\eset nod32 antivirus\shellext.dll"
+ "RXDCExtSvr12" "Roxio Creator Shell Extension" "Sonic Solutions" "c:\program files\roxio\oem\virtual drive 12\dc_shellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "CirrusShellEx" "Beyond Compare" "Scooter Software" "c:\program files\beyond compare 3\bcshellex.dll"
+ "EncryptDocMgr" "ContextMenuItem Module" "Wave Systems Corp." "c:\program files\wave systems corp\services manager\docmgr\bin\contextmenuitem.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btncopy.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "CirrusShellEx" "Beyond Compare" "Scooter Software" "c:\program files\beyond compare 3\bcshellex.dll"
+ "ESET Smart Security - Context Menu Shell Extension" "Shell Extension" "ESET" "c:\program files\eset\eset nod32 antivirus\shellext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "RXDCExtSvr12" "Roxio Creator Shell Extension" "Sonic Solutions" "c:\program files\roxio\oem\virtual drive 12\dc_shellext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "EnabledUnlockedFDEIconOverlay" "TDM Icon Overlay" "Wave Systems Corp." "c:\program files\wave systems corp\trusted drive manager\tdmiconoverlay.dll"
+ "UninitializedFdeIconOverlay" "TDM Icon Overlay" "Wave Systems Corp." "c:\program files\wave systems corp\trusted drive manager\tdmiconoverlay.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Windows Live Messenger Companion Helper" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files\windows live\companion\companioncore.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1567609011-1781888868-2182618124-2397Core" "Google Installer" "Google Inc." "c:\users\name.replaced\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1567609011-1781888868-2182618124-2397UA" "Google Installer" "Google Inc." "c:\users\name.replaced\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\SDMsgUpdate (TE)" "SDMessaging Application" "" "c:\program files\smartdraw 2012\messages\sdnotify.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AESTFilters" "Andrea filters APO access service (32-bit)" "Andrea Electronics Corporation" "c:\program files\idt\wdm\aestsrv.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "btwdins" "Handles installation and removal of Bluetooth devices." "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwdins.exe"
+ "Credential Vault Host Control Service" "Host Control Service for Fingerprint Processing" "Broadcom Corporation" "c:\program files\broadcom corporation\broadcom ush host components\cv\bin\hostcontrolservice.exe"
+ "Credential Vault Host Storage" "Host Storage Service for Persisting CV Objects into Hard drive" "Broadcom Corporation" "c:\program files\broadcom corporation\broadcom ush host components\cv\bin\hoststorageservice.exe"
+ "dcpsysmgrsvc" "A support service required for the proper operation of Dell System Manager." "Dell Inc." "c:\program files\dell\dell system manager\dcpsysmgrsvc.exe"
+ "EhttpSrv" "ESET HTTP Server" "ESET" "c:\program files\eset\eset nod32 antivirus\ehttpsrv.exe"
+ "ekrn" "ESET Service" "ESET" "c:\program files\eset\eset nod32 antivirus\ekrn.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "InstallFilterService" "This service installs the FF filter on IDE disks found in the system" "" "c:\program files\stmicroelectronics\accelerometerp11\installfilterservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "lxec_device" "Printer Communication System" " " "c:\windows\system32\lxeccoms.exe"
+ "lxecCATSCustConnectService" "Lexmark Connect Service Executable" "Lexmark International, Inc." "c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "OdySys" "Enables advanced features within the Odyssey product suite including on-demand messaging,configuration caching, and product upgrades on behalf of non-privileged users." "genericcompany Technologies, Inc." "c:\program files\common files\genericcompany technologies\odyssey\odysys.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "Pointsec" "Full Disk Encryption Service" "Check Point Software Tech Ltd" "c:\windows\system32\prot_srv.exe"
+ "Pointsec_start" "Full Disk Encryption Service" "Check Point Software Tech Ltd" "c:\windows\system32\pstartsr.exe"
+ "RoxMediaDB12OEM" "Roxio RoxMediaDB12OEM Service" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\sharedcom\roxmediadb12oem.exe"
+ "RoxWatch12" "RoxWatch12 Module" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\sharedcom\roxwatch12oem.exe"
+ "SecureStorageService" "Wave Secure Storage Service" "Wave Systems Corp." "c:\program files\wave systems corp\secure storage manager\securestorageservice.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\program files\idt\wdm\stacsv.exe"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files\common files\steam\steamservice.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
+ "tcsd_win32.exe" "TCS service for accessing the TPM" "" "c:\program files\ntru cryptosystems\ntru tcg software stack\bin\tcsd_win32.exe"
+ "TdmService" "Manages self-encrypting drives." "Wave Systems Corp." "c:\program files\wave systems corp\trusted drive manager\tdmservice.exe"
+ "TIRmtSvc" "Track-It!" "Numara Software, Inc." "c:\windows\tiremote\tiremoteservice.exe"
+ "vpnagent" "Cisco AnyConnect VPN Agent for Windows" "Cisco Systems, Inc." "c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "wltrysvc" "Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant." "Dell Inc." "c:\program files\dell\dw wlan card\wltrysvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Acceler" "Accelerometer Port I/O" "ST Microelectronics" "c:\windows\system32\drivers\accelern.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BCM42RLY" "Broadcom iLine10™ PCI Network Adapter Proxy Protocol Driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcm42rly.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl6.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "btwampfl" "Broadcom Bluetooth USB AMP Filter for Windows Vista" "Broadcom Corporation." "c:\windows\system32\drivers\btwampfl.sys"
+ "btwaudio" "Bluetooth Audio Device" "Broadcom Corporation." "c:\windows\system32\drivers\btwaudio.sys"
+ "btwavdt" "Broadcom Bluetooth AVDT Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwavdt.sys"
+ "btwl2cap" "Broadcom Bluetooth L2CAP Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwl2cap.sys"
+ "btwrchid" "Bluetooth Remote Control HID Minidriver" "Broadcom Corporation." "c:\windows\system32\drivers\btwrchid.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "CtAudDrv" "Advanced Audio FX Driver" "Creative Technology Ltd." "c:\windows\system32\drivers\ctauddrv.sys"
+ "CtClsFlt" "Video Class Upper Filter Driver" "Creative Technology Ltd." "c:\windows\system32\drivers\ctclsflt.sys"
+ "cvusbdrv" "Broadcom Credential Vault USB Driver" "Broadcom Corporation" "c:\windows\system32\drivers\cvusbdrv.sys"
+ "e1kexpress" "Intel® Gigabit Adapter NDIS 6.x driver" "Intel Corporation" "c:\windows\system32\drivers\e1k6232.sys"
+ "eamonm" "Eset file on-access scanner" "ESET" "c:\windows\system32\drivers\eamonm.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "ehdrv" "Eset Helper driver" "ESET" "c:\windows\system32\drivers\ehdrv.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "epfwwfpr" "EPFW Filter Driver" "ESET" "c:\windows\system32\drivers\epfwwfpr.sys"
+ "f5ipfw" "StoneWall Filter Driver" "F5 Networks, Inc." "c:\windows\system32\drivers\urfltwlh.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x86" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "NAL" "Intel® Network Adapter Diagnostic Driver" "Intel Corporation " "c:\windows\system32\drivers\iqvw32.sys"
+ "NEOFLTR_650_16339" "NetBIOS Redirector" "Juniper Networks" "c:\windows\system32\drivers\neofltr_650_16339.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PBADRV" "PBADRV" "Dell Inc" "c:\windows\system32\drivers\pbadrv.sys"
+ "prot_2k" "Full Disk Encryption, Post-boot filter driver" "Check Point Software Tech Ltd" "c:\windows\system32\drivers\prot_2k.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RemoteControl-USBLAN" "Windows USBLAN Host Driver" "Belcarra Technologies" "c:\windows\system32\drivers\rcblan.sys"
+ "rimspci" "RICOH MS Driver" "REDC" "c:\windows\system32\drivers\rimspe86.sys"
+ "risdpcie" "RICOH SD/MMC Driver" "REDC" "c:\windows\system32\drivers\risdpe86.sys"
+ "rixdpcie" "RICOH PCIe XD Driver" "REDC" "c:\windows\system32\drivers\rixdpe86.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Serial" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stdflt" "Disk Filter Driver for Accelerometer" "ST Microelectronics" "c:\windows\system32\drivers\stdfltn.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt.sys"
+ "urvpndrv" "NetworkAccess NDIS WAN/TAPI Miniport for Windows." "F5 Networks, Inc." "c:\windows\system32\drivers\covpnwlh.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vpnva" "Cisco AnyConnect VPN Client Virtual Miniport Adapter for Windows" "Cisco Systems, Inc." "c:\windows\system32\drivers\vpnva.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "WavxDMgr" "Document Manager Driver" "Wave Systems Corp." "c:\windows\system32\drivers\wavxdmgr.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.3IV2" "3ivx MPEG-4 5.0.2 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\windows\system32\3ivxvfwcodec.dll"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DX50" "" "" "c:\windows\system32\divxvfwcodec.dll"
+ "vidc.SEDG" "" "" "c:\windows\system32\samsungvfwcodec.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "3ivx Audio Decoder" "3ivx MPEG-4 5.0.2 DirectShow Audio Decoder" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.2\3ivxdsaudiodecoder.ax"
+ "3ivx Decoder Filter" "3ivx MPEG-4 5.0.2 DirectShow Video Decoder" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.2\3ivxdsvideodecoder.ax"
+ "3ivx Media Muxer" "3ivx MPEG-4 5.0.2 DirectShow Media Muxer" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.2\3ivxdsmediamux.ax"
+ "3ivx Media Splitter" "3ivx MPEG-4 5.0.2 DirectShow Media Splitter" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.2\3ivxdsmediasplitter.ax"
+ "3ivx MPEG-4 Audio Encoder" "3ivx MPEG-4 5.0.2 DirectShow Audio Encoder" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.2\3ivxdsaudioencoder.ax"
+ "3ivx MPEG-4 Video Encoder" "3ivx MPEG-4 5.0.2 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.2\3ivxdsvideoencoder.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Creative MJPEG Decoder 2" "Decoder" "Creative Technology Ltd." "c:\program files\creative\shared files\ctmjpgdec2.ax"
+ "Creative Video Processing Filter" "Creative Video Processing Filter" "Creative Technology Ltd." "c:\program files\creative\shared files\vidprocu.ax"
+ "CyberLink Audio Decoder (PDVD9)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PDVD9)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd9\audiofilter\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer (PDVD9)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\audiofilter\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\audiofilter\claudwizard.ax"
+ "CyberLink AudioCD Filter (PDVD9)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\audiofilter\claudiocd.ax"
+ "Cyberlink Demuxer 2.0" "CLDemuxer2" "Cyberlink" "c:\program files\cyberlink\powerdvd9\navfilter\cldemuxer2.ax"
+ "CyberLink Digest Filter (PDVD9)" "DigestFilter Dynamic Link Library" "" "c:\program files\cyberlink\powerdvd9\digestfilter.dll"
+ "CyberLink DVD Navigator (PDVD9)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\navfilter\clnavx.ax"
+ "CyberLink FLV Splitter (PDVD9)" "CyberLink FLV Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\navfilter\clflvsplitter.ax"
+ "CyberLink HAM Decoder" "CyberLink 264 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\clcvd.ax"
+ "CyberLink HD/BD Mixer (PDVD9)" "CLHBMixer" " " "c:\program files\cyberlink\powerdvd9\audiofilter\clhbmixer.ax"
+ "CyberLink Line21 Decoder (PDVD9)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\clline21.ax"
+ "CyberLink Matroska Splitter (PDVD9)" "CyberLink Matroska Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\navfilter\clmkvsplter.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\navfilter\clsplter.ax"
+ "CyberLink MPEG-4 Splitter (PDVD9)" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\navfilter\clm4splt.ax"
+ "CyberLink RealAudio Decoder (PDVD9)" "CyberLink RealMedia Audio Decoder" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\audiofilter\clrmaud.ax"
+ "CyberLink RealMedia Splitter (PDVD9)" "CyberLink RealMedia Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\navfilter\clrmsplitter.ax"
+ "CyberLink RealVideo Decoder (PDVD9)" "CyberLink RealMedia Video Decoder" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\clrmvd.ax"
+ "Cyberlink SubTitle Importor (PDVD9)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\clsubtitle.ax"
+ "Cyberlink SubTitle Importor 2.0 (PDVD9)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (PDVD9)" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\audiofilter\clauts.ax"
+ "CyberLink Tzan Filter (PDVD9)" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\cltzan.ax"
+ "CyberLink Video Decoder (PDVD9)" "CyberLink 264 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\clcvd.ax"
+ "CyberLink Video/SP Decoder (PDVD9)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\clvsd.ax"
+ "DivX Video Encoder (3ivx)" "3ivx MPEG-4 5.0.2 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.2\3ivxdsvideoencoder.ax"
+ "Half Size to Stereo" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "LVMWriter" "LVMWriter" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\lvmwriter.ax"
+ "Media Analyser" "analyse Filter (Sample)" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\mediaanalyser.ax"
+ "PSI Parser" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Roxio Anaglyph to Stereo" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Roxio Anaglyph to Stereo" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Audio Source 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "Roxio Audio Source Filter" "Roxio Audio Source Filter" "Sonic Solutions" "c:\program files\roxio\oem\audiocodec\rxdsaudiosource.ax"
+ "Roxio Audio Stream Reader Filter" "Roxio Audio Stream Reader Filter" "Sonic Solutions" "c:\program files\roxio\oem\audiocodec\rxdsaudiostreamreader.ax"
+ "Roxio Audio Stream Writer Filter" "Roxio Audio Stream Writer Filter" "Sonic Solutions" "c:\program files\roxio\oem\audiocodec\rxdsaudiostreamwriter.ax"
+ "ROXIO Audio VCFChunker 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "ROXIO Audio VCFLooper 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "ROXIO AudioConvert 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "ROXIO AudioGrabber 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO BDAV Smart Render 1.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO ColorSpace Converter 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO CPU Regulator" "CPURegulator.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\cpuregulator.ax"
+ "ROXIO CrossGraphEx Renderer 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO CrossGraphEx Source 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "roxio DCFilters Audio Sync Filter 2 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters Dragons Lair 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters DVD Muxer 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters DVDStream Reader 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters DVDStream Splitter 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters Mpeg I/II Decoder 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters MPEG Transcoder" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters Smart Resizer 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters Subpicture Mixer 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "ROXIO Deinterlace 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO DV Scene Detector Tee 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO DVDCrossGraphEx Renderer 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO DVDCrossGraphEx Source 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Field Combiner 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Field Splitter 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Roxio File Writer Wrapper" "Roxio File Writer Wrapper" "Sonic" "c:\program files\roxio\oem\videocore 12\roxfilewriterwrapper.ax"
+ "ROXIO Image/Colour Source 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO ListImage Source 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO LPCMSyncFilter" "LPCMSync Filter" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\lpcmsyncfilter.dll"
+ "Roxio LVM File Source (Async.)" "LVMAsync" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\lvmasync.ax"
+ "Roxio Mp3 Encoder (SC)" "Roxio Audio Codec DLL" "Sonic Solutions" "c:\program files\roxio\oem\audiocodec\rxdsmp3encoder.ax"
+ "Roxio MPEG Analyzer Filter" "MPEG File Analyzer Dynamic Link Library" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\roxiompegprop.dll"
+ "Roxio MPEG Stream Analyzer" "Roxio MPEG Stream Splitter" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\mpegstreamanalyzer.dll"
+ "Roxio MPEG1 Audio Encoder" "ROXIO MPEG Audio Encoder" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\roxioaudioenc.dll"
+ "Roxio MPEG1 Encoder" "ROXIO MPEG1 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\mpeg1vidcodec.dll"
+ "Roxio MPEG1 Muxer" "ROXIO MPEG MUXER" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\mpeg1muxer.dll"
+ "Roxio MPEG2 Demuxer" "ROXIO MPEG Demuxer" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\roxiompegdemuxer.dll"
+ "ROXIO Pan Zoom 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Pin Tee" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Roxio Plasma CrossGraph Renderer" "MGICGFilter.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\plasmacgfilter.ax"
+ "Roxio Plasma CrossGraph Source" "MGICGFilter.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\plasmacgfilter.ax"
+ "ROXIO QT Source" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO QuickGrabber 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Raw Writer" "ROXIO Raw Writer" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\mgirawwriter.dll"
+ "Roxio RealD to Stereo" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Roxio Repack Filter" "Repack Filter" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\repackfilter.dll"
+ "ROXIO Scene Detector 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO SceneRecorder 1.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO SpyPos 3.0" "Null-In-Place (Sample)" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\mginullip.ax"
+ "Roxio StereoSource Cropper" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO ThumbnailGrabber 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Roxio Transport Stream Source" "ListFrameSource" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\tsmpegsource.dll"
+ "ROXIO VCFAlphaSplitter 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO VCFAudioMixer 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "ROXIO VCFDvrSupport 3.0" "DVR support filter" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\dvrsupportfilt.ax"
+ "ROXIO VCFDVSceneDetect 1.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO VCFHDVSceneDetect 1.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO VCFLatency 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "ROXIO VCFpeakmeter 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "ROXIO VCFStationLogo 1.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO VCFVideoCutList 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO VCFWaveform 1.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "ROXIO Video Effect 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Video Integrate" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Video Resampler 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Roxio Video Rotater," "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Video VCFLooper 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO VideoCombine 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Roxio VOB Formatter" "VOBFormatter" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\vobformatter.ax"
+ "Roxio Vob Loader" "VOBLoader" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\vobloader.ax"
+ "ROXIO WAV Dest 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "Samsung Video Encoder (3ivx)" "3ivx MPEG-4 5.0.2 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.2\3ivxdsvideoencoder.ax"
+ "Sewer" "MVWcDSutil" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\mvwcdsutil.dll"
+ "Sonic Audio Resampler" "Audio Resampler Direct Show Filter" "Sonic Solutions Inc." "c:\program files\roxio\oem\audiocodec\filters\c12oem_trans_audio_samplerate_ds.ax"
+ "Sonic Cinemaster® Audio Decoder 4.3 (No Dolby)" "SonicHDAudio" "Sonic Solutions" "c:\program files\roxio\oem\common\cinemasteraudiond.dll"
+ "Sonic Cinemaster® VideoDecoder 4.3 (EMC12)" "CinemasterVideo" "Sonic Solutions" "c:\program files\roxio\oem\common\cinemastervideo.dll"
+ "Sonic HD Demuxer" "Sonic HD Demuxer" "" "c:\program files\roxio\oem\common\sonichddemuxer.dll"
+ "SubPicture Encoder" "ROXIO SubPicture Encoder" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\subpictenc.dll"
+ "VCG Null Renderer 3.0" "VideoCompositing Module" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\videocompositing.ax"
+ "VCG Video Mixer 3.0" "VideoCompositing Module" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\videocompositing.ax"
+ "VCGImageSource" "VideoCompositing Module" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\videocompositing.ax"
+ "VMR9 Wrapper 3.0" "VideoCompositing Module" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\videocompositing.ax"
+ "Vorbis Decode Filter" "ogg DShow filters" "" "c:\program files\common files\roxio shared\ogg_flac codecs\dsfvorbisdecoder.dll"
+ "VW Input Selector" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "VW Input Selector 2" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "VW Video Transition" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "VW Video Transition" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "BtwCredentialProvider" "BtwCP DLL" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwcp.dll"
+ "Pointsecprovider" "Full Disk Encryption, Single Sign On component" "Check Point Software Tech Ltd" "c:\windows\system32\pcp.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Pro800-Pro900 Series Port" "Printer Communication System" " " "c:\windows\system32\lxeclmpm.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages" "" "" ""
+ "wvauth" "Authentication Package" "Wave Systems Corp." "c:\windows\system32\wvauth.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "BCMLogon" "DW WLAN Card Logon Provider" "Dell Inc." "c:\windows\system32\bcmlogon.dll"
+ "PCP" "PCP" "Check Point Software Tech Ltd" "c:\windows\system32\pcp.dll"
+ "TdmNetworkProvider" "TDM Network Provider" "Wave Systems Corp." "c:\windows\system32\tdmnetworkprovider.dll"


tdsskiller Log:

08:34:29.0620 5736 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
08:34:30.0137 5736 ============================================================
08:34:30.0137 5736 Current date / time: 2012/08/03 08:34:30.0137
08:34:30.0137 5736 SystemInfo:
08:34:30.0137 5736
08:34:30.0137 5736 OS Version: 6.1.7601 ServicePack: 1.0
08:34:30.0137 5736 Product type: Workstation
08:34:30.0138 5736 ComputerName: PLA-replaced
08:34:30.0138 5736 UserName: name.replaced
08:34:30.0138 5736 Windows directory: C:\Windows
08:34:30.0138 5736 System windows directory: C:\Windows
08:34:30.0138 5736 Processor architecture: Intel x86
08:34:30.0138 5736 Number of processors: 4
08:34:30.0138 5736 Page size: 0x1000
08:34:30.0138 5736 Boot type: Normal boot
08:34:30.0138 5736 ============================================================
08:34:30.0627 5736 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:34:30.0630 5736 ============================================================
08:34:30.0630 5736 \Device\Harddisk0\DR0:
08:34:30.0630 5736 MBR partitions:
08:34:30.0630 5736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1785000
08:34:30.0630 5736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1799000, BlocksNum 0x23C95000
08:34:30.0630 5736 ============================================================
08:34:30.0658 5736 Initialize success
08:34:30.0658 5736 ============================================================
08:35:02.0038 2712 ============================================================
08:35:02.0038 2712 Scan started
08:35:02.0038 2712 Mode: Manual; TDLFS;
08:35:02.0038 2712 ============================================================
08:35:02.0103 2712 1394ohci - ok
08:35:02.0117 2712 Acceler - ok
08:35:02.0127 2712 ACPI - ok
08:35:02.0131 2712 AcpiPmi - ok
08:35:02.0152 2712 AdobeFlashPlayerUpdateSvc - ok
08:35:02.0155 2712 adp94xx - ok
08:35:02.0159 2712 adpahci - ok
08:35:02.0161 2712 adpu320 - ok
08:35:02.0166 2712 AeLookupSvc - ok
08:35:02.0189 2712 AESTFilters - ok
08:35:02.0193 2712 AFD - ok
08:35:02.0197 2712 agp440 - ok
08:35:02.0199 2712 aic78xx - ok
08:35:02.0203 2712 ALG - ok
08:35:02.0210 2712 aliide - ok
08:35:02.0214 2712 amdagp - ok
08:35:02.0217 2712 amdide - ok
08:35:02.0221 2712 AmdK8 - ok
08:35:02.0223 2712 AmdPPM - ok
08:35:02.0227 2712 amdsata - ok
08:35:02.0231 2712 amdsbs - ok
08:35:02.0237 2712 amdxata - ok
08:35:02.0241 2712 ApfiltrService - ok
08:35:02.0245 2712 AppID - ok
08:35:02.0248 2712 AppIDSvc - ok
08:35:02.0257 2712 Appinfo - ok
08:35:02.0266 2712 Apple Mobile Device - ok
08:35:02.0269 2712 AppMgmt - ok
08:35:02.0272 2712 arc - ok
08:35:02.0275 2712 arcsas - ok
08:35:02.0277 2712 AsyncMac - ok
08:35:02.0282 2712 atapi - ok
08:35:02.0285 2712 AudioEndpointBuilder - ok
08:35:02.0288 2712 Audiosrv - ok
08:35:02.0293 2712 AxInstSV - ok
08:35:02.0298 2712 b06bdrv - ok
08:35:02.0301 2712 b57nd60x - ok
08:35:02.0306 2712 BCM42RLY - ok
08:35:02.0308 2712 BCM43XX - ok
08:35:02.0314 2712 BDESVC - ok
08:35:02.0316 2712 Beep - ok
08:35:02.0319 2712 BFE - ok
08:35:02.0322 2712 BITS - ok
08:35:02.0325 2712 blbdrive - ok
08:35:02.0338 2712 Bonjour Service - ok
08:35:02.0342 2712 bowser - ok
08:35:02.0345 2712 BrFiltLo - ok
08:35:02.0352 2712 BrFiltUp - ok
08:35:02.0355 2712 Browser - ok
08:35:02.0358 2712 Brserid - ok
08:35:02.0361 2712 BrSerWdm - ok
08:35:02.0364 2712 BrUsbMdm - ok
08:35:02.0370 2712 BrUsbSer - ok
08:35:02.0379 2712 BthEnum - ok
08:35:02.0386 2712 BTHMODEM - ok
08:35:02.0390 2712 BthPan - ok
08:35:02.0393 2712 BTHPORT - ok
08:35:02.0398 2712 bthserv - ok
08:35:02.0400 2712 BTHUSB - ok
08:35:02.0404 2712 btwampfl - ok
08:35:02.0407 2712 btwaudio - ok
08:35:02.0410 2712 btwavdt - ok
08:35:02.0414 2712 btwdins - ok
08:35:02.0419 2712 btwl2cap - ok
08:35:02.0432 2712 btwrchid - ok
08:35:02.0435 2712 cdfs - ok
08:35:02.0437 2712 cdrom - ok
08:35:02.0443 2712 CertPropSvc - ok
08:35:02.0449 2712 circlass - ok
08:35:02.0452 2712 CLFS - ok
08:35:02.0456 2712 clr_optimization_v2.0.50727_32 - ok
08:35:02.0459 2712 CmBatt - ok
08:35:02.0461 2712 cmdide - ok
08:35:02.0465 2712 CNG - ok
08:35:02.0468 2712 Compbatt - ok
08:35:02.0477 2712 CompositeBus - ok
08:35:02.0481 2712 COMSysApp - ok
08:35:02.0483 2712 crcdisk - ok
08:35:02.0487 2712 Credential Vault Host Control Service - ok
08:35:02.0490 2712 Credential Vault Host Storage - ok
08:35:02.0494 2712 CryptSvc - ok
08:35:02.0498 2712 CSC - ok
08:35:02.0504 2712 CscService - ok
08:35:02.0507 2712 CtAudDrv - ok
08:35:02.0512 2712 CtClsFlt - ok
08:35:02.0515 2712 cvusbdrv - ok
08:35:02.0521 2712 DcomLaunch - ok
08:35:02.0524 2712 dcpsysmgrsvc - ok
08:35:02.0527 2712 defragsvc - ok
08:35:02.0531 2712 DfsC - ok
08:35:02.0533 2712 Dhcp - ok
08:35:02.0537 2712 discache - ok
08:35:02.0540 2712 Disk - ok
08:35:02.0542 2712 Dnscache - ok
08:35:02.0545 2712 dot3svc - ok
08:35:02.0548 2712 DPS - ok
08:35:02.0553 2712 drmkaud - ok
08:35:02.0556 2712 DXGKrnl - ok
08:35:02.0559 2712 e1kexpress - ok
08:35:02.0564 2712 eamonm - ok
08:35:02.0576 2712 EapHost - ok
08:35:02.0579 2712 ebdrv - ok
08:35:02.0582 2712 EFS - ok
08:35:02.0587 2712 ehdrv - ok
08:35:02.0589 2712 ehRecvr - ok
08:35:02.0592 2712 ehSched - ok
08:35:02.0595 2712 EhttpSrv - ok
08:35:02.0597 2712 ekrn - ok
08:35:02.0602 2712 elxstor - ok
08:35:02.0605 2712 epfwwfpr - ok
08:35:02.0608 2712 ErrDev - ok
08:35:02.0613 2712 EventSystem - ok
08:35:02.0617 2712 exfat - ok
08:35:02.0625 2712 f5ipfw - ok
08:35:02.0628 2712 fastfat - ok
08:35:02.0631 2712 Fax - ok
08:35:02.0637 2712 fdc - ok
08:35:02.0639 2712 fdPHost - ok
08:35:02.0642 2712 FDResPub - ok
08:35:02.0645 2712 FileInfo - ok
08:35:02.0648 2712 Filetrace - ok
08:35:02.0653 2712 flpydisk - ok
08:35:02.0656 2712 FltMgr - ok
08:35:02.0659 2712 FontCache - ok
08:35:02.0662 2712 FontCache3.0.0.0 - ok
08:35:02.0666 2712 FsDepends - ok
08:35:02.0671 2712 Fs_Rec - ok
08:35:02.0674 2712 fvevol - ok
08:35:02.0677 2712 gagp30kx - ok
08:35:02.0680 2712 GEARAspiWDM - ok
08:35:02.0686 2712 gpsvc - ok
08:35:02.0697 2712 gupdate - ok
08:35:02.0702 2712 gupdatem - ok
08:35:02.0714 2712 gusvc - ok
08:35:02.0717 2712 hcw85cir - ok
08:35:02.0720 2712 HDAudBus - ok
08:35:02.0723 2712 HidBatt - ok
08:35:02.0726 2712 HidBth - ok
08:35:02.0728 2712 HidIr - ok
08:35:02.0732 2712 hidserv - ok
08:35:02.0737 2712 HidUsb - ok
08:35:02.0740 2712 hkmsvc - ok
08:35:02.0742 2712 HomeGroupListener - ok
08:35:02.0746 2712 HomeGroupProvider - ok
08:35:02.0749 2712 HpSAMD - ok
08:35:02.0754 2712 HTTP - ok
08:35:02.0756 2712 hwpolicy - ok
08:35:02.0760 2712 i8042prt - ok
08:35:02.0764 2712 iaStor - ok
08:35:02.0768 2712 IAStorDataMgrSvc - ok
08:35:02.0772 2712 iaStorV - ok
08:35:02.0774 2712 idsvc - ok
08:35:02.0777 2712 igfx - ok
08:35:02.0781 2712 iirsp - ok
08:35:02.0787 2712 IKEEXT - ok
08:35:02.0789 2712 Impcd - ok
08:35:02.0793 2712 InstallFilterService - ok
08:35:02.0796 2712 IntcDAud - ok
08:35:02.0799 2712 intelide - ok
08:35:02.0804 2712 intelppm - ok
08:35:02.0806 2712 IPBusEnum - ok
08:35:02.0809 2712 IpFilterDriver - ok
08:35:02.0812 2712 iphlpsvc - ok
08:35:02.0815 2712 IPMIDRV - ok
08:35:02.0819 2712 IPNAT - ok
08:35:02.0822 2712 iPod Service - ok
08:35:02.0825 2712 IRENUM - ok
08:35:02.0828 2712 isapnp - ok
08:35:02.0831 2712 iScsiPrt - ok
08:35:02.0836 2712 kbdclass - ok
08:35:02.0839 2712 kbdhid - ok
08:35:02.0841 2712 KeyIso - ok
08:35:02.0844 2712 KSecDD - ok
08:35:02.0847 2712 KSecPkg - ok
08:35:02.0849 2712 KtmRm - ok
08:35:02.0855 2712 LanmanServer - ok
08:35:02.0859 2712 LanmanWorkstation - ok
08:35:02.0864 2712 lltdio - ok
08:35:02.0870 2712 lltdsvc - ok
08:35:02.0873 2712 lmhosts - ok
08:35:02.0877 2712 LSI_FC - ok
08:35:02.0880 2712 LSI_SAS - ok
08:35:02.0884 2712 LSI_SAS2 - ok
08:35:02.0888 2712 LSI_SCSI - ok
08:35:02.0892 2712 luafv - ok
08:35:02.0896 2712 lxecCATSCustConnectService - ok
08:35:02.0900 2712 lxec_device - ok
08:35:02.0906 2712 MBAMProtector - ok
08:35:02.0910 2712 MBAMService - ok
08:35:02.0913 2712 Mcx2Svc - ok
08:35:02.0916 2712 megasas - ok
08:35:02.0920 2712 MegaSR - ok
08:35:02.0923 2712 MMCSS - ok
08:35:02.0925 2712 Modem - ok
08:35:02.0928 2712 monitor - ok
08:35:02.0931 2712 mouclass - ok
08:35:02.0936 2712 mouhid - ok
08:35:02.0938 2712 mountmgr - ok
08:35:02.0941 2712 mpio - ok
08:35:02.0944 2712 mpsdrv - ok
08:35:02.0947 2712 MpsSvc - ok
08:35:02.0952 2712 MRxDAV - ok
08:35:02.0955 2712 mrxsmb - ok
08:35:02.0958 2712 mrxsmb10 - ok
08:35:02.0961 2712 mrxsmb20 - ok
08:35:02.0964 2712 msahci - ok
08:35:02.0970 2712 msdsm - ok
08:35:02.0972 2712 MSDTC - ok
08:35:02.0976 2712 Msfs - ok
08:35:02.0979 2712 mshidkmdf - ok
08:35:02.0983 2712 msisadrv - ok
08:35:02.0989 2712 MSiSCSI - ok
08:35:02.0991 2712 msiserver - ok
08:35:02.0994 2712 MSKSSRV - ok
08:35:02.0997 2712 MSPCLOCK - ok
08:35:03.0003 2712 MSPQM - ok
08:35:03.0006 2712 MsRPC - ok
08:35:03.0010 2712 mssmbios - ok
08:35:03.0013 2712 MSTEE - ok
08:35:03.0017 2712 MTConfig - ok
08:35:03.0021 2712 Mup - ok
08:35:03.0025 2712 NAL - ok
08:35:03.0027 2712 napagent - ok
08:35:03.0031 2712 NativeWifiP - ok
08:35:03.0035 2712 NDIS - ok
08:35:03.0038 2712 NdisCap - ok
08:35:03.0041 2712 NdisTapi - ok
08:35:03.0044 2712 Ndisuio - ok
08:35:03.0048 2712 NdisWan - ok
08:35:03.0052 2712 NDProxy - ok
08:35:03.0056 2712 NEOFLTR_650_16339 - ok
08:35:03.0059 2712 Net Driver HPZ12 - ok
08:35:03.0062 2712 NetBIOS - ok
08:35:03.0065 2712 NetBT - ok
08:35:03.0069 2712 Netlogon - ok
08:35:03.0073 2712 Netman - ok
08:35:03.0076 2712 netprofm - ok
08:35:03.0078 2712 NetTcpPortSharing - ok
08:35:03.0082 2712 nfrd960 - ok
08:35:03.0087 2712 NlaSvc - ok
08:35:03.0089 2712 Npfs - ok
08:35:03.0092 2712 nsi - ok
08:35:03.0095 2712 nsiproxy - ok
08:35:03.0099 2712 Ntfs - ok
08:35:03.0104 2712 Null - ok
08:35:03.0107 2712 nvraid - ok
08:35:03.0110 2712 nvstor - ok
08:35:03.0113 2712 nv_agp - ok
08:35:03.0125 2712 odserv - ok
08:35:03.0128 2712 OdySys - ok
08:35:03.0131 2712 ohci1394 - ok
08:35:03.0136 2712 ose - ok
08:35:03.0139 2712 osppsvc - ok
08:35:03.0143 2712 p2pimsvc - ok
08:35:03.0145 2712 p2psvc - ok
08:35:03.0148 2712 Parport - ok
08:35:03.0153 2712 partmgr - ok
08:35:03.0156 2712 Parvdm - ok
08:35:03.0159 2712 PBADRV - ok
08:35:03.0162 2712 PcaSvc - ok
08:35:03.0164 2712 pci - ok
08:35:03.0169 2712 pciide - ok
08:35:03.0172 2712 pcmcia - ok
08:35:03.0176 2712 pcw - ok
08:35:03.0178 2712 PEAUTH - ok
08:35:03.0182 2712 PeerDistSvc - ok
08:35:03.0193 2712 pla - ok
08:35:03.0195 2712 PlugPlay - ok
08:35:03.0199 2712 Pml Driver HPZ12 - ok
08:35:03.0203 2712 PNRPAutoReg - ok
08:35:03.0206 2712 PNRPsvc - ok
08:35:03.0210 2712 Pointsec - ok
08:35:03.0213 2712 Pointsec_start - ok
08:35:03.0219 2712 PolicyAgent - ok
08:35:03.0223 2712 Power - ok
08:35:03.0226 2712 PptpMiniport - ok
08:35:03.0229 2712 Processor - ok
08:35:03.0232 2712 ProfSvc - ok
08:35:03.0237 2712 ProtectedStorage - ok
08:35:03.0240 2712 prot_2k - ok
08:35:03.0243 2712 Psched - ok
08:35:03.0247 2712 PxHelp20 - ok
08:35:03.0252 2712 ql2300 - ok
08:35:03.0255 2712 ql40xx - ok
08:35:03.0258 2712 QWAVE - ok
08:35:03.0261 2712 QWAVEdrv - ok
08:35:03.0264 2712 RasAcd - ok
08:35:03.0269 2712 RasAgileVpn - ok
08:35:03.0272 2712 RasAuto - ok
08:35:03.0274 2712 Rasl2tp - ok
08:35:03.0278 2712 RasMan - ok
08:35:03.0281 2712 RasPppoe - ok
08:35:03.0286 2712 RasSstp - ok
08:35:03.0289 2712 rdbss - ok
08:35:03.0292 2712 rdpbus - ok
08:35:03.0295 2712 RDPCDD - ok
08:35:03.0299 2712 RDPDR - ok
08:35:03.0304 2712 RDPENCDD - ok
08:35:03.0308 2712 RDPREFMP - ok
08:35:03.0311 2712 RDPWD - ok
08:35:03.0314 2712 rdyboost - ok
08:35:03.0319 2712 RemoteAccess - ok
08:35:03.0325 2712 RemoteControl-USBLAN - ok
08:35:03.0328 2712 RemoteRegistry - ok
08:35:03.0331 2712 RFCOMM - ok
08:35:03.0336 2712 rimspci - ok
08:35:03.0338 2712 risdpcie - ok
08:35:03.0341 2712 rixdpcie - ok
08:35:03.0344 2712 RoxMediaDB12OEM - ok
08:35:03.0347 2712 RoxWatch12 - ok
08:35:03.0352 2712 RpcEptMapper - ok
08:35:03.0355 2712 RpcLocator - ok
08:35:03.0358 2712 RpcSs - ok
08:35:03.0360 2712 rspndr - ok
08:35:03.0363 2712 s3cap - ok
08:35:03.0366 2712 SamSs - ok
08:35:03.0370 2712 sbp2port - ok
08:35:03.0375 2712 SCardSvr - ok
08:35:03.0378 2712 scfilter - ok
08:35:03.0381 2712 Schedule - ok
08:35:03.0386 2712 SCPolicySvc - ok
08:35:03.0388 2712 SDRSVC - ok
08:35:03.0391 2712 secdrv - ok
08:35:03.0394 2712 seclogon - ok
08:35:03.0397 2712 SecureStorageService - ok
08:35:03.0402 2712 SENS - ok
08:35:03.0406 2712 SensrSvc - ok
08:35:03.0409 2712 Serenum - ok
08:35:03.0411 2712 Serial - ok
08:35:03.0414 2712 sermouse - ok
08:35:03.0424 2712 SessionEnv - ok
08:35:03.0427 2712 sffdisk - ok
08:35:03.0430 2712 sffp_mmc - ok
08:35:03.0436 2712 sffp_sd - ok
08:35:03.0439 2712 sfloppy - ok
08:35:03.0442 2712 SharedAccess - ok
08:35:03.0444 2712 ShellHWDetection - ok
08:35:03.0447 2712 sisagp - ok
08:35:03.0452 2712 SiSRaid2 - ok
08:35:03.0455 2712 SiSRaid4 - ok
08:35:03.0458 2712 Smb - ok
08:35:03.0463 2712 SNMPTRAP - ok
08:35:03.0465 2712 spldr - ok
08:35:03.0470 2712 Spooler - ok
08:35:03.0473 2712 sppsvc - ok
08:35:03.0475 2712 sppuinotify - ok
08:35:03.0478 2712 srv - ok
08:35:03.0481 2712 srv2 - ok
08:35:03.0486 2712 srvnet - ok
08:35:03.0488 2712 SSDPSRV - ok
08:35:03.0491 2712 SstpSvc - ok
08:35:03.0494 2712 STacSV - ok
08:35:03.0499 2712 stdflt - ok
08:35:03.0505 2712 Steam Client Service - ok
08:35:03.0510 2712 stexstor - ok
08:35:03.0514 2712 STHDA - ok
08:35:03.0517 2712 StiSvc - ok
08:35:03.0522 2712 stllssvr - ok
08:35:03.0525 2712 storflt - ok
08:35:03.0527 2712 StorSvc - ok
08:35:03.0530 2712 storvsc - ok
08:35:03.0537 2712 swenum - ok
08:35:03.0539 2712 swprv - ok
08:35:03.0542 2712 SysMain - ok
08:35:03.0545 2712 TabletInputService - ok
08:35:03.0549 2712 TapiSrv - ok
08:35:03.0553 2712 TBS - ok
08:35:03.0556 2712 Tcpip - ok
08:35:03.0559 2712 TCPIP6 - ok
08:35:03.0563 2712 tcpipreg - ok
08:35:03.0570 2712 tcsd_win32.exe - ok
08:35:03.0574 2712 TdmService - ok
08:35:03.0577 2712 TDPIPE - ok
08:35:03.0579 2712 TDTCP - ok
08:35:03.0582 2712 tdx - ok
08:35:03.0586 2712 TermDD - ok
08:35:03.0589 2712 TermService - ok
08:35:03.0592 2712 Themes - ok
08:35:03.0595 2712 THREADORDER - ok
08:35:03.0598 2712 TIRmtSvc - ok
08:35:03.0603 2712 TrkWks - ok
08:35:03.0605 2712 TrustedInstaller - ok
08:35:03.0610 2712 tssecsrv - ok
08:35:03.0613 2712 TsUsbFlt - ok
08:35:03.0617 2712 tunnel - ok
08:35:03.0621 2712 uagp35 - ok
08:35:03.0623 2712 udfs - ok
08:35:03.0628 2712 UI0Detect - ok
08:35:03.0632 2712 uliagpkx - ok
08:35:03.0637 2712 umbus - ok
08:35:03.0640 2712 UmPass - ok
08:35:03.0643 2712 UmRdpService - ok
08:35:03.0646 2712 upnphost - ok
08:35:03.0651 2712 urvpndrv - ok
08:35:03.0656 2712 USBAAPL - ok
08:35:03.0659 2712 usbccgp - ok
08:35:03.0661 2712 usbcir - ok
08:35:03.0665 2712 usbehci - ok
08:35:03.0670 2712 usbhub - ok
08:35:03.0673 2712 usbohci - ok
08:35:03.0675 2712 usbprint - ok
08:35:03.0678 2712 usbscan - ok
08:35:03.0682 2712 USBSTOR - ok
08:35:03.0687 2712 usbuhci - ok
08:35:03.0690 2712 usbvideo - ok
08:35:03.0693 2712 UxSms - ok
08:35:03.0695 2712 VaultSvc - ok
08:35:03.0699 2712 vdrvroot - ok
08:35:03.0704 2712 vds - ok
08:35:03.0707 2712 vga - ok
08:35:03.0710 2712 VgaSave - ok
08:35:03.0712 2712 vhdmp - ok
08:35:03.0716 2712 viaagp - ok
08:35:03.0720 2712 ViaC7 - ok
08:35:03.0723 2712 viaide - ok
08:35:03.0726 2712 vmbus - ok
08:35:03.0728 2712 VMBusHID - ok
08:35:03.0732 2712 volmgr - ok
08:35:03.0737 2712 volmgrx - ok
08:35:03.0740 2712 volsnap - ok
08:35:03.0744 2712 vpnagent - ok
08:35:03.0747 2712 vpnva - ok
08:35:03.0754 2712 vsmraid - ok
08:35:03.0756 2712 VSS - ok
08:35:03.0759 2712 vwifibus - ok
08:35:03.0769 2712 vwififlt - ok
08:35:03.0773 2712 vwifimp - ok
08:35:03.0776 2712 W32Time - ok
08:35:03.0780 2712 WacomPen - ok
08:35:03.0786 2712 WANARP - ok
08:35:03.0789 2712 Wanarpv6 - ok
08:35:03.0800 2712 WatAdminSvc - ok
08:35:03.0803 2712 WavxDMgr - ok
08:35:03.0806 2712 wbengine - ok
08:35:03.0809 2712 WbioSrvc - ok
08:35:03.0811 2712 wcncsvc - ok
08:35:03.0815 2712 WcsPlugInService - ok
08:35:03.0819 2712 Wd - ok
08:35:03.0822 2712 Wdf01000 - ok
08:35:03.0825 2712 WdiServiceHost - ok
08:35:03.0827 2712 WdiSystemHost - ok
08:35:03.0830 2712 WebClient - ok
08:35:03.0836 2712 Wecsvc - ok
08:35:03.0838 2712 wercplsupport - ok
08:35:03.0842 2712 WerSvc - ok
08:35:03.0845 2712 WfpLwf - ok
08:35:03.0848 2712 WIMMount - ok
08:35:03.0854 2712 WinHttpAutoProxySvc - ok
08:35:03.0858 2712 Winmgmt - ok
08:35:03.0860 2712 WinRM - ok
08:35:03.0867 2712 WinUsb - ok
08:35:03.0872 2712 Wlansvc - ok
08:35:03.0883 2712 wlcrasvc - ok
08:35:03.0886 2712 wlidsvc - ok
08:35:03.0889 2712 wltrysvc - ok
08:35:03.0892 2712 WmiAcpi - ok
08:35:03.0896 2712 wmiApSrv - ok
08:35:03.0900 2712 WMPNetworkSvc - ok
08:35:03.0903 2712 WPCSvc - ok
08:35:03.0906 2712 WPDBusEnum - ok
08:35:03.0909 2712 ws2ifsl - ok
08:35:03.0912 2712 WSearch - ok
08:35:03.0916 2712 wuauserv - ok
08:35:03.0920 2712 WudfPf - ok
08:35:03.0923 2712 WUDFRd - ok
08:35:03.0926 2712 wudfsvc - ok
08:35:03.0929 2712 WwanSvc - ok
08:35:03.0958 2712 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
08:35:04.0478 2712 \Device\Harddisk0\DR0 - ok
08:35:04.0482 2712 Boot (0x1200) (c9e16f7eb3ae0fdfcfc1e76588cdb7b7) \Device\Harddisk0\DR0\Partition0
08:35:04.0485 2712 \Device\Harddisk0\DR0\Partition0 - ok
08:35:04.0512 2712 Boot (0x1200) (95decf0b53165cba241aa69e79f50c36) \Device\Harddisk0\DR0\Partition1
08:35:04.0515 2712 \Device\Harddisk0\DR0\Partition1 - ok
08:35:04.0516 2712 ============================================================
08:35:04.0516 2712 Scan finished
08:35:04.0516 2712 ============================================================
08:35:04.0532 6712 Detected object count: 0
08:35:04.0532 6712 Actual detected object count: 0asw


aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-03 08:38:14
-----------------------------
08:38:14.708 OS Version: Windows 6.1.7601 Service Pack 1
08:38:14.708 Number of processors: 4 586 0x2505
08:38:14.710 ComputerName: PLA-replaced UserName:
08:38:16.936 Initialize success
08:39:42.211 AVAST engine defs: 12080300
08:40:00.206 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:40:00.208 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 8
08:40:00.220 Disk 0 MBR read successfully
08:40:00.222 Disk 0 MBR scan
08:40:00.228 Disk 0 Windows VISTA default MBR code
08:40:00.231 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
08:40:00.244 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12042 MB offset 81920
08:40:00.256 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 293162 MB offset 24743936
08:40:00.264 Disk 0 scanning sectors +625139712
08:40:00.324 Disk 0 scanning C:\Windows\system32\drivers
08:40:00.332 Service scanning
08:40:29.285 Modules scanning
08:40:30.019 Disk 0 trace - called modules:
08:40:30.042 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys halmacpi.dll iaStor.sys
08:40:30.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x881636e8]
08:40:30.050 3 CLASSPNP.SYS[8c7dd59e] -> nt!IofCallDriver -> [0x88163da0]
08:40:30.055 5 stdfltn.sys[8c9e970c] -> nt!IofCallDriver -> [0x865e8ba0]
08:40:30.059 7 ACPI.sys[8c0c23d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x865fe028]
08:40:31.786 AVAST engine scan C:\Windows
08:40:31.822 AVAST engine scan C:\Windows\system32
08:40:31.835 AVAST engine scan C:\Windows\system32\drivers
08:40:31.846 AVAST engine scan C:\Users\name.replaced
08:40:31.856 AVAST engine scan C:\ProgramData
08:40:31.865 Scan finished successfully
08:41:36.868 Disk 0 MBR has been saved successfully to "C:\Users\name.replaced\Downloads\AntiVirus\aswMBR\08-03-12\MBR.dat"
08:41:36.879 The log file has been saved successfully to "C:\Users\name.replaced\Downloads\AntiVirus\aswMBR\08-03-12\aswMBR.txt"

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 PM

Posted 04 August 2012 - 08:39 AM

Everything looks clean at this point.

Do me a favor and run this beta version of Rkill and post the resulting log:

http://download.bleepingcomputer.com/beta/rkill.exe

#15 bryhart

bryhart
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 04 August 2012 - 09:21 AM

Everything looks clean at this point.

Do me a favor and run this beta version of Rkill and post the resulting log:

http://download.bleepingcomputer.com/beta/rkill.exe


link not working for me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users