Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection by Live Platinum Security virus


  • Please log in to reply
17 replies to this topic

#1 Woody502

Woody502

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 14 August 2012 - 05:29 PM

While browsing a golf forum website I believe I received a Live Platinum Security virus. I have run Malware Bytes and Super Anti Spyware which removed a number of problems (I forgot to save the logs). I am running MS Vista and still have the following problems which concern me and were not present before the attack.

1) On startup of the laptop I get the following message.

RunDLL
error loading C:\users\woods\appdata\roaming\pnvdld.dll
the specified module could not be found

2) MS security centre automatic updating is off (red shield in the tray)and cannot be turned on.

When I try to manually turn it on I get "security centre cant change your automatic updating settings"

3) McAfee keeps informing me my computer is at risk real time scanning is off but when I turn it on it instantly turns itself off again.

If you need any more information let me know and thanks for the help.

Edited by Woody502, 14 August 2012 - 05:29 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:36 PM

Posted 14 August 2012 - 05:40 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Woody502

Woody502
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 15 August 2012 - 04:47 AM

Hi mate, not really sure how to atttach the files properly so I hope this will do. I also did all this in safe mode is that OK?

TDSS log file is below (0 threats found).

16:26:24.0390 2420 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
16:26:26.0402 2420 ============================================================
16:26:26.0402 2420 Current date / time: 2012/08/15 16:26:26.0402
16:26:26.0402 2420 SystemInfo:
16:26:26.0402 2420
16:26:26.0402 2420 OS Version: 6.0.6002 ServicePack: 2.0
16:26:26.0402 2420 Product type: Workstation
16:26:26.0402 2420 ComputerName: WOODS-PC
16:26:26.0402 2420 UserName: Woods
16:26:26.0402 2420 Windows directory: C:\Windows
16:26:26.0402 2420 System windows directory: C:\Windows
16:26:26.0402 2420 Processor architecture: Intel x86
16:26:26.0402 2420 Number of processors: 2
16:26:26.0402 2420 Page size: 0x1000
16:26:26.0402 2420 Boot type: Safe boot with network
16:26:26.0402 2420 ============================================================
16:26:28.0009 2420 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:26:28.0024 2420 ============================================================
16:26:28.0024 2420 \Device\Harddisk0\DR0:
16:26:28.0024 2420 MBR partitions:
16:26:28.0024 2420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3B000, BlocksNum 0x1400000
16:26:28.0024 2420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x143B000, BlocksNum 0x23FF3000
16:26:28.0024 2420 ============================================================
16:26:28.0056 2420 C: <-> \Device\Harddisk0\DR0\Partition2
16:26:28.0071 2420 D: <-> \Device\Harddisk0\DR0\Partition1
16:26:28.0071 2420 ============================================================
16:26:28.0071 2420 Initialize success
16:26:28.0071 2420 ============================================================
16:26:48.0476 2508 ============================================================
16:26:48.0476 2508 Scan started
16:26:48.0476 2508 Mode: Manual; TDLFS;
16:26:48.0476 2508 ============================================================
16:26:49.0038 2508 ================ Scan services =============================
16:26:49.0209 2508 [ c0393eb99a6c72c6bef9bfc4a72b33a6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:26:49.0209 2508 !SASCORE - ok
16:26:49.0428 2508 [ adc420616c501b45d26c0fd3ef1e54e4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:26:49.0428 2508 ACDaemon - ok
16:26:49.0615 2508 [ 82b296ae1892fe3dbee00c9cf92f8ac7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:26:49.0630 2508 ACPI - ok
16:26:49.0755 2508 [ f19c98ad81d2c0e1bbfd8153d2c80ee8 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:26:49.0755 2508 AdobeFlashPlayerUpdateSvc - ok
16:26:49.0849 2508 [ 04f0fcac69c7c71a3ac4eb97fafc8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:26:49.0849 2508 adp94xx - ok
16:26:49.0880 2508 [ 60505e0041f7751bdbb80f88bf45c2ce ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:26:49.0880 2508 adpahci - ok
16:26:49.0911 2508 [ 8a42779b02aec986eab64ecfc98f8bd7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:26:49.0911 2508 adpu160m - ok
16:26:49.0927 2508 [ 241c9e37f8ce45ef51c3de27515ca4e5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:26:49.0927 2508 adpu320 - ok
16:26:50.0005 2508 [ 9d1fda9e086ba64e3c93c9de32461bcf ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:26:50.0020 2508 AeLookupSvc - ok
16:26:50.0145 2508 [ 087b04ca45e2f059a55709b0b8f95ea9 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
16:26:50.0145 2508 AESTFilters - ok
16:26:50.0239 2508 [ 3911b972b55fea0478476b2e777b29fa ] AFD C:\Windows\system32\drivers\afd.sys
16:26:50.0254 2508 AFD - ok
16:26:50.0332 2508 [ 13f9e33747e6b41a3ff305c37db0d360 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:26:50.0332 2508 agp440 - ok
16:26:50.0348 2508 [ ae1fdf7bf7bb6c6a70f67699d880592a ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:26:50.0348 2508 aic78xx - ok
16:26:50.0379 2508 [ a1545b731579895d8cc44fc0481c1192 ] ALG C:\Windows\System32\alg.exe
16:26:50.0379 2508 ALG - ok
16:26:50.0395 2508 [ 9eaef5fc9b8e351afa7e78a6fae91f91 ] aliide C:\Windows\system32\drivers\aliide.sys
16:26:50.0410 2508 aliide - ok
16:26:50.0410 2508 [ c47344bc706e5f0b9dce369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:26:50.0410 2508 amdagp - ok
16:26:50.0426 2508 [ 9b78a39a4c173fdbc1321e0dd659b34c ] amdide C:\Windows\system32\drivers\amdide.sys
16:26:50.0426 2508 amdide - ok
16:26:50.0488 2508 [ 18f29b49ad23ecee3d2a826c725c8d48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:26:50.0488 2508 AmdK7 - ok
16:26:50.0504 2508 [ 93ae7f7dd54ab986a6f1a1b37be7442d ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:26:50.0504 2508 AmdK8 - ok
16:26:50.0535 2508 [ 1de27858a431a5749e0f3df54ba935b9 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
16:26:50.0551 2508 ApfiltrService - ok
16:26:50.0613 2508 [ c6d704c7f0434dc791aac37cac4b6e14 ] Appinfo C:\Windows\System32\appinfo.dll
16:26:50.0613 2508 Appinfo - ok
16:26:50.0676 2508 [ 5d2888182fb46632511acee92fdad522 ] arc C:\Windows\system32\drivers\arc.sys
16:26:50.0676 2508 arc - ok
16:26:50.0722 2508 [ 5e2a321bd7c8b3624e41fdec3e244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:26:50.0722 2508 arcsas - ok
16:26:50.0800 2508 [ 53b202abee6455406254444303e87be1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:26:50.0800 2508 AsyncMac - ok
16:26:50.0863 2508 [ 1f05b78ab91c9075565a9d8a4b880bc4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:26:50.0863 2508 atapi - ok
16:26:50.0941 2508 [ 4604db6d5eca6362873cc3a76d2204ba ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
16:26:50.0956 2508 Ati External Event Utility - ok
16:26:51.0112 2508 [ 47dcf5d78c395159d72c65c25129fc44 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:26:51.0222 2508 atikmdag - ok
16:26:51.0284 2508 [ 68e2a1a0407a66cf50da0300852424ab ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:26:51.0300 2508 AudioEndpointBuilder - ok
16:26:51.0300 2508 [ 68e2a1a0407a66cf50da0300852424ab ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:26:51.0300 2508 Audiosrv - ok
16:26:51.0378 2508 [ 67e506b75bd5326a3ec7b70bd014dfb6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:26:51.0378 2508 Beep - ok
16:26:51.0440 2508 [ c789af0f724fda5852fb9a7d3a432381 ] BFE C:\Windows\System32\bfe.dll
16:26:51.0456 2508 BFE - ok
16:26:51.0471 2508 [ d4df28447741fd3d953526e33a617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:26:51.0471 2508 blbdrive - ok
16:26:51.0549 2508 [ 35f376253f687bde63976ccb3f2108ca ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:26:51.0549 2508 bowser - ok
16:26:51.0627 2508 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:26:51.0627 2508 BrFiltLo - ok
16:26:51.0627 2508 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:26:51.0627 2508 BrFiltUp - ok
16:26:51.0674 2508 [ a3629a0c4226f9e9c72faaeebc3ad33c ] Browser C:\Windows\System32\browser.dll
16:26:51.0674 2508 Browser - ok
16:26:51.0752 2508 [ b304e75cff293029eddf094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:26:51.0752 2508 Brserid - ok
16:26:51.0752 2508 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:26:51.0768 2508 BrSerWdm - ok
16:26:51.0783 2508 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:26:51.0783 2508 BrUsbMdm - ok
16:26:51.0814 2508 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:26:51.0814 2508 BrUsbSer - ok
16:26:51.0877 2508 [ 6d39c954799b63ba866910234cf7d726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
16:26:51.0877 2508 BthEnum - ok
16:26:51.0892 2508 [ ad07c1ec6665b8b35741ab91200c6b68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:26:51.0892 2508 BTHMODEM - ok
16:26:51.0939 2508 [ 5904efa25f829bf84ea6fb045134a1d8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:26:51.0939 2508 BthPan - ok
16:26:52.0017 2508 [ 611ff3f2f095c8d4a6d4cfd9dcc09793 ] BthPort C:\Windows\system32\Drivers\BTHport.sys
16:26:52.0033 2508 BthPort - ok
16:26:52.0095 2508 [ a4c8377fa4a994e07075107dbe2e3dce ] BthServ C:\Windows\System32\bthserv.dll
16:26:52.0111 2508 BthServ - ok
16:26:52.0142 2508 [ d330803eab2a15caec7f011f1d4cb30e ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
16:26:52.0142 2508 BTHUSB - ok
16:26:52.0220 2508 [ 58c4b59d0ebfb637e2e296cf4a686ba0 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
16:26:52.0220 2508 btwaudio - ok
16:26:52.0236 2508 [ e8cc9436cc464d6975adbc4aece0ba7b ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
16:26:52.0236 2508 btwavdt - ok
16:26:52.0345 2508 [ aa29be5bf3d40ca73447639e293fe4c8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
16:26:52.0360 2508 btwdins - ok
16:26:52.0392 2508 [ ecb98391c756a7b9cfbae89d9d1235e1 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
16:26:52.0392 2508 btwl2cap - ok
16:26:52.0438 2508 [ 62ed55843f8216eb25a909a820613033 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
16:26:52.0438 2508 btwrchid - ok
16:26:52.0485 2508 [ 7add03e75beb9e6dd102c3081d29840a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:26:52.0501 2508 cdfs - ok
16:26:52.0579 2508 [ 6b4bffb9becd728097024276430db314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:26:52.0579 2508 cdrom - ok
16:26:52.0657 2508 [ 312ec3e37a0a1f2006534913e37b4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:26:52.0657 2508 CertPropSvc - ok
16:26:52.0766 2508 [ 1c7b1e36f3ced9e4b0b13385e627fe8b ] cfwids C:\Windows\system32\drivers\cfwids.sys
16:26:52.0766 2508 cfwids - ok
16:26:52.0797 2508 [ e5d4133f37219dbcfe102bc61072589d ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:26:52.0797 2508 circlass - ok
16:26:52.0860 2508 [ d7659d3b5b92c31e84e53c1431f35132 ] CLFS C:\Windows\system32\CLFS.sys
16:26:52.0875 2508 CLFS - ok
16:26:52.0969 2508 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:26:52.0984 2508 clr_optimization_v2.0.50727_32 - ok
16:26:53.0109 2508 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:26:53.0187 2508 clr_optimization_v4.0.30319_32 - ok
16:26:53.0250 2508 [ 99afc3795b58cc478fbbbcdc658fcb56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:26:53.0250 2508 CmBatt - ok
16:26:53.0281 2508 [ 0ca25e686a4928484e9fdabd168ab629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:26:53.0281 2508 cmdide - ok
16:26:53.0281 2508 [ 6afef0b60fa25de07c0968983ee4f60a ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:26:53.0281 2508 Compbatt - ok
16:26:53.0296 2508 COMSysApp - ok
16:26:53.0296 2508 [ 741e9dff4f42d2d8477d0fc1dc0df871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:26:53.0296 2508 crcdisk - ok
16:26:53.0343 2508 [ 1f07becdca750766a96cda811ba86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:26:53.0343 2508 Crusoe - ok
16:26:53.0421 2508 [ 75c6a297e364014840b48eccd7525e30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:26:53.0421 2508 CryptSvc - ok
16:26:53.0515 2508 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:26:53.0562 2508 DcomLaunch - ok
16:26:53.0577 2508 [ 622c41a07ca7e6dd91770f50d532cb6c ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:26:53.0577 2508 DfsC - ok
16:26:53.0718 2508 [ 2cc3dcfb533a1035b13dcab6160ab38b ] DFSR C:\Windows\system32\DFSR.exe
16:26:53.0811 2508 DFSR - ok
16:26:53.0905 2508 [ 9028559c132146fb75eb7acf384b086a ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:26:53.0905 2508 Dhcp - ok
16:26:53.0967 2508 [ 5d4aefc3386920236a548271f8f1af6a ] disk C:\Windows\system32\drivers\disk.sys
16:26:53.0983 2508 disk - ok
16:26:54.0045 2508 [ 57d762f6f5974af0da2be88a3349baaa ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:26:54.0045 2508 Dnscache - ok
16:26:54.0108 2508 [ 324fd74686b1ef5e7c19a8af49e748f6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:26:54.0108 2508 dot3svc - ok
16:26:54.0170 2508 [ a622e888f8aa2f6b49e9bc466f0e5def ] DPS C:\Windows\system32\dps.dll
16:26:54.0170 2508 DPS - ok
16:26:54.0201 2508 [ 97fef831ab90bee128c9af390e243f80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:26:54.0201 2508 drmkaud - ok
16:26:54.0264 2508 [ c68ac676b0ef30cfbb1080adce49eb1f ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:26:54.0279 2508 DXGKrnl - ok
16:26:54.0357 2508 [ 908ed85b7806e8af3af5e9b74f7809d4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
16:26:54.0357 2508 e1express - ok
16:26:54.0420 2508 [ 5425f74ac0c1dbd96a1e04f17d63f94c ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:26:54.0420 2508 E1G60 - ok
16:26:54.0451 2508 [ c0b95e40d85cd807d614e264248a45b9 ] EapHost C:\Windows\System32\eapsvc.dll
16:26:54.0466 2508 EapHost - ok
16:26:54.0560 2508 [ 7f64ea048dcfac7acf8b4d7b4e6fe371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:26:54.0560 2508 Ecache - ok
16:26:54.0607 2508 [ 9be3744d295a7701eb425332014f0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:26:54.0622 2508 ehRecvr - ok
16:26:54.0638 2508 [ ad1870c8e5d6dd340c829e6074bf3c3f ] ehSched C:\Windows\ehome\ehsched.exe
16:26:54.0638 2508 ehSched - ok
16:26:54.0654 2508 [ c27c4ee8926e74aa72efcab24c5242c3 ] ehstart C:\Windows\ehome\ehstart.dll
16:26:54.0654 2508 ehstart - ok
16:26:54.0732 2508 [ 23b62471681a124889978f6295b3f4c6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:26:54.0732 2508 elxstor - ok
16:26:54.0810 2508 [ 4e6b23dfc917ea39306b529b773950f4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:26:54.0810 2508 EMDMgmt - ok
16:26:54.0888 2508 [ 3db974f3935483555d7148663f726c61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:26:54.0888 2508 ErrDev - ok
16:26:54.0966 2508 [ 67058c46504bc12d821f38cf99b7b28f ] EventSystem C:\Windows\system32\es.dll
16:26:54.0966 2508 EventSystem - ok
16:26:55.0028 2508 [ 22b408651f9123527bcee54b4f6c5cae ] exfat C:\Windows\system32\drivers\exfat.sys
16:26:55.0044 2508 exfat - ok
16:26:55.0106 2508 [ fa1069bcb8b94387ca4297b6a4a6e746 ] FACAP C:\Windows\system32\DRIVERS\facap.sys
16:26:55.0106 2508 FACAP - ok
16:26:55.0200 2508 [ 4cd1d92dbf3bf28d43cfb98dfb91b7ab ] FAService C:\Program Files\Sensible Vision\Fast Access\FAService.exe
16:26:55.0262 2508 FAService - ok
16:26:55.0324 2508 [ 1e9b9a70d332103c52995e957dc09ef8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:26:55.0324 2508 fastfat - ok
16:26:55.0402 2508 [ afe1e8b9782a0dd7fb46bbd88e43f89a ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:26:55.0402 2508 fdc - ok
16:26:55.0449 2508 [ 6629b5f0e98151f4afdd87567ea32ba3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:26:55.0449 2508 fdPHost - ok
16:26:55.0465 2508 [ 89ed56dce8e47af40892778a5bd31fd2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:26:55.0465 2508 FDResPub - ok
16:26:55.0496 2508 [ a8c0139a884861e3aae9cfe73b208a9f ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:26:55.0496 2508 FileInfo - ok
16:26:55.0512 2508 [ 0ae429a696aecbc5970e3cf2c62635ae ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:26:55.0512 2508 Filetrace - ok
16:26:55.0527 2508 [ 85b7cf99d532820495d68d747fda9ebd ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:26:55.0527 2508 flpydisk - ok
16:26:55.0605 2508 [ 01334f9ea68e6877c4ef05d3ea8abb05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:26:55.0605 2508 FltMgr - ok
16:26:55.0714 2508 [ 8ce364388c8eca59b14b539179276d44 ] FontCache C:\Windows\system32\FntCache.dll
16:26:55.0730 2508 FontCache - ok
16:26:55.0824 2508 [ c7fbdd1ed42f82bfa35167a5c9803ea3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:26:55.0824 2508 FontCache3.0.0.0 - ok
16:26:55.0886 2508 [ b972a66758577e0bfd1de0f91aaa27b5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:26:55.0886 2508 Fs_Rec - ok
16:26:55.0917 2508 [ 34582a6e6573d54a07ece5fe24a126b5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:26:55.0917 2508 gagp30kx - ok
16:26:56.0058 2508 [ 9f5f2f0fb0a7f5aa9f16b9a7b6dad89f ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
16:26:56.0073 2508 GoogleDesktopManager-051210-111108 - ok
16:26:56.0167 2508 [ d3316f6e3c011435f36e3d6e49b3196c ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
16:26:56.0167 2508 GoToAssist - ok
16:26:56.0260 2508 [ cd5d0aeee35dfd4e986a5aa1500a6e66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:26:56.0276 2508 gpsvc - ok
16:26:56.0401 2508 [ 626a24ed1228580b9518c01930936df9 ] gupdate1cc11b9498c85e7 C:\Program Files\Google\Update\GoogleUpdate.exe
16:26:56.0401 2508 gupdate1cc11b9498c85e7 - ok
16:26:56.0401 2508 [ 626a24ed1228580b9518c01930936df9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:26:56.0401 2508 gupdatem - ok
16:26:56.0479 2508 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:26:56.0479 2508 gusvc - ok
16:26:56.0572 2508 [ 3f90e001369a07243763bd5a523d8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:26:56.0572 2508 HdAudAddService - ok
16:26:56.0650 2508 [ 062452b7ffd68c8c042a6261fe8dff4a ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:26:56.0650 2508 HDAudBus - ok
16:26:56.0682 2508 [ 1338520e78d90154ed6be8f84de5fceb ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:26:56.0682 2508 HidBth - ok
16:26:56.0713 2508 [ d8df3722d5e961baa1292aa2f12827e2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:26:56.0713 2508 HidIr - ok
16:26:56.0791 2508 [ 84067081f3318162797385e11a8f0582 ] hidserv C:\Windows\system32\hidserv.dll
16:26:56.0791 2508 hidserv - ok
16:26:56.0838 2508 [ cca4b519b17e23a00b826c55716809cc ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:26:56.0838 2508 HidUsb - ok
16:26:56.0869 2508 [ d8ad255b37da92434c26e4876db7d418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:26:56.0869 2508 hkmsvc - ok
16:26:56.0884 2508 [ 16ee7b23a009e00d835cdb79574a91a6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:26:56.0884 2508 HpCISSs - ok
16:26:56.0962 2508 [ f870aa3e254628ebeafe754108d664de ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:26:56.0962 2508 HTTP - ok
16:26:56.0994 2508 [ c6b032d69650985468160fc9937cf5b4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:26:56.0994 2508 i2omp - ok
16:26:57.0056 2508 [ 22d56c8184586b7a1f6fa60be5f5a2bd ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:26:57.0056 2508 i8042prt - ok
16:26:57.0072 2508 [ 54155ea1b0df185878e0fc9ec3ac3a14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:26:57.0134 2508 iaStorV - ok
16:26:57.0228 2508 [ 98477b08e61945f974ed9fdc4cb6bdab ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:26:57.0243 2508 idsvc - ok
16:26:57.0259 2508 [ 2d077bf86e843f901d8db709c95b49a5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:26:57.0274 2508 iirsp - ok
16:26:57.0337 2508 [ 9908d8a397b76cd8d31d0d383c5773c9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:26:57.0337 2508 IKEEXT - ok
16:26:57.0399 2508 [ 83aa759f3189e6370c30de5dc5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
16:26:57.0399 2508 intelide - ok
16:26:57.0415 2508 [ 224191001e78c89dfa78924c3ea595ff ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:26:57.0415 2508 intelppm - ok
16:26:57.0446 2508 [ 9ac218c6e6105477484c6fdbe7d409a4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:26:57.0446 2508 IPBusEnum - ok
16:26:57.0477 2508 [ 62c265c38769b864cb25b4bcf62df6c3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:26:57.0477 2508 IpFilterDriver - ok
16:26:57.0540 2508 [ 1998bd97f950680bb55f55a7244679c2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:26:57.0540 2508 iphlpsvc - ok
16:26:57.0540 2508 IpInIp - ok
16:26:57.0555 2508 [ b25aaf203552b7b3491139d582b39ad1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:26:57.0555 2508 IPMIDRV - ok
16:26:57.0571 2508 [ 8793643a67b42cec66490b2a0cf92d68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:26:57.0586 2508 IPNAT - ok
16:26:57.0586 2508 [ 109c0dfb82c3632fbd11949b73aeeac9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:26:57.0586 2508 IRENUM - ok
16:26:57.0618 2508 [ 6c70698a3e5c4376c6ab5c7c17fb0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:26:57.0618 2508 isapnp - ok
16:26:57.0696 2508 [ 232fa340531d940aac623b121a595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:26:57.0696 2508 iScsiPrt - ok
16:26:57.0727 2508 [ bced60d16156e428f8df8cf27b0df150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:26:57.0727 2508 iteatapi - ok
16:26:57.0758 2508 [ 8bcd857c7932ad005d5f9c89329da2e1 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
16:26:57.0758 2508 itecir - ok
16:26:57.0789 2508 [ 06fa654504a498c30adca8bec4e87e7e ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:26:57.0789 2508 iteraid - ok
16:26:57.0820 2508 [ a67e8cfcad7d4f8b35643d6c79ba64c3 ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
16:26:57.0820 2508 k57nd60x - ok
16:26:57.0836 2508 [ 37605e0a8cf00cbba538e753e4344c6e ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:26:57.0836 2508 kbdclass - ok
16:26:57.0883 2508 [ ede59ec70e25c24581add1fbec7325f7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:26:57.0883 2508 kbdhid - ok
16:26:57.0930 2508 [ a3e186b4b935905b829219502557314e ] KeyIso C:\Windows\system32\lsass.exe
16:26:57.0930 2508 KeyIso - ok
16:26:58.0008 2508 [ 4a1445efa932a3baf5bdb02d7131ee20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:26:58.0008 2508 KSecDD - ok
16:26:58.0101 2508 [ 8078f8f8f7a79e2e6b494523a828c585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:26:58.0101 2508 KtmRm - ok
16:26:58.0148 2508 [ 1bf5eebfd518dd7298434d8c862f825d ] LanmanServer C:\Windows\system32\srvsvc.dll
16:26:58.0164 2508 LanmanServer - ok
16:26:58.0242 2508 [ 1db69705b695b987082c8baec0c6b34f ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:26:58.0242 2508 LanmanWorkstation - ok
16:26:58.0273 2508 [ d1c5883087a0c3f1344d9d55a44901f6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:26:58.0273 2508 lltdio - ok
16:26:58.0304 2508 [ 2d5a428872f1442631d0959a34abff63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:26:58.0304 2508 lltdsvc - ok
16:26:58.0335 2508 [ 35d40113e4a5b961b6ce5c5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:26:58.0335 2508 lmhosts - ok
16:26:58.0351 2508 [ c7e15e82879bf3235b559563d4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:26:58.0351 2508 LSI_FC - ok
16:26:58.0366 2508 [ ee01ebae8c9bf0fa072e0ff68718920a ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:26:58.0366 2508 LSI_SAS - ok
16:26:58.0444 2508 [ 912a04696e9ca30146a62afa1463dd5c ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:26:58.0460 2508 LSI_SCSI - ok
16:26:58.0476 2508 [ 8f5c7426567798e62a3b3614965d62cc ] luafv C:\Windows\system32\drivers\luafv.sys
16:26:58.0476 2508 luafv - ok
16:26:58.0616 2508 [ f96cdd0edb411c1193c5dd9925c306db ] Maxtor Sync Service C:\Program Files\Maxtor\Sync\SyncServices.exe
16:26:58.0616 2508 Maxtor Sync Service - ok
16:26:58.0678 2508 [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:26:58.0678 2508 MBAMProtector - ok
16:26:58.0725 2508 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:26:58.0725 2508 MBAMService - ok
16:26:58.0881 2508 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:26:58.0881 2508 McAfee SiteAdvisor Service - ok
16:26:58.0990 2508 [ f453d1e6d881e8f8717e20ccd4199e85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
16:26:58.0990 2508 McComponentHostService - ok
16:26:59.0006 2508 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:26:59.0006 2508 McMPFSvc - ok
16:26:59.0006 2508 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:26:59.0006 2508 mcmscsvc - ok
16:26:59.0022 2508 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:26:59.0022 2508 McNaiAnn - ok
16:26:59.0053 2508 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:26:59.0053 2508 McNASvc - ok
16:26:59.0162 2508 [ 135aa9e9e7047b7dc1f753205d421a26 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
16:26:59.0162 2508 McODS - ok
16:26:59.0224 2508 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:26:59.0224 2508 McProxy - ok
16:26:59.0349 2508 [ 593fa4c378818ece76ba64a11ad56cf2 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:26:59.0349 2508 McShield - ok
16:26:59.0380 2508 [ aef9babb8a506bc4ce0451a64aaded46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:26:59.0380 2508 Mcx2Svc - ok
16:26:59.0412 2508 [ 0001ce609d66632fa17b84705f658879 ] megasas C:\Windows\system32\drivers\megasas.sys
16:26:59.0412 2508 megasas - ok
16:26:59.0443 2508 [ c252f32cd9a49dbfc25ecf26ebd51a99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:26:59.0443 2508 MegaSR - ok
16:26:59.0536 2508 [ 43c31bdf404a6d7a7ac1bfd5ead2a566 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
16:26:59.0536 2508 mfeapfk - ok
16:26:59.0599 2508 [ c1dc5f42d3367f33b6451be78b38bd46 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
16:26:59.0599 2508 mfeavfk - ok
16:26:59.0661 2508 [ 0435c43f4c2be01b84868ad2a906397b ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
16:26:59.0661 2508 mfebopk - ok
16:26:59.0724 2508 [ 7e1f8b1bdc8240f08bd358b3a466c005 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:26:59.0724 2508 mfefire - ok
16:26:59.0786 2508 [ 4ea6ff90015424517843e931448e00f1 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
16:26:59.0786 2508 mfefirek - ok
16:26:59.0817 2508 [ 37800fbb68d88e3c3e49bb9c97233e87 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
16:26:59.0833 2508 mfehidk - ok
16:26:59.0880 2508 [ ac04a618aef3de0fce91c766f9e069da ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
16:26:59.0880 2508 mfenlfk - ok
16:26:59.0973 2508 [ 47c91e229b129047f0138011ddf9f92f ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
16:26:59.0973 2508 mferkdet - ok
16:27:00.0051 2508 [ 9f09caa8dc12fc1626f82a5c212f6f9c ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
16:27:00.0051 2508 mfevtp - ok
16:27:00.0114 2508 [ f284337aedb7483df8a5fa840647e2b0 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
16:27:00.0114 2508 mfewfpk - ok
16:27:00.0145 2508 [ 1076ffcffaae8385fd62dfcb25ac4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:27:00.0145 2508 MMCSS - ok
16:27:00.0176 2508 [ e13b5ea0f51ba5b1512ec671393d09ba ] Modem C:\Windows\system32\drivers\modem.sys
16:27:00.0176 2508 Modem - ok
16:27:00.0223 2508 [ 0a9bb33b56e294f686abb7c1e4e2d8a8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:27:00.0223 2508 monitor - ok
16:27:00.0254 2508 [ 5bf6a1326a335c5298477754a506d263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:27:00.0254 2508 mouclass - ok
16:27:00.0270 2508 [ 93b8d4869e12cfbe663915502900876f ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:27:00.0285 2508 mouhid - ok
16:27:00.0285 2508 [ bdafc88aa6b92f7842416ea6a48e1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:27:00.0285 2508 MountMgr - ok
16:27:00.0348 2508 [ 511d011289755dd9f9a7579fb0b064e6 ] mpio C:\Windows\system32\drivers\mpio.sys
16:27:00.0348 2508 mpio - ok
16:27:00.0394 2508 [ 22241feba9b2defa669c8cb0a8dd7d2e ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:27:00.0410 2508 mpsdrv - ok
16:27:00.0472 2508 [ 5de62c6e9108f14f6794060a9bdecaec ] MpsSvc C:\Windows\system32\mpssvc.dll
16:27:00.0488 2508 MpsSvc - ok
16:27:00.0504 2508 [ 4fbbb70d30fd20ec51f80061703b001e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:27:00.0504 2508 Mraid35x - ok
16:27:00.0566 2508 [ 82cea0395524aacfeb58ba1448e8325c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:27:00.0566 2508 MRxDAV - ok
16:27:00.0597 2508 [ 1e94971c4b446ab2290deb71d01cf0c2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:27:00.0613 2508 mrxsmb - ok
16:27:00.0691 2508 [ 4fccb34d793b116423209c0f8b7a3b03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:27:00.0691 2508 mrxsmb10 - ok
16:27:00.0691 2508 [ c3cb1b40ad4a0124d617a1199b0b9d7c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:27:00.0691 2508 mrxsmb20 - ok
16:27:00.0769 2508 [ 5457dcfa7c0da43522f4d9d4049c1472 ] msahci C:\Windows\system32\drivers\msahci.sys
16:27:00.0769 2508 msahci - ok
16:27:00.0800 2508 [ 4468b0f385a86ecddaf8d3ca662ec0e7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:27:00.0800 2508 msdsm - ok
16:27:00.0816 2508 [ fd7520cc3a80c5fc8c48852bb24c6ded ] MSDTC C:\Windows\System32\msdtc.exe
16:27:00.0816 2508 MSDTC - ok
16:27:00.0831 2508 [ a9927f4a46b816c92f461acb90cf8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:27:00.0831 2508 Msfs - ok
16:27:00.0878 2508 [ 0f400e306f385c56317357d6dea56f62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:27:00.0878 2508 msisadrv - ok
16:27:00.0909 2508 [ 85466c0757a23d9a9aecdc0755203cb2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:27:00.0909 2508 MSiSCSI - ok
16:27:00.0925 2508 msiserver - ok
16:27:00.0940 2508 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:27:00.0940 2508 MSK80Service - ok
16:27:00.0956 2508 [ d8c63d34d9c9e56c059e24ec7185cc07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:27:00.0972 2508 MSKSSRV - ok
16:27:00.0987 2508 [ 1d373c90d62ddb641d50e55b9e78d65e ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:27:00.0987 2508 MSPCLOCK - ok
16:27:01.0003 2508 [ b572da05bf4e098d4bba3a4734fb505b ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:27:01.0003 2508 MSPQM - ok
16:27:01.0065 2508 [ b49456d70555de905c311bcda6ec6adb ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:27:01.0065 2508 MsRPC - ok
16:27:01.0081 2508 [ e384487cb84be41d09711c30ca79646c ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:27:01.0096 2508 mssmbios - ok
16:27:01.0096 2508 [ 7199c1eec1e4993caf96b8c0a26bd58a ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:27:01.0096 2508 MSTEE - ok
16:27:01.0159 2508 [ 6a57b5733d4cb702c8ea4542e836b96c ] Mup C:\Windows\system32\Drivers\mup.sys
16:27:01.0159 2508 Mup - ok
16:27:01.0237 2508 [ 216ac775320f64de28cfeb7c179c4ff9 ] MXOPSWD C:\Windows\system32\DRIVERS\mxopswd.sys
16:27:01.0237 2508 MXOPSWD - ok
16:27:01.0299 2508 [ e4eaf0c5c1b41b5c83386cf212ca9584 ] napagent C:\Windows\system32\qagentRT.dll
16:27:01.0299 2508 napagent - ok
16:27:01.0377 2508 [ 85c44fdff9cf7e72a40dcb7ec06a4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:27:01.0377 2508 NativeWifiP - ok
16:27:01.0471 2508 [ 1357274d1883f68300aeadd15d7bbb42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:27:01.0471 2508 NDIS - ok
16:27:01.0502 2508 [ 0e186e90404980569fb449ba7519ae61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:27:01.0502 2508 NdisTapi - ok
16:27:01.0549 2508 [ d6973aa34c4d5d76c0430b181c3cd389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:27:01.0549 2508 Ndisuio - ok
16:27:01.0611 2508 [ 818f648618ae34f729fdb47ec68345c3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:27:01.0611 2508 NdisWan - ok
16:27:01.0642 2508 [ 71dab552b41936358f3b541ae5997fb3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:27:01.0642 2508 NDProxy - ok
16:27:01.0642 2508 [ bcd093a5a6777cf626434568dc7dba78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:27:01.0642 2508 NetBIOS - ok
16:27:01.0705 2508 [ ecd64230a59cbd93c85f1cd1cab9f3f6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:27:01.0720 2508 netbt - ok
16:27:01.0720 2508 [ a3e186b4b935905b829219502557314e ] Netlogon C:\Windows\system32\lsass.exe
16:27:01.0720 2508 Netlogon - ok
16:27:01.0767 2508 [ c8052711daecc48b982434c5116ca401 ] Netman C:\Windows\System32\netman.dll
16:27:01.0767 2508 Netman - ok
16:27:01.0798 2508 [ 2ef3bbe22e5a5acd1428ee387a0d0172 ] netprofm C:\Windows\System32\netprofm.dll
16:27:01.0798 2508 netprofm - ok
16:27:01.0861 2508 [ d6c4e4a39a36029ac0813d476fbd0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:27:01.0861 2508 NetTcpPortSharing - ok
16:27:02.0001 2508 [ 0b214c6a4728f085fb64a29ed9c4de94 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
16:27:02.0095 2508 NETw5v32 - ok
16:27:02.0126 2508 [ 2e7fb731d4790a1bc6270accefacb36e ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:27:02.0126 2508 nfrd960 - ok
16:27:02.0157 2508 [ 2997b15415f9bbe05b5a4c1c85e0c6a2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:27:02.0157 2508 NlaSvc - ok
16:27:02.0298 2508 [ 655bee9c6cf8149d93b8cccde1dfe192 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
16:27:02.0313 2508 NMIndexingService - ok
16:27:02.0376 2508 [ d36f239d7cce1931598e8fb90a0dbc26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:27:02.0376 2508 Npfs - ok
16:27:02.0407 2508 [ 8bb86f0c7eea2bded6fe095d0b4ca9bd ] nsi C:\Windows\system32\nsisvc.dll
16:27:02.0407 2508 nsi - ok
16:27:02.0422 2508 [ 609773e344a97410ce4ebf74a8914fcf ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:27:02.0422 2508 nsiproxy - ok
16:27:02.0516 2508 [ 6a4a98cee84cf9e99564510dda4baa47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:27:02.0532 2508 Ntfs - ok
16:27:02.0563 2508 [ e875c093aec0c978a90f30c9e0dfbb72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:27:02.0563 2508 ntrigdigi - ok
16:27:02.0578 2508 [ c5dbbcda07d780bda9b685df333bb41e ] Null C:\Windows\system32\drivers\Null.sys
16:27:02.0578 2508 Null - ok
16:27:02.0578 2508 [ 2edf9e7751554b42cbb60116de727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:27:02.0594 2508 nvraid - ok
16:27:02.0625 2508 [ abed0c09758d1d97db0042dbb2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:27:02.0625 2508 nvstor - ok
16:27:02.0641 2508 [ 18bbdf913916b71bd54575bdb6eeac0b ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:27:02.0641 2508 nv_agp - ok
16:27:02.0672 2508 NwlnkFlt - ok
16:27:02.0672 2508 NwlnkFwd - ok
16:27:02.0734 2508 [ a015dd2ba6009c8bdd00a6c431302d06 ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
16:27:02.0734 2508 OA001Ufd - ok
16:27:02.0750 2508 [ 438ffcb55b8ce39b0bc71afc0a059835 ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
16:27:02.0766 2508 OA001Vid - ok
16:27:02.0859 2508 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:27:02.0875 2508 odserv - ok
16:27:02.0922 2508 [ 6f310e890d46e246e0e261a63d9b36b4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:27:02.0922 2508 ohci1394 - ok
16:27:02.0984 2508 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:27:02.0984 2508 ose - ok
16:27:03.0046 2508 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:27:03.0062 2508 p2pimsvc - ok
16:27:03.0078 2508 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:27:03.0078 2508 p2psvc - ok
16:27:03.0109 2508 [ 0fa9b5055484649d63c303fe404e5f4d ] Parport C:\Windows\system32\drivers\parport.sys
16:27:03.0109 2508 Parport - ok
16:27:03.0171 2508 [ b9c2b89f08670e159f7181891e449cd9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:27:03.0171 2508 partmgr - ok
16:27:03.0187 2508 [ 4f9a6a8a31413180d0fcb279ad5d8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:27:03.0187 2508 Parvdm - ok
16:27:03.0218 2508 [ c6276ad11f4bb49b58aa1ed88537f14a ] PcaSvc C:\Windows\System32\pcasvc.dll
16:27:03.0218 2508 PcaSvc - ok
16:27:03.0343 2508 [ 92fddbed716bf5c3cb766101563cfce5 ] PCDSRVC{E9D79540-57D5953E-06020101}_0 c:\program files\dell support center\pcdsrvc.pkms
16:27:03.0390 2508 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
16:27:03.0452 2508 [ 941dc1d19e7e8620f40bbc206981efdb ] pci C:\Windows\system32\drivers\pci.sys
16:27:03.0452 2508 pci - ok
16:27:03.0483 2508 [ fc175f5ddab666d7f4d17449a547626f ] pciide C:\Windows\system32\drivers\pciide.sys
16:27:03.0483 2508 pciide - ok
16:27:03.0499 2508 [ e6f3fb1b86aa519e7698ad05e58b04e5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:27:03.0499 2508 pcmcia - ok
16:27:03.0561 2508 [ 6349f6ed9c623b44b52ea3c63c831a92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:27:03.0577 2508 PEAUTH - ok
16:27:03.0655 2508 [ b1689df169143f57053f795390c99db3 ] pla C:\Windows\system32\pla.dll
16:27:03.0686 2508 pla - ok
16:27:03.0733 2508 [ c5e7f8a996ec0a82d508fd9064a5569e ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:27:03.0748 2508 PlugPlay - ok
16:27:03.0764 2508 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:27:03.0780 2508 PNRPAutoReg - ok
16:27:03.0780 2508 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:27:03.0795 2508 PNRPsvc - ok
16:27:03.0811 2508 [ d0494460421a03cd5225cca0059aa146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:27:03.0826 2508 PolicyAgent - ok
16:27:03.0842 2508 [ ecfffaec0c1ecd8dbc77f39070ea1db1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:27:03.0858 2508 PptpMiniport - ok
16:27:03.0873 2508 [ 2027293619dd0f047c584cf2e7df4ffd ] Processor C:\Windows\system32\drivers\processr.sys
16:27:03.0873 2508 Processor - ok
16:27:03.0936 2508 [ 0508faa222d28835310b7bfca7a77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:27:03.0936 2508 ProfSvc - ok
16:27:03.0951 2508 [ a3e186b4b935905b829219502557314e ] ProtectedStorage C:\Windows\system32\lsass.exe
16:27:03.0951 2508 ProtectedStorage - ok
16:27:03.0998 2508 [ 99514faa8df93d34b5589187db3aa0ba ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:27:03.0998 2508 PSched - ok
16:27:04.0092 2508 [ 03e0fe281823ba64b3782f5b38950e73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
16:27:04.0092 2508 PxHelp20 - ok
16:27:04.0185 2508 [ 0a6db55afb7820c99aa1f3a1d270f4f6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:27:04.0201 2508 ql2300 - ok
16:27:04.0216 2508 [ 81a7e5c076e59995d54bc1ed3a16e60b ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:27:04.0232 2508 ql40xx - ok
16:27:04.0263 2508 [ e9ecae663f47e6cb43962d18ab18890f ] QWAVE C:\Windows\system32\qwave.dll
16:27:04.0263 2508 QWAVE - ok
16:27:04.0279 2508 [ 9f5e0e1926014d17486901c88eca2db7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:27:04.0279 2508 QWAVEdrv - ok
16:27:04.0388 2508 [ 47dcf5d78c395159d72c65c25129fc44 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
16:27:04.0404 2508 R300 - ok
16:27:04.0419 2508 [ 147d7f9c556d259924351feb0de606c3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:27:04.0435 2508 RasAcd - ok
16:27:04.0450 2508 [ f6a452eb4ceadbb51c9e0ee6b3ecef0f ] RasAuto C:\Windows\System32\rasauto.dll
16:27:04.0450 2508 RasAuto - ok
16:27:04.0466 2508 [ a214adbaf4cb47dd2728859ef31f26b0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:27:04.0466 2508 Rasl2tp - ok
16:27:04.0528 2508 [ 75d47445d70ca6f9f894b032fbc64fcf ] RasMan C:\Windows\System32\rasmans.dll
16:27:04.0528 2508 RasMan - ok
16:27:04.0591 2508 [ 509a98dd18af4375e1fc40bc175f1def ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:27:04.0591 2508 RasPppoe - ok
16:27:04.0638 2508 [ 2005f4a1e05fa09389ac85840f0a9e4d ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:27:04.0638 2508 RasSstp - ok
16:27:04.0684 2508 [ b14c9d5b9add2f84f70570bbbfaa7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:27:04.0700 2508 rdbss - ok
16:27:04.0747 2508 [ 89e59be9a564262a3fb6c4f4f1cd9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:27:04.0747 2508 RDPCDD - ok
16:27:04.0762 2508 [ fbc0bacd9c3d7f6956853f64a66e252d ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:27:04.0778 2508 rdpdr - ok
16:27:04.0778 2508 [ 9d91fe5286f748862ecffa05f8a0710c ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:27:04.0778 2508 RDPENCDD - ok
16:27:04.0809 2508 [ c127ebd5afab31524662c48dfceb773a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:27:04.0809 2508 RDPWD - ok
16:27:04.0872 2508 [ bcdd6b4804d06b1f7ebf29e53a57ece9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:27:04.0872 2508 RemoteAccess - ok
16:27:04.0934 2508 [ 9e6894ea18daff37b63e1005f83ae4ab ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:27:04.0934 2508 RemoteRegistry - ok
16:27:04.0996 2508 [ 6482707f9f4da0ecbab43b2e0398a101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:27:04.0996 2508 RFCOMM - ok
16:27:05.0074 2508 [ c2ef513bbe069f0d4ee0938a76f975d3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
16:27:05.0074 2508 rimmptsk - ok
16:27:05.0090 2508 [ c398bca91216755b098679a8da8a2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
16:27:05.0090 2508 rimsptsk - ok
16:27:05.0106 2508 [ 2a2554cb24506e0a0508fc395c4a1b42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
16:27:05.0106 2508 rismxdp - ok
16:27:05.0137 2508 [ 5123f83cbc4349d065534eeb6bbdc42b ] RpcLocator C:\Windows\system32\locator.exe
16:27:05.0137 2508 RpcLocator - ok
16:27:05.0152 2508 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] RpcSs C:\Windows\system32\rpcss.dll
16:27:05.0168 2508 RpcSs - ok
16:27:05.0184 2508 [ 9c508f4074a39e8b4b31d27198146fad ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:27:05.0184 2508 rspndr - ok
16:27:05.0199 2508 [ a3e186b4b935905b829219502557314e ] SamSs C:\Windows\system32\lsass.exe
16:27:05.0199 2508 SamSs - ok
16:27:05.0355 2508 [ 39763504067962108505bff25f024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:27:05.0355 2508 SASDIFSV - ok
16:27:05.0371 2508 [ 77b9fc20084b48408ad3e87570eb4a85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:27:05.0371 2508 SASKUTIL - ok
16:27:05.0386 2508 [ 3ce8f073a557e172b330109436984e30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:27:05.0386 2508 sbp2port - ok
16:27:05.0449 2508 [ 77b7a11a0c3d78d3386398fbbea1b632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:27:05.0449 2508 SCardSvr - ok
16:27:05.0496 2508 [ 1a58069db21d05eb2ab58ee5753ebe8d ] Schedule C:\Windows\system32\schedsvc.dll
16:27:05.0511 2508 Schedule - ok
16:27:05.0527 2508 [ 312ec3e37a0a1f2006534913e37b4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:27:05.0527 2508 SCPolicySvc - ok
16:27:05.0589 2508 [ 8f36b54688c31eed4580129040c6a3d3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:27:05.0589 2508 sdbus - ok
16:27:05.0605 2508 [ 716313d9f6b0529d03f726d5aaf6f191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:27:05.0605 2508 SDRSVC - ok
16:27:05.0620 2508 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:27:05.0620 2508 secdrv - ok
16:27:05.0636 2508 [ fd5199d4d8a521005e4b5ee7fe00fa9b ] seclogon C:\Windows\system32\seclogon.dll
16:27:05.0652 2508 seclogon - ok
16:27:05.0652 2508 [ a9bbab5759771e523f55563d6cbe140f ] SENS C:\Windows\System32\sens.dll
16:27:05.0652 2508 SENS - ok
16:27:05.0667 2508 [ 68e44e331d46f0fb38f0863a84cd1a31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:27:05.0683 2508 Serenum - ok
16:27:05.0683 2508 [ c70d69a918b178d3c3b06339b40c2e1b ] Serial C:\Windows\system32\drivers\serial.sys
16:27:05.0683 2508 Serial - ok
16:27:05.0698 2508 [ 8af3d28a879bf75db53a0ee7a4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:27:05.0698 2508 sermouse - ok
16:27:05.0761 2508 [ d2193326f729b163125610dbf3e17d57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:27:05.0761 2508 SessionEnv - ok
16:27:05.0776 2508 [ 3efa810bdca87f6ecc24f9832243fe86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:27:05.0776 2508 sffdisk - ok
16:27:05.0792 2508 [ e95d451f7ea3e583aec75f3b3ee42dc5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:27:05.0792 2508 sffp_mmc - ok
16:27:05.0854 2508 [ 9f66a46c55d6f1ccabc79bb7afccc545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:27:05.0854 2508 sffp_sd - ok
16:27:05.0870 2508 [ 46ed8e91793b2e6f848015445a0ac188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:27:05.0870 2508 sfloppy - ok
16:27:05.0901 2508 [ e1499bd0ff76b1b2fbbf1af339d91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:27:05.0901 2508 SharedAccess - ok
16:27:05.0964 2508 [ c7230fbee14437716701c15be02c27b8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:27:05.0964 2508 ShellHWDetection - ok
16:27:05.0995 2508 [ 1d76624a09a054f682d746b924e2dbc3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:27:05.0995 2508 sisagp - ok
16:27:06.0010 2508 [ 43cb7aa756c7db280d01da9b676cfde2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:27:06.0010 2508 SiSRaid2 - ok
16:27:06.0026 2508 [ a99c6c8b0baa970d8aa59ddc50b57f94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:27:06.0026 2508 SiSRaid4 - ok
16:27:06.0166 2508 [ f07af60b152221472fbdb2fecec4896d ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:27:06.0166 2508 SkypeUpdate - ok
16:27:06.0307 2508 [ 862bb4cbc05d80c5b45be430e5ef872f ] slsvc C:\Windows\system32\SLsvc.exe
16:27:06.0385 2508 slsvc - ok
16:27:06.0447 2508 [ 6edc422215cd78aa8a9cde6b30abbd35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:27:06.0447 2508 SLUINotify - ok
16:27:06.0510 2508 [ 7b75299a4d201d6a6533603d6914ab04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:27:06.0510 2508 Smb - ok
16:27:06.0572 2508 [ 2a146a055b4401c16ee62d18b8e2a032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:27:06.0572 2508 SNMPTRAP - ok
16:27:06.0588 2508 [ 7aebdeef071fe28b0eef2cdd69102bff ] spldr C:\Windows\system32\drivers\spldr.sys
16:27:06.0588 2508 spldr - ok
16:27:06.0650 2508 [ 8554097e5136c3bf9f69fe578a1b35f4 ] Spooler C:\Windows\System32\spoolsv.exe
16:27:06.0666 2508 Spooler - ok
16:27:06.0712 2508 [ 41987f9fc0e61adf54f581e15029ad91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:27:06.0728 2508 srv - ok
16:27:06.0759 2508 [ ff33aff99564b1aa534f58868cbe41ef ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:27:06.0759 2508 srv2 - ok
16:27:06.0775 2508 [ 7605c0e1d01a08f3ecd743f38b834a44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:27:06.0775 2508 srvnet - ok
16:27:06.0806 2508 [ 03d50b37234967433a5ea5ba72bc0b62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:27:06.0806 2508 SSDPSRV - ok
16:27:06.0868 2508 [ 6f1a32e7b7b30f004d9a20afadb14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:27:06.0868 2508 SstpSvc - ok
16:27:06.0946 2508 [ cb2449150a5ea17caa0b94363d9440cc ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
16:27:06.0962 2508 STacSV - ok
16:27:07.0040 2508 [ 14a9ad287fda70a06463e09c4328c1f2 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
16:27:07.0040 2508 STHDA - ok
16:27:07.0118 2508 [ 5de7d67e49b88f5f07f3e53c4b92a352 ] stisvc C:\Windows\System32\wiaservc.dll
16:27:07.0134 2508 stisvc - ok
16:27:07.0196 2508 [ 1d0063597c3666404fcf97698abeb019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:27:07.0196 2508 stllssvr - ok
16:27:07.0212 2508 [ 7ba58ecf0c0a9a69d44b3dca62becf56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:27:07.0212 2508 swenum - ok
16:27:07.0274 2508 [ f21fd248040681cca1fb6c9a03aaa93d ] swprv C:\Windows\System32\swprv.dll
16:27:07.0290 2508 swprv - ok
16:27:07.0305 2508 [ 192aa3ac01df071b541094f251deed10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:27:07.0305 2508 Symc8xx - ok
16:27:07.0305 2508 [ 8c8eb8c76736ebaf3b13b633b2e64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:27:07.0305 2508 Sym_hi - ok
16:27:07.0336 2508 [ 8072af52b5fd103bbba387a1e49f62cb ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:27:07.0336 2508 Sym_u3 - ok
16:27:07.0414 2508 [ 9a51b04e9886aa4ee90093586b0ba88d ] SysMain C:\Windows\system32\sysmain.dll
16:27:07.0414 2508 SysMain - ok
16:27:07.0446 2508 [ 2dca225eae15f42c0933e998ee0231c3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:27:07.0461 2508 TabletInputService - ok
16:27:07.0508 2508 [ d7673e4b38ce21ee54c59eeeb65e2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:27:07.0524 2508 TapiSrv - ok
16:27:07.0539 2508 [ cb05822cd9cc6c688168e113c603dbe7 ] TBS C:\Windows\System32\tbssvc.dll
16:27:07.0539 2508 TBS - ok
16:27:07.0617 2508 [ 27d470dabc77bc60d0a3b0e4deb6cb91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:27:07.0633 2508 Tcpip - ok
16:27:07.0648 2508 [ 27d470dabc77bc60d0a3b0e4deb6cb91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:27:07.0648 2508 Tcpip6 - ok
16:27:07.0711 2508 [ 608c345a255d82a6289c2d468eb41fd7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:27:07.0711 2508 tcpipreg - ok
16:27:07.0742 2508 [ 5dcf5e267be67a1ae926f2df77fbcc56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:27:07.0742 2508 TDPIPE - ok
16:27:07.0789 2508 [ 389c63e32b3cefed425b61ed92d3f021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:27:07.0789 2508 TDTCP - ok
16:27:07.0836 2508 [ 76b06eb8a01fc8624d699e7045303e54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:27:07.0851 2508 tdx - ok
16:27:07.0851 2508 [ 3cad38910468eab9a6479e2f01db43c7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:27:07.0851 2508 TermDD - ok
16:27:07.0882 2508 [ bb95da09bef6e7a131bff3ba5032090d ] TermService C:\Windows\System32\termsrv.dll
16:27:07.0898 2508 TermService - ok
16:27:07.0929 2508 [ c7230fbee14437716701c15be02c27b8 ] Themes C:\Windows\system32\shsvcs.dll
16:27:07.0929 2508 Themes - ok
16:27:07.0945 2508 [ 1076ffcffaae8385fd62dfcb25ac4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:27:07.0945 2508 THREADORDER - ok
16:27:08.0070 2508 [ 39bd95a9fe72aaf5c675ad146be456a9 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
16:27:08.0070 2508 TomTomHOMEService - ok
16:27:08.0085 2508 [ ec74e77d0eb004bd3a809b5f8fb8c2ce ] TrkWks C:\Windows\System32\trkwks.dll
16:27:08.0085 2508 TrkWks - ok
16:27:08.0163 2508 [ 113384367c3999e084fe156b18c7625e ] TrojanKillerDriver C:\Windows\system32\DRIVERS\gtkdrv.sys
16:27:08.0163 2508 TrojanKillerDriver - ok
16:27:08.0241 2508 [ 97d9d6a04e3ad9b6c626b9931db78dba ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:27:08.0241 2508 TrustedInstaller - ok
16:27:08.0272 2508 [ dcf0f056a2e4f52287264f5ab29cf206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:27:08.0288 2508 tssecsrv - ok
16:27:08.0366 2508 [ caecc0120ac49e3d2f758b9169872d38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:27:08.0366 2508 tunmp - ok
16:27:08.0428 2508 [ 300db877ac094feab0be7688c3454a9c ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:27:08.0428 2508 tunnel - ok
16:27:08.0428 2508 [ 7d33c4db2ce363c8518d2dfcf533941f ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:27:08.0444 2508 uagp35 - ok
16:27:08.0506 2508 [ d9728af68c4c7693cb100b8441cbdec6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:27:08.0506 2508 udfs - ok
16:27:08.0584 2508 [ ecef404f62863755951e09c802c94ad5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:27:08.0584 2508 UI0Detect - ok
16:27:08.0631 2508 [ b0acfdc9e4af279e9116c03e014b2b27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:27:08.0631 2508 uliagpkx - ok
16:27:08.0647 2508 [ 9224bb254f591de4ca8d572a5f0d635c ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:27:08.0662 2508 uliahci - ok
16:27:08.0662 2508 [ 8514d0e5cd0534467c5fc61be94a569f ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:27:08.0678 2508 UlSata - ok
16:27:08.0678 2508 [ 38c3c6e62b157a6bc46594fada45c62b ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:27:08.0678 2508 ulsata2 - ok
16:27:08.0694 2508 [ 32cff9f809ae9aed85464492bf3e32d2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:27:08.0694 2508 umbus - ok
16:27:08.0740 2508 [ 68308183f4ae0be7bf8ecd07cb297999 ] upnphost C:\Windows\System32\upnphost.dll
16:27:08.0740 2508 upnphost - ok
16:27:08.0803 2508 [ caf811ae4c147ffcd5b51750c7f09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:27:08.0803 2508 usbccgp - ok
16:27:08.0834 2508 [ e9476e6c486e76bc4898074768fb7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:27:08.0834 2508 usbcir - ok
16:27:08.0896 2508 [ 79e96c23a97ce7b8f14d310da2db0c9b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:27:08.0896 2508 usbehci - ok
16:27:08.0928 2508 [ 4673bbcb006af60e7abddbe7a130ba42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:27:08.0928 2508 usbhub - ok
16:27:08.0943 2508 [ 38dbc7dd6cc5a72011f187425384388b ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:27:08.0943 2508 usbohci - ok
16:27:08.0990 2508 [ e75c4b5269091d15a2e7dc0b6d35f2f5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:27:08.0990 2508 usbprint - ok
16:27:09.0084 2508 [ a508c9bd8724980512136b039bba65e9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:27:09.0084 2508 usbscan - ok
16:27:09.0146 2508 [ be3da31c191bc222d9ad503c5224f2ad ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:27:09.0162 2508 USBSTOR - ok
16:27:09.0162 2508 [ 814d653efc4d48be3b04a307eceff56f ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:27:09.0162 2508 usbuhci - ok
16:27:09.0240 2508 [ e67998e8f14cb0627a769f6530bcb352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:27:09.0240 2508 usbvideo - ok
16:27:09.0286 2508 [ 1509e705f3ac1d474c92454a5c2dd81f ] UxSms C:\Windows\System32\uxsms.dll
16:27:09.0302 2508 UxSms - ok
16:27:09.0364 2508 [ cd88d1b7776dc17a119049742ec07eb4 ] vds C:\Windows\System32\vds.exe
16:27:09.0380 2508 vds - ok
16:27:09.0396 2508 [ 87b06e1f30b749a114f74622d013f8d4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:27:09.0396 2508 vga - ok
16:27:09.0411 2508 [ 2e93ac0a1d8c79d019db6c51f036636c ] VgaSave C:\Windows\System32\drivers\vga.sys
16:27:09.0411 2508 VgaSave - ok
16:27:09.0427 2508 [ 5d7159def58a800d5781ba3a879627bc ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:27:09.0442 2508 viaagp - ok
16:27:09.0458 2508 [ c4f3a691b5bad343e6249bd8c2d45dee ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:27:09.0458 2508 ViaC7 - ok
16:27:09.0474 2508 [ aadf5587a4063f52c2c3fed7887426fc ] viaide C:\Windows\system32\drivers\viaide.sys
16:27:09.0474 2508 viaide - ok
16:27:09.0520 2508 [ 69503668ac66c77c6cd7af86fbdf8c43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:27:09.0520 2508 volmgr - ok
16:27:09.0598 2508 [ 23e41b834759917bfd6b9a0d625d0c28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:27:09.0598 2508 volmgrx - ok
16:27:09.0645 2508 [ 147281c01fcb1df9252de2a10d5e7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:27:09.0645 2508 volsnap - ok
16:27:09.0692 2508 [ 587253e09325e6bf226b299774b728a9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:27:09.0692 2508 vsmraid - ok
16:27:09.0786 2508 [ db3d19f850c6eb32bdcb9bc0836acddb ] VSS C:\Windows\system32\vssvc.exe
16:27:09.0817 2508 VSS - ok
16:27:09.0879 2508 [ 96ea68b9eb310a69c25ebb0282b2b9de ] W32Time C:\Windows\system32\w32time.dll
16:27:09.0895 2508 W32Time - ok
16:27:09.0910 2508 [ 48dfee8f1af7c8235d4e626f0c4fe031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:27:09.0910 2508 WacomPen - ok
16:27:09.0926 2508 [ 55201897378cca7af8b5efd874374a26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:27:09.0942 2508 Wanarp - ok
16:27:09.0942 2508 [ 55201897378cca7af8b5efd874374a26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:27:09.0942 2508 Wanarpv6 - ok
16:27:09.0957 2508 [ a3cd60fd826381b49f03832590e069af ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:27:09.0973 2508 wcncsvc - ok
16:27:09.0988 2508 [ 11bcb7afcdd7aadacb5746f544d3a9c7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:27:10.0004 2508 WcsPlugInService - ok
16:27:10.0004 2508 [ 78fe9542363f297b18c027b2d7e7c07f ] Wd C:\Windows\system32\drivers\wd.sys
16:27:10.0004 2508 Wd - ok
16:27:10.0020 2508 [ b6f0a7ad6d4bd325fbcd8bac96cd8d96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:27:10.0035 2508 Wdf01000 - ok
16:27:10.0066 2508 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:27:10.0066 2508 WdiServiceHost - ok
16:27:10.0066 2508 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:27:10.0066 2508 WdiSystemHost - ok
16:27:10.0129 2508 [ 04c37d8107320312fbae09926103d5e2 ] WebClient C:\Windows\System32\webclnt.dll
16:27:10.0144 2508 WebClient - ok
16:27:10.0191 2508 [ ae3736e7e8892241c23e4ebbb7453b60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:27:10.0191 2508 Wecsvc - ok
16:27:10.0222 2508 [ 670ff720071ed741206d69bd995ea453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:27:10.0222 2508 wercplsupport - ok
16:27:10.0285 2508 [ 32b88481d3b326da6deb07b1d03481e7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:27:10.0285 2508 WerSvc - ok
16:27:10.0378 2508 [ 4575aa12561c5648483403541d0d7f2b ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:27:10.0378 2508 WinDefend - ok
16:27:10.0394 2508 WinHttpAutoProxySvc - ok
16:27:10.0425 2508 [ 6b2a1d0e80110e3d04e6863c6e62fd8a ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:27:10.0425 2508 Winmgmt - ok
16:27:10.0519 2508 [ 7cfe68bdc065e55aa5e8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:27:10.0550 2508 WinRM - ok
16:27:10.0628 2508 [ c008405e4feeb069e30da1d823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:27:10.0644 2508 Wlansvc - ok
16:27:10.0690 2508 [ 2e7255d172df0b8283cdfb7b433b864e ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:27:10.0706 2508 WmiAcpi - ok
16:27:10.0768 2508 [ 43be3875207dcb62a85c8c49970b66cc ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:27:10.0768 2508 wmiApSrv - ok
16:27:10.0831 2508 [ 3978704576a121a9204f8cc49a301a9b ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:27:10.0846 2508 WMPNetworkSvc - ok
16:27:10.0909 2508 [ cfc5a04558f5070cee3e3a7809f3ff52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:27:10.0909 2508 WPCSvc - ok
16:27:10.0971 2508 [ 801fbdb89d472b3c467eb112a0fc9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:27:10.0971 2508 WPDBusEnum - ok
16:27:11.0049 2508 [ de9d36f91a4df3d911626643debf11ea ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:27:11.0049 2508 WpdUsb - ok
16:27:11.0236 2508 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:27:11.0252 2508 WPFFontCache_v0400 - ok
16:27:11.0283 2508 [ e3a3cb253c0ec2494d4a61f5e43a389c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:27:11.0283 2508 ws2ifsl - ok
16:27:11.0346 2508 [ 1ca6c40261ddc0425987980d0cd2aaab ] wscsvc C:\Windows\System32\wscsvc.dll
16:27:11.0346 2508 wscsvc - ok
16:27:11.0346 2508 WSearch - ok
16:27:11.0408 2508 [ ac13cb789d93412106b0fb6c7eb2bcb6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:27:11.0408 2508 WUDFRd - ok
16:27:11.0486 2508 [ 575a4190d989f64732119e4114045a4f ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:27:11.0502 2508 wudfsvc - ok
16:27:11.0517 2508 ================ Scan global ===============================
16:27:11.0548 2508 (f31eebc1a1c81fd04005489cc3dcdfe7) C:\Windows\system32\basesrv.dll
16:27:11.0595 2508 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
16:27:11.0611 2508 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
16:27:11.0673 2508 (d4e6d91c1349b7bfb3599a6ada56851b) C:\Windows\system32\services.exe
16:27:11.0673 2508 [Global] - ok
16:27:11.0673 2508 ================ Scan MBR ==================================
16:27:11.0704 2508 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:27:12.0313 2508 \Device\Harddisk0\DR0 - ok
16:27:12.0313 2508 ================ Scan VBR ==================================
16:27:12.0344 2508 Boot (0x1200) (80c98ad80954c42e0ee4b6aad1011b45) \Device\Harddisk0\DR0\Partition1
16:27:12.0344 2508 \Device\Harddisk0\DR0\Partition1 - ok
16:27:12.0344 2508 Boot (0x1200) (ea564acb5a2082d13016fc71c8a82ff8) \Device\Harddisk0\DR0\Partition2
16:27:12.0344 2508 \Device\Harddisk0\DR0\Partition2 - ok
16:27:12.0344 2508 ============================================================
16:27:12.0344 2508 Scan finished
16:27:12.0344 2508 ============================================================
16:27:12.0375 2500 Detected object count: 0
16:27:12.0375 2500 Actual detected object count: 0

aswMBR download - 1 infection - did I need to click fix?

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-15 16:34:34
-----------------------------
16:34:34.791 OS Version: Windows 6.0.6002 Service Pack 2
16:34:34.791 Number of processors: 2 586 0x170A
16:34:34.791 ComputerName: WOODS-PC UserName: Woods
16:35:11.685 Initialize success
16:38:54.313 AVAST engine defs: 12081401
16:38:59.617 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:38:59.617 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3
16:38:59.632 Disk 0 MBR read successfully
16:38:59.648 Disk 0 MBR scan
16:38:59.648 Disk 0 Windows VISTA default MBR code
16:38:59.648 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 117 MB offset 63
16:38:59.664 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 241664
16:38:59.695 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294886 MB offset 21213184
16:38:59.695 Disk 0 scanning sectors +625139712
16:38:59.773 Disk 0 scanning C:\Windows\system32\drivers
16:39:13.438 Service scanning
16:39:51.300 Modules scanning
16:39:58.975 Disk 0 trace - called modules:
16:39:59.006 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
16:39:59.006 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872ee5e0]
16:39:59.022 3 CLASSPNP.SYS[8c3e18b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86597b98]
16:40:01.112 AVAST engine scan C:\Windows
16:40:05.277 AVAST engine scan C:\Windows\system32
16:44:21.616 AVAST engine scan C:\Windows\system32\drivers
16:44:38.730 AVAST engine scan C:\Users\Woods
16:57:32.458 File: C:\Users\Woods\AppData\Local\Temp\~!#642B.tmp **INFECTED** Win32:Downloader-QAI [Trj]
17:14:21.295 AVAST engine scan C:\ProgramData
17:51:44.918 Scan finished successfully
17:52:41.920 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
17:52:41.920 The log file has been saved successfully to "C:\aswMBR scan 1.txt"

Eset scan - 4 threats found

C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\Users\Woods\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8CP5D5OW\counter[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Woods\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HUTS4T88\34144752[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Woods\AppData\Local\Temp\~!#642B.tmp a variant of Win32/Kryptik.AJZX trojan cleaned by deleting - quarantined

Thanks

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:36 PM

Posted 15 August 2012 - 05:25 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 Woody502

Woody502
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 16 August 2012 - 07:22 AM

After a re-boot MBAM ran a full scan with no infections found.

Mini Toolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Woods (administrator) on 16-08-2012 at 22:17:05
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


::1 localhost


========================= IP Configuration: ================================

Intel® WiFi Link 5100 = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Woods-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-23-4D-E8-CE-77
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-22-19-E0-0C-7C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 5100
Physical Address. . . . . . . . . : 00-22-FB-10-F3-E6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a966:a47f:db36:c066%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, 16 August 2012 7:05:30 PM
Lease Expires . . . . . . . . . . : Friday, 17 August 2012 7:05:29 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 201335547
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-29-6C-A5-00-22-19-E0-0C-7C
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E1892E1B-8CC5-4723-973A-0A838A82234B}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2465:f1d:3f57:fe9a(Preferred)
Link-local IPv6 Address . . . . . : fe80::2465:f1d:3f57:fe9a%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{905BDFFD-8D1D-406D-97EE-4069BCDACAC8}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C4486BBC-4FAD-4C8E-A2A7-2C1D60B6D432}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: 192-168-1-254.tpgi.com.au
Address: 192.168.1.254

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.237.142
74.125.237.137
74.125.237.128
74.125.237.130
74.125.237.132
74.125.237.135
74.125.237.129
74.125.237.136
74.125.237.134
74.125.237.133
74.125.237.131



Pinging google.com [74.125.237.142] with 32 bytes of data:

Request timed out.

Reply from 74.125.237.142: bytes=32 time=42ms TTL=57



Ping statistics for 74.125.237.142:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 42ms, Maximum = 42ms, Average = 42ms

Server: 192-168-1-254.tpgi.com.au
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
98.138.253.109



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=217ms TTL=55

Reply from 72.30.38.140: bytes=32 time=255ms TTL=55



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 217ms, Maximum = 255ms, Average = 236ms

Server: 192-168-1-254.tpgi.com.au
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Reply from 127.0.0.1: bytes=32 time=2ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 2ms, Maximum = 2ms, Average = 2ms

===========================================================================
Interface List
14 ...00 23 4d e8 ce 77 ...... Bluetooth Device (Personal Area Network)
11 ...00 22 19 e0 0c 7c ...... Broadcom NetLink ™ Gigabit Ethernet
12 ...00 22 fb 10 f3 e6 ...... Intel® WiFi Link 5100
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.{E1892E1B-8CC5-4723-973A-0A838A82234B}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
17 ...00 00 00 00 00 00 00 e0 isatap.{905BDFFD-8D1D-406D-97EE-4069BCDACAC8}
16 ...00 00 00 00 00 00 00 e0 isatap.{C4486BBC-4FAD-4C8E-A2A7-2C1D60B6D432}
18 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.101 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 281
192.168.1.101 255.255.255.255 On-link 192.168.1.101 281
192.168.1.255 255.255.255.255 On-link 192.168.1.101 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 38 ::/0 On-link
1 306 ::1/128 On-link
10 38 2001::/32 On-link
10 286 2001:0:4137:9e76:2465:f1d:3f57:fe9a/128
On-link
12 281 fe80::/64 On-link
10 286 fe80::/64 On-link
10 286 fe80::2465:f1d:3f57:fe9a/128
On-link
12 281 fe80::a966:a47f:db36:c066/128
On-link
1 306 ff00::/8 On-link
10 286 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/16/2012 10:15:36 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 6324 (0x18b4)

Thread address : 0x779E5CD4

Thread message :

Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume3\Program Files\Sony\Sony Picture Utility\VideoDiscCopier\SPUVideoDiscCopier.exe
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/16/2012 10:12:26 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16447 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1734
Start Time: 01cd7ba62edb14b0
Termination Time: 23

Error: (08/16/2012 10:09:25 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 4036 (0xfc4)

Thread address : 0x779E5CD4

Thread message :

Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume3\Windows\System32\wmpmde.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/16/2012 07:15:30 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (08/16/2012 07:15:23 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (08/16/2012 07:11:39 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/16/2012 07:11:39 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/16/2012 07:11:36 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/16/2012 07:11:36 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/16/2012 07:11:31 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (08/16/2012 10:15:36 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/16/2012 05:43:24 PM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{395633B1-EED9-4DFC-B67F-9788B51C9F06}

Error: (08/16/2012 05:42:41 PM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (08/16/2012 05:39:42 PM) (Source: Service Control Manager) (User: )
Description: SASDIFSV
SASKUTIL
spldr
Wanarpv6

Error: (08/16/2012 05:39:42 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (08/16/2012 05:39:18 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/16/2012 05:39:10 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/16/2012 05:39:01 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (08/16/2012 05:38:57 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/16/2012 05:38:39 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.1.8210)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Advanced Audio FX Engine
ArcSoft Panorama Maker 4 (Version: 4.2.0.94)
ATI Catalyst Control Center (Version: 2.008.0703.2235)
BigPond Media Downloader (Version: 1.0.75)
Browser Address Error Redirector (Version: 1.00.0000)
Canon Inkjet Printer Driver Add-On Module
Canon MP360
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0703.2236.38526)
Catalyst Control Center Graphics Full Existing (Version: 2008.0703.2236.38526)
Catalyst Control Center Graphics Full New (Version: 2008.0703.2236.38526)
Catalyst Control Center Graphics Light (Version: 2008.0703.2236.38526)
Catalyst Control Center Graphics Previews Common (Version: 2008.0703.2236.38526)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0703.2236.38526)
Catalyst Control Center InstallProxy (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Danish (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Dutch (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Finnish (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization French (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization German (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Italian (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Japanese (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Korean (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Norwegian (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Portuguese (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Russian (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Spanish (Version: 2008.0703.2236.38526)
Catalyst Control Center Localization Swedish (Version: 2008.0703.2236.38526)
ccc-core-static (Version: 2008.0703.2236.38526)
ccc-utility (Version: 2008.0703.2236.38526)
CCC Help Chinese Standard (Version: 2008.0703.2235.38526)
CCC Help Chinese Traditional (Version: 2008.0703.2235.38526)
CCC Help Danish (Version: 2008.0703.2235.38526)
CCC Help Dutch (Version: 2008.0703.2235.38526)
CCC Help English (Version: 2008.0703.2235.38526)
CCC Help Finnish (Version: 2008.0703.2235.38526)
CCC Help French (Version: 2008.0703.2235.38526)
CCC Help German (Version: 2008.0703.2235.38526)
CCC Help Italian (Version: 2008.0703.2235.38526)
CCC Help Japanese (Version: 2008.0703.2235.38526)
CCC Help Korean (Version: 2008.0703.2235.38526)
CCC Help Norwegian (Version: 2008.0703.2235.38526)
CCC Help Portuguese (Version: 2008.0703.2235.38526)
CCC Help Russian (Version: 2008.0703.2235.38526)
CCC Help Spanish (Version: 2008.0703.2235.38526)
CCC Help Swedish (Version: 2008.0703.2235.38526)
Dell-eBay (Version: 1.00.0000)
Dell DataSafe Online (Version: 1.2.0009)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 3.1.5830.12)
Dell Touchpad (Version: 7.2.101.209)
Dell Video Chat (remove only) (Version: 6.0 (6551))
Dell Webcam Central
Digital Line Detect (Version: 1.21)
e-tax 2009 (Version: 1.0.0.0)
e-tax 2010 (Version: 1.0.762)
e-tax 2011 (Version: 11.1.704)
e-tax 2012 (Version: 6.0.577)
EDocs
ESET Online Scanner v3
Facebook Plug-In
FastAccess (Version: 2.2.13.1)
FreeMind (Version: 0.8.1)
Google Chrome (Version: 21.0.1180.79)
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.115)
GoToAssist 8.0.0.514
Integrated Webcam Driver (1.03.02.0919)
ITECIR Driver (Version: 1.00.000)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 6 Update 7 (Version: 1.6.0.70)
Live! Cam Avatar Creator (Version: 4.6.1419.1)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Maxtor Manager (Version: 4.01.0303)
McAfee Security Scan Plus (Version: 2.0.181.2)
McAfee SecurityCenter (Version: 11.0.678)
MediaDirect (Version: 4.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Modem Diagnostics Tool (Version: 1.0.22.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My Photo Box V3 (Version: My Photo Box V3 3.1.2)
Nero 8 Essentials (Version: 8.3.467)
neroxml (Version: 1.0.0)
NetWaiting (Version: 2.5.45)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PokerStars
QuickSet (Version: 9.2.6)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
SecurDisc Viewer (Version: 1.4.4)
Skins (Version: 2008.0703.2236.38526)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.10 (Version: 5.10.116)
Sony Picture Utility (Version: 2.0.06.13151)
Sony USB Driver (Version: 2.00)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SUPERAntiSpyware (Version: 5.5.1012)
swMSM (Version: 12.0.0.1)
TomTom HOME 2.8.1.2218 (Version: 2.8.1.2218)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Trojan Killer (Version: 2.1.2.6)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VCRedistSetup (Version: 1.0.0)
Victor Chandler
WIDCOMM Bluetooth Software 6.1.0.4402 (Version: 6.1.0.4402)
Xacti Screen Capture 1.1 (Version: 1.1.1002)

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 3066.13 MB
Available physical RAM: 1749.98 MB
Total Pagefile: 6334.48 MB
Available Pagefile: 4047.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.49 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:287.97 GB) (Free:83.39 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.28 GB) NTFS

========================= Users: ========================================

User accounts for \\WOODS-PC

Administrator Guest Woods


**** End of log ****

FSS
Farbar Service Scanner Version: 06-08-2012
Ran by Woods (administrator) on 16-08-2012 at 22:06:22
Running from "C:\Users\Woods\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OT9F6JQ"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-21 12:24] - [2008-01-21 12:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Adware Cleaner

# AdwCleaner v1.801 - Logfile created 08/16/2012 at 22:23:48
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Woods - WOODS-PC
# Boot Mode : Normal
# Running from : C:\Users\Woods\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OT9F6JQ\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [Registry] *****


***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Woods\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1065 octets] - [16/08/2012 22:23:48]

########## EOF - C:\AdwCleaner[S1].txt - [1193 octets] ##########

Edited by Woody502, 16 August 2012 - 07:33 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:36 PM

Posted 16 August 2012 - 07:58 AM

Download

wuauserv
BITS

Launch it,click YES

Restart the PC ,post the new FSS log

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#7 Woody502

Woody502
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 17 August 2012 - 05:43 AM

Hi mate, I have downloaded the 2 items above and then ran the new FSS scan (output below).



Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-21 12:24] - [2008-01-21 12:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Autoruns output

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\delltpad\apoint.exe"
+ "ArcSoft Connection Service" "ArcSoft Connect Daemon" "ArcSoft Inc." "c:\program files\common files\arcsoft\connection service\bin\acdaemon.exe"
+ "Dell DataSafe Online" "DataSafeOnline" "" "c:\program files\dell datasafe online\datasafeonline.exe"
+ "Dell Webcam Central" "Dell Webcam Central Application" "Creative Technology Ltd." "c:\program files\dell webcam\dell webcam central\webcamdell.exe"
+ "dellsupportcenter" "" "" "File not found: C:\Program Files\Dell Support Center\bin\sprtcmd.exe"
+ "FATrayAlert" "FATrayMon" "Sensible Vision " "c:\program files\sensible vision\fast access\fatraymon.exe"
+ "Google Desktop Search" "Google Desktop" "Google" "c:\program files\google\google desktop search\googledesktop.exe"
+ "Malwarebytes' Anti-Malware" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamgui.exe"
+ "mcui_exe" "McAfee Security Center" "McAfee, Inc." "c:\program files\mcafee.com\agent\mcagent.exe"
+ "mxomssmenu" "Maxtor Status Icon" "Maxtor Corporation" "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
+ "PCMService" "CyberLink PowerCinema Resident Program" "CyberLink Corp." "c:\program files\dell\mediadirect\pcmservice.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray.exe"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files\real\realplayer\update\realsched.exe"
+ "Windows Defender" "Windows Defender User Interface" "Microsoft Corporation" "c:\program files\windows defender\msascui.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Bluetooth.lnk" "Bluetooth Tray Application" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\bttray.exe"
+ "Digital Line Detect.lnk" "Digital Line Detection" "Avanquest Software " "c:\program files\digital line detect\dlg.exe"
+ "McAfee Security Scan Plus.lnk" "McAfee Security Scanner Scheduler" "McAfee, Inc." "c:\program files\mcafee security scan\2.0.181\ssscheduler.exe"
+ "QuickSet.lnk" "QuickSet" "Dell Inc." "c:\program files\dell\quickset\quickset.exe"
+ "Xacti Screen Capture 1.1.lnk" "" "" "c:\windows\installer\{37327654-ebf7-410c-9161-c24d68e02753}\_e47b9b72500055712d025f.exe"
"C:\Users\Woods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "OneNote 2007 Screen Clipper and Launcher.lnk" "Microsoft Office OneNote Quick Launcher" "Microsoft Corporation" "c:\program files\microsoft office\office12\onenotem.exe"
+ "Picture Motion Browser Media Check Tool.lnk" "Media Check Tool" "Sony Corporation" "c:\program files\sony\sony picture utility\volumewatcher\spuvolumewatcher.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "Nero Home" "Nero AG" "c:\program files\common files\nero\lib\nmindexstoresvr.exe"
+ "pnvdld" "" "" "File not found: C:\Users\Woods\AppData\Roaming\pnvdld.dll"
+ "SightSpeed" "Dell Video Chat by SightSpeed" "Dell Inc. and SightSpeed Inc." "c:\program files\dell video chat\dellvideochat.exe"
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
+ "TomTomHOME.exe" "System Tray application for TomTom HOME" "TomTom" "c:\program files\tomtom home 2\tomtomhomerunner.exe"
+ "WMPNSCFG" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" ""
+ "BTW Setup Wizard" "BtWizard Module" "Broadcom Corporation." "c:\windows\system32\btwizard.dll"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "application/x-mfe-ipt" "McAfee MSC IE plugin DLL" "McAfee, Inc." "c:\program files\mcafee\msc\mcsniepl.dll"
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "dssrequest" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "sacore" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "skype-ie-addon-data" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "McCtxMenuFrmWrk" "McAfee ContextMenu Framework" "McAfee, Inc." "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\windows\system32\btncopy.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "NeroDigitalColumnHandler Class" "Nero Digital Shell Extension" "Nero AG" "c:\program files\common files\nero\lib\nerodigitalext.dll"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "McCtxMenuFrmWrk" "McAfee ContextMenu Framework" "McAfee, Inc." "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "CBrowserHelperObject Object" "BAE.dll" "Dell Inc." "c:\program files\dell\bae\bae.dll"
+ "FAIESSOHelper Class" "FAIESSO Application" "Sensible Vision " "c:\program files\sensible vision\fast access\faiesso.dll"
+ "Google Dictionary Compression sdch" "Fast Search" "Google Inc." "c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "McAfee Phishing Filter" "" "" "File not found: c:\progra~1\mcafee\msk\mskapbho.dll"
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealPlayer" "c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll"
+ "scriptproxy" "VSCore Script Scanner" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\scriptsn.20120705145313.dll"
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "McAfee SiteAdvisor Toolbar" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar.dll"
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "PokerStars" "PokerStars Update" "PokerStars" "c:\program files\pokerstars\pokerstarsupdate.exe"
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
"Task Scheduler" "" "" ""
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\PCDEventLauncher" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\dell support center\sessionchecker.exe"
+ "\PCDoctorBackgroundMonitorTask" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\dell support center\uaclauncher.exe"
+ "\RealUpgradeLogonTaskS-1-5-21-3075890225-518513806-2010537310-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
+ "\RealUpgradeScheduledTaskS-1-5-21-3075890225-518513806-2010537310-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
+ "\RNUpgradeHelperResumePrompt_Woods" "RealNetworks Installer" "RealNetworks, Inc." "c:\users\woods\appdata\roaming\real\update\upgradehelper\realplayer\9.11\rnupgagent.exe"
+ "\SystemToolsDailyTest" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\dell support center\uaclauncher.exe"
+ "\{0C900831-6549-4081-8256-78BA61E0A203}" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
+ "\{85410C86-35DC-46A4-A7DD-4A3C51FE7F29}" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
+ "\{B9208D03-88AE-4CA8-9862-2B36CC56E12D}" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe"
+ "\{D5A9E8D5-9223-41B3-93C3-9EB0F046EDB1}" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "ACDaemon" "ArcSoft Connect Service" "ArcSoft Inc." "c:\program files\common files\arcsoft\connection service\bin\acservice.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AESTFilters" "Andrea filters APO access service (32-bit)" "Andrea Electronics Corporation" "c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\aestsrv.exe"
+ "Ati External Event Utility" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "btwdins" "Handles installation and removal of Bluetooth devices." "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\bin\btwdins.exe"
+ "FAService" "FAService" "Sensible Vision " "c:\program files\sensible vision\fast access\faservice.exe"
+ "GoogleDesktopManager-051210-111108" "Updates Google Desktop with the latest security fixes, enhancements and features. This service only runs occasionally and thus does not affect your computer's performance. If this service is stopped or disabled, Google Desktop may not function correctly." "Google" "c:\program files\google\google desktop search\googledesktop.exe"
+ "GoToAssist" "Citrix GoToAssist provides remote help to this PC." "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotoassist\514\g2aservice.exe"
+ "gupdate1cc11b9498c85e7" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "Maxtor Sync Service" "Maxtor Services for Hardware Detection" "Seagate Technology LLC" "c:\program files\maxtor\sync\syncservices.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "McAfee SiteAdvisor Service" "McAfee SiteAdvisor Service" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McComponentHostService" "McAfee Security Scan Component Host Service" "McAfee, Inc." "c:\program files\mcafee security scan\2.0.181\mcchsvc.exe"
+ "McMPFSvc" "Helps protect your computer from intrusion and let's you manage your computer's trusted programs." "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "mcmscsvc" "McAfee Services" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McNaiAnn" "McAfee VirusScan Announcer" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McNASvc" "Allows McAfee applications to communicate securely on the local network." "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McODS" "McAfee Scanner" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcods.exe"
+ "McProxy" "McAfee Proxy Service" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McShield" "McAfee OnAccess Scanner" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mcshield.exe"
+ "mfefire" "Provides firewall services to McAfee products" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mfefire.exe"
+ "mfevtp" "Provides validation trust protection services" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mfevtps.exe"
+ "MSK80Service" "This service filters e-mail messages on your computer" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "NMIndexingService" "Nero Home" "Nero AG" "c:\program files\common files\nero\lib\nmindexingservice.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\stacsv.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
+ "TomTomHOMEService" "TomTom Home Service for ejecting devices" "TomTom" "c:\program files\tomtom home 2\tomtomhomeservice.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "btwaudio" "Bluetooth Audio Device" "Broadcom Corporation." "c:\windows\system32\drivers\btwaudio.sys"
+ "btwavdt" "Broadcom Bluetooth AVDT Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwavdt.sys"
+ "btwl2cap" "Broadcom Bluetooth L2CAP Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwl2cap.sys"
+ "btwrchid" "Bluetooth Remote Control HID Minidriver" "Broadcom Corporation." "c:\windows\system32\drivers\btwrchid.sys"
+ "cfwids" "McAfee Personal Firewall IDS Plugin" "McAfee, Inc." "c:\windows\system32\drivers\cfwids.sys"
+ "e1express" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1e6032.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "FACAP" "faCap WebCam Capture" "Sensible Vision " "c:\windows\system32\drivers\facap.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "itecir" "ITE Consumer IR Driver for eHome" "ITE Tech. Inc. " "c:\windows\system32\drivers\itecir.sys"
+ "k57nd60x" "Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\k57nd60x.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "mfeapfk" "Access Protection Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeapfk.sys"
+ "mfeavfk" "Anti-Virus File System Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeavfk.sys"
+ "mfeavfk01" "" "" "File not found: C:\Windows\System32\Drivers\mfeavfk01.sys"
+ "mfebopk" "Buffer Overflow Protection Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfebopk.sys"
+ "mfefirek" "McAfee Core Firewall Engine Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfefirek.sys"
+ "mfehidk" "McAfee Link Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfehidk.sys"
+ "mfenlfk" "McAfee NDIS Light Filter" "McAfee, Inc." "c:\windows\system32\drivers\mfenlfk.sys"
+ "mferkdet" "McAfee Code Analysis Driver" "McAfee, Inc." "c:\windows\system32\drivers\mferkdet.sys"
+ "mfewfpk" "Anti-Virus Mini-Firewall Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfewfpk.sys"
+ "MXOPSWD" "Security driver for Maxotr external storage drives." "Maxtor Corp." "c:\windows\system32\drivers\mxopswd.sys"
+ "NETw5v32" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v32.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "OA001Ufd" "Provides a software interface to control effects of Integrated Webcam." "Creative Technology Ltd." "c:\windows\system32\drivers\oa001ufd.sys"
+ "OA001Vid" "Provides a software interface to control Integrated Webcam." "Creative Technology Ltd." "c:\windows\system32\drivers\oa001vid.sys"
+ "PCDSRVC{E9D79540-57D5953E-06020101}_0" "Kernel Driver" "PC-Doctor, Inc." "c:\program files\dell support center\pcdsrvc.pkms"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "R300" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "rimmptsk" "RICOH SD Driver" "REDC" "c:\windows\system32\drivers\rimmptsk.sys"
+ "rimsptsk" "RICOH MS Driver" "REDC" "c:\windows\system32\drivers\rimsptsk.sys"
+ "rismxdp" "RICOH XD SM Driver" "REDC" "c:\windows\system32\drivers\rixdptsk.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt.sys"
+ "TrojanKillerDriver" "GridinSoft Trojan Killer Mini-Filter Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\gtkdrv.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ATI Ticker" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder (MD3)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\claud.ax"
+ "CyberLink Audio Effect (MD3)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\dell\mediadirect\kernel\movie\claudfx.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\claudwizard.ax"
+ "CyberLink Demultiplexer (MD3)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator (MD3)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter (MD3)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\clline21.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\video\clmsplter.ax"
+ "Cyberlink SubTitle Importor (MD3)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (MD3)" "CLAuTS.ax" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\clauts.ax"
+ "CyberLink Tzan Filter" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\cltzan.ax"
+ "CyberLink Video Effect (MD3)" "CLVidFx" "CyberLink" "c:\program files\dell\mediadirect\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder (MD3)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\clvsd.ax"
+ "CyberLink Video/SP Decoder (ShEX)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\video\climagevsd.ax"
+ "DV Scenes" "DV-Timecode based Scenechange Detection" "Nero AG" "c:\program files\nero\nero8\nero vision\nvdv.dll"
+ "DV Source Filter" "DV-Timecode based Scenechange Detection" "Nero AG" "c:\program files\nero\nero8\nero vision\nvdv.dll"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "MMACE Deinterlace" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "NeAudio2" "Nero Audio Decoder 2" "Nero AG" "c:\program files\common files\nero\dsfilter\neaudio2.ax"
+ "NeAudioRender" "Nero Audio Renderer" "Nero AG" "c:\program files\common files\nero\dsfilter\neaudiorender.ax"
+ "Nero Audible Decoder" "Nero Audible Decoder" "Nero AG" "c:\program files\common files\nero\dsfilter\neaudible.ax"
+ "Nero Audio CD Filter" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\neaudcd.ax"
+ "Nero Audio CD Navigator" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\neaudcd.ax"
+ "Nero Audio Transcoder" "Audio Transcoding Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\netranscoder.ax"
+ "Nero AV Synchronizer" "Audio/Video Synchronizer" "Nero AG" "c:\program files\common files\nero\dsfilter\neavsync.ax"
+ "Nero Colorspace Converter" "Colorspace Converter" "Nero AG" "c:\program files\common files\nero\dsfilter\necolorspace.ax"
+ "Nero Deinterlace" "Deinterlacing Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nedeinterlace.ax"
+ "Nero Digital Audio Encoder 8" "AAC LC/HE Audio Encoder" "Nero AG" "c:\program files\common files\nero\dsfilter\nendaud.ax"
+ "Nero Digital File Writer 8" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\nero\dsfilter\nendmux.ax"
+ "Nero Digital Muxer 8" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\nero\dsfilter\nendmux.ax"
+ "Nero Digital Null Renderer 8" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\nero\dsfilter\nendmux.ax"
+ "Nero Digital Subpicture Enc 8" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\nero\dsfilter\nendmux.ax"
+ "Nero Digital Video Enc 8" "MPEG4 and H.264 (AVC) Video Encoder" "Nero AG" "c:\program files\common files\nero\dsfilter\nendvid.ax"
+ "Nero DV Splitter" "DV Splitter Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nedvsplitter.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\nero\dsfilter\nevideo.ax"
+ "Nero DVD Navigator" "DVD Navigator Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nedvd.ax"
+ "Nero Elementary Stream Parser" "Nero Elementary Stream Parser" "Nero AG" "c:\program files\common files\nero\dsfilter\neesparser.ax"
+ "Nero File Source (Async.)" "Nero Home" "Nero AG" "c:\program files\common files\nero\dsfilter\nefilesourceasync.ax"
+ "Nero FLV Splitter" "Nero FLV Splitter Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\neflvsplitter.ax"
+ "Nero Frame Capture" "Direct Show frame grabber filter" "Nero AG" "c:\program files\common files\nero\dsfilter\necapture.ax"
+ "Nero Framerate Converter" "Framerate Conversion DirectShow Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\neframerate.ax"
+ "Nero HD Audio Mixer" "Nero Audio Mixer" "Nero AG" "c:\program files\common files\nero\dsfilter\nehdaudiomixer.ax"
+ "Nero InteractiveGraphics Decoder" "Graphics Decoder Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nebdgraphic.ax"
+ "Nero MP2 Audio Encoder" "MP2 Audio Encoding Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nemp2audioenc.ax"
+ "Nero MP3 Encoder" "MP3 Encoding Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nemp3encoder.ax"
+ "Nero MP4 Splitter" "MP4 Splitter Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nemp4splitter.ax"
+ "Nero Mpeg Video Encoder" "NeroMpeg Dynamic Link Library" "Nero AG" "c:\program files\common files\nero\dsfilter\nempegvideoenc.ax"
+ "Nero Mpeg2 Encoder" "MPEG 1/2 encoder filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nevcr.ax"
+ "Nero Ogg Splitter" "Ogg Splitter Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\neoggsplitter.ax"
+ "Nero Photo Source" "Nero Home" "Nero AG" "c:\program files\common files\nero\dsfilter\nephotosource.ax"
+ "Nero PresentationGraphics Decoder" "Graphics Decoder Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nebdgraphic.ax"
+ "Nero PS Muxer" "PS Muxer Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nepsmuxer.ax"
+ "Nero QuickTime™ Audio Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\nero\dsfilter\neqtdec.ax"
+ "Nero QuickTime™ Video Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\nero\dsfilter\neqtdec.ax"
+ "Nero Resize" "Resizing Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\neresize.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\nero\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\nero\dsfilter\nescenedetector.ax"
+ "Nero Sound Processor" "Nero Sound Processor" "Nero AG" "c:\program files\common files\nero\dsfilter\nesoundproc.ax"
+ "Nero Splitter" "Splitter Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nesplitter.ax"
+ "Nero Stream Buffer Sink" "Nero Stream Buffer Engine" "Nero AG" "c:\program files\common files\nero\dsfilter\nesbe.ax"
+ "Nero Stream Buffer Source" "Nero Stream Buffer Engine" "Nero AG" "c:\program files\common files\nero\dsfilter\nesbe.ax"
+ "Nero Subpicture Decoder" "Nero Subpicture Decoder" "Nero AG" "c:\program files\common files\nero\dsfilter\nesubpicture.ax"
+ "Nero Subtitle" "Subtitle Renderer & Mixer" "Nero AG" "c:\program files\common files\nero\dsfilter\nesubtitle.ax"
+ "Nero Teletext Filter" "Teletext Decoder Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\neteletext.ax"
+ "Nero Thumbnail Decoder" "Thumbnail Decoder Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nebdthumbnail.ax"
+ "Nero TS Muxer" "Nero Transport Stream Muxltiplexer" "Nero AG" "c:\program files\common files\nero\dsfilter\netsmuxer.ax"
+ "Nero Vcd Navigator" "Nero Vcd Navigator Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nevcd.ax"
+ "Nero Video Analyzer" "Nero Video Analyzer" "Nero AG" "c:\program files\common files\nero\dsfilter\nevideoanalyzer.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\nero\dsfilter\nevideo.ax"
+ "Nero Video Decoder HD" "Nero HD Video Decoder" "Nero AG" "c:\program files\common files\nero\dsfilter\nevideohd.ax"
+ "Nero Video Processor" "Resize / Deinterlace / Color Correction / Film Effect / Frame Capture Filter" "Nero AG" "c:\program files\common files\nero\dsfilter\nerovideoproc.ax"
+ "Nero Video Renderer" "Nero Video Renderer" "Nero AG" "c:\program files\common files\nero\dsfilter\nevideorenderer.ax"
+ "Nero VMR Modules Filter" "Nero VMR Modules" "Nero AG" "c:\program files\common files\nero\lib\nerovmrmodules.dll"
+ "NeroVobuGenerator" "Nero Vobu Generator" "Nero AG" "c:\program files\common files\nero\dsfilter\nerovobugenerator.ax"
+ "NeSoundSwitch" "Nero Sound Switcher" "Nero AG" "c:\program files\common files\nero\dsfilter\nesoundswitch.ax"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" "Google Desktop" "Google" "c:\program files\google\google desktop search\googledesktopnetwork3.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "FACredProv" "FACredProv Application" "Sensible Vision " "c:\windows\system32\facredprov.dll"
+ "FACredProv2" "FACredProv2 Application" "Sensible Vision " "c:\windows\system32\facredprov2.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" "" "" ""
+ "FACredProvFilter" "FACredProv Application" "Sensible Vision " "c:\windows\system32\facredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "SUPERAntiSpyware WinLogon Processor" "SUPERAntiSpyware.com" "c:\program files\superantispyware\saswinlo.dll"
+ "FastAccess" "" "" "c:\program files\sensible vision\fast access\falognot.dll"
+ "GoToAssist" "Citrix Online GoToAssist" "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotoassist\514\g2awinlogon.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "BJ Language Monitor3_2" "Canon Inkjet Printer Driver" "CANON INC." "c:\windows\system32\cnblm3_2.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
+ "FAPassSync" "FAPassSync" "Sensible Vision " "c:\windows\system32\fapasssync.dll"
"C:\Users\Woods\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-us\Gadget.xml"
+ "Feed Headlines" "Track the latest news, sports, and entertainment headlines." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-us\Gadget.xml"
+ "Slide Show" "Show a continuous slide show of your pictures." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-us\Gadget.xml"

Edited by Woody502, 17 August 2012 - 05:50 AM.


#8 Woody502

Woody502
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 18 August 2012 - 03:20 AM

Hi mate, any feedback on the latest scans I posted?

Edited by Woody502, 18 August 2012 - 03:20 AM.


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:36 PM

Posted 18 August 2012 - 05:34 AM

Sorry ,you edited your last post to update AUTORUNS log.Always use reply button to update your posts.I was waiting for your autoruns log :lol:

"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "pnvdld" "" "" "File not found: C:\Users\Woods\AppData\Roaming\pnvdld.dll"


Uncheck this entry,restart the PC

Any current issues?

I want you to update MBAM and run a scan again and make sure it comes out clean

Edited by narenxp, 18 August 2012 - 05:34 AM.


#10 Woody502

Woody502
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 19 August 2012 - 07:56 PM

double post

Edited by Woody502, 19 August 2012 - 08:01 PM.


#11 Woody502

Woody502
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 19 August 2012 - 07:59 PM

Hi mate, I unchecked the entry listed above and did a restart which seemed to remove the pop up message I had been getting. The security centre all seem to now be OK. As does McAfee which seems to be on and scanning.

One difference I did see is in my start menu I see a folder called Live Security Platinum (it appears to be empty) which was created at the time of the attack (according to the properties). Should I need to do anything to this folder as it was not there prior to the attack. Is there any way to post a screen dump as it would show the folder etc?

I also updated and complete a full MBAM scan (output below).

I will give the laptop a test throughout today and let you know any problems that occur.

From the scans and outputs I have posted do you think my laptop is cured of the virus?

Thanks again.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.19.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Woods :: WOODS-PC [administrator]

Protection: Enabled

20/08/2012 7:43:17 AM
mbam-log-2012-08-20 (07-43-17).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 398317
Time elapsed: 3 hour(s), 12 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:36 PM

Posted 19 August 2012 - 10:00 PM

Just delete the folder

#13 Woody502

Woody502
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 20 August 2012 - 07:39 PM

Hi mate, I ran the laptop for most of the day yesterday and experienced no problems with the internet, MS excel or MS word. I did run Skype which was slower than usual and kept dropping the connection would this be anything to worry about?

From the logs posted can it be found out if there are any potential backdoor threats on the laptop? before using any financial transaction sites?

Cheers mate

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:36 PM

Posted 20 August 2012 - 08:34 PM

Make sure to change the passwords.

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#15 Woody502

Woody502
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 21 August 2012 - 02:54 AM

Hi mate, Rkill file output below.

Rkill 2.2.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/21/2012 05:52:19 PM in x86 mode.
Windows Version: Windows Vista Service Pack 2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/21/2012 05:52:43 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users