Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Odd Advertisements in the Bottom Corner of Browser & Redirects


  • Please log in to reply
11 replies to this topic

#1 Jaykay3354

Jaykay3354

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 23 September 2012 - 11:02 AM

Good morning,

Lately I've been having two issues that I believe are connected that have me worried about my computer. I've tried running Malwarebytes Anti-Malware, but to no avail. I see some other topics about similar issues on the forums, but I wanted to get direct advice here.

The larger issue that I have is that I constantly get advertisements that pop up in the bottom right corner (and sometimes bottom left corner) of my browser that typically say "Recommended for you" or look like an iPhone. These don't appears on all websites, but it does appear on most. I'm using Firefox, but I've checked and can confirm that this appears in the bottom corner of the screen in IE as well as occasionally Steam and the Blizzard launchers for various games now.

The second which seems related is a click redirect. When I click on any link on a website, there is always a chance that I get a screen that says "Hold on while we redirect you" and am taken somewhere completely different. This happens randomly, and several times the link ends up just showing an IP, which is a clear sign that something is wrong. The reason I more think these two are related, is now whenever I click "Play" on the World of Warcraft launcher, it opens up a window in Firefox as a redirect that is just a page which one of the "Recommended for you" links I mentioned in the inital problem.

Please let me know whatever steps you would like me to take to show further details of my issues. Any help and assistance I receive in this thread is great appreciated!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 AM

Posted 23 September 2012 - 11:03 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Jaykay3354

Jaykay3354
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 23 September 2012 - 03:06 PM

Thank you for the quick response! Below are the results of the requested scans.

TDSSkiller

12:05:37.0450 9212 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:05:37.0697 9212 ============================================================
12:05:37.0697 9212 Current date / time: 2012/09/23 12:05:37.0697
12:05:37.0697 9212 SystemInfo:
12:05:37.0697 9212
12:05:37.0697 9212 OS Version: 6.1.7601 ServicePack: 1.0
12:05:37.0697 9212 Product type: Workstation
12:05:37.0698 9212 ComputerName: JK
12:05:37.0698 9212 UserName: John
12:05:37.0698 9212 Windows directory: C:\Windows
12:05:37.0698 9212 System windows directory: C:\Windows
12:05:37.0698 9212 Running under WOW64
12:05:37.0698 9212 Processor architecture: Intel x64
12:05:37.0698 9212 Number of processors: 4
12:05:37.0698 9212 Page size: 0x1000
12:05:37.0698 9212 Boot type: Normal boot
12:05:37.0698 9212 ============================================================
12:05:38.0067 9212 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:05:38.0081 9212 ============================================================
12:05:38.0081 9212 \Device\Harddisk0\DR0:
12:05:38.0081 9212 MBR partitions:
12:05:38.0081 9212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x55EFE694
12:05:38.0081 9212 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55EFE6D3, BlocksNum 0x1646C2E
12:05:38.0081 9212 ============================================================
12:05:38.0111 9212 C: <-> \Device\Harddisk0\DR0\Partition1
12:05:38.0152 9212 D: <-> \Device\Harddisk0\DR0\Partition2
12:05:38.0153 9212 ============================================================
12:05:38.0153 9212 Initialize success
12:05:38.0153 9212 ============================================================
12:06:15.0467 8600 ============================================================
12:06:15.0467 8600 Scan started
12:06:15.0467 8600 Mode: Manual; TDLFS;
12:06:15.0467 8600 ============================================================
12:06:16.0491 8600 ================ Scan system memory ========================
12:06:16.0491 8600 System memory - ok
12:06:16.0491 8600 ================ Scan services =============================
12:06:16.0688 8600 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:06:16.0692 8600 1394ohci - ok
12:06:16.0743 8600 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:06:16.0748 8600 ACPI - ok
12:06:16.0797 8600 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:06:16.0797 8600 AcpiPmi - ok
12:06:16.0953 8600 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:06:16.0957 8600 AdobeFlashPlayerUpdateSvc - ok
12:06:17.0012 8600 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:06:17.0019 8600 adp94xx - ok
12:06:17.0056 8600 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:06:17.0061 8600 adpahci - ok
12:06:17.0094 8600 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:06:17.0096 8600 adpu320 - ok
12:06:17.0130 8600 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:06:17.0131 8600 AeLookupSvc - ok
12:06:17.0214 8600 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:06:17.0221 8600 AFD - ok
12:06:17.0252 8600 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:06:17.0253 8600 agp440 - ok
12:06:17.0293 8600 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:06:17.0294 8600 ALG - ok
12:06:17.0304 8600 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:06:17.0305 8600 aliide - ok
12:06:17.0364 8600 [ C6F7A4E77158AF1B937F872392FF1B13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:06:17.0367 8600 AMD External Events Utility - ok
12:06:17.0417 8600 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:06:17.0418 8600 amdide - ok
12:06:17.0434 8600 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:06:17.0435 8600 AmdK8 - ok
12:06:17.0619 8600 [ 21D749E3C8140B16C40A8273FD747899 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:06:17.0697 8600 amdkmdag - ok
12:06:17.0718 8600 [ 1AA6F50A8E7F8413377C979CEF5218A5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:06:17.0721 8600 amdkmdap - ok
12:06:17.0731 8600 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:06:17.0732 8600 AmdPPM - ok
12:06:17.0774 8600 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:06:17.0776 8600 amdsata - ok
12:06:17.0823 8600 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:06:17.0826 8600 amdsbs - ok
12:06:17.0884 8600 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:06:17.0885 8600 amdxata - ok
12:06:17.0944 8600 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:06:17.0945 8600 AppID - ok
12:06:17.0987 8600 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:06:17.0988 8600 AppIDSvc - ok
12:06:18.0008 8600 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:06:18.0009 8600 Appinfo - ok
12:06:18.0181 8600 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:06:18.0182 8600 Apple Mobile Device - ok
12:06:18.0193 8600 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:06:18.0195 8600 arc - ok
12:06:18.0210 8600 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:06:18.0212 8600 arcsas - ok
12:06:18.0346 8600 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:06:18.0348 8600 aspnet_state - ok
12:06:18.0379 8600 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:06:18.0380 8600 AsyncMac - ok
12:06:18.0423 8600 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:06:18.0424 8600 atapi - ok
12:06:18.0465 8600 [ A1D6190F53A00405D1FECAD3995011FD ] athr C:\Windows\system32\DRIVERS\athrx.sys
12:06:18.0482 8600 athr - ok
12:06:18.0522 8600 [ FDA1E117A7E880BFF5540D180C06EA87 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:06:18.0524 8600 AtiHDAudioService - ok
12:06:18.0539 8600 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
12:06:18.0541 8600 AtiHdmiService - ok
12:06:18.0695 8600 [ 21D749E3C8140B16C40A8273FD747899 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:06:18.0730 8600 atikmdag - ok
12:06:18.0790 8600 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:06:18.0797 8600 AudioEndpointBuilder - ok
12:06:18.0808 8600 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:06:18.0812 8600 AudioSrv - ok
12:06:18.0901 8600 [ 7C813EB232C7AEFA627A12A104DDA221 ] Automatic LiveUpdate Scheduler c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
12:06:18.0904 8600 Automatic LiveUpdate Scheduler - ok
12:06:18.0948 8600 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:06:18.0950 8600 AxInstSV - ok
12:06:19.0006 8600 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:06:19.0012 8600 b06bdrv - ok
12:06:19.0047 8600 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:06:19.0051 8600 b57nd60a - ok
12:06:19.0095 8600 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:06:19.0097 8600 BDESVC - ok
12:06:19.0121 8600 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:06:19.0122 8600 Beep - ok
12:06:19.0182 8600 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:06:19.0193 8600 BITS - ok
12:06:19.0206 8600 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:06:19.0207 8600 blbdrive - ok
12:06:19.0305 8600 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:06:19.0311 8600 Bonjour Service - ok
12:06:19.0356 8600 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:06:19.0373 8600 bowser - ok
12:06:19.0394 8600 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:06:19.0395 8600 BrFiltLo - ok
12:06:19.0402 8600 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:06:19.0402 8600 BrFiltUp - ok
12:06:19.0454 8600 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:06:19.0456 8600 Browser - ok
12:06:19.0472 8600 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:06:19.0476 8600 Brserid - ok
12:06:19.0497 8600 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:06:19.0498 8600 BrSerWdm - ok
12:06:19.0511 8600 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:06:19.0512 8600 BrUsbMdm - ok
12:06:19.0517 8600 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:06:19.0518 8600 BrUsbSer - ok
12:06:19.0535 8600 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:06:19.0536 8600 BTHMODEM - ok
12:06:19.0543 8600 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:06:19.0544 8600 bthserv - ok
12:06:19.0555 8600 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:06:19.0557 8600 cdfs - ok
12:06:19.0599 8600 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
12:06:19.0601 8600 cdrom - ok
12:06:19.0645 8600 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:06:19.0647 8600 CertPropSvc - ok
12:06:19.0680 8600 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:06:19.0681 8600 circlass - ok
12:06:19.0724 8600 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:06:19.0729 8600 CLFS - ok
12:06:19.0803 8600 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:06:19.0805 8600 clr_optimization_v2.0.50727_32 - ok
12:06:19.0843 8600 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:06:19.0845 8600 clr_optimization_v2.0.50727_64 - ok
12:06:19.0886 8600 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:06:19.0924 8600 clr_optimization_v4.0.30319_32 - ok
12:06:19.0959 8600 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:06:19.0965 8600 clr_optimization_v4.0.30319_64 - ok
12:06:19.0983 8600 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:06:19.0983 8600 CmBatt - ok
12:06:20.0014 8600 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:06:20.0015 8600 cmdide - ok
12:06:20.0062 8600 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:06:20.0069 8600 CNG - ok
12:06:20.0086 8600 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:06:20.0086 8600 Compbatt - ok
12:06:20.0127 8600 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:06:20.0128 8600 CompositeBus - ok
12:06:20.0132 8600 COMSysApp - ok
12:06:20.0147 8600 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:06:20.0148 8600 crcdisk - ok
12:06:20.0196 8600 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:06:20.0199 8600 CryptSvc - ok
12:06:20.0250 8600 [ 668A1A1CA15F90281540522B60333F51 ] CT20XUT.DLL C:\Windows\system32\CT20XUT.DLL
12:06:20.0253 8600 CT20XUT.DLL - ok
12:06:20.0277 8600 [ 73DE96BB6D3D5C50B7FD27EEEBA14246 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
12:06:20.0284 8600 ctac32k - ok
12:06:20.0302 8600 [ 7F63F3DA13A3A3BF50725D0A9DD691E1 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
12:06:20.0311 8600 ctaud2k - ok
12:06:20.0348 8600 [ 0E3D97AF9DE5D3BB850C0126239EA417 ] CTEXFIFX.DLL C:\Windows\system32\CTEXFIFX.DLL
12:06:20.0364 8600 CTEXFIFX.DLL - ok
12:06:20.0376 8600 [ D41947762CEC478F4F4113CB5CE32B49 ] CTHWIUT.DLL C:\Windows\system32\CTHWIUT.DLL
12:06:20.0378 8600 CTHWIUT.DLL - ok
12:06:20.0391 8600 [ 5044FE9D7F6BCF257D063EA1AA31D0F7 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
12:06:20.0392 8600 ctprxy2k - ok
12:06:20.0406 8600 [ 9E927AC44494FDF419A01106BF7AF4C5 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
12:06:20.0409 8600 ctsfm2k - ok
12:06:20.0466 8600 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:06:20.0474 8600 DcomLaunch - ok
12:06:20.0527 8600 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:06:20.0531 8600 defragsvc - ok
12:06:20.0571 8600 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:06:20.0572 8600 DfsC - ok
12:06:20.0603 8600 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:06:20.0608 8600 Dhcp - ok
12:06:20.0650 8600 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:06:20.0651 8600 discache - ok
12:06:20.0676 8600 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:06:20.0677 8600 Disk - ok
12:06:20.0725 8600 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:06:20.0728 8600 Dnscache - ok
12:06:20.0783 8600 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:06:20.0787 8600 dot3svc - ok
12:06:20.0823 8600 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:06:20.0825 8600 DPS - ok
12:06:20.0866 8600 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:06:20.0867 8600 drmkaud - ok
12:06:20.0929 8600 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:06:20.0939 8600 DXGKrnl - ok
12:06:21.0005 8600 [ 099E01A94167CA8BDA2CF72037AD0E28 ] e1express C:\Windows\system32\DRIVERS\e1e6232e.sys
12:06:21.0009 8600 e1express - ok
12:06:21.0050 8600 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:06:21.0052 8600 EapHost - ok
12:06:21.0128 8600 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:06:21.0164 8600 ebdrv - ok
12:06:21.0202 8600 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:06:21.0204 8600 EFS - ok
12:06:21.0297 8600 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:06:21.0305 8600 ehRecvr - ok
12:06:21.0344 8600 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:06:21.0346 8600 ehSched - ok
12:06:21.0395 8600 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:06:21.0402 8600 elxstor - ok
12:06:21.0420 8600 [ DAF87F42CCAD997B2A7F2EB3FBD74651 ] emupia C:\Windows\system32\drivers\emupia2k.sys
12:06:21.0422 8600 emupia - ok
12:06:21.0434 8600 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:06:21.0435 8600 ErrDev - ok
12:06:21.0466 8600 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:06:21.0471 8600 EventSystem - ok
12:06:21.0492 8600 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:06:21.0495 8600 exfat - ok
12:06:21.0516 8600 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:06:21.0520 8600 fastfat - ok
12:06:21.0581 8600 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:06:21.0589 8600 Fax - ok
12:06:21.0612 8600 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:06:21.0613 8600 fdc - ok
12:06:21.0654 8600 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:06:21.0656 8600 fdPHost - ok
12:06:21.0670 8600 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:06:21.0672 8600 FDResPub - ok
12:06:21.0685 8600 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:06:21.0686 8600 FileInfo - ok
12:06:21.0693 8600 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:06:21.0693 8600 Filetrace - ok
12:06:21.0710 8600 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:06:21.0711 8600 flpydisk - ok
12:06:21.0753 8600 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:06:21.0757 8600 FltMgr - ok
12:06:21.0811 8600 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:06:21.0824 8600 FontCache - ok
12:06:21.0893 8600 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:06:21.0894 8600 FontCache3.0.0.0 - ok
12:06:21.0909 8600 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:06:21.0910 8600 FsDepends - ok
12:06:21.0947 8600 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:06:21.0948 8600 Fs_Rec - ok
12:06:21.0992 8600 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:06:21.0995 8600 fvevol - ok
12:06:22.0032 8600 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:06:22.0034 8600 gagp30kx - ok
12:06:22.0142 8600 [ 44D07E5A444692E9B6A5CDD7401B4402 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
12:06:22.0145 8600 GameConsoleService - ok
12:06:22.0180 8600 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:06:22.0182 8600 GEARAspiWDM - ok
12:06:22.0225 8600 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:06:22.0234 8600 gpsvc - ok
12:06:22.0342 8600 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca2f2cdb05eb4f C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:06:22.0344 8600 gupdate1ca2f2cdb05eb4f - ok
12:06:22.0363 8600 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:06:22.0364 8600 gupdatem - ok
12:06:22.0405 8600 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:06:22.0408 8600 gusvc - ok
12:06:22.0442 8600 [ 42763243B707222FB61F70CCCDD54115 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
12:06:22.0459 8600 ha20x2k - ok
12:06:22.0474 8600 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:06:22.0475 8600 hcw85cir - ok
12:06:22.0502 8600 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:06:22.0507 8600 HdAudAddService - ok
12:06:22.0561 8600 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:06:22.0563 8600 HDAudBus - ok
12:06:22.0577 8600 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:06:22.0578 8600 HidBatt - ok
12:06:22.0591 8600 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:06:22.0593 8600 HidBth - ok
12:06:22.0610 8600 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:06:22.0611 8600 HidIr - ok
12:06:22.0650 8600 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:06:22.0652 8600 hidserv - ok
12:06:22.0715 8600 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:06:22.0716 8600 HidUsb - ok
12:06:22.0756 8600 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:06:22.0758 8600 hkmsvc - ok
12:06:22.0808 8600 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:06:22.0812 8600 HomeGroupListener - ok
12:06:22.0859 8600 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:06:22.0863 8600 HomeGroupProvider - ok
12:06:22.0928 8600 [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
12:06:22.0929 8600 HP Health Check Service - ok
12:06:23.0072 8600 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:06:23.0075 8600 hpqcxs08 - ok
12:06:23.0100 8600 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:06:23.0102 8600 hpqddsvc - ok
12:06:23.0150 8600 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:06:23.0151 8600 HpSAMD - ok
12:06:23.0205 8600 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:06:23.0216 8600 HPSLPSVC - ok
12:06:23.0278 8600 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:06:23.0286 8600 HTTP - ok
12:06:23.0324 8600 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:06:23.0325 8600 hwpolicy - ok
12:06:23.0375 8600 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:06:23.0377 8600 i8042prt - ok
12:06:23.0428 8600 [ 3C4CD264B04D79A43A0F124C067BA08E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:06:23.0430 8600 iaStor - ok
12:06:23.0507 8600 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:06:23.0512 8600 iaStorV - ok
12:06:23.0574 8600 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:06:23.0575 8600 IDriverT - ok
12:06:23.0638 8600 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:06:23.0648 8600 idsvc - ok
12:06:23.0681 8600 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:06:23.0683 8600 iirsp - ok
12:06:23.0736 8600 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:06:23.0746 8600 IKEEXT - ok
12:06:23.0757 8600 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:06:23.0758 8600 intelide - ok
12:06:23.0780 8600 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:06:23.0781 8600 intelppm - ok
12:06:23.0826 8600 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:06:23.0829 8600 IPBusEnum - ok
12:06:23.0849 8600 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:06:23.0851 8600 IpFilterDriver - ok
12:06:23.0893 8600 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:06:23.0894 8600 IPMIDRV - ok
12:06:23.0911 8600 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:06:23.0913 8600 IPNAT - ok
12:06:23.0967 8600 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:06:23.0977 8600 iPod Service - ok
12:06:23.0998 8600 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:06:23.0999 8600 IRENUM - ok
12:06:24.0032 8600 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:06:24.0032 8600 isapnp - ok
12:06:24.0073 8600 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:06:24.0077 8600 iScsiPrt - ok
12:06:24.0131 8600 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:06:24.0132 8600 kbdclass - ok
12:06:24.0148 8600 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:06:24.0149 8600 kbdhid - ok
12:06:24.0161 8600 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:06:24.0162 8600 KeyIso - ok
12:06:24.0202 8600 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:06:24.0204 8600 KSecDD - ok
12:06:24.0216 8600 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:06:24.0218 8600 KSecPkg - ok
12:06:24.0227 8600 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:06:24.0228 8600 ksthunk - ok
12:06:24.0271 8600 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:06:24.0277 8600 KtmRm - ok
12:06:24.0324 8600 [ 86DCBF8A41C78561A1DA07AB5E7B1CCC ] LADF_DHP2 C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
12:06:24.0326 8600 LADF_DHP2 - ok
12:06:24.0369 8600 [ 175C04C7813CE64616B5CB046E5E1383 ] LADF_SBVM C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
12:06:24.0374 8600 LADF_SBVM - ok
12:06:24.0425 8600 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:06:24.0430 8600 LanmanServer - ok
12:06:24.0473 8600 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:06:24.0476 8600 LanmanWorkstation - ok
12:06:24.0498 8600 [ DB164EB571FD118D277D939510B0F562 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
12:06:24.0499 8600 LGBusEnum - ok
12:06:24.0554 8600 [ DFEFF67508D3A9AEB1A85D7B0F513B24 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:06:24.0556 8600 LightScribeService - ok
12:06:24.0649 8600 [ 63ED50A6ED61829C2DEF5B733D258A05 ] LiveUpdate c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
12:06:24.0684 8600 LiveUpdate - ok
12:06:24.0703 8600 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:06:24.0704 8600 lltdio - ok
12:06:24.0745 8600 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:06:24.0750 8600 lltdsvc - ok
12:06:24.0759 8600 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:06:24.0760 8600 lmhosts - ok
12:06:24.0803 8600 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:06:24.0804 8600 LSI_FC - ok
12:06:24.0814 8600 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:06:24.0816 8600 LSI_SAS - ok
12:06:24.0828 8600 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:06:24.0829 8600 LSI_SAS2 - ok
12:06:24.0851 8600 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:06:24.0852 8600 LSI_SCSI - ok
12:06:24.0879 8600 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:06:24.0881 8600 luafv - ok
12:06:24.0918 8600 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:06:24.0921 8600 Mcx2Svc - ok
12:06:24.0933 8600 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:06:24.0934 8600 megasas - ok
12:06:24.0954 8600 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:06:24.0957 8600 MegaSR - ok
12:06:24.0996 8600 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:06:24.0998 8600 MMCSS - ok
12:06:25.0008 8600 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:06:25.0009 8600 Modem - ok
12:06:25.0043 8600 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:06:25.0044 8600 monitor - ok
12:06:25.0056 8600 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
12:06:25.0057 8600 mouclass - ok
12:06:25.0064 8600 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:06:25.0065 8600 mouhid - ok
12:06:25.0110 8600 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:06:25.0111 8600 mountmgr - ok
12:06:25.0218 8600 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:06:25.0220 8600 MozillaMaintenance - ok
12:06:25.0247 8600 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:06:25.0249 8600 mpio - ok
12:06:25.0264 8600 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:06:25.0265 8600 mpsdrv - ok
12:06:25.0303 8600 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:06:25.0306 8600 MRxDAV - ok
12:06:25.0348 8600 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:06:25.0350 8600 mrxsmb - ok
12:06:25.0393 8600 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:06:25.0397 8600 mrxsmb10 - ok
12:06:25.0412 8600 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:06:25.0414 8600 mrxsmb20 - ok
12:06:25.0453 8600 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:06:25.0453 8600 msahci - ok
12:06:25.0479 8600 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:06:25.0482 8600 msdsm - ok
12:06:25.0519 8600 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:06:25.0522 8600 MSDTC - ok
12:06:25.0559 8600 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:06:25.0559 8600 Msfs - ok
12:06:25.0568 8600 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:06:25.0568 8600 mshidkmdf - ok
12:06:25.0581 8600 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:06:25.0581 8600 msisadrv - ok
12:06:25.0630 8600 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:06:25.0633 8600 MSiSCSI - ok
12:06:25.0637 8600 msiserver - ok
12:06:25.0664 8600 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:06:25.0665 8600 MSKSSRV - ok
12:06:25.0680 8600 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:06:25.0681 8600 MSPCLOCK - ok
12:06:25.0690 8600 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:06:25.0690 8600 MSPQM - ok
12:06:25.0734 8600 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:06:25.0738 8600 MsRPC - ok
12:06:25.0759 8600 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:06:25.0761 8600 mssmbios - ok
12:06:25.0770 8600 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:06:25.0770 8600 MSTEE - ok
12:06:25.0779 8600 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:06:25.0780 8600 MTConfig - ok
12:06:25.0797 8600 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:06:25.0798 8600 Mup - ok
12:06:25.0841 8600 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:06:25.0848 8600 napagent - ok
12:06:25.0903 8600 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:06:25.0908 8600 NativeWifiP - ok
12:06:25.0960 8600 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:06:25.0971 8600 NDIS - ok
12:06:25.0981 8600 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:06:25.0982 8600 NdisCap - ok
12:06:26.0001 8600 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:06:26.0002 8600 NdisTapi - ok
12:06:26.0013 8600 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:06:26.0014 8600 Ndisuio - ok
12:06:26.0023 8600 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:06:26.0026 8600 NdisWan - ok
12:06:26.0062 8600 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:06:26.0063 8600 NDProxy - ok
12:06:26.0106 8600 [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:06:26.0107 8600 Net Driver HPZ12 - ok
12:06:26.0116 8600 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:06:26.0117 8600 NetBIOS - ok
12:06:26.0158 8600 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:06:26.0162 8600 NetBT - ok
12:06:26.0169 8600 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:06:26.0170 8600 Netlogon - ok
12:06:26.0224 8600 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:06:26.0230 8600 Netman - ok
12:06:26.0263 8600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:06:26.0272 8600 NetMsmqActivator - ok
12:06:26.0276 8600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:06:26.0277 8600 NetPipeActivator - ok
12:06:26.0301 8600 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:06:26.0307 8600 netprofm - ok
12:06:26.0312 8600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:06:26.0313 8600 NetTcpActivator - ok
12:06:26.0317 8600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:06:26.0318 8600 NetTcpPortSharing - ok
12:06:26.0360 8600 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:06:26.0362 8600 nfrd960 - ok
12:06:26.0418 8600 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:06:26.0423 8600 NlaSvc - ok
12:06:26.0434 8600 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:06:26.0435 8600 Npfs - ok
12:06:26.0472 8600 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:06:26.0473 8600 nsi - ok
12:06:26.0487 8600 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:06:26.0487 8600 nsiproxy - ok
12:06:26.0561 8600 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:06:26.0579 8600 Ntfs - ok
12:06:26.0600 8600 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:06:26.0601 8600 Null - ok
12:06:26.0648 8600 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:06:26.0650 8600 nvraid - ok
12:06:26.0665 8600 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:06:26.0668 8600 nvstor - ok
12:06:26.0711 8600 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:06:26.0713 8600 nv_agp - ok
12:06:26.0751 8600 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:06:26.0753 8600 ohci1394 - ok
12:06:26.0790 8600 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:06:26.0792 8600 ose - ok
12:06:26.0944 8600 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:06:26.0998 8600 osppsvc - ok
12:06:27.0025 8600 [ 680CD46BF5C1428C6E50A4B46A1408B9 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
12:06:27.0028 8600 ossrv - ok
12:06:27.0067 8600 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:06:27.0073 8600 p2pimsvc - ok
12:06:27.0092 8600 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:06:27.0098 8600 p2psvc - ok
12:06:27.0136 8600 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:06:27.0137 8600 Parport - ok
12:06:27.0174 8600 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:06:27.0175 8600 partmgr - ok
12:06:27.0186 8600 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:06:27.0190 8600 PcaSvc - ok
12:06:27.0275 8600 [ 42E31F483BA25292BC9E04CD5418776C ] PCD5SRVC{E2AF211B-86DA020A-05040000} C:\Program Files (x86)\PC-Doctor 5 for Windows\pcd5srvc_x64.pkms
12:06:27.0314 8600 PCD5SRVC{E2AF211B-86DA020A-05040000} - ok
12:06:27.0349 8600 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:06:27.0352 8600 pci - ok
12:06:27.0361 8600 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:06:27.0362 8600 pciide - ok
12:06:27.0383 8600 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:06:27.0386 8600 pcmcia - ok
12:06:27.0401 8600 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:06:27.0403 8600 pcw - ok
12:06:27.0426 8600 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:06:27.0434 8600 PEAUTH - ok
12:06:27.0541 8600 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:06:27.0543 8600 PerfHost - ok
12:06:27.0619 8600 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:06:27.0635 8600 pla - ok
12:06:27.0682 8600 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:06:27.0688 8600 PlugPlay - ok
12:06:27.0758 8600 [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:06:27.0760 8600 Pml Driver HPZ12 - ok
12:06:27.0763 8600 PnkBstrA - ok
12:06:27.0767 8600 PnkBstrB - ok
12:06:27.0809 8600 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:06:27.0811 8600 PNRPAutoReg - ok
12:06:27.0826 8600 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:06:27.0829 8600 PNRPsvc - ok
12:06:27.0873 8600 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:06:27.0880 8600 PolicyAgent - ok
12:06:27.0920 8600 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:06:27.0923 8600 Power - ok
12:06:27.0969 8600 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:06:27.0971 8600 PptpMiniport - ok
12:06:27.0984 8600 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:06:27.0986 8600 Processor - ok
12:06:28.0024 8600 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:06:28.0028 8600 ProfSvc - ok
12:06:28.0068 8600 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:06:28.0069 8600 ProtectedStorage - ok
12:06:28.0091 8600 [ 1D0A3F565397D08707F3D75B88586645 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
12:06:28.0092 8600 Ps2 - ok
12:06:28.0114 8600 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:06:28.0116 8600 Psched - ok
12:06:28.0155 8600 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
12:06:28.0156 8600 PSI - ok
12:06:28.0217 8600 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:06:28.0233 8600 ql2300 - ok
12:06:28.0251 8600 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:06:28.0254 8600 ql40xx - ok
12:06:28.0276 8600 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:06:28.0280 8600 QWAVE - ok
12:06:28.0298 8600 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:06:28.0298 8600 QWAVEdrv - ok
12:06:28.0309 8600 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:06:28.0310 8600 RasAcd - ok
12:06:28.0345 8600 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:06:28.0347 8600 RasAgileVpn - ok
12:06:28.0355 8600 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:06:28.0358 8600 RasAuto - ok
12:06:28.0403 8600 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:06:28.0405 8600 Rasl2tp - ok
12:06:28.0420 8600 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:06:28.0426 8600 RasMan - ok
12:06:28.0437 8600 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:06:28.0438 8600 RasPppoe - ok
12:06:28.0447 8600 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:06:28.0449 8600 RasSstp - ok
12:06:28.0463 8600 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:06:28.0468 8600 rdbss - ok
12:06:28.0477 8600 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:06:28.0478 8600 rdpbus - ok
12:06:28.0492 8600 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:06:28.0493 8600 RDPCDD - ok
12:06:28.0510 8600 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:06:28.0511 8600 RDPENCDD - ok
12:06:28.0520 8600 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:06:28.0521 8600 RDPREFMP - ok
12:06:28.0540 8600 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:06:28.0544 8600 RDPWD - ok
12:06:28.0594 8600 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:06:28.0597 8600 rdyboost - ok
12:06:28.0657 8600 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:06:28.0660 8600 RemoteAccess - ok
12:06:28.0670 8600 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:06:28.0674 8600 RemoteRegistry - ok
12:06:28.0687 8600 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:06:28.0689 8600 RpcEptMapper - ok
12:06:28.0730 8600 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:06:28.0731 8600 RpcLocator - ok
12:06:28.0773 8600 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:06:28.0777 8600 RpcSs - ok
12:06:28.0819 8600 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:06:28.0821 8600 rspndr - ok
12:06:28.0835 8600 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:06:28.0836 8600 SamSs - ok
12:06:28.0877 8600 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:06:28.0879 8600 sbp2port - ok
12:06:28.0916 8600 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:06:28.0920 8600 SCardSvr - ok
12:06:28.0930 8600 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:06:28.0931 8600 scfilter - ok
12:06:28.0957 8600 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:06:28.0971 8600 Schedule - ok
12:06:29.0011 8600 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:06:29.0012 8600 SCPolicySvc - ok
12:06:29.0030 8600 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:06:29.0034 8600 SDRSVC - ok
12:06:29.0048 8600 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:06:29.0049 8600 secdrv - ok
12:06:29.0059 8600 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:06:29.0061 8600 seclogon - ok
12:06:29.0171 8600 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
12:06:29.0182 8600 Secunia PSI Agent - ok
12:06:29.0209 8600 [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
12:06:29.0215 8600 Secunia Update Agent - ok
12:06:29.0252 8600 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:06:29.0254 8600 SENS - ok
12:06:29.0266 8600 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:06:29.0268 8600 SensrSvc - ok
12:06:29.0290 8600 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:06:29.0291 8600 Serenum - ok
12:06:29.0304 8600 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:06:29.0306 8600 Serial - ok
12:06:29.0336 8600 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:06:29.0337 8600 sermouse - ok
12:06:29.0389 8600 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:06:29.0392 8600 SessionEnv - ok
12:06:29.0409 8600 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:06:29.0410 8600 sffdisk - ok
12:06:29.0423 8600 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:06:29.0424 8600 sffp_mmc - ok
12:06:29.0441 8600 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:06:29.0442 8600 sffp_sd - ok
12:06:29.0474 8600 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:06:29.0475 8600 sfloppy - ok
12:06:29.0520 8600 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:06:29.0525 8600 SharedAccess - ok
12:06:29.0571 8600 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:06:29.0577 8600 ShellHWDetection - ok
12:06:29.0591 8600 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:06:29.0592 8600 SiSRaid2 - ok
12:06:29.0609 8600 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:06:29.0611 8600 SiSRaid4 - ok
12:06:29.0655 8600 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:06:29.0658 8600 SkypeUpdate - ok
12:06:29.0676 8600 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:06:29.0678 8600 Smb - ok
12:06:29.0724 8600 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:06:29.0726 8600 SNMPTRAP - ok
12:06:29.0739 8600 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:06:29.0739 8600 spldr - ok
12:06:29.0788 8600 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:06:29.0796 8600 Spooler - ok
12:06:29.0899 8600 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:06:29.0939 8600 sppsvc - ok
12:06:29.0950 8600 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:06:29.0952 8600 sppuinotify - ok
12:06:29.0995 8600 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:06:30.0001 8600 srv - ok
12:06:30.0015 8600 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:06:30.0020 8600 srv2 - ok
12:06:30.0032 8600 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:06:30.0034 8600 srvnet - ok
12:06:30.0083 8600 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:06:30.0086 8600 SSDPSRV - ok
12:06:30.0097 8600 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:06:30.0099 8600 SstpSvc - ok
12:06:30.0118 8600 Steam Client Service - ok
12:06:30.0163 8600 [ 7C28D81FC104D0DEA13CE1C54280FEB5 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:06:30.0167 8600 Stereo Service - ok
12:06:30.0200 8600 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:06:30.0201 8600 stexstor - ok
12:06:30.0238 8600 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
12:06:30.0239 8600 StillCam - ok
12:06:30.0290 8600 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:06:30.0298 8600 stisvc - ok
12:06:30.0336 8600 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:06:30.0337 8600 swenum - ok
12:06:30.0358 8600 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:06:30.0366 8600 swprv - ok
12:06:30.0409 8600 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:06:30.0429 8600 SysMain - ok
12:06:30.0467 8600 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:06:30.0470 8600 TabletInputService - ok
12:06:30.0519 8600 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:06:30.0524 8600 TapiSrv - ok
12:06:30.0562 8600 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:06:30.0564 8600 TBS - ok
12:06:30.0644 8600 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:06:30.0665 8600 Tcpip - ok
12:06:30.0695 8600 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:06:30.0704 8600 TCPIP6 - ok
12:06:30.0744 8600 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:06:30.0746 8600 tcpipreg - ok
12:06:30.0774 8600 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:06:30.0775 8600 TDPIPE - ok
12:06:30.0810 8600 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:06:30.0811 8600 TDTCP - ok
12:06:30.0854 8600 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:06:30.0856 8600 tdx - ok
12:06:30.0865 8600 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:06:30.0867 8600 TermDD - ok
12:06:30.0911 8600 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:06:30.0920 8600 TermService - ok
12:06:30.0929 8600 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:06:30.0931 8600 Themes - ok
12:06:30.0969 8600 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:06:30.0971 8600 THREADORDER - ok
12:06:30.0980 8600 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:06:30.0983 8600 TrkWks - ok
12:06:31.0032 8600 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:06:31.0035 8600 TrustedInstaller - ok
12:06:31.0046 8600 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:06:31.0048 8600 tssecsrv - ok
12:06:31.0076 8600 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:06:31.0077 8600 TsUsbFlt - ok
12:06:31.0109 8600 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:06:31.0111 8600 tunnel - ok
12:06:31.0150 8600 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:06:31.0152 8600 uagp35 - ok
12:06:31.0171 8600 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:06:31.0176 8600 udfs - ok
12:06:31.0225 8600 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:06:31.0227 8600 UI0Detect - ok
12:06:31.0241 8600 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:06:31.0242 8600 uliagpkx - ok
12:06:31.0286 8600 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
12:06:31.0287 8600 umbus - ok
12:06:31.0303 8600 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:06:31.0304 8600 UmPass - ok
12:06:31.0321 8600 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:06:31.0327 8600 upnphost - ok
12:06:31.0375 8600 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:06:31.0377 8600 USBAAPL64 - ok
12:06:31.0416 8600 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:06:31.0418 8600 usbaudio - ok
12:06:31.0453 8600 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:06:31.0455 8600 usbccgp - ok
12:06:31.0481 8600 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:06:31.0483 8600 usbcir - ok
12:06:31.0523 8600 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:06:31.0524 8600 usbehci - ok
12:06:31.0538 8600 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:06:31.0542 8600 usbhub - ok
12:06:31.0582 8600 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:06:31.0583 8600 usbohci - ok
12:06:31.0595 8600 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:06:31.0596 8600 usbprint - ok
12:06:31.0638 8600 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
12:06:31.0640 8600 USBSTOR - ok
12:06:31.0652 8600 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:06:31.0653 8600 usbuhci - ok
12:06:31.0689 8600 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:06:31.0709 8600 UxSms - ok
12:06:31.0726 8600 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:06:31.0727 8600 VaultSvc - ok
12:06:31.0742 8600 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:06:31.0743 8600 vdrvroot - ok
12:06:31.0792 8600 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:06:31.0799 8600 vds - ok
12:06:31.0845 8600 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:06:31.0846 8600 vga - ok
12:06:31.0856 8600 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:06:31.0857 8600 VgaSave - ok
12:06:31.0902 8600 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:06:31.0905 8600 vhdmp - ok
12:06:31.0947 8600 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:06:31.0948 8600 viaide - ok
12:06:31.0973 8600 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:06:31.0975 8600 volmgr - ok
12:06:32.0011 8600 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:06:32.0016 8600 volmgrx - ok
12:06:32.0062 8600 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:06:32.0067 8600 volsnap - ok
12:06:32.0112 8600 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:06:32.0115 8600 vsmraid - ok
12:06:32.0182 8600 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:06:32.0201 8600 VSS - ok
12:06:32.0212 8600 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:06:32.0213 8600 vwifibus - ok
12:06:32.0227 8600 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:06:32.0228 8600 vwififlt - ok
12:06:32.0271 8600 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:06:32.0277 8600 W32Time - ok
12:06:32.0293 8600 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:06:32.0294 8600 WacomPen - ok
12:06:32.0340 8600 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:06:32.0342 8600 WANARP - ok
12:06:32.0346 8600 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:06:32.0347 8600 Wanarpv6 - ok
12:06:32.0398 8600 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:06:32.0412 8600 WatAdminSvc - ok
12:06:32.0478 8600 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:06:32.0496 8600 wbengine - ok
12:06:32.0511 8600 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:06:32.0515 8600 WbioSrvc - ok
12:06:32.0559 8600 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:06:32.0566 8600 wcncsvc - ok
12:06:32.0584 8600 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:06:32.0587 8600 WcsPlugInService - ok
12:06:32.0603 8600 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:06:32.0604 8600 Wd - ok
12:06:32.0627 8600 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:06:32.0635 8600 Wdf01000 - ok
12:06:32.0650 8600 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:06:32.0652 8600 WdiServiceHost - ok
12:06:32.0656 8600 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:06:32.0658 8600 WdiSystemHost - ok
12:06:32.0677 8600 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:06:32.0681 8600 WebClient - ok
12:06:32.0693 8600 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:06:32.0697 8600 Wecsvc - ok
12:06:32.0705 8600 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:06:32.0708 8600 wercplsupport - ok
12:06:32.0728 8600 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:06:32.0731 8600 WerSvc - ok
12:06:32.0782 8600 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:06:32.0783 8600 WfpLwf - ok
12:06:32.0800 8600 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:06:32.0801 8600 WIMMount - ok
12:06:32.0819 8600 WinHttpAutoProxySvc - ok
12:06:32.0898 8600 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:06:32.0902 8600 Winmgmt - ok
12:06:32.0976 8600 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:06:32.0999 8600 WinRM - ok
12:06:33.0057 8600 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:06:33.0058 8600 WinUsb - ok
12:06:33.0116 8600 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:06:33.0127 8600 Wlansvc - ok
12:06:33.0231 8600 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:06:33.0256 8600 wlidsvc - ok
12:06:33.0301 8600 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:06:33.0302 8600 WmiAcpi - ok
12:06:33.0318 8600 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:06:33.0321 8600 wmiApSrv - ok
12:06:33.0364 8600 WMPNetworkSvc - ok
12:06:33.0375 8600 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:06:33.0377 8600 WPCSvc - ok
12:06:33.0419 8600 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:06:33.0422 8600 WPDBusEnum - ok
12:06:33.0431 8600 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:06:33.0432 8600 ws2ifsl - ok
12:06:33.0438 8600 WSearch - ok
12:06:33.0524 8600 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:06:33.0552 8600 wuauserv - ok
12:06:33.0599 8600 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:06:33.0601 8600 WudfPf - ok
12:06:33.0622 8600 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:06:33.0625 8600 WUDFRd - ok
12:06:33.0638 8600 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:06:33.0641 8600 wudfsvc - ok
12:06:33.0690 8600 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:06:33.0694 8600 WwanSvc - ok
12:06:33.0712 8600 ================ Scan global ===============================
12:06:33.0752 8600 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:06:33.0795 8600 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:06:33.0835 8600 [ 4D7CDE615A0F534BD5E359951829554B ] C:\Windows\system32\consrv.dll
12:06:33.0881 8600 C:\Windows\system32\consrv.dll ( Backdoor.Multi.ZAccess.genb ) - infected
12:06:33.0882 8600 C:\Windows\system32\consrv.dll - detected Backdoor.Multi.ZAccess.genb (0)
12:06:33.0918 8600 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:06:33.0924 8600 ================ Scan MBR ==================================
12:06:33.0933 8600 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:06:34.0194 8600 \Device\Harddisk0\DR0 - ok
12:06:34.0194 8600 ================ Scan VBR ==================================
12:06:34.0197 8600 [ A81A019894B8EB9B970283A14E779EC0 ] \Device\Harddisk0\DR0\Partition1
12:06:34.0198 8600 \Device\Harddisk0\DR0\Partition1 - ok
12:06:34.0206 8600 [ C3CB58001F59A3751944A2C1070D6410 ] \Device\Harddisk0\DR0\Partition2
12:06:34.0208 8600 \Device\Harddisk0\DR0\Partition2 - ok
12:06:34.0208 8600 ============================================================
12:06:34.0208 8600 Scan finished
12:06:34.0208 8600 ============================================================
12:06:34.0219 7700 Detected object count: 1
12:06:34.0219 7700 Actual detected object count: 1
12:06:50.0142 7700 C:\Windows\system32\consrv.dll - copied to quarantine
12:06:51.0271 7700 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
12:06:51.0281 7700 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
12:06:51.0665 7700 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems:Windows - will be cured on reboot
12:06:51.0665 7700 C:\Windows\system32\consrv.dll - will be deleted on reboot
12:06:51.0700 7700 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
12:06:51.0700 7700 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
12:06:51.0706 7700 C:\Windows\system32\consrv.dll ( Backdoor.Multi.ZAccess.genb ) - User select action: Delete

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-23 12:09:15
-----------------------------
12:09:15.417 OS Version: Windows x64 6.1.7601 Service Pack 1
12:09:15.417 Number of processors: 4 586 0x1707
12:09:15.418 ComputerName: JK UserName:
12:09:16.948 Initialize success
12:17:30.028 AVAST engine defs: 12092300
12:17:55.717 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:17:55.719 Disk 0 Vendor: Hitachi_ GK8O Size: 715404MB BusType: 3
12:17:55.728 Disk 0 MBR read successfully
12:17:55.731 Disk 0 MBR scan
12:17:55.735 Disk 0 Windows 7 default MBR code
12:17:55.738 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 703996 MB offset 63
12:17:55.768 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11405 MB offset 1441785555
12:17:55.815 Disk 0 scanning C:\Windows\system32\drivers
12:18:05.018 Service scanning
12:18:05.397 Service 03617347 C:\Windows\system32\drivers\31963451.sys **HIDDEN**
12:18:29.687 Modules scanning
12:18:29.694 Disk 0 trace - called modules:
12:18:29.706 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:18:29.711 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005578060]
12:18:29.716 3 CLASSPNP.SYS[fffff8800191e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800443e050]
12:18:31.381 AVAST engine scan C:\Windows
12:18:36.164 AVAST engine scan C:\Windows\system32
12:18:46.356 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
12:20:15.430 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
12:20:17.833 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
12:21:27.586 AVAST engine scan C:\Windows\system32\drivers
12:21:43.389 AVAST engine scan C:\Users\John
12:43:13.170 AVAST engine scan C:\ProgramData
12:46:21.453 Scan finished successfully
13:29:10.052 Disk 0 MBR has been saved successfully to "C:\Users\John\Documents\MBR.dat"
13:29:10.058 The log file has been saved successfully to "C:\Users\John\Documents\aswMBR.txt"

ESET

C:\TDSSKiller_Quarantine\23.09.2012_12.05.37\zasubsys0000\file0000\tsk0000.dta Win64/Sirefef.G trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.09.2012_12.05.37\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.DN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.09.2012_12.05.37\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.G trojan cleaned by deleting - quarantined
C:\Windows\system64\consrv.dll Win64/Sirefef.G trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.DN trojan

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 AM

Posted 23 September 2012 - 09:38 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.



Download

adware cleaner

Launch it click on Delete

post the generated log

Edited by narenxp, 23 September 2012 - 09:38 PM.


#5 Jaykay3354

Jaykay3354
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 24 September 2012 - 06:13 AM

Here are the results of what you requested!

MBAM

First scan returned 3 threats which were all removed. When I rebooted and re-scanned, nothing was found.

mini toolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by John (administrator) on 24-09-2012 at 07:00:03
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost








































































































































































































66.197.194.231 www.google-analytics.com.
66.197.194.231 ad-emea.doubleclick.net.
66.197.194.231 www.statcounter.com.
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

Foxconn 802.11 a/b/g/n Wireless System Adaptor = Wireless Network Connection 2 (Connected)
Intel® 82566DC-2 Gigabit Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JK
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Foxconn 802.11 a/b/g/n Wireless System Adaptor #2
Physical Address. . . . . . . . . : 00-1F-3A-1D-B1-27
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:c0a8:6402:1234:985d:1572:1e51:1c2b(Preferred)
Temporary IPv6 Address. . . . . . : 2002:c0a8:6402:1234:a5b2:1d0f:55b3:fe3a(Preferred)
Link-local IPv6 Address . . . . . : fe80::985d:1572:1e51:1c2b%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, September 23, 2012 11:58:32 PM
Lease Expires . . . . . . . . . . : Monday, September 24, 2012 11:58:32 PM
Default Gateway . . . . . . . . . : fe80::200:ff:fe00:0%13
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 352329530
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-BA-E5-60-00-1F-C6-5F-8E-81
DNS Servers . . . . . . . . . . . : 167.206.245.129
167.206.245.130
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : ccsnj.local
Description . . . . . . . . . . . : Intel® 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1F-C6-5F-8E-81
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{39E70EB1-58D3-478D-AF17-AEEAE087B873}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: google.com
Addresses: 2607:f8b0:4006:802::1007
173.194.43.9
173.194.43.14
173.194.43.2
173.194.43.1
173.194.43.4
173.194.43.7
173.194.43.6
173.194.43.3
173.194.43.5
173.194.43.0
173.194.43.8


Pinging google.com [173.194.43.8] with 32 bytes of data:
Reply from 173.194.43.8: bytes=32 time=11ms TTL=55
Reply from 173.194.43.8: bytes=32 time=11ms TTL=55

Ping statistics for 173.194.43.8:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 11ms, Average = 11ms
Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=1149ms TTL=50
Reply from 72.30.38.140: bytes=32 time=895ms TTL=50

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 895ms, Maximum = 1149ms, Average = 1022ms
Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...00 1f 3a 1d b1 27 ......Foxconn 802.11 a/b/g/n Wireless System Adaptor #2
10...00 1f c6 5f 8e 81 ......Intel® 82566DC-2 Gigabit Network Connection
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.105 281
192.168.1.105 255.255.255.255 On-link 192.168.1.105 281
192.168.1.255 255.255.255.255 On-link 192.168.1.105 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.105 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.105 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 281 ::/0 fe80::200:ff:fe00:0
1 306 ::1/128 On-link
13 33 2002:c0a8:6402:1234::/64 On-link
13 281 2002:c0a8:6402:1234:985d:1572:1e51:1c2b/128
On-link
13 281 2002:c0a8:6402:1234:a5b2:1d0f:55b3:fe3a/128
On-link
13 281 fe80::/64 On-link
13 281 fe80::985d:1572:1e51:1c2b/128
On-link
1 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/24/2012 01:36:29 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/24/2012 01:35:17 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/24/2012 00:00:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2012 08:01:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2012 01:29:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/23/2012 01:29:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/22/2012 08:51:09 PM) (Source: Application Hang) (User: )
Description: The program iTunes.exe version 10.5.3.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1af4

Start Time: 01cd99117bd16be0

Termination Time: 20

Application Path: C:\Program Files (x86)\iTunes\iTunes.exe

Report Id:

Error: (09/22/2012 09:48:59 AM) (Source: Application Hang) (User: )
Description: The program iTunes.exe version 10.5.3.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11dc

Start Time: 01cd98c6ca655162

Termination Time: 22

Application Path: C:\Program Files (x86)\iTunes\iTunes.exe

Report Id:

Error: (09/22/2012 03:20:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/19/2012 09:58:36 PM) (Source: Application Hang) (User: )
Description: The program iTunes.exe version 10.5.3.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ca4

Start Time: 01cd96d36137ac64

Termination Time: 12

Application Path: C:\Program Files (x86)\iTunes\iTunes.exe

Report Id:


System errors:
=============
Error: (09/24/2012 06:59:21 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.

Error: (09/24/2012 06:54:19 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.

Error: (09/24/2012 06:49:17 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.

Error: (09/24/2012 06:44:15 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.

Error: (09/24/2012 06:39:13 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.

Error: (09/24/2012 06:34:11 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.

Error: (09/24/2012 06:29:09 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.

Error: (09/24/2012 06:24:06 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.

Error: (09/24/2012 06:19:04 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.

Error: (09/24/2012 06:14:02 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.


Microsoft Office Sessions:
=========================
Error: (09/24/2012 01:36:29 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\John\downloads\esetsmartinstaller_enu.exe

Error: (09/24/2012 01:35:17 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/24/2012 00:00:06 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2012 08:01:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2012 01:29:50 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

Error: (09/23/2012 01:29:44 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

Error: (09/22/2012 08:51:09 PM) (Source: Application Hang)(User: )
Description: iTunes.exe10.5.3.31af401cd99117bd16be020C:\Program Files (x86)\iTunes\iTunes.exe

Error: (09/22/2012 09:48:59 AM) (Source: Application Hang)(User: )
Description: iTunes.exe10.5.3.311dc01cd98c6ca65516222C:\Program Files (x86)\iTunes\iTunes.exe

Error: (09/22/2012 03:20:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/19/2012 09:58:36 PM) (Source: Application Hang)(User: )
Description: iTunes.exe10.5.3.3ca401cd96d36137ac6412C:\Program Files (x86)\iTunes\iTunes.exe


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.4)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Reader 9.5.1 (Version: 9.5.1)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Amazon MP3 Uploader (Version: 1.0.1)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AOL Instant Messenger
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI AVIVO64 Codecs (Version: 11.6.0.50907)
ATI Catalyst Install Manager (Version: 3.0.790.0)
ATI Catalyst Registration (Version: 3.00.0000)
Audiosurf
AutoUpdate (Version: 1.1)
Battlefield: Bad Company 2
Bioshock
BIT.TRIP RUNNER
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 140.0.212.000)
C310 (Version: 140.0.304.000)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0907.2140.37006)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0907.2140.37006)
Catalyst Control Center InstallProxy (Version: 2010.0907.2140.37006)
Catalyst Control Center Localization All (Version: 2010.0907.2140.37006)
ccc-core-static (Version: 2010.0907.2140.37006)
ccc-utility64 (Version: 2010.0907.2140.37006)
CCC Help Chinese Standard (Version: 2010.0907.2139.37006)
CCC Help Chinese Traditional (Version: 2010.0907.2139.37006)
CCC Help Czech (Version: 2010.0907.2139.37006)
CCC Help Danish (Version: 2010.0907.2139.37006)
CCC Help Dutch (Version: 2010.0907.2139.37006)
CCC Help English (Version: 2010.0907.2139.37006)
CCC Help Finnish (Version: 2010.0907.2139.37006)
CCC Help French (Version: 2010.0907.2139.37006)
CCC Help German (Version: 2010.0907.2139.37006)
CCC Help Greek (Version: 2010.0907.2139.37006)
CCC Help Hungarian (Version: 2010.0907.2139.37006)
CCC Help Italian (Version: 2010.0907.2139.37006)
CCC Help Japanese (Version: 2010.0907.2139.37006)
CCC Help Korean (Version: 2010.0907.2139.37006)
CCC Help Norwegian (Version: 2010.0907.2139.37006)
CCC Help Polish (Version: 2010.0907.2139.37006)
CCC Help Portuguese (Version: 2010.0907.2139.37006)
CCC Help Russian (Version: 2010.0907.2139.37006)
CCC Help Spanish (Version: 2010.0907.2139.37006)
CCC Help Swedish (Version: 2010.0907.2139.37006)
CCC Help Thai (Version: 2010.0907.2139.37006)
CCC Help Turkish (Version: 2010.0907.2139.37006)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Counter-Strike
Counter-Strike: Condition Zero Deleted Scenes
Counter-Strike: Source
Counter-Strike: Source Beta
Coupon Printer for Windows (Version: 5.0.0.0)
Creative MediaSource 5 (Version: 5.00)
CyberLink DVD Suite Deluxe (Version: 5.5.1126)
Day of Defeat
Deathmatch Classic
Defense Grid: The Awakening
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
Diablo II
Diablo III (Version: 1.0.3.10485)
DivX Codec (Version: 6.8.4)
DivX Converter (Version: 6.6.1)
DivX Player (Version: 6.8.2)
DivX Web Player (Version: 1.4.0)
EA Download Manager (Version: 5.1.0.4)
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
Google Chrome (Version: 21.0.1180.89)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.123)
Google Updater (Version: 2.4.2432.1652)
GPBaseService2 (Version: 140.0.211.000)
Guild Wars 2
Half-Life 2
Half-Life 2: Episode One
Hardware Diagnostic Tools (Version: 5.1.4748.24)
Hewlett-Packard Active Check (Version: 1.1.11.0)
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5)
HP Active Support Library (Version: 2.3.0.2)
HP Advisor (Version: 3.1.9152.3107)
HP Customer Experience Enhancements (Version: 5.6.0.2499)
HP Customer Feedback (Version: 1.0.0)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Easy Setup - Frontend (Version: 5.6.0.2542)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photo Creations (Version: 1.0.0.2024)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.002.000.013)
HPAppStudio (Version: 140.0.95.000)
HPPhotoGadget (Version: 140.0.524.000)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
HydraVision (Version: 4.2.180.0)
iCloud (Version: 1.0.2.17)
Intel® PRO Network Connections Drivers
iTunes (Version: 10.5.3.3)
Jamestown
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 33 (Version: 6.0.330)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
JavaFX 2.1.1 (Version: 2.1.1)
LabelPrint (Version: 2.2.2329)
Last.fm 1.5.4.27091
League of Legends (Version: 1.0020)
LightScribe System Software (Version: 1.18.3.2)
LightScribeTemplateLabeler (Version: 1.10.23.1)
LiveUpdate (Symantec Corporation) (Version: 3.4.0.162)
LiveUpdate (Symantec Corporation) (Version: 3.4.0.164)
Logitech G35 (Version: 1.1.178)
Logitech GamePanel Software 3.02.173 (Version: 3.02.173)
Logitech GamePanel Software 3.03.133 (Version: 3.03.133)
Magicka
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MarketResearch (Version: 140.0.212.000)
Mass Effect
Media Go (Version: 1.7.254)
Media Go Video Playback Engine 1.88.114.12060 (Version: 1.88.114.12060)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 15.0 (x86 en-GB) (Version: 15.0)
Mozilla Firefox 15.0.1 (x86 en-GB) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mumble 1.2.3 (Version: 1.2.3)
muvee autoProducer 6.1 (Version: 6.10.050)
My HP Games (Version: HPCMPQ1902)
Network64 (Version: 140.0.215.000)
NVIDIA PhysX (Version: 9.09.0814)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.11.9562)
OpenAL
Orcs Must Die!
Pando Media Booster (Version: 2.3.4.0)
Plants vs. Zombies: Game of the Year
PlayStation®Network Downloader (Version: 2.05.00710)
PlayStation®Store (Version: 4.2.6.12389)
Portal
Portal 2
Power2Go (Version: 5.6.3610)
PowerDirector (Version: 6.5.2420)
PS_AIO_07_C310_SW_Min (Version: 140.0.304.000)
PSSWCORE (Version: 2.02.0000)
PunkBuster Services (Version: 0.988)
PVSonyDll (Version: 1.00.0001)
Python 2.5 (Version: 2.5.150)
QuickTime (Version: 7.71.80.42)
QuickTransfer (Version: 140.0.98.000)
Realtek High Definition Audio Driver (Version: 6.0.1.5591)
Ricochet
RIFT
Scan (Version: 140.0.80.000)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Shop for HP Supplies (Version: 14.0)
Sid Meier's Civilization V
Skype™ 5.10 (Version: 5.10.116)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.214.000)
Sound Blaster X-Fi (Version: 1.0)
SPBBC 64bit (Version: 107.0.0.134)
Spotify (Version: 0.8.2.610.g090a06f8)
StarCraft II (Version: 1.4.3.21029)
Status (Version: 140.0.256.000)
Steam (Version: 1.0.0.0)
Super Meat Boy
System Requirements Lab
Team Fortress 2
Terraria
The Binding Of Isaac
The Lord of the Rings FREE Trial (Version: 1.00.0000)
Toolbox (Version: 140.0.428.000)
Torchlight II
TrayApp (Version: 140.0.212.000)
Trine
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Ventrilo Client for Windows x64 (Version: 3.0.5.0)
VideoToolkit01 (Version: 100.0.128.000)
Viewpoint Media Player
Vuze
WeatherBug Gadget (Version: 1.0.0.6)
WebReg (Version: 140.0.212.017)
Windows 7 Upgrade Advisor (Version: 2.0.3001.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
World of Warcraft (Version: 5.0.4.16016)
World of Warcraft Beta (Version: )

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 4095.29 MB
Available physical RAM: 2011.91 MB
Total Pagefile: 8188.77 MB
Available Pagefile: 6048.97 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.89 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:687.5 GB) (Free:379.13 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.14 GB) (Free:1.52 GB) NTFS

========================= Users: ========================================

User accounts for \\JK

Administrator Guest John


**** End of log ****

FSS

Farbar Service Scanner Version:

19-09-2012
Ran by John (administrator) on

24-09-2012 at 07:04:45
Running from "C:\Users\John

\Downloads"
Microsoft Windows 7 Home Premium

Service Pack 1 (X64)
Boot Mode: Normal
*********************************

*******************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running.

Checking service configuration:
The start type of mpsdrv service

is OK.
The ImagePath of mpsdrv service

is OK.

MpsSvc Service is not running.

Checking service configuration:
Checking Start type: ATTENTION!

=====> Unable to retrieve start

type of MpsSvc. The value does

not exist.
Checking ImagePath: ATTENTION!

=====> Unable to retrieve

ImagePath of MpsSvc. The value

does not exist.
Unable to retrieve ServiceDll of

MpsSvc. The value does not exist.

bfe Service is not running.

Checking service configuration:
Checking Start type: ATTENTION!

=====> Unable to retrieve start

type of bfe. The value does not

exist.
Checking ImagePath: ATTENTION!

=====> Unable to retrieve

ImagePath of bfe. The value does

not exist.
Unable to retrieve ServiceDll of

bfe. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running.

Checking service configuration:
Checking Start type: ATTENTION!

=====> Unable to retrieve start

type of wscsvc. The value does

not exist.
Checking ImagePath: ATTENTION!

=====> Unable to retrieve

ImagePath of wscsvc. The value

does not exist.
Unable to retrieve ServiceDll of

wscsvc. The value does not exist.


Windows Update:
============

Windows Autoupdate Disabled

Policy:
============================


Windows Defender:
==============
WinDefend Service is not running.

Checking service configuration:
Checking Start type: ATTENTION!

=====> Unable to retrieve start

type of WinDefend. The value does

not exist.
Checking ImagePath: ATTENTION!

=====> Unable to retrieve

ImagePath of WinDefend. The value

does not exist.
Unable to retrieve ServiceDll of

WinDefend. The value does not

exist.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll =>

MD5 is legit
C:\Windows\System32\drivers

\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll

=> MD5 is legit
C:\Windows\System32\drivers

\afd.sys => MD5 is legit
C:\Windows\System32\drivers

\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers

\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll

=> MD5 is legit
C:\Windows\System32\mpssvc.dll =>

MD5 is legit
C:\Windows\System32\bfe.dll =>

MD5 is legit
C:\Windows\System32\drivers

\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll =>

MD5 is legit
C:\Windows\System32\vssvc.exe =>

MD5 is legit
C:\Windows\System32\wscsvc.dll =>

MD5 is legit
C:\Windows\System32\wbem

\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll

=> MD5 is legit
C:\Windows\System32\qmgr.dll =>

MD5 is legit
C:\Windows\System32\es.dll => MD5

is legit
C:\Windows\System32\cryptsvc.dll

=> MD5 is legit
C:\Program Files\Windows

Defender\MpSvc.dll => MD5 is

legit
C:\Windows\System32\ipnathlp.dll

=> MD5 is legit
C:\Windows\System32\svchost.exe

=> MD5 is legit
C:\Windows\System32\rpcss.dll =>

MD5 is legit


**** End of log ****


adware cleaner

# AdwCleaner v2.003 - Logfile

created 09/24/2012 at 07:07:18
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7

Home Premium Service Pack 1 (64

bits)
# User : John - JK
# Boot Mode : Normal
# Running from : C:\Users\John

\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData

\Microsoft\Windows\Start Menu

\Programs\eBay.lnk
Folder Deleted : C:\Program Files

(x86)\Viewpoint
Folder Deleted : C:\ProgramData

\Viewpoint

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE

\Classes

\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE

\Classes

\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE

\Classes

\AxMetaStream.MetaStreamCtlSecond

ary
Key Deleted : HKLM\SOFTWARE

\Classes

\AxMetaStream.MetaStreamCtlSecond

ary.1
Key Deleted : HKLM\SOFTWARE

\Classes\S
Key Deleted : HKLM\Software

\MetaStream
Key Deleted : HKLM\SOFTWARE

\MozillaPlugins

\@viewpoint.com/VMP
Key Deleted : HKLM\Software

\Viewpoint
Key Deleted : HKLM\SOFTWARE

\Wow6432Node\Classes\CLSID

\{03F998B2-0E00-11D3-A498-

00104B6EB52E}
Key Deleted : HKLM\SOFTWARE

\Wow6432Node\Classes\CLSID

\{1B00725B-C455-4DE6-BFB6-

AD540AD427CD}
Key Deleted : HKLM\SOFTWARE

\Wow6432Node\Microsoft\Windows

\CurrentVersion\Uninstall

\ViewpointMediaPlayer

***** [Internet Browsers] *****

-\\ Internet Explorer

v9.0.8112.16421

Restored : [HKCU\Software

\Wow6432Node\Microsoft\Internet

Explorer\SearchScopes -

DefaultScope]
Restored : [HKCU\Software

\Microsoft\Internet Explorer

\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE

\Wow6432Node\Microsoft\Internet

Explorer\SearchScopes -

DefaultScope]
Restored : [HKLM\SOFTWARE

\Microsoft\Internet Explorer

\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-

18\Software\Microsoft\Internet

Explorer\SearchScopes -

DefaultScope]
Restored : [HKU\S-1-5-

19\Software\Microsoft\Internet

Explorer\SearchScopes -

DefaultScope]
Restored : [HKU\S-1-5-

20\Software\Microsoft\Internet

Explorer\SearchScopes -

DefaultScope]

-\\ Mozilla Firefox v15.0 (en-GB)

Profile name : default
File : C:\Users\John\AppData

\Roaming\Mozilla\Firefox

\Profiles\rydpof7f.default

\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to

get version]

File : C:\Users\John\AppData

\Local\Google\Chrome\User Data

\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [2376

octets] - [24/09/2012 07:07:18]

########## EOF - C:\AdwCleaner

[S2].txt - [2436 octets]

##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 AM

Posted 24 September 2012 - 06:30 AM

Click on startmenu and type

cmd

right click on it and select run as administrator

Now copy following commands and press ENTER one by one

cd C:\windows\system32\drivers\etc
takeown /a /f hosts
cacls hosts /p everyone:f


Press Y

attrib -s -h -r hosts

After running these commands

Download

Hosts fixit

Run it,restart the PC

Now launch mini toolbox and checkmark hosts contents alone and post the new log

Download

Junkware removal tool

Right click on it,run as administrator,after scan gets completed,post the generated log here.

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Post the new FSS log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#7 Jaykay3354

Jaykay3354
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 24 September 2012 - 07:15 AM

Here you go. For the new FSS log, I imagine you wanted the log for the services repair tool ran right before. If I did not do that correctly, please let me know.

mini toolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by John (administrator) on 24-09-2012 at 07:56:39
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

# ::1 localhost


**** End of log ****

Junkware Removal Tool

Junkware Removal Tool (JRT) by Thisisu
Version: 1.0.6 (09.24.2012)
OS: Windows 7 Home Premium x64
Ran by John on Mon 09/24/2012 at 8:03:55.62
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED] hkey_local_machine\software\wow6432node\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}



*** Files:

Failed to delete: [FILE-LOCKED!] C:\eula.1028.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1031.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1033.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1036.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1040.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1041.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1042.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1049.txt
Failed to delete: [FILE-LOCKED!] C:\eula.2052.txt
Failed to delete: [FILE-LOCKED!] C:\install.res.1028.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1031.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1033.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1036.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1040.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1041.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1042.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1049.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.2052.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.3082.dll



*** Folders: 0 Detections



*** FireFox detected and repaired:

The below lines were deleted from [FF prefs.js]

=============================

=============================



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Mon 09/24/2012 at 8:03:56.09
End of Report

services repair tool (FSS?)

Log Opened: 2012-09-24 @ 08:04:49
08:04:49 - -----------------
08:04:49 - | Begin Logging |
08:04:49 - -----------------
08:04:49 - Fix started on a WIN_7 X64 computer
08:04:49 - Prep in progress. Please Wait.
08:04:50 - Prep complete
08:04:50 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
08:04:51 - Services Repair Complete.
08:04:56 - Reboot Initiated

rkill

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/24/2012 08:09:11 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/24/2012 08:09:28 AM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)

AutoRuns

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Launch LCDMon" "Logitech LCD Manager" "Logitech Inc." "c:\program files\logitech\gamepanel software\lcd manager\lcdmon.exe"
+ "Launch LGDCore" "Logitech G-series Profiler" "Logitech Inc." "c:\program files\logitech\gamepanel software\g-series software\lgdcore.exe"
+ "Launch LgDeviceAgent" "Logitech GamePanel Agent" "Logitech Inc." "c:\program files\logitech\gamepanel software\lgdevagt.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "AppleSyncNotifier" "AppleSyncNotifier" "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applesyncnotifier.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "ATICustomerCare" "ATI Customer Care" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati\aticustomercare\aticustomercare.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "Logitech G35" "Logitech© G35 Headset" "Logitech©" "c:\program files (x86)\logitech\g35\g35.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "HP Digital Imaging Monitor.lnk" "HP Digital Imaging Monitor" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe"
+ "Secunia PSI Tray.lnk" "Secunia PSI Tray" "Secunia" "c:\program files (x86)\secunia\psi\psi_tray.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AIM" "AOL Instant Messenger" "America Online, Inc." "c:\program files (x86)\aim\aim.exe"
+ "Spotify" "Spotify" "Spotify Ltd" "c:\users\john\appdata\roaming\spotify\spotify.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg64.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\5.2.4204.1700\swg.dll"
+ "HP Print Enhancer" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll"
+ "HP Smart BHO Class" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll"
+ "Show or hide HP Smart Web Printing" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "Sun Java Console" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2iexp.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\JavaUpdateSched" "" "" "File not found: C:\Windows\SysWOW64\jusched.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "File not found: C:\Windows\system32\gatherWiredInfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "File not found: C:\Windows\system32\gatherWirelessInfo.vbs"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Automatic LiveUpdate Scheduler" "Automatic LiveUpdate Scheduler Service" "Symantec Corporation" "c:\program files (x86)\symantec\liveupdate\aluschedulersvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "GameConsoleService" "GameConsole management services" "WildTangent, Inc." "c:\program files (x86)\hp games\my hp game console\gameconsoleservice.exe"
+ "gupdate1ca2f2cdb05eb4f" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "HP Health Check Service" "HP Health Check Service" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp health check\hphc_service.exe"
+ "hpqcxs08" "HP CUE Context Manager Objects" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll"
+ "hpqddsvc" "This service detects and monitors CUE devices on the system." "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll"
+ "HPSLPSVC" "Discovers and monitors the state and the configuration of the HP devices attached to your network. If the service is stopped, and your network devices change IP addresses, they might become unavailable" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files (x86)\common files\lightscribe\lssrvc.exe"
+ "LiveUpdate" "LiveUpdate Core Engine" "Symantec Corporation" "c:\program files (x86)\symantec\liveupdate\lucomserver_3_4.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "PnkBstrA" "PunkBuster Service Component [v1034] http://www.evenbalance.com" "" "c:\windows\syswow64\pnkbstra.exe"
+ "PnkBstrB" "PunkBuster Service Component [v2.158 BC2] http://www.evenbalance.com" "" "c:\windows\syswow64\pnkbstrb.exe"
+ "Secunia PSI Agent" "Performs routine software inspections of the system, the results of which can be seen in your Secunia PSI" "Secunia" "c:\program files (x86)\secunia\psi\psia.exe"
+ "Secunia Update Agent" "Performs routine updates of selected software on the system, the results of which can be seen in your Secunia PSI" "Secunia" "c:\program files (x86)\secunia\psi\sua.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe"
+ "Stereo Service" "Provides system support for NVIDIA Stereoscopic 3D driver" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "03617347" "" "" "File not found: system32\drivers\31963451.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "AtiHDAudioService" "ATI High Definition Audio Function Driver" "ATI Technologies, Inc." "c:\windows\system32\drivers\atihdw76.sys"
+ "AtiHdmiService" "ATI High Definition Audio Function Driver" "ATI Technologies, Inc." "c:\windows\system32\drivers\atihdmi.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "CT20XUT.DLL" "Creative 20X Utility Effects" "Creative Technology Ltd." "c:\windows\system32\ct20xut.dll"
+ "ctac32k" "Creative AC3 SW Decoder Device Driver (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ctac32k.sys"
+ "ctaud2k" "Creative WDM Audio Device Driver" "Creative Technology Ltd" "c:\windows\system32\drivers\ctaud2k.sys"
+ "CTEXFIFX.DLL" "Creative XFi Effects" "Creative Technology Ltd." "c:\windows\system32\ctexfifx.dll"
+ "CTHWIUT.DLL" "Creative Utility Effects" "Creative Technology Ltd." "c:\windows\system32\cthwiut.dll"
+ "ctprxy2k" "Creative Proxy Device Driver (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ctprxy2k.sys"
+ "ctsfm2k" "SoundFont® Manager (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ctsfm2k.sys"
+ "e1express" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1e6232e.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "emupia" "E-mu Plug-in Architecture Driver (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\emupia2k.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "ha20x2k" "Creative 20X HAL (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ha20x2k.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LADF_DHP2" "DPL2/DHP2 Filter Driver" "Logitech" "c:\windows\system32\drivers\ladfdhp2amd64.sys"
+ "LADF_SBVM" "SBVM Filter Driver" "Logitech" "c:\windows\system32\drivers\ladfsbvmamd64.sys"
+ "LGBusEnum" "Logitech WingMan Virtual Bus Enumerator Driver" "Logitech Inc." "c:\windows\system32\drivers\lgbusenum.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ossrv" "Creative OS Services Driver (WDM)" "Creative Technology Ltd." "c:\windows\system32\drivers\ctoss2k.sys"
+ "PCD5SRVC{E2AF211B-86DA020A-05040000}" "pcdrsrvc.sys" "PC-Doctor, Inc." "c:\program files (x86)\pc-doctor 5 for windows\pcd5srvc_x64.pkms"
+ "Ps2" "" "" "c:\windows\system32\drivers\ps2.sys"
+ "PSI" "PSI mini-filter driver" "Secunia" "c:\windows\system32\drivers\psi_mf.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Serial" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "msacm.l3codecp" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecp.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\client\wavdest.ax"
+ "AudSkip Filter" "Creative Audio Sample Skip Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\sound blaster x-fi\smart recorder\audskip.ax"
+ "BPM Metadata" "Creative BPM Metadata Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\metabpm.ax"
+ "BPM Metadata" "Creative BPM Metadata Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\metabpmu.ax"
+ "Creative AC3 Source Filter" "Creative AC3 Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\ac3srcu.ax"
+ "Creative AC3 Source Filter" "Creative AC3 Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\ac3src.ax"
+ "Creative Audio Gain Filter" "Audio Gain Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\audgain.ax"
+ "Creative CDDA Source Filter" "CDDA Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\cdda.ax"
+ "Creative File Reader Filter" "Creative File Reader Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\filreadu.ax"
+ "Creative Flac Source Filter" "Creative FLAC Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\flacsrcu.ax"
+ "Creative Internet Source Filter" "Creative Internet Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\inetsrcu.ax"
+ "Creative LiveRecording Filter" "Live Recording Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\liverec.ax"
+ "Creative LiveRecording Filter_SxS" "Live Recording Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\liverecu.ax"
+ "Creative MLP Source Filter" "Creative MLP Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\mlpsrc.ax"
+ "Creative MLP Source Filter" "Creative MLP Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\mlpsrcu.ax"
+ "Creative NVF Filter" "Creative Nomad Voice File Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\nvfsrc.ax"
+ "Creative NVF Filter" "Creative Nomad Voice File Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\nvfsrcu.ax"
+ "Creative Ogg Source Filter" "Creative Ogg Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\oggsrcu.ax"
+ "Creative PCM Raw Writer" "Creative Raw Writer" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\rawwritu.ax"
+ "Creative PCM Raw Writer" "Creative Raw Writer" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\rawwrit.ax"
+ "Creative Recording Wav_Asio Filter" "Audio Recording Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\audiorec.ax"
+ "Creative Wave Writer" "Wave Writer" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\wavwrite.ax"
+ "Creative WMA Source Filter" "Creative WMA Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\wmasrc.ax"
+ "Creative WMA Writer" "WMA Writer" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\wmawrite.ax"
+ "CT CMSS3 filter" "Sample" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\cmss3.ax"
+ "CT HPVirtualizer filter" "Creative Headphone Virtualizer Filter" "Creative Technology, Ltd." "c:\program files (x86)\creative\shared files\virtual.ax"
+ "CT Karaoke filter" "Creative Karaoke Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\karaoke.ax"
+ "CT PDP filter" "Creative Crystalizer Filter" "Creative Technology, Ltd." "c:\program files (x86)\creative\shared files\pdp.ax"
+ "CT SmartVolumeManagement filter" "Creative Compressor Plugin" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\dscompr.ax"
+ "CT Time-Scaling filter" "Sample" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\timescal.ax"
+ "CT Upsampler filter" "Sample" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\upsample.ax"
+ "CuttlefishSubtitleParser Filter" "Sony MP4 SMF Subtitle Stream Parser" "Sony Corporation" "c:\program files (x86)\common files\sony shared\media go video playback engine\1.88.114.12060\cuttlefishsubtitleparser.ax"
+ "CyberLink AudAna Filter" "CLAudAna" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdaudana.dll"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaunrwrapper.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdaursmpl.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaursmpl.ax"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvb.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudiocd.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdaudiocd.ax"
+ "Cyberlink Byte Counter Filter" "Cyberlink Byte Counter Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdirector\pdbytecounter.ax"
+ "CyberLink DDR" "CyberLink DDR" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdrender.ax"
+ "CyberLink Double Pin Tee" "Cyberlink Double Tee Filter" "CtberLink Corporation" "c:\program files (x86)\cyberlink\powerdirector\pddoubletee.ax"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdump.ax"
+ "CyberLink DV Buffer" "CLDVBuffer Filter" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pddvbuffer.ax"
+ "CyberLink DV Dump Filter" "DV dump Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdirector\pddvdump.ax"
+ "CyberLink DV Filter" "DVTCR" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pddvtcr.ax"
+ "CyberLink DV Reader Filter" "DVMultReader Filter" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pddvmrd.ax"
+ "Cyberlink DV Scene Detect Filter" "CLDVScnDt" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pddvscndt.ax"
+ "CyberLink Editing Service 3.0 (Source)" "CES Kernel" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gedtkrn.dll"
+ "CyberLink Editing Service 4.0 (Source)" "CES Kernel (LT15)" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\cledtkrn.dll"
+ "Cyberlink File Reader (Async.)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2greader.ax"
+ "Cyberlink Gate Filter" "CLGate" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdgate.ax"
+ "CyberLink HDV Source Filter" "CLImage" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdhdvsrc.ax"
+ "CyberLink Load Image Filter" "CLImage (LT15)" "CyberLink" "c:\program files (x86)\cyberlink\shared files\climage.ax"
+ "CyberLink LPCM Converter" "LPCM Converter Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2glpcmcvrt.ax"
+ "CyberLink M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gm2vwriter.ax"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\cyberlink\power2go\p2gvidenc.ax"
+ "CyberLink MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm2spliter.ax"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gpcmenc.ax"
+ "Cyberlink Scene Detect Filter" "CLScnDt" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdscndt.ax"
+ "CyberLink Scene Detect Filter 2" "CLScnDt2" "訊連科技" "c:\program files (x86)\cyberlink\powerdirector\pdscndt2.dll"
+ "CyberLink SnapShot Filter" "CLSnapShot Filter" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdsnapshot.ax"
+ "CyberLink Stamp Effect" "" "CyberLink corporate" "c:\program files (x86)\cyberlink\powerdirector\pdstampeffect.ax"
+ "Cyberlink Sub-Picture Filter" "Cyberlink Sub-Picture Filter" "Cyberlink" "c:\program files (x86)\cyberlink\powerdirector\pdsubpic.ax"
+ "CyberLink TimeStretch Filter (CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gauts.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gtlmsplter.ax"
+ "CyberLink Transform Tee" "CyberLink Transform Tee" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdtee.ax"
+ "CyberLink VAudAna Filter" "CLVAudAna" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdvaudana.dll"
+ "CyberLink VidAna Filter" "CLVidAna" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdvidana.dll"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvidfx.ax"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files (x86)\cyberlink\power2go\p2grgl.ax"
+ "Cyberlink Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdresample.ax"
+ "CyberLink Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvideostabilizer.ax"
+ "CyberLink YUY2 DeInterlace" "DitlYuY2" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdditlyuy2.ax"
+ "CyberLink YUY2 Sub-Sampling" "SubYUY2 Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdsubyuy2.ax"
+ "DivX Decoder Filter" "DivX® Decoder Filter" "DivX, Inc." "c:\windows\syswow64\divxdec.ax"
+ "Frame Drop Filter" "TODO: <File description>" "TODO: <Company name>" "c:\program files (x86)\cyberlink\powerdirector\pdframedrop.ax"
+ "HP VTK Frame Grabber Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files (x86)\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK MPEG-1 Encoder" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files (x86)\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Resize Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files (x86)\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Rotate Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files (x86)\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "IDM Filter" "idmf" "Cyberlink" "c:\program files (x86)\cyberlink\powerdirector\pdidmf.ax"
+ "MainConcept (Muvee) MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\mainconcept2\muveedsmpeg.ax"
+ "MainConcept (Muvee) MPEG Splitter" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\mainconcept2\muveespmpeg.ax"
+ "MainConcept (Muvee) MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\mainconcept2\muveedsmpeg.ax"
+ "MainConcept (Muvee) MPEG-2 Video Decoder" "MPEG-2 Video Decoder" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\mainconcept3\muveem2vd.ax"
+ "MainConcept MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files (x86)\muvee technologies\muvee autoproducer 6.1 - hpd\mvburnerdll\mcdsmpeg.ax"
+ "MainConcept MPEG Audio Encoder" "MPEG Audio Encoder" "MainConcept AG" "c:\program files (x86)\muvee technologies\muvee autoproducer 6.1 - hpd\mvburnerdll\mceampeg.ax"
+ "MainConcept MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG" "c:\program files (x86)\muvee technologies\muvee autoproducer 6.1 - hpd\mvburnerdll\mcesmpeg.ax"
+ "MainConcept MPEG Multiplexer" "MPEG Multiplexer" "MainConcept AG" "c:\program files (x86)\muvee technologies\muvee autoproducer 6.1 - hpd\mvburnerdll\mcmuxmpeg.ax"
+ "MainConcept MPEG Multiplexer-Plus" "MPEG Multiplexer-Plus DS Filter" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\mainconcept3\mcmpeg2mux.ax"
+ "MainConcept MPEG Splitter" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files (x86)\muvee technologies\muvee autoproducer 6.1 - hpd\mvburnerdll\mcspmpeg.ax"
+ "MainConcept MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files (x86)\muvee technologies\muvee autoproducer 6.1 - hpd\mvburnerdll\mcdsmpeg.ax"
+ "MainConcept MPEG Video Encoder" "MPEG Video Encoder" "MainConcept AG" "c:\program files (x86)\muvee technologies\muvee autoproducer 6.1 - hpd\mvburnerdll\mcevmpeg.ax"
+ "MediaWriter Filter" "MediaWriter Filter" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\030625\mediawriter.ax"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "muvee Audio Scope" "Audio Scope Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\030625\mvaudioscope.ax"
+ "muvee HXImage Filter" "HXImage Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\030625\hximagefilter.ax"
+ "muvee MediaProgress Filter" "MediaProgress Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\030625\mvmediaprogress.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee Source Filter" "muveeSource Module" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\030625\muveesource.ax"
+ "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\030625\mvvanalyse.ax"
+ "Noise Reduction" "Creative Noise Reduction Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\noisredu.ax"
+ "P2G Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaud.ax"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudenc.ax"
+ "P2G Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvsd.ax"
+ "P2G Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gresample.ax"
+ "PCM to EXT" "Creative Pcm2Ext" "Creative Technology Ltd." "c:\program files (x86)\creative\sound blaster x-fi\wavestudio 7\pcm2ext.ax"
+ "PDR Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdaud.ax"
+ "PDR Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdirector\pdaudfx.ax"
+ "PDR Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdaudenc.ax"
+ "PDR Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\claunrwrapper.ax"
+ "PDR Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pddemuxer.ax"
+ "PDR Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pddumpdispatch.ax"
+ "PDR Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pddump.ax"
+ "PDR DVSD Modifier" "Cyberlink DVSD Modifier" "Cyberlink Corp." "c:\program files (x86)\cyberlink\powerdirector\dvsdmodifier.ax"
+ "PDR File Reader (Async)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdreader.ax"
+ "PDR H.264/AVC Decoder" "CyberLink 264 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pd264dec.ax"
+ "PDR M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdm2vwriter.ax"
+ "PDR MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdmpgmux.ax"
+ "PDR MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\cyberlink\powerdirector\pdvidenc.ax"
+ "PDR MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdm1splter.ax"
+ "PDR MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdm2splter.ax"
+ "PDR MPEG-4 Muxer" "PDR MPEG-4 Muxer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdm4muxer.ax"
+ "PDR MPEG-4 Splitter" "PDR MPEG-4 Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdm4splt.ax"
+ "PDR MPEG1/2 Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdvsd.ax"
+ "PDR SnapShotTIP Filter" "CLSShot" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdsshot.ax"
+ "PDR TimeStretch Filter(CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\clauts.ax"
+ "PDR TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\pdtlmsplter.ax"
+ "PDR TS Information" "CLTSInfo" "Cyberlink" "c:\program files (x86)\cyberlink\powerdirector\pdtsinfo.ax"
+ "PDR Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\clvidfx.ax"
+ "PDR Video Regulator" "CLRGL" "Cyberlink" "c:\program files (x86)\cyberlink\powerdirector\clrgl.ax"
+ "PDR Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\clvideostabilizer.ax"
+ "PDR WAV Dest" "CLWavDest" "CyberLink" "c:\program files (x86)\cyberlink\powerdirector\pdwavdest.ax"
+ "Peak Follower Filter" "Creative Pass Peak Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\sound blaster x-fi\smart recorder\passpeak.ax"
+ "QTSrc" "QuickTime Source Filter" "CyberLink Corp" "c:\program files (x86)\cyberlink\shared files\clqtsrc.ax"
+ "QTWriter" "CLQTFileWriter" "Cyberlink" "c:\program files (x86)\cyberlink\powerdirector\pdqtfilewriter.ax"
+ "QuickTime Encoder" "QuickTime Encoder" "muvee Technologies" "c:\program files (x86)\common files\muvee technologies\030625\quicktimesink.ax"
+ "QuickTime Source Filter" "QuickTimeSource Module" "" "c:\program files (x86)\common files\muvee technologies\030625\quicktimesource.dll"
+ "RMWriter" "CLRMFileWriter" "Cyberlink" "c:\program files (x86)\cyberlink\powerdirector\pdrmfilewriter.ax"
+ "Sony CF AAC decoder" "Sony FhG AAC Decoder" "Sony Corporation" "c:\program files (x86)\common files\sony shared\media go video playback engine\1.88.114.12060\cfaac.ax"
+ "Sony CF AVC Decoder" "Sony AVC Decoder Filter" "Sony Corporation" "c:\program files (x86)\common files\sony shared\media go video playback engine\1.88.114.12060\sjvtdfcf.ax"
+ "Sony MP4 File Source" "Sony MP4 File Source Filter" "Sony Corporation" "c:\program files (x86)\common files\sony shared\media go video playback engine\1.88.114.12060\mp4filesource.ax"
+ "Stream Control Filter" "Creative Stream Control Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\sound blaster x-fi\smart recorder\streamcon.ax"
+ "SVM Metadata" "Creative SVM Metadata Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\metasvm.ax"
+ "SVM Metadata" "Creative SVM Metadata Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\metasvmu.ax"
+ "Time Regulator" "TimeRegulator" "cyberlink" "c:\program files (x86)\cyberlink\powerdirector\pdavi_audtr.ax"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "hpf3l101.dll" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3l101.dll"
"C:\Users\John\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "HP Photo Print" "Drag and drop photos to print." "Hewlett-Packard Corp" "C:\Users\John\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\Gadget.xml"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 AM

Posted 24 September 2012 - 07:16 AM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#9 Jaykay3354

Jaykay3354
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 24 September 2012 - 07:23 AM

Thanks... sorry about that!

FSS

Farbar Service Scanner Version: 19-09-2012
Ran by John (administrator) on 24-09-2012 at 08:23:22
Running from "C:\Users\John\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 AM

Posted 24 September 2012 - 07:24 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

Edited by narenxp, 24 September 2012 - 07:25 AM.


#11 Jaykay3354

Jaykay3354
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 24 September 2012 - 07:15 PM

I've done everything that you have detailed and it looks like everything is good! Thank you so much for your help!

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 AM

Posted 24 September 2012 - 08:17 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users