Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups and redirects virus


  • Please log in to reply
8 replies to this topic

#1 aybee

aybee

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 01 October 2012 - 05:07 PM

So, I've been hit by a virus that won't quit. It might even be multiple viruses for all I know, but here's the situation!

On random sites, I get popups like this:
Posted Image

For a few hours that was all that was happening, but now I'm starting to get redirects to... basically sites about making money from working at home, which then won't let me leave the site or close the tab the site is on - it'll just redirect me to another one or hit me with one of those popup windows where you have to click a button to move on.

It's also redirecting me when I try to go to certain sites known for helping malware removal. Including this one, actually, I had to kind of finesse my way to getting here. In those cases, I get a 404 error.

Soooo not sure what to do, please help!

BC AdBot (Login to Remove)

 


#2 aybee

aybee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 01 October 2012 - 06:14 PM

Saw running aswMBR suggested, so I did it.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-01 16:20:38
-----------------------------
16:20:38.544 OS Version: Windows x64 6.0.6001 Service Pack 1
16:20:38.545 Number of processors: 2 586 0x170A
16:20:38.545 ComputerName: MELLO UserName: Ariel
16:20:42.119 Initialize success
16:21:46.155 AVAST engine defs: 12100100
16:22:33.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:22:33.185 Disk 0 Vendor: ST9500420ASG 0002SDM1 Size: 476940MB BusType: 3
16:22:33.233 Disk 0 MBR read successfully
16:22:33.238 Disk 0 MBR scan
16:22:33.243 Disk 0 Windows VISTA default MBR code
16:22:33.246 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
16:22:33.253 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 80325
16:22:33.269 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30800325
16:22:33.299 Disk 0 scanning C:\Windows\system32\drivers
16:22:48.811 Service scanning
16:23:15.045 Modules scanning
16:23:15.052 Disk 0 trace - called modules:
16:23:15.070 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:23:15.411 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007704790]
16:23:15.414 3 CLASSPNP.SYS[fffffa6000d38b3a] -> nt!IofCallDriver -> [0xfffffa8006423b70]
16:23:15.418 5 PCTCore64.sys[fffffa6000a76a40] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006409160]
16:23:19.213 AVAST engine scan C:\Windows
16:23:24.970 AVAST engine scan C:\Windows\system32
16:27:50.613 AVAST engine scan C:\Windows\system32\drivers
16:28:08.084 AVAST engine scan C:\Users\Ariel
17:31:36.951 AVAST engine scan C:\ProgramData
19:07:09.492 Scan finished successfully
19:10:18.112 Disk 0 MBR has been saved successfully to "H:\Temp\virus bleep again\MBR.dat"
19:10:18.112 The log file has been saved successfully to "H:\Temp\virus bleep again\aswMBR.txt"

#3 aybee

aybee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 01 October 2012 - 06:15 PM

And then did TDSS

TDSS

19:13:55.0778 0528 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:13:56.0590 0528 ============================================================
19:13:56.0590 0528 Current date / time: 2012/10/01 19:13:56.0590
19:13:56.0590 0528 SystemInfo:
19:13:56.0590 0528
19:13:56.0590 0528 OS Version: 6.0.6001 ServicePack: 1.0
19:13:56.0591 0528 Product type: Workstation
19:13:56.0591 0528 ComputerName: MELLO
19:13:56.0591 0528 UserName: Ariel
19:13:56.0591 0528 Windows directory: C:\Windows
19:13:56.0591 0528 System windows directory: C:\Windows
19:13:56.0591 0528 Running under WOW64
19:13:56.0591 0528 Processor architecture: Intel x64
19:13:56.0591 0528 Number of processors: 2
19:13:56.0591 0528 Page size: 0x1000
19:13:56.0591 0528 Boot type: Normal boot
19:13:56.0591 0528 ============================================================
19:13:57.0924 0528 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:13:57.0955 0528 Drive \Device\Harddisk1\DR1 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:13:57.0986 0528 ============================================================
19:13:57.0986 0528 \Device\Harddisk0\DR0:
19:13:57.0986 0528 MBR partitions:
19:13:57.0986 0528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
19:13:57.0986 0528 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
19:13:58.0002 0528 \Device\Harddisk1\DR1:
19:13:58.0002 0528 MBR partitions:
19:13:58.0002 0528 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B7000
19:13:58.0002 0528 ============================================================
19:13:58.0189 0528 C: <-> \Device\Harddisk0\DR0\Partition2
19:13:58.0236 0528 D: <-> \Device\Harddisk0\DR0\Partition1
19:13:58.0283 0528 H: <-> \Device\Harddisk1\DR1\Partition1
19:13:58.0283 0528 ============================================================
19:13:58.0283 0528 Initialize success
19:13:58.0283 0528 ============================================================
19:14:05.0690 7072 ============================================================
19:14:05.0690 7072 Scan started
19:14:05.0690 7072 Mode: Manual; TDLFS;
19:14:05.0690 7072 ============================================================
19:14:07.0936 7072 ================ Scan system memory ========================
19:14:07.0936 7072 System memory - ok
19:14:07.0936 7072 ================ Scan services =============================
19:14:08.0123 7072 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:14:08.0139 7072 !SASCORE - ok
19:14:08.0810 7072 0167451319242593mcinstcleanup - ok
19:14:09.0621 7072 [ AF3A1AA81F875169DD9E55B1320057D6 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:14:09.0683 7072 ACPI - ok
19:14:09.0871 7072 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
19:14:09.0933 7072 Adobe Version Cue CS3 - ok
19:14:10.0011 7072 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:14:10.0027 7072 adp94xx - ok
19:14:10.0058 7072 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:14:10.0073 7072 adpahci - ok
19:14:10.0073 7072 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:14:10.0073 7072 adpu160m - ok
19:14:10.0089 7072 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:14:10.0089 7072 adpu320 - ok
19:14:10.0183 7072 [ 7233688FC422EF657E082309E6180142 ] ADVService C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
19:14:10.0183 7072 ADVService - ok
19:14:10.0214 7072 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:14:10.0214 7072 AeLookupSvc - ok
19:14:10.0604 7072 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
19:14:10.0651 7072 AESTFilters - ok
19:14:10.0822 7072 [ 9BB97042FA331A0FB4BDD98B9280A50A ] AFD C:\Windows\system32\drivers\afd.sys
19:14:10.0822 7072 AFD - ok
19:14:10.0869 7072 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:14:10.0869 7072 agp440 - ok
19:14:10.0900 7072 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:14:10.0900 7072 aic78xx - ok
19:14:10.0916 7072 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
19:14:10.0931 7072 ALG - ok
19:14:10.0931 7072 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
19:14:10.0931 7072 aliide - ok
19:14:11.0072 7072 [ FF6F0F6A2D72065AE4300426FA414693 ] Amazon Download Agent C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
19:14:11.0119 7072 Amazon Download Agent - ok
19:14:11.0181 7072 [ 9E28E3302025160F9CCC7272CEE0BE16 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:14:11.0181 7072 AMD External Events Utility - ok
19:14:11.0197 7072 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
19:14:11.0197 7072 amdide - ok
19:14:11.0197 7072 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:14:11.0197 7072 AmdK8 - ok
19:14:11.0259 7072 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
19:14:11.0259 7072 Appinfo - ok
19:14:11.0462 7072 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:14:11.0462 7072 Apple Mobile Device - ok
19:14:11.0493 7072 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
19:14:11.0493 7072 arc - ok
19:14:11.0524 7072 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:14:11.0524 7072 arcsas - ok
19:14:11.0555 7072 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:14:11.0555 7072 AsyncMac - ok
19:14:11.0571 7072 [ F988BB0690CD660318037908E9B8DBF7 ] atapi C:\Windows\system32\drivers\atapi.sys
19:14:11.0571 7072 atapi - ok
19:14:11.0597 7072 [ 08FA104F07B243508ECD8D59007D2B2F ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
19:14:11.0607 7072 AtiHdmiService - ok
19:14:11.0737 7072 [ 4BA27D602D5B74375E4D2F9622C9B114 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:14:11.0827 7072 atikmdag - ok
19:14:11.0867 7072 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:14:11.0877 7072 AudioEndpointBuilder - ok
19:14:11.0887 7072 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:14:11.0887 7072 AudioSrv - ok
19:14:12.0667 7072 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
19:14:12.0797 7072 AVGIDSAgent - ok
19:14:12.0887 7072 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
19:14:12.0887 7072 AVGIDSDriver - ok
19:14:12.0987 7072 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
19:14:12.0987 7072 AVGIDSFilter - ok
19:14:13.0017 7072 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
19:14:13.0017 7072 AVGIDSHA - ok
19:14:13.0087 7072 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
19:14:13.0097 7072 Avgldx64 - ok
19:14:13.0117 7072 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
19:14:13.0117 7072 Avgmfx64 - ok
19:14:13.0197 7072 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
19:14:13.0197 7072 Avgrkx64 - ok
19:14:13.0227 7072 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
19:14:13.0247 7072 Avgtdia - ok
19:14:13.0317 7072 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:14:13.0327 7072 avgwd - ok
19:14:13.0387 7072 [ BC4737AAFFA5964E4F8827C9B8C0EB8E ] BFE C:\Windows\System32\bfe.dll
19:14:13.0407 7072 BFE - ok
19:14:13.0458 7072 [ D896A0D43F8AB81ECB1FC6C24DECFD58 ] BITS C:\Windows\System32\qmgr.dll
19:14:13.0475 7072 BITS - ok
19:14:13.0503 7072 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:14:13.0506 7072 blbdrive - ok
19:14:13.0750 7072 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:14:13.0812 7072 Bonjour Service - ok
19:14:13.0874 7072 [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:14:13.0874 7072 bowser - ok
19:14:13.0890 7072 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:14:13.0906 7072 BrFiltLo - ok
19:14:13.0921 7072 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:14:13.0921 7072 BrFiltUp - ok
19:14:13.0952 7072 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
19:14:13.0952 7072 Browser - ok
19:14:14.0155 7072 [ C6B40DBC558A6CEC5832C34A1854AA2A ] Browser Defender Update Service C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
19:14:14.0202 7072 Browser Defender Update Service - ok
19:14:14.0218 7072 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
19:14:14.0218 7072 Brserid - ok
19:14:14.0218 7072 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:14:14.0233 7072 BrSerWdm - ok
19:14:14.0264 7072 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:14:14.0264 7072 BrUsbMdm - ok
19:14:14.0264 7072 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:14:14.0264 7072 BrUsbSer - ok
19:14:14.0296 7072 [ 12B275FD8EA054A719D024D7017EB932 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
19:14:14.0296 7072 BthEnum - ok
19:14:14.0311 7072 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:14:14.0311 7072 BTHMODEM - ok
19:14:14.0342 7072 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:14:14.0342 7072 BthPan - ok
19:14:14.0389 7072 [ 516CDDA5B7F6C6999DB7EB7425337A19 ] BthPort C:\Windows\system32\Drivers\BTHport.sys
19:14:14.0389 7072 BthPort - ok
19:14:14.0420 7072 [ E53AA49695B7BD95808B7C6DA170A40E ] BthServ C:\Windows\System32\bthserv.dll
19:14:14.0420 7072 BthServ - ok
19:14:14.0436 7072 [ 264CC52D69337CE5D12D13D71220B612 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:14:14.0452 7072 BTHUSB - ok
19:14:14.0452 7072 [ 319C67F7D157EAAC519DCC5F29E929D0 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
19:14:14.0467 7072 btwaudio - ok
19:14:14.0498 7072 [ 0B79273C8C2846D28AAB936E7A2DBAAD ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
19:14:14.0498 7072 btwavdt - ok
19:14:14.0561 7072 [ 6C32A638EE80FD832418CE78E516FFA1 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
19:14:14.0576 7072 btwdins - ok
19:14:14.0592 7072 [ FDA1B5124E07003C3D0D279E5050485E ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
19:14:14.0592 7072 btwl2cap - ok
19:14:14.0608 7072 [ 47216D8B5F4042E6D0736BFA2E57B5DF ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
19:14:14.0608 7072 btwrchid - ok
19:14:14.0623 7072 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:14:14.0623 7072 cdfs - ok
19:14:14.0639 7072 [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:14:14.0639 7072 cdrom - ok
19:14:14.0654 7072 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc C:\Windows\System32\certprop.dll
19:14:14.0654 7072 CertPropSvc - ok
19:14:14.0670 7072 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:14:14.0670 7072 circlass - ok
19:14:14.0717 7072 [ C12C4EE07843B595036DA0BAA6317936 ] CLFS C:\Windows\system32\CLFS.sys
19:14:14.0732 7072 CLFS - ok
19:14:14.0810 7072 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:14:14.0857 7072 clr_optimization_v2.0.50727_32 - ok
19:14:14.0888 7072 [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:14:14.0888 7072 clr_optimization_v2.0.50727_64 - ok
19:14:14.0920 7072 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:14:14.0935 7072 CmBatt - ok
19:14:14.0951 7072 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:14:14.0951 7072 cmdide - ok
19:14:14.0961 7072 [ 34A6AA82AA36C87FC8816F2097EFA345 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:14:14.0961 7072 Compbatt - ok
19:14:14.0961 7072 COMSysApp - ok
19:14:14.0971 7072 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:14:14.0971 7072 crcdisk - ok
19:14:15.0031 7072 [ 86A591677C54FF0C12290B3292202530 ] Creative ALchemy AL1 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
19:14:15.0031 7072 Creative ALchemy AL1 Licensing Service - ok
19:14:15.0121 7072 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
19:14:15.0131 7072 Creative Audio Engine Licensing Service - ok
19:14:15.0171 7072 [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:14:15.0181 7072 CryptSvc - ok
19:14:15.0311 7072 [ FF686C4620B646773C8181F1C7C5101C ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
19:14:15.0331 7072 CTAudSvcService - ok
19:14:15.0371 7072 [ 52CDADE8289FF21F1F2215FF51A5F36C ] DcomLaunch C:\Windows\system32\rpcss.dll
19:14:15.0391 7072 DcomLaunch - ok
19:14:15.0451 7072 [ 3725C43C9E90731ECA651D506CC599A3 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:14:15.0451 7072 DfsC - ok
19:14:15.0901 7072 [ 1781F99840979EE7B126C9073C377FD0 ] DFSR C:\Windows\system32\DFSR.exe
19:14:16.0201 7072 DFSR - ok
19:14:16.0241 7072 [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:14:16.0251 7072 Dhcp - ok
19:14:16.0281 7072 [ 2DC415FC05FB8A079F896CBBACB19324 ] disk C:\Windows\system32\drivers\disk.sys
19:14:16.0281 7072 disk - ok
19:14:16.0331 7072 [ DAF05293C1264E251D3A25E7E24B2DDF ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:14:16.0341 7072 Dnscache - ok
19:14:16.0411 7072 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
19:14:16.0431 7072 DockLoginService - ok
19:14:16.0441 7072 [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc C:\Windows\System32\dot3svc.dll
19:14:16.0441 7072 dot3svc - ok
19:14:16.0461 7072 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
19:14:16.0461 7072 DPS - ok
19:14:16.0486 7072 [ 97DC2A789C1BE458976507846A1A8CED ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:14:16.0489 7072 drmkaud - ok
19:14:16.0525 7072 [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:14:16.0548 7072 DXGKrnl - ok
19:14:16.0594 7072 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
19:14:16.0603 7072 e1express - ok
19:14:16.0632 7072 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
19:14:16.0637 7072 E1G60 - ok
19:14:16.0653 7072 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
19:14:16.0657 7072 EapHost - ok
19:14:16.0675 7072 [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache C:\Windows\system32\drivers\ecache.sys
19:14:16.0680 7072 Ecache - ok
19:14:16.0750 7072 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:14:16.0759 7072 ehRecvr - ok
19:14:16.0777 7072 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
19:14:16.0781 7072 ehSched - ok
19:14:16.0798 7072 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
19:14:16.0800 7072 ehstart - ok
19:14:16.0819 7072 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:14:16.0828 7072 elxstor - ok
19:14:16.0898 7072 [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:14:16.0939 7072 EMDMgmt - ok
19:14:16.0949 7072 [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:14:16.0951 7072 ErrDev - ok
19:14:17.0002 7072 [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem C:\Windows\system32\es.dll
19:14:17.0015 7072 EventSystem - ok
19:14:17.0024 7072 [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat C:\Windows\system32\drivers\exfat.sys
19:14:17.0028 7072 exfat - ok
19:14:17.0073 7072 [ E7F412035B832013FA32F412246C5BFF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
19:14:17.0079 7072 FACAP - ok
19:14:17.0209 7072 [ 4CD1D92DBF3BF28D43CFB98DFB91B7AB ] FAService C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
19:14:17.0258 7072 FAService - ok
19:14:17.0275 7072 [ FE731D345ED9EEABBC72A59B35941834 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:14:17.0281 7072 fastfat - ok
19:14:17.0295 7072 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:14:17.0297 7072 fdc - ok
19:14:17.0309 7072 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
19:14:17.0312 7072 fdPHost - ok
19:14:17.0321 7072 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
19:14:17.0323 7072 FDResPub - ok
19:14:17.0327 7072 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:14:17.0330 7072 FileInfo - ok
19:14:17.0346 7072 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:14:17.0348 7072 Filetrace - ok
19:14:17.0438 7072 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:14:17.0455 7072 FLEXnet Licensing Service - ok
19:14:17.0459 7072 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:14:17.0460 7072 flpydisk - ok
19:14:17.0478 7072 [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:14:17.0484 7072 FltMgr - ok
19:14:17.0551 7072 [ 73D0F1D32EDAE3DCC4E84468BF910ADD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:14:17.0557 7072 FontCache3.0.0.0 - ok
19:14:17.0580 7072 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:14:17.0583 7072 Fs_Rec - ok
19:14:17.0597 7072 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:14:17.0600 7072 gagp30kx - ok
19:14:17.0648 7072 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:14:17.0655 7072 GEARAspiWDM - ok
19:14:17.0710 7072 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
19:14:17.0712 7072 GoToAssist - ok
19:14:17.0738 7072 [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc C:\Windows\System32\gpsvc.dll
19:14:17.0750 7072 gpsvc - ok
19:14:17.0761 7072 [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:14:17.0763 7072 HDAudBus - ok
19:14:17.0790 7072 [ 824FD154B9371E42ADB67590BDED5F6C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:14:17.0793 7072 HidBth - ok
19:14:17.0850 7072 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:14:17.0852 7072 HidIr - ok
19:14:17.0864 7072 [ 77E34697087CFDBCFD9E0009704FB5AF ] hidserv C:\Windows\system32\hidserv.dll
19:14:17.0866 7072 hidserv - ok
19:14:17.0879 7072 [ 128E2DA8483FDD4DD0C7B3F9ABD6F323 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:14:17.0882 7072 HidUsb - ok
19:14:17.0903 7072 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
19:14:17.0907 7072 hkmsvc - ok
19:14:18.0116 7072 [ 853BABC289F2B46F8150DF0E0CF0B537 ] hnmsvc c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
19:14:18.0194 7072 hnmsvc - ok
19:14:18.0225 7072 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:14:18.0225 7072 HpCISSs - ok
19:14:18.0413 7072 [ E690736DA6C543F5D99C8FA27BEA31DB ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:14:18.0475 7072 HTTP - ok
19:14:18.0506 7072 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:14:18.0506 7072 i2omp - ok
19:14:18.0537 7072 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:14:18.0537 7072 i8042prt - ok
19:14:18.0567 7072 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:14:18.0587 7072 iaStorV - ok
19:14:18.0707 7072 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:14:18.0707 7072 IDriverT - ok
19:14:18.0757 7072 [ 76EA63CDB2D88DAE7209691D089BEF1D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:14:18.0787 7072 idsvc - ok
19:14:18.0787 7072 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:14:18.0797 7072 iirsp - ok
19:14:18.0817 7072 [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT C:\Windows\System32\ikeext.dll
19:14:18.0827 7072 IKEEXT - ok
19:14:18.0837 7072 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
19:14:18.0847 7072 intelide - ok
19:14:18.0847 7072 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:14:18.0857 7072 intelppm - ok
19:14:18.0867 7072 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:14:18.0867 7072 IPBusEnum - ok
19:14:18.0887 7072 [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:14:18.0887 7072 IpFilterDriver - ok
19:14:18.0907 7072 [ 82EFC3D6D161DD874F1203C5F60F623C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:14:18.0907 7072 iphlpsvc - ok
19:14:18.0907 7072 IpInIp - ok
19:14:18.0917 7072 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:14:18.0917 7072 IPMIDRV - ok
19:14:18.0927 7072 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:14:18.0927 7072 IPNAT - ok
19:14:18.0977 7072 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:14:19.0007 7072 iPod Service - ok
19:14:19.0017 7072 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:14:19.0017 7072 IRENUM - ok
19:14:19.0027 7072 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:14:19.0027 7072 isapnp - ok
19:14:19.0057 7072 [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:14:19.0067 7072 iScsiPrt - ok
19:14:19.0087 7072 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:14:19.0087 7072 iteatapi - ok
19:14:19.0117 7072 [ 5FEF11C18EC25CDCB27E6C8680690B69 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
19:14:19.0117 7072 itecir - ok
19:14:19.0127 7072 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:14:19.0137 7072 iteraid - ok
19:14:19.0167 7072 [ EB5C7891B9E6E4A1A4428F2160B12B53 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
19:14:19.0177 7072 k57nd60a - ok
19:14:19.0187 7072 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:14:19.0187 7072 kbdclass - ok
19:14:19.0207 7072 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:14:19.0207 7072 kbdhid - ok
19:14:19.0227 7072 [ 80F4593E92FF960E4763380D3168E498 ] KeyIso C:\Windows\system32\lsass.exe
19:14:19.0227 7072 KeyIso - ok
19:14:19.0277 7072 [ DFFCE158F86663123C11C18C7180BDF7 ] ksaud C:\Windows\system32\drivers\ksaud.sys
19:14:19.0287 7072 ksaud - ok
19:14:19.0337 7072 [ CCDCCE6224E1E207E953AF826B98A9D9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:14:19.0367 7072 KSecDD - ok
19:14:19.0377 7072 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:14:19.0387 7072 ksthunk - ok
19:14:19.0427 7072 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
19:14:19.0437 7072 KtmRm - ok
19:14:19.0517 7072 [ 3F27C9CDAE606D74431E3AB39571A7F3 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:14:19.0517 7072 LanmanServer - ok
19:14:19.0547 7072 [ 6E25FFC6FEAD6544C6E9F1D23329570C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:14:19.0557 7072 LanmanWorkstation - ok
19:14:19.0607 7072 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:14:19.0607 7072 lltdio - ok
19:14:19.0647 7072 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:14:19.0657 7072 lltdsvc - ok
19:14:19.0687 7072 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:14:19.0687 7072 lmhosts - ok
19:14:19.0717 7072 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:14:19.0717 7072 LSI_FC - ok
19:14:19.0727 7072 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:14:19.0727 7072 LSI_SAS - ok
19:14:19.0757 7072 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:14:19.0767 7072 LSI_SCSI - ok
19:14:19.0787 7072 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
19:14:19.0787 7072 luafv - ok
19:14:19.0857 7072 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:14:19.0857 7072 MBAMProtector - ok
19:14:19.0987 7072 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:14:20.0017 7072 MBAMScheduler - ok
19:14:20.0077 7072 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:14:20.0117 7072 MBAMService - ok
19:14:20.0147 7072 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:14:20.0157 7072 Mcx2Svc - ok
19:14:20.0207 7072 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
19:14:20.0207 7072 megasas - ok
19:14:20.0237 7072 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:14:20.0257 7072 MegaSR - ok
19:14:20.0287 7072 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
19:14:20.0287 7072 MMCSS - ok
19:14:20.0297 7072 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
19:14:20.0307 7072 Modem - ok
19:14:20.0327 7072 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:14:20.0327 7072 monitor - ok
19:14:20.0347 7072 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:14:20.0357 7072 mouclass - ok
19:14:20.0387 7072 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:14:20.0387 7072 mouhid - ok
19:14:20.0407 7072 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:14:20.0407 7072 MountMgr - ok
19:14:20.0477 7072 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:14:20.0477 7072 MozillaMaintenance - ok
19:14:20.0487 7072 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
19:14:20.0487 7072 mpio - ok
19:14:20.0512 7072 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:14:20.0515 7072 mpsdrv - ok
19:14:20.0536 7072 [ 8A670648C755867A3AA38DA50BA569AA ] MpsSvc C:\Windows\system32\mpssvc.dll
19:14:20.0548 7072 MpsSvc - ok
19:14:20.0560 7072 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:14:20.0562 7072 Mraid35x - ok
19:14:20.0567 7072 [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:14:20.0571 7072 MRxDAV - ok
19:14:20.0634 7072 [ B698EB9ACC7ECD4927D99D268918F912 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:14:20.0640 7072 mrxsmb - ok
19:14:20.0656 7072 [ 9A797E27FD28500EE13D43000C931435 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:14:20.0663 7072 mrxsmb10 - ok
19:14:20.0685 7072 [ F9425D610712533107A264E2D5B2154B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:14:20.0689 7072 mrxsmb20 - ok
19:14:20.0708 7072 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
19:14:20.0712 7072 msahci - ok
19:14:20.0728 7072 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:14:20.0732 7072 msdsm - ok
19:14:20.0741 7072 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
19:14:20.0745 7072 MSDTC - ok
19:14:20.0750 7072 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:14:20.0752 7072 Msfs - ok
19:14:20.0770 7072 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:14:20.0773 7072 msisadrv - ok
19:14:20.0858 7072 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:14:20.0883 7072 MSiSCSI - ok
19:14:20.0886 7072 msiserver - ok
19:14:20.0928 7072 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:14:20.0932 7072 MSKSSRV - ok
19:14:20.0968 7072 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:14:20.0971 7072 MSPCLOCK - ok
19:14:20.0991 7072 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:14:20.0993 7072 MSPQM - ok
19:14:21.0011 7072 [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:14:21.0018 7072 MsRPC - ok
19:14:21.0032 7072 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:14:21.0035 7072 mssmbios - ok
19:14:21.0054 7072 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:14:21.0057 7072 MSTEE - ok
19:14:21.0083 7072 [ DDF133501F68D6988A0F55DFA88637B4 ] Mup C:\Windows\system32\Drivers\mup.sys
19:14:21.0086 7072 Mup - ok
19:14:21.0264 7072 [ C25022CDD18980846973B598900915F8 ] napagent C:\Windows\system32\qagentRT.dll
19:14:21.0283 7072 napagent - ok
19:14:21.0309 7072 [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:14:21.0315 7072 NativeWifiP - ok
19:14:21.0364 7072 [ F9A3AE5C9F047D71A36A99F9ABCA7D02 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:14:21.0383 7072 NDIS - ok
19:14:21.0393 7072 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:14:21.0396 7072 NdisTapi - ok
19:14:21.0405 7072 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:14:21.0406 7072 Ndisuio - ok
19:14:21.0424 7072 [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:14:21.0429 7072 NdisWan - ok
19:14:21.0441 7072 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:14:21.0443 7072 NDProxy - ok
19:14:21.0459 7072 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:14:21.0462 7072 NetBIOS - ok
19:14:21.0480 7072 [ 7A29CA243A629230799754162D80120F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:14:21.0486 7072 netbt - ok
19:14:21.0498 7072 [ 80F4593E92FF960E4763380D3168E498 ] Netlogon C:\Windows\system32\lsass.exe
19:14:21.0499 7072 Netlogon - ok
19:14:21.0525 7072 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
19:14:21.0537 7072 Netman - ok
19:14:21.0565 7072 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
19:14:21.0572 7072 netprofm - ok
19:14:21.0599 7072 [ B84613B469B98E09F50A748C1D02E132 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:14:21.0602 7072 NetTcpPortSharing - ok
19:14:21.0699 7072 [ F17EDA58C8C5B1A4F873B322729168FF ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
19:14:21.0813 7072 NETw5v64 - ok
19:14:21.0828 7072 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:14:21.0832 7072 nfrd960 - ok
19:14:21.0884 7072 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
19:14:21.0890 7072 NlaSvc - ok
19:14:21.0899 7072 [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:14:21.0902 7072 Npfs - ok
19:14:21.0910 7072 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
19:14:21.0913 7072 nsi - ok
19:14:21.0926 7072 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:14:21.0928 7072 nsiproxy - ok
19:14:21.0967 7072 [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:14:22.0009 7072 Ntfs - ok
19:14:22.0033 7072 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
19:14:22.0035 7072 Null - ok
19:14:22.0052 7072 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:14:22.0057 7072 nvraid - ok
19:14:22.0061 7072 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:14:22.0064 7072 nvstor - ok
19:14:22.0092 7072 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:14:22.0096 7072 nv_agp - ok
19:14:22.0100 7072 NwlnkFlt - ok
19:14:22.0103 7072 NwlnkFwd - ok
19:14:22.0207 7072 [ D09CC91E92FD1FF81AF3A14BE2CBB20D ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
19:14:22.0211 7072 OA001Ufd - ok
19:14:22.0260 7072 [ A42CB6914AD67E1584E807CE53F1E62C ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
19:14:22.0267 7072 OA001Vid - ok
19:14:22.0353 7072 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:14:22.0366 7072 odserv - ok
19:14:22.0397 7072 [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:14:22.0402 7072 ohci1394 - ok
19:14:22.0434 7072 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:14:22.0440 7072 ose - ok
19:14:22.0468 7072 [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:14:22.0499 7072 p2pimsvc - ok
19:14:22.0529 7072 [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc C:\Windows\system32\p2psvc.dll
19:14:22.0536 7072 p2psvc - ok
19:14:22.0623 7072 [ 43E24699A18126F11E3D9BF6DB85518B ] Packet C:\Windows\system32\DRIVERS\packet.sys
19:14:22.0623 7072 Packet - ok
19:14:22.0701 7072 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
19:14:22.0701 7072 Parport - ok
19:14:22.0716 7072 [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:14:22.0732 7072 partmgr - ok
19:14:22.0748 7072 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
19:14:22.0748 7072 PcaSvc - ok
19:14:22.0904 7072 [ 58C1CD52347C4835DC3606CD4723F426 ] PCD5SRVC{048DBD20-445E8C82-05040104} C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms
19:14:23.0044 7072 PCD5SRVC{048DBD20-445E8C82-05040104} - ok
19:14:23.0106 7072 [ 2A5B2A51559066EA84742909B5B2CD69 ] pci C:\Windows\system32\drivers\pci.sys
19:14:23.0122 7072 pci - ok
19:14:23.0169 7072 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
19:14:23.0169 7072 pciide - ok
19:14:23.0200 7072 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:14:23.0216 7072 pcmcia - ok
19:14:23.0278 7072 [ 52FA4369E262B047EBD3A37155E30074 ] PCTCore C:\Windows\system32\drivers\PCTCore64.sys
19:14:23.0309 7072 PCTCore - ok
19:14:23.0434 7072 [ FF43E3B1687E4E2140DE6349EA5C7372 ] pctDS C:\Windows\system32\drivers\pctDS64.sys
19:14:23.0465 7072 pctDS - ok
19:14:23.0496 7072 [ 60E9A05852AF7E9CB11237C00AEE4CCF ] pctEFA C:\Windows\system32\drivers\pctEFA64.sys
19:14:23.0528 7072 pctEFA - ok
19:14:23.0574 7072 [ 8DA7DF6075472233CC5A9734BF973B2E ] PCTSD C:\Windows\system32\Drivers\PCTSD64.sys
19:14:23.0590 7072 PCTSD - ok
19:14:23.0637 7072 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:14:23.0652 7072 PEAUTH - ok
19:14:23.0715 7072 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:14:23.0715 7072 PerfHost - ok
19:14:23.0777 7072 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
19:14:23.0793 7072 pla - ok
19:14:23.0840 7072 [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:14:23.0840 7072 PlugPlay - ok
19:14:23.0871 7072 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:14:23.0871 7072 PNRPAutoReg - ok
19:14:23.0886 7072 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:14:23.0902 7072 PNRPsvc - ok
19:14:23.0918 7072 [ EEF3688D5E9592CBBBED00DE71DDA1EF ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:14:23.0933 7072 PolicyAgent - ok
19:14:23.0949 7072 [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:14:23.0964 7072 PptpMiniport - ok
19:14:23.0980 7072 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
19:14:23.0980 7072 Processor - ok
19:14:24.0011 7072 [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc C:\Windows\system32\profsvc.dll
19:14:24.0027 7072 ProfSvc - ok
19:14:24.0058 7072 [ 80F4593E92FF960E4763380D3168E498 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:14:24.0058 7072 ProtectedStorage - ok
19:14:24.0074 7072 [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:14:24.0074 7072 PSched - ok
19:14:24.0136 7072 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
19:14:24.0152 7072 PSI_SVC_2 - ok
19:14:24.0183 7072 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:14:24.0183 7072 PxHlpa64 - ok
19:14:24.0214 7072 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:14:24.0245 7072 ql2300 - ok
19:14:24.0245 7072 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:14:24.0261 7072 ql40xx - ok
19:14:24.0276 7072 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
19:14:24.0292 7072 QWAVE - ok
19:14:24.0292 7072 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:14:24.0292 7072 QWAVEdrv - ok
19:14:24.0417 7072 [ 4BA27D602D5B74375E4D2F9622C9B114 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
19:14:24.0448 7072 R300 - ok
19:14:24.0495 7072 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:14:24.0495 7072 RasAcd - ok
19:14:24.0588 7072 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
19:14:24.0588 7072 RasAuto - ok
19:14:24.0604 7072 [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:14:24.0604 7072 Rasl2tp - ok
19:14:24.0635 7072 [ D0C346D7DF0DF9B4899631796F177D56 ] RasMan C:\Windows\System32\rasmans.dll
19:14:24.0651 7072 RasMan - ok
19:14:24.0651 7072 [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:14:24.0651 7072 RasPppoe - ok
19:14:24.0666 7072 [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:14:24.0666 7072 RasSstp - ok
19:14:24.0682 7072 [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:14:24.0698 7072 rdbss - ok
19:14:24.0713 7072 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:14:24.0729 7072 RDPCDD - ok
19:14:24.0760 7072 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:14:24.0760 7072 rdpdr - ok
19:14:24.0776 7072 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:14:24.0776 7072 RDPENCDD - ok
19:14:24.0791 7072 [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:14:24.0791 7072 RDPWD - ok
19:14:24.0822 7072 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:14:24.0822 7072 RemoteAccess - ok
19:14:24.0854 7072 [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:14:24.0854 7072 RemoteRegistry - ok
19:14:24.0869 7072 [ A5FD55B4CCD5307F71C2C246F56C4D4F ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:14:24.0885 7072 RFCOMM - ok
19:14:24.0900 7072 [ D13D70FAC45FC1DF69F88559B1F72F0A ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
19:14:24.0900 7072 rimmptsk - ok
19:14:24.0916 7072 [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
19:14:24.0916 7072 rimsptsk - ok
19:14:24.0932 7072 [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
19:14:24.0932 7072 rismxdp - ok
19:14:24.0947 7072 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
19:14:24.0963 7072 RpcLocator - ok
19:14:24.0978 7072 [ 52CDADE8289FF21F1F2215FF51A5F36C ] RpcSs C:\Windows\system32\rpcss.dll
19:14:24.0994 7072 RpcSs - ok
19:14:25.0010 7072 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:14:25.0010 7072 rspndr - ok
19:14:25.0010 7072 [ 80F4593E92FF960E4763380D3168E498 ] SamSs C:\Windows\system32\lsass.exe
19:14:25.0010 7072 SamSs - ok
19:14:25.0148 7072 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:14:25.0148 7072 SASDIFSV - ok
19:14:25.0168 7072 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:14:25.0168 7072 SASKUTIL - ok
19:14:25.0188 7072 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:14:25.0188 7072 sbp2port - ok
19:14:25.0398 7072 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
19:14:25.0568 7072 SBSDWSCService - ok
19:14:25.0608 7072 [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:14:25.0608 7072 SCardSvr - ok
19:14:25.0678 7072 [ CE75D26E0A1106129F4D156851E298ED ] Schedule C:\Windows\system32\schedsvc.dll
19:14:25.0708 7072 Schedule - ok
19:14:25.0738 7072 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:14:25.0738 7072 SCPolicySvc - ok
19:14:26.0018 7072 [ CADC6D185D8560A1EC266B0A97C4F153 ] sdAuxService C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
19:14:26.0028 7072 sdAuxService - ok
19:14:26.0058 7072 [ FB30126D3E617C86CD8E8643792CA3CF ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
19:14:26.0068 7072 sdbus - ok
19:14:26.0138 7072 [ B895ECCD553FEEBB424E80B5D239757C ] sdCoreService C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
19:14:26.0178 7072 sdCoreService - ok
19:14:26.0238 7072 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:14:26.0248 7072 SDRSVC - ok
19:14:26.0308 7072 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:14:26.0318 7072 SeaPort - ok
19:14:26.0348 7072 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:14:26.0348 7072 secdrv - ok
19:14:26.0358 7072 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
19:14:26.0358 7072 seclogon - ok
19:14:26.0368 7072 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
19:14:26.0368 7072 SENS - ok
19:14:26.0388 7072 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:14:26.0388 7072 Serenum - ok
19:14:26.0398 7072 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
19:14:26.0408 7072 Serial - ok
19:14:26.0418 7072 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:14:26.0418 7072 sermouse - ok
19:14:26.0438 7072 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
19:14:26.0438 7072 SessionEnv - ok
19:14:26.0448 7072 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:14:26.0448 7072 sffdisk - ok
19:14:26.0448 7072 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:14:26.0448 7072 sffp_mmc - ok
19:14:26.0458 7072 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:14:26.0458 7072 sffp_sd - ok
19:14:26.0458 7072 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:14:26.0468 7072 sfloppy - ok
19:14:26.0488 7072 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:14:26.0498 7072 SharedAccess - ok
19:14:26.0612 7072 [ 9235EC680D3DB17464B39C7C7DECB4DD ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:14:26.0651 7072 ShellHWDetection - ok
19:14:26.0663 7072 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:14:26.0666 7072 SiSRaid2 - ok
19:14:26.0674 7072 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:14:26.0677 7072 SiSRaid4 - ok
19:14:26.0727 7072 [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc C:\Windows\system32\SLsvc.exe
19:14:26.0768 7072 slsvc - ok
19:14:26.0779 7072 [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:14:26.0783 7072 SLUINotify - ok
19:14:26.0789 7072 [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:14:26.0793 7072 Smb - ok
19:14:26.0807 7072 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:14:26.0810 7072 SNMPTRAP - ok
19:14:26.0822 7072 [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr C:\Windows\system32\drivers\spldr.sys
19:14:26.0825 7072 spldr - ok
19:14:26.0893 7072 [ 92E6738D25C2123BE9515C0EAC0776CD ] Spooler C:\Windows\System32\spoolsv.exe
19:14:26.0900 7072 Spooler - ok
19:14:26.0940 7072 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
19:14:26.0945 7072 sprtsvc_DellSupportCenter - ok
19:14:27.0016 7072 [ A8ABD7D0D907B45CF3831F4DD8644349 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:14:27.0030 7072 srv - ok
19:14:27.0123 7072 [ 6C72EEA39E1C37B436A6D1532999F9EC ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:14:27.0181 7072 srv2 - ok
19:14:27.0199 7072 [ 7F69BCF9E6FA3D93C82EE6B87812666D ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:14:27.0204 7072 srvnet - ok
19:14:27.0214 7072 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:14:27.0219 7072 SSDPSRV - ok
19:14:27.0240 7072 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:14:27.0245 7072 SstpSvc - ok
19:14:27.0518 7072 [ C5DF63AE2693C9B6B01B4A2E6C1C64AC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
19:14:27.0573 7072 STacSV - ok
19:14:27.0599 7072 [ BA16447226ABFD342E130D2F24F73D32 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
19:14:27.0608 7072 STHDA - ok
19:14:27.0642 7072 [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc C:\Windows\System32\wiaservc.dll
19:14:27.0722 7072 stisvc - ok
19:14:27.0769 7072 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
19:14:27.0769 7072 stllssvr - ok
19:14:27.0800 7072 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:14:27.0816 7072 swenum - ok
19:14:27.0878 7072 [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv C:\Windows\System32\swprv.dll
19:14:27.0894 7072 swprv - ok
19:14:27.0894 7072 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:14:27.0910 7072 Symc8xx - ok
19:14:27.0910 7072 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:14:27.0910 7072 Sym_hi - ok
19:14:27.0910 7072 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:14:27.0925 7072 Sym_u3 - ok
19:14:27.0956 7072 [ 79A93EC9D224B1F43C0E2F023D61DCA3 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:14:27.0956 7072 SynTP - ok
19:14:27.0972 7072 [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain C:\Windows\system32\sysmain.dll
19:14:28.0003 7072 SysMain - ok
19:14:28.0019 7072 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:14:28.0019 7072 TabletInputService - ok
19:14:29.0080 7072 [ C4C20CFA4F42E9B7454E895C5C47BCD3 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
19:14:29.0251 7072 TabletServicePen - ok
19:14:29.0345 7072 [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv C:\Windows\System32\tapisrv.dll
19:14:29.0423 7072 TapiSrv - ok
19:14:29.0438 7072 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
19:14:29.0438 7072 TBS - ok
19:14:29.0516 7072 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:14:29.0563 7072 Tcpip - ok
19:14:29.0610 7072 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:14:29.0610 7072 Tcpip6 - ok
19:14:29.0688 7072 [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:14:29.0688 7072 tcpipreg - ok
19:14:29.0750 7072 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:14:29.0750 7072 TDPIPE - ok
19:14:29.0750 7072 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:14:29.0750 7072 TDTCP - ok
19:14:29.0782 7072 [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:14:29.0782 7072 tdx - ok
19:14:29.0797 7072 [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:14:29.0797 7072 TermDD - ok
19:14:29.0813 7072 [ F870A5589D6A94B426EFB13689023946 ] TermService C:\Windows\System32\termsrv.dll
19:14:29.0828 7072 TermService - ok
19:14:29.0844 7072 [ 9235EC680D3DB17464B39C7C7DECB4DD ] Themes C:\Windows\system32\shsvcs.dll
19:14:29.0844 7072 Themes - ok
19:14:29.0860 7072 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
19:14:29.0860 7072 THREADORDER - ok
19:14:29.0922 7072 [ 7625DCF246E488E523DC1F64C38ABDA2 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
19:14:29.0922 7072 TouchServicePen - ok
19:14:29.0953 7072 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
19:14:29.0953 7072 TrkWks - ok
19:14:29.0984 7072 [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:14:29.0984 7072 TrustedInstaller - ok
19:14:30.0000 7072 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:14:30.0016 7072 tssecsrv - ok
19:14:30.0031 7072 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:14:30.0031 7072 tunmp - ok
19:14:30.0047 7072 [ F6A4FBA7C03AC2EFD00F3301C0C1E067 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:14:30.0047 7072 tunnel - ok
19:14:30.0062 7072 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:14:30.0078 7072 uagp35 - ok
19:14:30.0094 7072 [ ECA6629E33F122AFFF18A2AB7C3EB033 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:14:30.0094 7072 udfs - ok
19:14:30.0109 7072 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:14:30.0109 7072 UI0Detect - ok
19:14:30.0125 7072 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:14:30.0140 7072 uliagpkx - ok
19:14:30.0156 7072 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:14:30.0156 7072 uliahci - ok
19:14:30.0172 7072 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:14:30.0187 7072 UlSata - ok
19:14:30.0203 7072 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:14:30.0203 7072 ulsata2 - ok
19:14:30.0218 7072 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:14:30.0218 7072 umbus - ok
19:14:30.0234 7072 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
19:14:30.0234 7072 upnphost - ok
19:14:30.0296 7072 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:14:30.0296 7072 USBAAPL64 - ok
19:14:30.0374 7072 [ 471474EFA0640B426E9F8AA5A5FC2673 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:14:30.0374 7072 usbaudio - ok
19:14:30.0452 7072 [ AE3DEA342F01249317B2BB3DF0424238 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:14:30.0452 7072 usbccgp - ok
19:14:30.0468 7072 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:14:30.0468 7072 usbcir - ok
19:14:30.0499 7072 [ B89F9FE9FC1E7C9CB03ACB8819EB511D ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:14:30.0499 7072 usbehci - ok
19:14:30.0515 7072 [ F2C1D8EFF9C7CF84FF0235408ACD3F4B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:14:30.0530 7072 usbhub - ok
19:14:30.0546 7072 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:14:30.0546 7072 usbohci - ok
19:14:30.0577 7072 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:14:30.0577 7072 usbprint - ok
19:14:30.0624 7072 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:14:30.0624 7072 usbscan - ok
19:14:30.0655 7072 [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:14:30.0655 7072 USBSTOR - ok
19:14:30.0671 7072 [ 225E107785315874BA5C1ABC7DDA7BFC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:14:30.0671 7072 usbuhci - ok
19:14:30.0686 7072 [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms C:\Windows\System32\uxsms.dll
19:14:30.0702 7072 UxSms - ok
19:14:30.0718 7072 [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds C:\Windows\System32\vds.exe
19:14:30.0718 7072 vds - ok
19:14:30.0733 7072 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:14:30.0733 7072 vga - ok
19:14:30.0749 7072 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:14:30.0749 7072 VgaSave - ok
19:14:30.0764 7072 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
19:14:30.0764 7072 viaide - ok
19:14:30.0780 7072 [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:14:30.0780 7072 volmgr - ok
19:14:30.0796 7072 [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:14:30.0811 7072 volmgrx - ok
19:14:30.0827 7072 [ DE4307412D98050239026E56A7DFF3C0 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:14:30.0842 7072 volsnap - ok
19:14:30.0858 7072 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:14:30.0874 7072 vsmraid - ok
19:14:30.0905 7072 [ 186BD53F8A408AD20F5A056C05678629 ] VSS C:\Windows\system32\vssvc.exe
19:14:30.0936 7072 VSS - ok
19:14:30.0967 7072 [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time C:\Windows\system32\w32time.dll
19:14:30.0983 7072 W32Time - ok
19:14:30.0998 7072 [ 4F1FBD963F8520B7CE80FFA73EF7DE1D ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
19:14:31.0014 7072 wacmoumonitor - ok
19:14:31.0045 7072 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
19:14:31.0045 7072 wacommousefilter - ok
19:14:31.0061 7072 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:14:31.0061 7072 WacomPen - ok
19:14:31.0108 7072 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
19:14:31.0123 7072 wacomvhid - ok
19:14:31.0123 7072 WacomVKHid - ok
19:14:31.0154 7072 [ AEA75207E443C8623C36B8D03596F84F ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:14:31.0154 7072 Wanarp - ok
19:14:31.0154 7072 [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:14:31.0170 7072 Wanarpv6 - ok
19:14:31.0186 7072 [ 055449247C490E24B968B44FE8A969EB ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:14:31.0201 7072 wcncsvc - ok
19:14:31.0248 7072 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:14:31.0248 7072 WcsPlugInService - ok
19:14:31.0295 7072 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
19:14:31.0295 7072 Wd - ok
19:14:31.0373 7072 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
19:14:31.0373 7072 WDC_SAM - ok
19:14:31.0435 7072 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:14:31.0482 7072 Wdf01000 - ok
19:14:31.0498 7072 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:14:31.0498 7072 WdiServiceHost - ok
19:14:31.0513 7072 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:14:31.0529 7072 WdiSystemHost - ok
19:14:31.0576 7072 [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient C:\Windows\System32\webclnt.dll
19:14:31.0576 7072 WebClient - ok
19:14:31.0622 7072 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:14:31.0622 7072 Wecsvc - ok
19:14:31.0638 7072 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:14:31.0638 7072 wercplsupport - ok
19:14:31.0654 7072 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
19:14:31.0654 7072 WerSvc - ok
19:14:31.0669 7072 WinDefend - ok
19:14:31.0685 7072 WinHttpAutoProxySvc - ok
19:14:31.0910 7072 [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:14:31.0920 7072 Winmgmt - ok
19:14:31.0980 7072 [ AEB6C5200FD5517F06076AF0EE4538E1 ] WinRM C:\Windows\system32\WsmSvc.dll
19:14:32.0000 7072 WinRM - ok
19:14:32.0050 7072 [ 0A69955261C1B54206ADC9BEB89517DE ] Wlansvc C:\Windows\System32\wlansvc.dll
19:14:32.0070 7072 Wlansvc - ok
19:14:32.0090 7072 [ 7999DFB1C555EFC0DB69576F70027867 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:14:32.0090 7072 WmiAcpi - ok
19:14:32.0110 7072 [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:14:32.0120 7072 wmiApSrv - ok
19:14:32.0130 7072 WMPNetworkSvc - ok
19:14:32.0140 7072 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:14:32.0140 7072 WPCSvc - ok
19:14:32.0150 7072 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:14:32.0160 7072 WPDBusEnum - ok
19:14:32.0190 7072 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:14:32.0200 7072 WpdUsb - ok
19:14:32.0210 7072 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:14:32.0210 7072 ws2ifsl - ok
19:14:32.0220 7072 [ CB8EA6D95949384925CCFCA21CC6DFD8 ] wscsvc C:\Windows\System32\wscsvc.dll
19:14:32.0230 7072 wscsvc - ok
19:14:32.0230 7072 WSearch - ok
19:14:32.0340 7072 [ FB3796754FE00F0BDC87A36F164A5F4D ] wuauserv C:\Windows\system32\wuaueng.dll
19:14:32.0390 7072 wuauserv - ok
19:14:32.0420 7072 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:14:32.0420 7072 WUDFRd - ok
19:14:32.0500 7072 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:14:32.0500 7072 wudfsvc - ok
19:14:32.0570 7072 [ 74983ADDCA2D9618512C088D856D6615 ] {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
19:14:32.0570 7072 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
19:14:32.0580 7072 ================ Scan global ===============================
19:14:32.0610 7072 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
19:14:32.0690 7072 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
19:14:32.0710 7072 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
19:14:32.0730 7072 [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe
19:14:32.0740 7072 [Global] - ok
19:14:32.0740 7072 ================ Scan MBR ==================================
19:14:32.0760 7072 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
19:14:33.0290 7072 \Device\Harddisk0\DR0 - ok
19:14:33.0290 7072 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:14:33.0480 7072 \Device\Harddisk1\DR1 - ok
19:14:33.0480 7072 ================ Scan VBR ==================================
19:14:33.0500 7072 [ 5137CB185B10339B529CA2CCD62B8A85 ] \Device\Harddisk0\DR0\Partition1
19:14:33.0560 7072 \Device\Harddisk0\DR0\Partition1 - ok
19:14:33.0560 7072 [ 4F9B9F7BCDDA53C3399FEF66037BD13D ] \Device\Harddisk0\DR0\Partition2
19:14:33.0636 7072 \Device\Harddisk0\DR0\Partition2 - ok
19:14:33.0640 7072 [ EE3DC49BBC7BDFB67117D318E9B51AA1 ] \Device\Harddisk1\DR1\Partition1
19:14:33.0644 7072 \Device\Harddisk1\DR1\Partition1 - ok
19:14:33.0645 7072 ============================================================
19:14:33.0645 7072 Scan finished
19:14:33.0645 7072 ============================================================
19:14:33.0655 1636 Detected object count: 0
19:14:33.0655 1636 Actual detected object count: 0

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:44 PM

Posted 01 October 2012 - 09:34 PM

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it . For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 aybee

aybee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 02 October 2012 - 08:25 AM

FSS
Farbar Service Scanner Version: 19-09-2012
Ran by Ariel (administrator) on 02-10-2012 at 07:58:37
Running from "H:\Temp\virus bleep again"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-10-20 06:23] - [2009-08-06 22:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Junkware Removal Tool

Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.1 (10.01.2012)
OS: Windows ™ Vista Home Premium x64
Ran by Ariel on Tue 10/02/2012 at 8:20:33.08
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\wow6432node\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_classes_root\appid\{ea28b360-05e0-4f93-8150-02891f1d8d3c}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\appid\{ea28b360-05e0-4f93-8150-02891f1d8d3c}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\wow6432node\appid\{ea28b360-05e0-4f93-8150-02891f1d8d3c}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\wow6432node\classes\appid\{ea28b360-05e0-4f93-8150-02891f1d8d3c}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{fd72061e-9fde-484d-a58a-0bab4151cad8}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\wow6432node\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\wow6432node\classes\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [KEY] "hkey_current_user\software\incredimail"



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired

Potentially unwanted user.js Detected!
Dumping contents:


=============================
user_pref("network.protocol-handler.warn-external.dnupdate", false);user_pref("network.protocol-handler.warn-external.dnupdate", false);user_pref("network.protocol-handler.warn-external.dnupdate", false);user_pref("network.protocol-handler.warn-external.dnupdate", false);user_pref("extentions.y2layers.installId", "236cf153-3186-4ee6-a14f-fb2db2bebe83");
user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,");
user_pref("extensions.autoDisableScopes", 14);
user_pref("security.csp.enable", false);
user_pref("network.protocol-handler.warn-external.dnupdate", false);
=============================

Successfully deleted: [USER.JS PROFILE] "user.js"
Successfully deleted: [FF EXTENSIONS PROFILE] oneclickdownload@oneclickdownload.com
Removed the following from [PREFS.JS] :

user_pref("extensions.addonfox.addit.remoteInstallItems", "{ \"software\": {\"31\": {\"id\": \"31\",\"title\": \"PriceGong\",\"type\": \"XPI\",\"url\": \"https://addons.mozilla.org/firefox/downloads/file/117562/pricegong_automatic_price_comparison_addon_for_firefox-2.2.0-fx-windows.xpi?src=external-addonfox\",\"homepage\": \"http://www.pricegong.com/\",\"icon url\": \"http://www.pricegong.com/favicon.ico\",\"is standalone\": \"\",\"xpi euid\": \"8A9386B4-E958-4c4c-ADF4-8F26DB3E4829\",\"category\": \"General\",\"is default\": \"1\",\"name\": \"PriceGongMozilla\",\"description\": \"Compare prices for you when you shop online on e-commerce sites.\"},\"15\": {\"id\": \"15\",\"title\": \"Surf Canyon\",\"type\": \"XPI\",\"url\": \"https://www.surfcanyon.com/search/surfcanyon_afa.xpi\",\"homepage\": \"http://www.surfcanyon.com/\",\"icon url\": \"http://www.surfcanyon.com/favicon.ico\",\"is standalone\": \"\",\"xpi euid\": \"75623d5d-4683-402a-b610-ac4bab767c86\",\"xpi prefs\": \"surfcanyon.inst_id=XPI_PREF_FUNCTION:random#16,surfcanyon.inst_timestamp=XPI_PREF_FUNCTION:time,surfcanyon.partner_code='AFA',surfcanyon.display_similar_product_images=true,surfcanyon.coupons_enabled=true,surfcanyon.price_trace_enabled=true\",\"category\": \"Customization\",\"is default\": \"1\",\"name\": \"SurfCanyon\",\"description\": \"Improve relevancy by up to 40% on Google, Bing, Yahoo! and Craigslist\"},\"55\": {\"id\": \"55\",\"title\": \"Complitly\",\"type\": \"XPI\",\"url\": \"http://www.autocompletepro.com/publishers/16667/LinkularAcPro.xpi\",\"homepage\": \"http://www.complitly.com/\",\"icon url\": \"http://www.complitly.com/favicon.ico\",\"is standalone\": \"\",\"xpi euid\": \"33e0daa6-3af3-d8b5-6752-10e949c61516\",\"category\": \"Social\",\"is default\": \"1\",\"name\": \"Complitly\",\"description\": \"Speed up your search with your password search suggestion tool\"},\"1\": {\"id\": \"1\",\"title\": \"FoxLingo\",\"type\": \"XPI\",\"url\": \"https://addons.mozilla.org/en-US/firefox/downloads/latest/2444/addon-2444-latest.xpi?src=external-addonfox\",\"homepage\": \"http://www.foxlingo.com/\",\"icon url\": \"http://www.foxlingo.com/favicon.ico\",\"is standalone\": \"\",\"xpi euid\": \"ef62e1ce-d2a4-4cdd-b7ec-92b120366b66\",\"xpi prefs\": \"foxlingo.fulllogo=false\",\"category\": \"Language\",\"is default\": \"1\",\"name\": \"FoxLingo\",\"description\": \"Web page and text translator, dictionary, grammar checker, text-to-speech, etc.\"},\"82\": {\"id\": \"82\",\"title\": \"DealPly\",\"type\": \"XPI\",\"url\": \"http://installs.dealply.com/latest/adfx/adfx/dealply.xpi\",\"homepage\": \"http://www.dealply.com\",\"icon url\": \"http://www.linkular.com/img/icons/publishers/dealply.ico\",\"is standalone\": \"\",\"xpi euid\": \"EB9394A3-4AD6-4918-9537-31A1FD8E8EDF\",\"category\": \"General\",\"is default\": \"1\",\"name\": \"DealPly\",\"description\": \"Save time and money, tap into thousands of deals and coupons, etc.\"},\"56\": {\"id\": \"56\",\"title\": \"WebMynd\",\"type\": \"XPI\",\"url\": \"http://www.webmynd.com/html/WebMyndLinkular.xpi\",\"homepage\": \"http://www.webmynd.com/\",\"icon url\": \"http://www.webmynd.com/favicon.ico\",\"is standalone\": \"\",\"xpi euid\": \"webmynd@yourentirelife.com\",\"category\": \"Customization\",\"is default\": \"1\",\"name\": \"WebMynd\",\"description\": \"Get search results from Gmail, Facebook, and more, along with Google search\"},\"2\": {\"id\": \"2\",\"title\": \"LinkExtend\",\"type\": \"XPI\",\"url\": \"https://addons.mozilla.org/en-US/firefox/downloads/latest/10777/addon-10777-latest.xpi?src=external-addonfox\",\"homepage\": \"http://www.linkextend.com/\",\"icon url\": \"http://www.linkextend.com/favicon.ico\",\"is standalone\": \"\",\"xpi euid\": \"cf47767d-5f3a-4e32-9fce-5d79565c9702\",\"xpi prefs\": \"extensions.linkextend.version='1',extensions.linkextend.search-kidsafe=false,extensions.linkextend.search-siteTools=false,extensions.linkextend.search-sitetraffic=false,extensions.linkextend.search-pagerank=false,extensions.linkextend.searchResultNumber=false,extensions.linkextend.search-visited=false,extensions.linkextend.searchSiteIcon=false,extensions.linkextend.search-disableThumbnails=false,extensions.addonfox.collapseToolbar.linkextend-toolbar-0-9-5=true\",\"category\": \"Security\",\"is default\": \"1\",\"name\": \"LinkExtend\",\"description\": \"Provides meta-site-ratings for computer safety, child safety, popularity, etc.\"},\"8\": {\"id\": \"8\",\"title\": \"PriceTrace\",\"type\": \"XPI\",\"url\": \"https://addons.mozilla.org/en-US/firefox/downloads/latest/13805/addon-13805-latest.xpi?src=external-addonfox\",\"homepage\": \"http://www.pricetrace.com/\",\"icon url\": \"http://www.pricetrace.com/favicon.ico\",\"is standalone\": \"\",\"xpi euid\": \"72938f90-8d8a-11de-8a39-0800200c9a66\",\"xpi prefs\": \"pricetrace.location='button',extensions.addonfox.collapseToolbar.pricetrace-toolbar=true\",\"category\": \"General\",\"is default\": \"\",\"name\": \"PriceTrace\",\"description\": \"Do price comparison between online stores like Amazon, Newegg, Walmart, etc.\"},\"3\": {\"id\": \"3\",\"title\": \"TweakTube\",\"type\": \"XPI\",\"url\": \"https://addons.mozilla.org/he/firefox/downloads/latest/179387/addon-179387-latest.xpi?src=external-addonfox\",\"homepage\": \"http://www.tweaktube.com/\",\"icon url\": \"http://www.tweaktube.com/favicon.ico\",\"is standalone\": \"\",\"xpi euid\": \"15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed\",\"xpi prefs\": \"extensions.tweaktube.version='1'\",\"category\": \"Media\",\"is default\": \"\",\"name\": \"TweakTube\",\"description\": \"The Ultimate YouTube Enhancer, instantly add many tweaks to YouTube\"}}}");
user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,");
user_pref("extentions.y2layers.installId", "236cf153-3186-4ee6-a14f-fb2db2bebe83");
user_pref("extentions.y2layers.lastDnsTest", 371300);


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Tue 10/02/2012 at 8:21:00.23
End of Report

MiniToolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Ariel (administrator) on 02-10-2012 at 08:50:04
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost








































































































































































































74.55.76.230 www.google-analytics.com.
74.55.76.230 ad-emea.doubleclick.net.
74.55.76.230 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
Intel® WiFi Link 5100 AGN = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Mello
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-22-FB-98-38-50
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-22-19-F9-BD-FB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2409:9a95:1adb:21dc%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, October 02, 2012 2:50:49 AM
Lease Expires . . . . . . . . . . : Wednesday, October 03, 2012 2:50:49 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3c7c:120c:3f57:fe98(Preferred)
Link-local IPv6 Address . . . . . : fe80::3c7c:120c:3f57:fe98%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{76DBF458-C5AF-4493-8AF0-A8B7A4118E6C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{189F314B-693B-4769-84A4-442F0BED50BD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 2607:f8b0:4006:803::1006
173.194.43.5
173.194.43.6
173.194.43.7
173.194.43.8
173.194.43.9
173.194.43.14
173.194.43.0
173.194.43.1
173.194.43.2
173.194.43.3
173.194.43.4

Pinging google.com [74.125.226.225] with 32 bytes of data:Reply from 74.125.226.225: bytes=32 time=19ms TTL=53Reply from 74.125.226.225: bytes=32 time=20ms TTL=53Ping statistics for 74.125.226.225: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 19ms, Maximum = 20ms, Average = 19msServer: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:Reply from 98.138.253.109: bytes=32 time=77ms TTL=47Reply from 98.138.253.109: bytes=32 time=112ms TTL=46Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 77ms, Maximum = 112ms, Average = 94msServer: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
12 ...00 22 fb 98 38 50 ...... Intel® WiFi Link 5100 AGN
11 ...00 22 19 f9 bd fb ...... Broadcom NetLink ™ Gigabit Ethernet
1 ........................... Software Loopback Interface 1
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 isatap.{76DBF458-C5AF-4493-8AF0-A8B7A4118E6C}
16 ...00 00 00 00 00 00 00 e0 isatap.{189F314B-693B-4769-84A4-442F0BED50BD}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.103 276
192.168.1.103 255.255.255.255 On-link 192.168.1.103 276
192.168.1.255 255.255.255.255 On-link 192.168.1.103 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.103 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.103 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:3c7c:120c:3f57:fe98/128
On-link
11 276 fe80::/64 On-link
10 266 fe80::/64 On-link
11 276 fe80::2409:9a95:1adb:21dc/128
On-link
10 266 fe80::3c7c:120c:3f57:fe98/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [42496] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447960] (PC Tools Research Pty Ltd.)
x64-Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447960] (PC Tools Research Pty Ltd.)
x64-Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447960] (PC Tools Research Pty Ltd.)
x64-Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447960] (PC Tools Research Pty Ltd.)
x64-Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447960] (PC Tools Research Pty Ltd.)
x64-Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447960] (PC Tools Research Pty Ltd.)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 17 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 18 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447960] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/02/2012 03:03:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2.manifest.

Error: (10/02/2012 03:03:05 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2.manifest.

Error: (10/02/2012 02:51:34 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/02/2012 02:51:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2012 03:41:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/01/2012 03:41:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2012 01:43:17 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/01/2012 01:43:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2012 01:42:57 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/01/2012 08:38:23 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (08/03/2012 06:14:32 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:07:34 PM on 8/3/2012 was unexpected.

Error: (08/03/2012 05:51:27 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Player Network Sharing ServiceUPnP Device Host%%1058

Error: (08/03/2012 05:51:15 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.104 for the Network Card with network address 002219F9BDFB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/03/2012 05:28:56 PM) (Source: Service Control Manager) (User: )
Description: 30000Advanced Networking Service

Error: (08/03/2012 05:27:31 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (08/03/2012 05:27:25 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:25:29 PM on 8/3/2012 was unexpected.

Error: (08/03/2012 05:12:09 PM) (Source: netbt) (User: )
Description: The name "VIOLET-PC :0" could not be registered on the interface with IP address 192.168.1.104.
The computer with the IP address 192.168.1.100 did not allow the name to be claimed by
this computer.

Error: (08/03/2012 05:08:48 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Player Network Sharing ServiceUPnP Device Host%%1058

Error: (08/03/2012 05:07:41 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (08/03/2012 05:07:39 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:04:59 PM on 8/3/2012 was unexpected.


Microsoft Office Sessions:
=========================
Error: (06/19/2010 04:09:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.6415.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 454310 seconds with 360 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

µTorrent (Version: 1.8.3)
AIM for Windows
Always Remember Me
Amazon Kindle For PC
Apple Mobile Device Support (Version: 5.1.1.4)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2441)
AVG 2012 (Version: 2012.0.2221)
Bamboo (Version: 5.2.5-5)
Bonjour (Version: 3.0.0.10)
ccc-utility64 (Version: 2009.0422.2238.38828)
College Romance: Rise Of The Young Brother DEMO
Dell Dock (Version: 1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 12.0.1.0)
FastAccess (Version: 2.2.13.1)
Google Chrome (Version: 22.0.1229.79)
Hitman Pro 3.5 (Version: 3.5.9.130)
iCloud (Version: 1.1.0.40)
IconHandler 64 bit (Version: 2.0)
Integrated Webcam Driver (1.05.02.1227) (Version: 1.05.02.1227)
iTunes (Version: 10.6.1.7)
Java™ 6 Update 13 (64-bit) (Version: 6.0.130)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.8.0)
Quickset (Version: 9.2.13)
Spirited Heart Demo
Summer Session
SUPERAntiSpyware (Version: 5.0.1134)
The Flower Shop
WIDCOMM Bluetooth Software 6.1.0.4402 (Version: 6.1.0.4402)
WinHTTrack Website Copier 3.43-9C (x64) (Version: 3.43.9)
WinRAR archiver
Yontoo 1.10.02 (Version: 1.10.02)

========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 6137.95 MB
Available physical RAM: 2547.97 MB
Total Pagefile: 12438.93 MB
Available Pagefile: 8585.1 MB
Total Virtual: 4095.88 MB
Available Virtual: 3995.58 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:128.55 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.27 GB) NTFS
4 Drive h: (My Book) (Fixed) (Total:930.86 GB) (Free:345.91 GB) NTFS
5 Drive i: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\MELLO

Administrator Ariel Guest

========================= Restore Points ==================================

22-07-2012 02:12:33 Installed AVG 2012
22-07-2012 02:20:32 Removed AVG 2012
25-07-2012 16:14:54 Scheduled Checkpoint
09-08-2012 21:25:47 Scheduled Checkpoint
11-08-2012 16:49:35 Scheduled Checkpoint
15-08-2012 21:32:17 Scheduled Checkpoint
17-08-2012 21:35:44 Scheduled Checkpoint
18-08-2012 18:06:48 Scheduled Checkpoint
22-08-2012 04:40:28 Scheduled Checkpoint
24-08-2012 18:18:43 Scheduled Checkpoint
26-08-2012 15:32:37 Scheduled Checkpoint
08-09-2012 16:17:51 Scheduled Checkpoint
14-09-2012 23:30:55 Scheduled Checkpoint
21-09-2012 12:27:11 Windows Update
22-09-2012 18:24:06 Scheduled Checkpoint

**** End of log ****


ESETLOG

C:\Program Files (x86)\PCSafeDoctor\RkHitApi.dll Win32/Adware.SpywareCease.AA application cleaned by deleting - quarantined
C:\Program Files (x86)\PCSafeDoctor\ussafe.dll a variant of Win32/Adware.SpywareCease.AC application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Temp\cnet_HitmanPro35_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Ariel\AppData\Local\Temp\YontooLayers\background.html Win32/Adware.Yontoo.C application cleaned by deleting - quarantined
C:\Windows\System32\drivers\RKHit.sys Win32/Adware.SpywareCease application cleaned by deleting - quarantined
H:\Temp\PCSafeDoctor_Setup.exe multiple threats cleaned by deleting - quarantined
H:\Temp\RegistryCleanerFreeSetup.exe a variant of Win32/Adware.RealRegistryCleaner application cleaned by deleting - quarantined
H:\Temp\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined


...well that's a lot of crap on the poor machine. Don't even know where half of it came from. Anyway, running malware while I'm out, BBL with a log. Thus far, it's still doing the popup, but the redirect MAY have stopped (it hasn't happened in a while, but it wasn't totally consistent, so it's hard to say for sure).

Edit: Forgot to run Junkware as an admin. Running it again.

Edited by aybee, 02 October 2012 - 08:27 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:44 PM

Posted 02 October 2012 - 08:28 AM

Please post the Adware cleaner log with malwarebytes log

right click on JUNKWARE removal tool-select run as administrator and post the new log

Click on startmenu and type

cmd

right click on it and select run as administrator

Now copy following commands and press ENTER one by one

cd C:\windows\system32\drivers\etc
takeown /a /f hosts
cacls hosts /p everyone:f


Press Y

attrib -s -h -r hosts

After running these commands

Download

Hosts fixit

Run it,restart the PC

Now launch mini toolbox and checkmark hosts contents alone and post the new log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

Edited by narenxp, 02 October 2012 - 08:29 AM.


#7 aybee

aybee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 02 October 2012 - 08:46 AM

The new Junkware Log:

Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.1 (10.01.2012)
OS: Windows ™ Vista Home Premium x64
Ran by Ariel on Tue 10/02/2012 at 9:42:26.33
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
Successfully deleted: [KEY] hkey_classes_root\appid\{ea28b360-05e0-4f93-8150-02891f1d8d3c}
Successfully deleted: [KEY] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Tue 10/02/2012 at 9:43:02.32
End of Report


Be back later with EVERYTHING ELSE.

#8 aybee

aybee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 02 October 2012 - 03:19 PM

Okay, here we go.

Adware Cleaner
# AdwCleaner v2.003 - Logfile created 10/02/2012 at 09:46:51
# Updated 23/09/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 1 (64 bits)
# User : Ariel - MELLO
# Boot Mode : Normal
# Running from : H:\Temp\virus bleep again\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\Software Update Utility
Deleted on reboot : C:\Program Files (x86)\DAEMON Tools Toolbar
Deleted on reboot : C:\ProgramData\Tarma Installer
Deleted on reboot : C:\ProgramData\Trymedia
Deleted on reboot : C:\ProgramData\Viewpoint
Deleted on reboot : C:\Users\Ariel\AppData\LocalLow\boost_interprocess
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default
File : C:\Users\Ariel\AppData\Roaming\Mozilla\Firefox\Profiles\a5hm6qka.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [6544 octets] - [02/10/2012 09:46:51]

########## EOF - C:\AdwCleaner[S2].txt - [6604 octets] ##########


Malwarebytes

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.01.07

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 8.0.6001.19088
Ariel :: MELLO [administrator]

10/2/2012 9:55:45 AM
mbam-log-2012-10-02 (09-55-45).txt

Scan type: Full scan (C:\|D:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1030326
Time elapsed: 4 hour(s), 49 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Minitoolbox
MiniToolBox by Farbar Version: 23-07-2012
Ran by Ariel (administrator) on 02-10-2012 at 15:44:50
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

::1 localhost
127.0.0.1 localhost


**** End of log ****

RKill
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/02/2012 03:45:49 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Ariel\Desktop\rkill\rkill-10-02-2012-03-45-51.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic

* gpsvc => %windir%\system32\svchost.exe -k GPSvcGroup [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 10/02/2012 03:46:05 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)

Autoruns
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "QuickSet" "QuickSet" "Dell Inc." "c:\program files\dell\quickset\quickset.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpenh.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray64.exe"
+ "Windows Defender" "Windows Defender User Interface" "Microsoft Corporation" "c:\program files\windows defender\msascui.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acrobat Assistant 8.0" "AcroTray" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 8.0\acrobat\acrotray.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "Adobe_ID0EYTHM" "Adobe Version Cue CS3" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3tray.exe"
+ "AmazonGSDownloaderTray" "TaskTray Application" "Amazon.com" "c:\program files (x86)\amazon\amazon games & software downloader\amazongsdownloadertray.exe"
+ "AppleSyncNotifier" "AppleSyncNotifier" "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applesyncnotifier.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgtray.exe"
+ "BambooCore" "BambooDock back-end application" "" "c:\program files (x86)\bamboo dock\bamboocore.exe"
+ "Dell Webcam Central" "Dell Webcam Central Application" "Creative Technology Ltd." "c:\program files (x86)\dell webcam\dell webcam central\webcamdell.exe"
+ "DellSupportCenter" "" "SupportSoft, Inc." "c:\program files (x86)\dell support center\bin\sprtcmd.exe"
+ "FATrayAlert" "FATrayMon" "Sensible Vision " "c:\program files (x86)\sensible vision\fast access\fatraymon.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "Module Loader" "DLL Module Loader" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\module loader\dllml.exe"
+ "PCTools FGuard" "Browser Defender Social On Disk" "Threat Expert Ltd." "c:\program files (x86)\pc tools security\bdt\fguard.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "VolPanel" "VolPanlu.exe" "Creative Technology Ltd" "c:\program files (x86)\creative\sound blaster x-fi notebook\volume panel\volpanlu.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Bluetooth.lnk" "Bluetooth Tray Application" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\bttray.exe"
"C:\Users\Ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "OneNote 2007 Screen Clipper and Launcher.lnk" "Microsoft Office OneNote Quick Launcher" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onenotem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Gadwin PrintScreen" "Gadwin PrintScreen" "Gadwin Systems, Inc" "c:\program files (x86)\gadwin systems\printscreen\printscreen.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\users\ariel\appdata\local\google\update\googleupdate.exe"
+ "Messenger (Yahoo!)" "Yahoo! Messenger" "Yahoo! Inc." "c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe"
+ "MobileDocuments" "ubd.exe" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\ubd.exe"
+ "MtdAcqu" "Metadata monitor" "Creative Technology Ltd" "c:\program files (x86)\creative\mediasource5\mtdacqu.exe"
+ "Sidebar" "Windows Sidebar" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "SpybotSD TeaTimer" "System settings protector" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy\teatimer.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" ""
+ "BTW Setup Wizard" "BtWizard Module" "Broadcom Corporation." "c:\windows\system32\btwizard.dll"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgppa.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 8.0\acrobat elements\contextmenu64.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgsea.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 8.0\acrobat elements\contextmenu.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgse.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files (x86)\filezilla ftp client\fzshellext_64.dll"
+ "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\windows\system32\btncopy.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files (x86)\filezilla ftp client\fzshellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "AudibleShlExt Class" "AudibleExt Module" "Audible, Inc." "c:\program files (x86)\audible\bin\audibleext.dll"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 8.0\acrobat elements\contextmenu64.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgsea.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 8.0\acrobat elements\contextmenu.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgse.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgssiea.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\acrobat 8.0\acrobat\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiex.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgssie.dll"
+ "ContributeBHO Class" "Contribute IE Plugin" "Adobe Systems Incorporated." "c:\program files (x86)\adobe\/adobe contribute cs3/contributeieplugin.dll"
+ "DivX HiQ" "DivX Web Player version 2.1.1.94" "DivX, LLC" "c:\program files (x86)\divx\divx plus web player\npdivx32.dll"
+ "DivX Plus Web Player HTML5 <video>" "DivX Web Player version 2.1.1.94" "DivX, LLC" "c:\program files (x86)\divx\divx plus web player\npdivx32.dll"
+ "FAIESSOHelper Class" "FAIESSO Application" "Sensible Vision " "c:\program files (x86)\sensible vision\fast access\faiesso.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "PC Tools Browser Guard BHO" "Browser Defender Toolbar" "Threat Expert Ltd." "c:\program files (x86)\pc tools security\bdt\pctbrowserdefender.dll"
+ "Search Helper" "Search Helper for Internet Explorer" "Microsoft Corporation" "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files (x86)\spybot - search & destroy\sdhelper.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Windows Live Toolbar Helper" "Windows Live Toolbar Core" "Microsoft Corporation" "c:\program files (x86)\windows live\toolbar\wltcore.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "&Windows Live Toolbar" "Windows Live Toolbar Core" "Microsoft Corporation" "c:\program files (x86)\windows live\toolbar\wltcore.dll"
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\acrobat 8.0\acrobat\acroiefavclient.dll"
+ "PC Tools Browser Guard" "Browser Defender Toolbar" "Threat Expert Ltd." "c:\program files (x86)\pc tools security\bdt\pctbrowserdefender.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiex.dll"
+ "Launch WinHTTrack" "WinHTTrackIEBar Module" "" "c:\program files\winhttrack\winhttrackiebar.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files (x86)\spybot - search & destroy\sdhelper.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1819380935-1654817497-4171004507-1000Core" "Google Installer" "Google Inc." "c:\users\ariel\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1819380935-1654817497-4171004507-1000UA" "Google Installer" "Google Inc." "c:\users\ariel\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows\TabletPC\InputPersonalization" "" "" "File not found: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\RunAsStdUser Task" "" "" "File not found: C:\Users\Ariel\AppData\Local\blueturtlegamesSA\bin\1.0.3.0\BlueTurtleGamesSA.exe"
+ "\task434741464" "" "" "File not found: C:\Users\Ariel\AppData\Local\Temp\0.004657867774720104.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore64.exe"
+ "0167451319242593mcinstcleanup" "" "" "File not found: C:\Users\Ariel\AppData\Local\Temp\016745~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"
+ "Adobe Version Cue CS3" "Adobe Version Cue CS3" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe"
+ "ADVService" "Manages downloads for the Amazon Unbox Video application." "Amazon.com" "c:\program files (x86)\amazon\amazon unbox video\advwindowsclientservice.exe"
+ "AESTFilters" "Andrea filters APO access service (64-bit)" "Andrea Electronics Corporation" "c:\windows\system32\driverstore\filerepository\stwrt64.inf_15f4e438\aestsr64.exe"
+ "Amazon Download Agent" "Amazon Games & Software Downloader Service" "Amazon.com" "c:\program files (x86)\amazon\amazon games & software downloader\amazongsdownloaderservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgwdsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "Browser Defender Update Service" "Browser Defender Update Service" "Threat Expert Ltd." "c:\program files (x86)\pc tools security\bdt\bdtupdateservice.exe"
+ "btwdins" "Handles installation and removal of Bluetooth devices." "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\bin\btwdins.exe"
+ "Creative ALchemy AL1 Licensing Service" "Provides licensing services for Creative ALchemy." "Creative Labs" "c:\program files (x86)\common files\creative labs shared\service\al1licensing.exe"
+ "Creative Audio Engine Licensing Service" "Provides licensing services for Creative Audio Engine." "Creative Labs" "c:\program files (x86)\common files\creative labs shared\service\ctaelicensing.exe"
+ "CTAudSvcService" "Creative Audio Service" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\ctaudsvc.exe"
+ "DockLoginService" "Dock Login Service" "Stardock Corporation" "c:\program files\dell\delldock\docklogin.exe"
+ "FAService" "FAService" "Sensible Vision " "c:\program files (x86)\sensible vision\fast access\faservice.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Acresso Software Inc." "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "GoToAssist" "Citrix GoToAssist provides remote help to this PC." "Citrix Online, a division of Citrix Systems, Inc." "c:\program files (x86)\citrix\gotoassist\514\g2aservice.exe"
+ "hnmsvc" "Maintains connection to Remote Access and performs network diagnostic functions" "Dell Inc." "c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\1150\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "" "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "PSI_SVC_2" "This service provides Protexis licensing functionalty." "Protexis Inc." "c:\program files (x86)\common files\protexis\license service\psiservice_2.exe"
+ "SBSDWSCService" "Spybot-S&D Security Center integration" "Safer Networking Ltd." "c:\program files (x86)\spybot - search & destroy\sdwinsec.exe"
+ "sdAuxService" "Provides auxiliary PC Tools Security services. If this service is disabled spyware protection will be reduced." "PC Tools" "c:\program files (x86)\pc tools security\pctsauxs.exe"
+ "sdCoreService" "Provides spyware and malware protection for the system. If this service is disabled spyware protection will be disabled." "PC Tools" "c:\program files (x86)\pc tools security\pctssvc.exe"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly." "Microsoft Corporation" "c:\program files (x86)\microsoft\search enhancement pack\seaport\seaport.exe"
+ "sprtsvc_DellSupportCenter" "SupportSoft Sprocket Service (DellSupportCenter)" "SupportSoft, Inc." "c:\program files (x86)\dell support center\bin\sprtsvc.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\windows\system32\driverstore\filerepository\stwrt64.inf_15f4e438\stacsv64.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files (x86)\common files\surething shared\stllssvr.exe"
+ "TabletServicePen" "Tablet Service for consumer driver" "Wacom Technology, Corp." "c:\program files\tablet\pen\pen_tablet.exe"
+ "TouchServicePen" "Touch Service" "Wacom Technology, Corp." "c:\program files\tablet\pen\pen_touchservice.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AtiHdmiService" "Ati High Definition Audio Function Driver" "ATI Research Inc." "c:\windows\system32\drivers\atihdmi.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdrivera.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfiltera.sys"
+ "AVGIDSHA" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsha.sys"
+ "Avgldx64" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx64.sys"
+ "Avgmfx64" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx64.sys"
+ "Avgrkx64" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx64.sys"
+ "Avgtdia" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdia.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "btwaudio" "Bluetooth Audio Device" "Broadcom Corporation." "c:\windows\system32\drivers\btwaudio.sys"
+ "btwavdt" "Broadcom Bluetooth AVDT Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwavdt.sys"
+ "btwl2cap" "Broadcom Bluetooth L2CAP Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwl2cap.sys"
+ "btwrchid" "Bluetooth Remote Control HID Minidriver" "Broadcom Corporation." "c:\windows\system32\drivers\btwrchid.sys"
+ "e1express" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1e6032e.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g6032e.sys"
+ "FACAP" "faCap WebCam Capture" "Sensible Vision " "c:\windows\system32\drivers\facap.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "itecir" "ITE Consumer IR Driver for eHome" "ITE Tech. Inc. " "c:\windows\system32\drivers\itecir.sys"
+ "k57nd60a" "Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\k57nd60a.sys"
+ "ksaud" "WDM USB Audio Driver" "Creative Technology Ltd." "c:\windows\system32\drivers\ksaud.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "NETw5v64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v64.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "OA001Ufd" "Provides a software interface to control effects of Integrated Webcam." "Creative Technology Ltd." "c:\windows\system32\drivers\oa001ufd.sys"
+ "OA001Vid" "Provides a software interface to control Integrated Webcam." "Creative Technology Ltd." "c:\windows\system32\drivers\oa001vid.sys"
+ "Packet" "Auto Internet Protocol" "SingleClick Systems" "c:\windows\system32\drivers\packet.sys"
+ "PCD5SRVC{048DBD20-445E8C82-05040104}" "Kernel Driver" "PC-Doctor, Inc." "c:\program files (x86)\dell support center\hwdiag\bin\pcd5srvc_x64.pkms"
+ "PCTCore" "PC Tools KDS Core Driver" "PC Tools" "c:\windows\system32\drivers\pctcore64.sys"
+ "pctDS" "PC Tools Data Store" "PC Tools" "c:\windows\system32\drivers\pctds64.sys"
+ "pctEFA" "PC Tools Extended File Attributes" "PC Tools" "c:\windows\system32\drivers\pctefa64.sys"
+ "PCTSD" "PC Tools SD Driver" "PC Tools" "c:\windows\system32\drivers\pctsd64.sys"
+ "PxHlpa64" "Px Engine Device Driver for 64-bit Windows" "Sonic Solutions" "c:\windows\system32\drivers\pxhlpa64.sys"
+ "R300" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "rimmptsk" "RICOH MMC Driver" "REDC" "c:\windows\system32\drivers\rimmpx64.sys"
+ "rimsptsk" "RICOH MS Driver" "REDC" "c:\windows\system32\drivers\rimspx64.sys"
+ "rismxdp" "RICOH xD SM Driver" "REDC" "c:\windows\system32\drivers\rixdpx64.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt64.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "wacmoumonitor" "Wacom HID Mouse Monitor Filter Driver" "Wacom Technology" "c:\windows\system32\drivers\wacmoumonitor.sys"
+ "wacommousefilter" "Wacom Mouse Filter Driver" "Wacom Technology" "c:\windows\system32\drivers\wacommousefilter.sys"
+ "wacomvhid" "Virtual Hid Device" "Wacom Technology" "c:\windows\system32\drivers\wacomvhid.sys"
+ "WacomVKHid" "" "" "File not found: system32\DRIVERS\WacomVKHid.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam64.sys"
+ "{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}" "" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\000.fcl"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.CSCD" "CamStudio lossless video codec" "RenderSoft Software" "c:\windows\syswow64\camcodec.dll"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files\divx\divx codec\divxdec.ax"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ ""MainConcept (Adobe2) AAC Decoder"" "AAC audio decoder filter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs3\ad2daac.ax"
+ ""MainConcept (Adobe2) AAC Encoder"" "AAC audio encoder filter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs3\ad2eaac.ax"
+ ""MainConcept (Adobe2) H.264 Encoder"" "DirectShow H.264/AVC Encoder Filter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs3\ad2esh264.ax"
+ ""MainConcept (Adobe2) H.264/AVC Decoder"" "DirectShow H.264/AVC Decoder Filter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs3\ad2dsh264.ax"
+ ""MainConcept (Adobe2) H.264/AVC Video Encoder"" "DirectShow H.264/AVC Video Encoder Filter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs3\ad2evh264.ax"
+ ""MainConcept (Adobe2) MPEG Audio Decoder"" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs3\ad2mcdsmpeg.ax"
+ ""MainConcept (Adobe2) MPEG Audio Encoder"" "MPEG Audio Encoder" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs3\ad2mceampeg.ax"
+ ""MainConcept (Adobe2) MPEG Encoder"" "MPEG Encoder and Muxer" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs3\ad2mcesmpeg.ax"
+ ""MainConcept (Adobe2) MPEG Multiplexer"" "MPEG Multiplexer" "" "c:\program files (x86)\adobe\adobe premiere pro cs3\ad2mcmuxmpeg.ax"
+ ""MainConcept (Adobe2) MPEG Splitter"" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs3\ad2mcspmpeg.ax"
+ ""MainConcept (Adobe2) MPEG Video Decoder"" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs3\ad2mcdsmpeg.ax"
+ ""MainConcept (Adobe2) MPEG Video Encoder"" "MPEG Video Encoder" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs3\ad2mcevmpeg.ax"
+ "Amazon Format Change Fixer" "Amazon Unbox Video Format Change Fix Filter" "Amazon.com" "c:\program files (x86)\amazon\amazon unbox video\formatchangefix.ax"
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Audible Words Codec" "Audible Audio Files DirectShow Source Filter" "Audible, Inc." "c:\windows\syswow64\awrdscdc.ax"
+ "BPM Metadata" "Creative BPM Metadata Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\metabpmu.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Creative AC3 Source Filter" "Creative AC3 Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\ac3srcu.ax"
+ "Creative Audio Gain Filter" "Audio Gain Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\audgain.ax"
+ "Creative CDDA Source Filter" "CDDA Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\cdda.ax"
+ "Creative File Reader Filter" "Creative File Reader Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\filreadu.ax"
+ "Creative Flac Source Filter" "Creative FLAC Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\flacsrcu.ax"
+ "Creative Internet Source Filter" "Creative Internet Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\inetsrcu.ax"
+ "Creative LiveRecording Filter_SxS" "Live Recording Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\liverecu.ax"
+ "Creative MLP Source Filter" "Creative MLP Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\mlpsrcu.ax"
+ "Creative NVF Filter" "Creative Nomad Voice File Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\nvfsrcu.ax"
+ "Creative Ogg Source Filter" "Creative Ogg Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\oggsrcu.ax"
+ "Creative PCM Raw Writer" "Creative Raw Writer" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\rawwritu.ax"
+ "Creative Recording Wav_Asio Filter" "Audio Recording Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\audiorec.ax"
+ "Creative Wave Writer" "Wave Writer" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\wavwrite.ax"
+ "Creative WMA Source Filter" "Creative WMA Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\wmasrc.ax"
+ "Creative WMA Writer" "WMA Writer" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\wmawrite.ax"
+ "CT CMSS3 filter" "Sample" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\cmss3.ax"
+ "CT HPVirtualizer filter" "Creative Headphone Virtualizer Filter" "Creative Technology, Ltd." "c:\program files (x86)\creative\shared files\virtual.ax"
+ "CT Karaoke filter" "Creative Karaoke Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\karaoke.ax"
+ "CT PDP filter" "Creative Crystalizer Filter" "Creative Technology, Ltd." "c:\program files (x86)\creative\shared files\pdp.ax"
+ "CT SmartVolumeManagement filter" "Creative Compressor Plugin" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\dscompr.ax"
+ "CT Time-Scaling filter" "Sample" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\timescal.ax"
+ "CT Upsampler filter" "Sample" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\upsample.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\bd\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\bd\clnavx.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\bd\clline21.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\bd\clauts.ax"
+ "CyberLink Tzan Filter" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\bd\cltzan.ax"
+ "CyberLink Tzan Filter" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\cltzan.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx codec\divxdec.ax"
+ "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\divxdech264.ax"
+ "GPL MPEG-1/2 Decoder" "GPL MPEG-1/2 Decoder Filter for DirectShow" "Peter Wimmer, Gabest" "c:\program files (x86)\gpl mpeg decoder\gplmpgdec.ax"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "Noise Reduction" "Creative Noise Reduction Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\noisredu.ax"
+ "PCM to EXT" "Creative Pcm2Ext" "Creative Technology Ltd." "c:\program files (x86)\creative\sound blaster x-fi notebook\wavestudio 7\pcm2ext.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "SVM Metadata" "Creative SVM Metadata Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\metasvmu.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgrsa.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "FACredProv" "FACredProv Application" "Sensible Vision " "c:\windows\system32\facredprov.dll"
+ "FACredProv2" "FACredProv2 Application" "Sensible Vision " "c:\windows\system32\facredprov2.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" "" "" ""
+ "FACredProvFilter" "FACredProv Application" "Sensible Vision " "c:\windows\system32\facredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "GoToAssist" "" "" "File not found: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
+ "PCTOOLS CONTENT FILTER PROVIDER" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp.dll"
+ "PCTOOLS over [MSAFD Tcpip [RAW/IP]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp.dll"
+ "PCTOOLS over [MSAFD Tcpip [RAW/IPv6]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp.dll"
+ "PCTOOLS over [MSAFD Tcpip [TCP/IP]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp.dll"
+ "PCTOOLS over [MSAFD Tcpip [TCP/IPv6]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp.dll"
+ "PCTOOLS over [MSAFD Tcpip [UDP/IP]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp.dll"
+ "PCTOOLS over [MSAFD Tcpip [UDP/IPv6]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64" "" "" ""
+ "PCTOOLS CONTENT FILTER PROVIDER" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp64.dll"
+ "PCTOOLS over [MSAFD Tcpip [RAW/IP]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp64.dll"
+ "PCTOOLS over [MSAFD Tcpip [RAW/IPv6]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp64.dll"
+ "PCTOOLS over [MSAFD Tcpip [TCP/IP]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp64.dll"
+ "PCTOOLS over [MSAFD Tcpip [TCP/IPv6]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp64.dll"
+ "PCTOOLS over [MSAFD Tcpip [UDP/IP]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp64.dll"
+ "PCTOOLS over [MSAFD Tcpip [UDP/IPv6]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp64.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port" "Acrobat ® PDF Port" "Adobe Systems Incorporated." "c:\windows\system32\adobepdf64.dll"
+ "Canon BJ Language Monitor MP210 series" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlm8s.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
+ "FAPassSync" "" "" "File not found: FAPassSync"
"C:\Users\Ariel\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"
+ "Notes" "Capture ideas, notes, and reminders in a quick and easy way." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\Gadget.xml"
+ "Weather" "See what the weather looks like around the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\Gadget.xml"


As of now, I haven't gotten any popups or redirects in a while! I am encouraged!

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:44 PM

Posted 02 October 2012 - 03:35 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users