Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Redirect Virus


  • Please log in to reply
19 replies to this topic

#1 mastakhan

mastakhan

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 02 October 2012 - 07:27 PM

Another one bites the dust. For a few days now I've been a victim of the redirect virus. It seems to be Google specific, I've tried searching on Yahoo and Bing and didn't get any redirects. I'm running Mozilla Firefox, and Windows 7. I've tried running Malwarebytes, Spybot Search and Destroy, and SuperAntiSpyware (all free versions). Malwarebytes found a couple of things that it got rid of, but it didn't fix the problem and it still continues. Spybot didn't find anything. SuperAntiSpyware found a bunch of cookies, which I removed for the heck of it. I'm running AVG Free as my anti-virus, and a scan from that has also failed to find anything.

Please help! I'm at my wit's end trying to get this removed.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:14 AM

Posted 02 October 2012 - 08:40 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 mastakhan

mastakhan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 03 October 2012 - 06:55 PM

Thanks a ton for responding, and for your help. I'll post each one in a new reply, to make them easier to separate. First up is TDSSkiller:

22:03:21.0966 4228 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:03:22.0199 4228 ============================================================
22:03:22.0199 4228 Current date / time: 2012/10/02 22:03:22.0199
22:03:22.0199 4228 SystemInfo:
22:03:22.0199 4228
22:03:22.0200 4228 OS Version: 6.1.7601 ServicePack: 1.0
22:03:22.0200 4228 Product type: Workstation
22:03:22.0200 4228 ComputerName: FAUST-PC
22:03:22.0200 4228 UserName: Faust
22:03:22.0200 4228 Windows directory: C:\windows
22:03:22.0200 4228 System windows directory: C:\windows
22:03:22.0200 4228 Running under WOW64
22:03:22.0200 4228 Processor architecture: Intel x64
22:03:22.0200 4228 Number of processors: 4
22:03:22.0200 4228 Page size: 0x1000
22:03:22.0200 4228 Boot type: Normal boot
22:03:22.0200 4228 ============================================================
22:03:22.0871 4228 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:03:22.0880 4228 ============================================================
22:03:22.0880 4228 \Device\Harddisk0\DR0:
22:03:22.0881 4228 MBR partitions:
22:03:22.0881 4228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x239CF000
22:03:22.0881 4228 ============================================================
22:03:22.0909 4228 C: <-> \Device\Harddisk0\DR0\Partition1
22:03:22.0910 4228 ============================================================
22:03:22.0910 4228 Initialize success
22:03:22.0910 4228 ============================================================
22:04:16.0221 3456 ============================================================
22:04:16.0221 3456 Scan started
22:04:16.0221 3456 Mode: Manual; TDLFS;
22:04:16.0221 3456 ============================================================
22:04:16.0814 3456 ================ Scan system memory ========================
22:04:16.0814 3456 System memory - ok
22:04:16.0814 3456 ================ Scan services =============================
22:04:16.0955 3456 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:04:16.0970 3456 !SASCORE - ok
22:04:17.0189 3456 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
22:04:17.0204 3456 1394ohci - ok
22:04:17.0267 3456 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
22:04:17.0267 3456 ACPI - ok
22:04:17.0329 3456 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
22:04:17.0329 3456 AcpiPmi - ok
22:04:17.0407 3456 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:04:17.0423 3456 AdobeARMservice - ok
22:04:17.0469 3456 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
22:04:17.0485 3456 adp94xx - ok
22:04:17.0516 3456 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
22:04:17.0516 3456 adpahci - ok
22:04:17.0547 3456 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
22:04:17.0547 3456 adpu320 - ok
22:04:17.0594 3456 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
22:04:17.0610 3456 AeLookupSvc - ok
22:04:17.0672 3456 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
22:04:17.0688 3456 AFD - ok
22:04:17.0750 3456 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
22:04:17.0750 3456 agp440 - ok
22:04:17.0781 3456 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
22:04:17.0797 3456 ALG - ok
22:04:17.0875 3456 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
22:04:17.0875 3456 aliide - ok
22:04:17.0906 3456 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
22:04:17.0906 3456 amdide - ok
22:04:17.0937 3456 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
22:04:17.0953 3456 AmdK8 - ok
22:04:17.0969 3456 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
22:04:17.0969 3456 AmdPPM - ok
22:04:18.0031 3456 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\windows\system32\drivers\amdsata.sys
22:04:18.0047 3456 amdsata - ok
22:04:18.0062 3456 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
22:04:18.0078 3456 amdsbs - ok
22:04:18.0125 3456 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\windows\system32\drivers\amdxata.sys
22:04:18.0125 3456 amdxata - ok
22:04:18.0187 3456 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
22:04:18.0203 3456 AppID - ok
22:04:18.0234 3456 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
22:04:18.0249 3456 AppIDSvc - ok
22:04:18.0281 3456 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
22:04:18.0296 3456 Appinfo - ok
22:04:18.0343 3456 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
22:04:18.0343 3456 arc - ok
22:04:18.0359 3456 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
22:04:18.0359 3456 arcsas - ok
22:04:18.0374 3456 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
22:04:18.0374 3456 AsyncMac - ok
22:04:18.0452 3456 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
22:04:18.0452 3456 atapi - ok
22:04:18.0530 3456 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:04:18.0530 3456 AudioEndpointBuilder - ok
22:04:18.0546 3456 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
22:04:18.0561 3456 AudioSrv - ok
22:04:18.0827 3456 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
22:04:19.0029 3456 AVGIDSAgent - ok
22:04:19.0076 3456 [ E6671E90D38C88764412E07C9D9B3D63 ] AVGIDSDriver C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
22:04:19.0076 3456 AVGIDSDriver - ok
22:04:19.0123 3456 [ 1553B388E0F0462C25AD8F30C3C29E83 ] AVGIDSEH C:\windows\system32\DRIVERS\AVGIDSEH.Sys
22:04:19.0123 3456 AVGIDSEH - ok
22:04:19.0139 3456 [ DCA426A66739E75F51A72160DFB945AD ] AVGIDSFilter C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
22:04:19.0139 3456 AVGIDSFilter - ok
22:04:19.0201 3456 [ FF7383388A7D2283DAE5831ABC2B0720 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
22:04:19.0217 3456 Avgldx64 - ok
22:04:19.0232 3456 [ 997D002827D3E3DCBBB25BF46DB161AB ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
22:04:19.0232 3456 Avgmfx64 - ok
22:04:19.0263 3456 [ BCCFE3374C887075CDE2AC8FDB1CB2F8 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
22:04:19.0263 3456 Avgrkx64 - ok
22:04:19.0279 3456 [ 0D49ADCEBE243B79366EA523B647519A ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys
22:04:19.0295 3456 Avgtdia - ok
22:04:19.0357 3456 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
22:04:19.0357 3456 avgwd - ok
22:04:19.0419 3456 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
22:04:19.0435 3456 AxInstSV - ok
22:04:19.0466 3456 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
22:04:19.0482 3456 b06bdrv - ok
22:04:19.0513 3456 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
22:04:19.0513 3456 b57nd60a - ok
22:04:19.0622 3456 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
22:04:19.0638 3456 BDESVC - ok
22:04:19.0685 3456 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
22:04:19.0685 3456 Beep - ok
22:04:19.0747 3456 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
22:04:19.0763 3456 BITS - ok
22:04:19.0794 3456 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
22:04:19.0794 3456 blbdrive - ok
22:04:19.0856 3456 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
22:04:19.0856 3456 bowser - ok
22:04:19.0887 3456 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
22:04:19.0887 3456 BrFiltLo - ok
22:04:19.0903 3456 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
22:04:19.0903 3456 BrFiltUp - ok
22:04:19.0950 3456 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
22:04:19.0950 3456 Browser - ok
22:04:19.0997 3456 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
22:04:19.0997 3456 Brserid - ok
22:04:19.0997 3456 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
22:04:20.0012 3456 BrSerWdm - ok
22:04:20.0012 3456 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
22:04:20.0012 3456 BrUsbMdm - ok
22:04:20.0028 3456 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
22:04:20.0028 3456 BrUsbSer - ok
22:04:20.0075 3456 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
22:04:20.0075 3456 BTHMODEM - ok
22:04:20.0106 3456 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
22:04:20.0106 3456 bthserv - ok
22:04:20.0153 3456 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
22:04:20.0153 3456 cdfs - ok
22:04:20.0215 3456 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
22:04:20.0231 3456 cdrom - ok
22:04:20.0277 3456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
22:04:20.0277 3456 CertPropSvc - ok
22:04:20.0309 3456 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
22:04:20.0324 3456 circlass - ok
22:04:20.0355 3456 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
22:04:20.0371 3456 CLFS - ok
22:04:20.0418 3456 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:04:20.0418 3456 clr_optimization_v2.0.50727_32 - ok
22:04:20.0480 3456 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:04:20.0496 3456 clr_optimization_v2.0.50727_64 - ok
22:04:20.0511 3456 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
22:04:20.0511 3456 CmBatt - ok
22:04:20.0543 3456 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
22:04:20.0543 3456 cmdide - ok
22:04:20.0621 3456 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
22:04:20.0621 3456 CNG - ok
22:04:20.0683 3456 [ 25C58EE97BE0416A373E3E4F855206B5 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
22:04:20.0699 3456 CnxtHdAudService - ok
22:04:20.0730 3456 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
22:04:20.0730 3456 Compbatt - ok
22:04:20.0792 3456 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
22:04:20.0792 3456 CompositeBus - ok
22:04:20.0823 3456 COMSysApp - ok
22:04:20.0839 3456 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
22:04:20.0839 3456 crcdisk - ok
22:04:20.0917 3456 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
22:04:20.0917 3456 CryptSvc - ok
22:04:20.0979 3456 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
22:04:20.0995 3456 DcomLaunch - ok
22:04:21.0026 3456 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
22:04:21.0026 3456 defragsvc - ok
22:04:21.0089 3456 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
22:04:21.0089 3456 DfsC - ok
22:04:21.0151 3456 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
22:04:21.0167 3456 Dhcp - ok
22:04:21.0182 3456 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
22:04:21.0182 3456 discache - ok
22:04:21.0229 3456 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
22:04:21.0229 3456 Disk - ok
22:04:21.0291 3456 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
22:04:21.0291 3456 Dnscache - ok
22:04:21.0354 3456 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
22:04:21.0354 3456 dot3svc - ok
22:04:21.0416 3456 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
22:04:21.0416 3456 DPS - ok
22:04:21.0463 3456 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
22:04:21.0479 3456 drmkaud - ok
22:04:21.0541 3456 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
22:04:21.0572 3456 DXGKrnl - ok
22:04:21.0603 3456 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
22:04:21.0619 3456 EapHost - ok
22:04:21.0744 3456 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
22:04:21.0837 3456 ebdrv - ok
22:04:21.0915 3456 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
22:04:21.0915 3456 EFS - ok
22:04:22.0009 3456 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
22:04:22.0025 3456 ehRecvr - ok
22:04:22.0056 3456 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
22:04:22.0056 3456 ehSched - ok
22:04:22.0118 3456 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\windows\system32\Drivers\ElbyCDIO.sys
22:04:22.0118 3456 ElbyCDIO - ok
22:04:22.0165 3456 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
22:04:22.0181 3456 elxstor - ok
22:04:22.0196 3456 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
22:04:22.0212 3456 ErrDev - ok
22:04:22.0274 3456 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
22:04:22.0274 3456 EventSystem - ok
22:04:22.0337 3456 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
22:04:22.0337 3456 exfat - ok
22:04:22.0383 3456 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
22:04:22.0399 3456 fastfat - ok
22:04:22.0461 3456 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
22:04:22.0477 3456 Fax - ok
22:04:22.0493 3456 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
22:04:22.0493 3456 fdc - ok
22:04:22.0539 3456 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
22:04:22.0539 3456 fdPHost - ok
22:04:22.0555 3456 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
22:04:22.0555 3456 FDResPub - ok
22:04:22.0586 3456 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
22:04:22.0602 3456 FileInfo - ok
22:04:22.0602 3456 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
22:04:22.0602 3456 Filetrace - ok
22:04:22.0617 3456 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
22:04:22.0617 3456 flpydisk - ok
22:04:22.0680 3456 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
22:04:22.0680 3456 FltMgr - ok
22:04:22.0758 3456 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\windows\system32\FntCache.dll
22:04:22.0773 3456 FontCache - ok
22:04:22.0851 3456 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:04:22.0851 3456 FontCache3.0.0.0 - ok
22:04:22.0883 3456 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
22:04:22.0898 3456 FsDepends - ok
22:04:22.0945 3456 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
22:04:22.0945 3456 Fs_Rec - ok
22:04:22.0992 3456 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
22:04:23.0007 3456 fvevol - ok
22:04:23.0039 3456 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
22:04:23.0039 3456 gagp30kx - ok
22:04:23.0070 3456 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
22:04:23.0085 3456 gpsvc - ok
22:04:23.0163 3456 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:04:23.0179 3456 gupdate - ok
22:04:23.0195 3456 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:04:23.0195 3456 gupdatem - ok
22:04:23.0241 3456 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:04:23.0241 3456 gusvc - ok
22:04:23.0273 3456 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
22:04:23.0273 3456 hcw85cir - ok
22:04:23.0351 3456 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:04:23.0366 3456 HdAudAddService - ok
22:04:23.0444 3456 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
22:04:23.0444 3456 HDAudBus - ok
22:04:23.0475 3456 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
22:04:23.0475 3456 HECIx64 - ok
22:04:23.0507 3456 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
22:04:23.0522 3456 HidBatt - ok
22:04:23.0522 3456 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
22:04:23.0522 3456 HidBth - ok
22:04:23.0538 3456 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
22:04:23.0553 3456 HidIr - ok
22:04:23.0585 3456 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
22:04:23.0585 3456 hidserv - ok
22:04:23.0647 3456 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
22:04:23.0647 3456 HidUsb - ok
22:04:23.0709 3456 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
22:04:23.0709 3456 hkmsvc - ok
22:04:23.0772 3456 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:04:23.0787 3456 HomeGroupListener - ok
22:04:23.0834 3456 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:04:23.0834 3456 HomeGroupProvider - ok
22:04:23.0865 3456 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
22:04:23.0865 3456 HpSAMD - ok
22:04:23.0959 3456 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
22:04:23.0975 3456 HTTP - ok
22:04:24.0021 3456 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
22:04:24.0021 3456 hwpolicy - ok
22:04:24.0084 3456 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
22:04:24.0084 3456 i8042prt - ok
22:04:24.0131 3456 [ 5E60DD5F090AB4A563C7204C289C4650 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
22:04:24.0131 3456 iaStor - ok
22:04:24.0193 3456 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\windows\system32\drivers\iaStorV.sys
22:04:24.0209 3456 iaStorV - ok
22:04:24.0287 3456 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:04:24.0287 3456 IDriverT - ok
22:04:24.0349 3456 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:04:24.0380 3456 idsvc - ok
22:04:24.0661 3456 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
22:04:24.0895 3456 igfx - ok
22:04:24.0926 3456 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
22:04:24.0926 3456 iirsp - ok
22:04:25.0004 3456 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
22:04:25.0020 3456 IKEEXT - ok
22:04:25.0067 3456 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
22:04:25.0067 3456 Impcd - ok
22:04:25.0098 3456 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
22:04:25.0098 3456 IntcDAud - ok
22:04:25.0160 3456 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
22:04:25.0160 3456 intelide - ok
22:04:25.0191 3456 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
22:04:25.0207 3456 intelppm - ok
22:04:25.0238 3456 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
22:04:25.0254 3456 IPBusEnum - ok
22:04:25.0316 3456 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
22:04:25.0316 3456 IpFilterDriver - ok
22:04:25.0379 3456 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
22:04:25.0379 3456 IPMIDRV - ok
22:04:25.0410 3456 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
22:04:25.0425 3456 IPNAT - ok
22:04:25.0457 3456 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
22:04:25.0457 3456 IRENUM - ok
22:04:25.0519 3456 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
22:04:25.0519 3456 isapnp - ok
22:04:25.0535 3456 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
22:04:25.0550 3456 iScsiPrt - ok
22:04:25.0628 3456 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
22:04:25.0628 3456 kbdclass - ok
22:04:25.0675 3456 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
22:04:25.0691 3456 kbdhid - ok
22:04:25.0706 3456 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
22:04:25.0706 3456 KeyIso - ok
22:04:25.0753 3456 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
22:04:25.0753 3456 KSecDD - ok
22:04:25.0769 3456 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
22:04:25.0769 3456 KSecPkg - ok
22:04:25.0800 3456 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
22:04:25.0800 3456 ksthunk - ok
22:04:25.0847 3456 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
22:04:25.0862 3456 KtmRm - ok
22:04:25.0893 3456 [ 55480B9C63F3F91A8EBBADCBF28FE581 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
22:04:25.0893 3456 L1C - ok
22:04:25.0956 3456 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
22:04:25.0971 3456 LanmanServer - ok
22:04:26.0018 3456 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:04:26.0018 3456 LanmanWorkstation - ok
22:04:26.0065 3456 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
22:04:26.0065 3456 lltdio - ok
22:04:26.0096 3456 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
22:04:26.0096 3456 lltdsvc - ok
22:04:26.0112 3456 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
22:04:26.0112 3456 lmhosts - ok
22:04:26.0174 3456 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:04:26.0190 3456 LMS - ok
22:04:26.0237 3456 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
22:04:26.0237 3456 LSI_FC - ok
22:04:26.0252 3456 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
22:04:26.0268 3456 LSI_SAS - ok
22:04:26.0268 3456 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
22:04:26.0268 3456 LSI_SAS2 - ok
22:04:26.0299 3456 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
22:04:26.0299 3456 LSI_SCSI - ok
22:04:26.0330 3456 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
22:04:26.0330 3456 luafv - ok
22:04:26.0393 3456 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
22:04:26.0393 3456 Mcx2Svc - ok
22:04:26.0393 3456 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
22:04:26.0393 3456 megasas - ok
22:04:26.0439 3456 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
22:04:26.0439 3456 MegaSR - ok
22:04:26.0502 3456 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
22:04:26.0517 3456 MMCSS - ok
22:04:26.0517 3456 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
22:04:26.0517 3456 Modem - ok
22:04:26.0564 3456 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
22:04:26.0564 3456 monitor - ok
22:04:26.0611 3456 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys
22:04:26.0611 3456 mouclass - ok
22:04:26.0642 3456 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
22:04:26.0658 3456 mouhid - ok
22:04:26.0705 3456 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
22:04:26.0705 3456 mountmgr - ok
22:04:26.0767 3456 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:04:26.0767 3456 MozillaMaintenance - ok
22:04:26.0829 3456 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
22:04:26.0829 3456 mpio - ok
22:04:26.0861 3456 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
22:04:26.0861 3456 mpsdrv - ok
22:04:26.0907 3456 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
22:04:26.0907 3456 MRxDAV - ok
22:04:26.0970 3456 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
22:04:26.0970 3456 mrxsmb - ok
22:04:27.0032 3456 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
22:04:27.0032 3456 mrxsmb10 - ok
22:04:27.0079 3456 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
22:04:27.0079 3456 mrxsmb20 - ok
22:04:27.0126 3456 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
22:04:27.0126 3456 msahci - ok
22:04:27.0173 3456 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
22:04:27.0188 3456 msdsm - ok
22:04:27.0204 3456 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
22:04:27.0204 3456 MSDTC - ok
22:04:27.0235 3456 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
22:04:27.0235 3456 Msfs - ok
22:04:27.0251 3456 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
22:04:27.0251 3456 mshidkmdf - ok
22:04:27.0297 3456 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
22:04:27.0297 3456 msisadrv - ok
22:04:27.0329 3456 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
22:04:27.0329 3456 MSiSCSI - ok
22:04:27.0329 3456 msiserver - ok
22:04:27.0360 3456 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
22:04:27.0360 3456 MSKSSRV - ok
22:04:27.0375 3456 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
22:04:27.0375 3456 MSPCLOCK - ok
22:04:27.0391 3456 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
22:04:27.0407 3456 MSPQM - ok
22:04:27.0453 3456 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
22:04:27.0469 3456 MsRPC - ok
22:04:27.0516 3456 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
22:04:27.0516 3456 mssmbios - ok
22:04:27.0531 3456 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
22:04:27.0531 3456 MSTEE - ok
22:04:27.0547 3456 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
22:04:27.0547 3456 MTConfig - ok
22:04:27.0594 3456 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
22:04:27.0594 3456 Mup - ok
22:04:27.0656 3456 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
22:04:27.0656 3456 napagent - ok
22:04:27.0703 3456 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
22:04:27.0703 3456 NativeWifiP - ok
22:04:27.0781 3456 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
22:04:27.0797 3456 NDIS - ok
22:04:27.0828 3456 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
22:04:27.0828 3456 NdisCap - ok
22:04:27.0859 3456 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
22:04:27.0859 3456 NdisTapi - ok
22:04:27.0906 3456 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
22:04:27.0906 3456 Ndisuio - ok
22:04:27.0968 3456 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
22:04:27.0984 3456 NdisWan - ok
22:04:28.0046 3456 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
22:04:28.0046 3456 NDProxy - ok
22:04:28.0077 3456 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
22:04:28.0077 3456 NetBIOS - ok
22:04:28.0124 3456 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
22:04:28.0140 3456 NetBT - ok
22:04:28.0140 3456 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
22:04:28.0155 3456 Netlogon - ok
22:04:28.0187 3456 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
22:04:28.0187 3456 Netman - ok
22:04:28.0218 3456 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
22:04:28.0218 3456 netprofm - ok
22:04:28.0249 3456 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:04:28.0249 3456 NetTcpPortSharing - ok
22:04:28.0296 3456 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
22:04:28.0296 3456 nfrd960 - ok
22:04:28.0358 3456 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
22:04:28.0358 3456 NlaSvc - ok
22:04:28.0389 3456 Norton PC Checkup Application Launcher - ok
22:04:28.0405 3456 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
22:04:28.0405 3456 Npfs - ok
22:04:28.0436 3456 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
22:04:28.0436 3456 nsi - ok
22:04:28.0452 3456 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
22:04:28.0452 3456 nsiproxy - ok
22:04:28.0545 3456 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\windows\system32\drivers\Ntfs.sys
22:04:28.0577 3456 Ntfs - ok
22:04:28.0608 3456 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
22:04:28.0608 3456 Null - ok
22:04:28.0639 3456 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\windows\system32\drivers\nvraid.sys
22:04:28.0639 3456 nvraid - ok
22:04:28.0686 3456 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\windows\system32\drivers\nvstor.sys
22:04:28.0701 3456 nvstor - ok
22:04:28.0748 3456 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
22:04:28.0764 3456 nv_agp - ok
22:04:28.0764 3456 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
22:04:28.0779 3456 ohci1394 - ok
22:04:28.0811 3456 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
22:04:28.0811 3456 p2pimsvc - ok
22:04:28.0842 3456 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
22:04:28.0842 3456 p2psvc - ok
22:04:28.0873 3456 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
22:04:28.0873 3456 Parport - ok
22:04:28.0889 3456 Partizan - ok
22:04:28.0951 3456 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
22:04:28.0951 3456 partmgr - ok
22:04:28.0982 3456 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
22:04:28.0982 3456 PcaSvc - ok
22:04:29.0029 3456 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
22:04:29.0029 3456 PCCUJobMgr - ok
22:04:29.0091 3456 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
22:04:29.0107 3456 pci - ok
22:04:29.0154 3456 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
22:04:29.0154 3456 pciide - ok
22:04:29.0185 3456 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
22:04:29.0185 3456 pcmcia - ok
22:04:29.0201 3456 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
22:04:29.0201 3456 pcw - ok
22:04:29.0232 3456 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
22:04:29.0232 3456 PEAUTH - ok
22:04:29.0325 3456 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
22:04:29.0325 3456 PerfHost - ok
22:04:29.0357 3456 pfc - ok
22:04:29.0388 3456 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
22:04:29.0388 3456 PGEffect - ok
22:04:29.0466 3456 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
22:04:29.0481 3456 pla - ok
22:04:29.0559 3456 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
22:04:29.0575 3456 PlugPlay - ok
22:04:29.0622 3456 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
22:04:29.0622 3456 PNRPAutoReg - ok
22:04:29.0653 3456 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
22:04:29.0653 3456 PNRPsvc - ok
22:04:29.0715 3456 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
22:04:29.0731 3456 PolicyAgent - ok
22:04:29.0762 3456 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
22:04:29.0762 3456 Power - ok
22:04:29.0825 3456 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
22:04:29.0840 3456 PptpMiniport - ok
22:04:29.0871 3456 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
22:04:29.0871 3456 Processor - ok
22:04:29.0949 3456 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
22:04:29.0949 3456 ProfSvc - ok
22:04:29.0965 3456 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
22:04:29.0965 3456 ProtectedStorage - ok
22:04:30.0027 3456 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
22:04:30.0027 3456 Psched - ok
22:04:30.0074 3456 [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys
22:04:30.0074 3456 QIOMem - ok
22:04:30.0137 3456 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
22:04:30.0168 3456 ql2300 - ok
22:04:30.0183 3456 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
22:04:30.0183 3456 ql40xx - ok
22:04:30.0215 3456 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
22:04:30.0230 3456 QWAVE - ok
22:04:30.0246 3456 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
22:04:30.0246 3456 QWAVEdrv - ok
22:04:30.0261 3456 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
22:04:30.0261 3456 RasAcd - ok
22:04:30.0308 3456 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
22:04:30.0308 3456 RasAgileVpn - ok
22:04:30.0339 3456 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
22:04:30.0339 3456 RasAuto - ok
22:04:30.0386 3456 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
22:04:30.0386 3456 Rasl2tp - ok
22:04:30.0449 3456 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
22:04:30.0449 3456 RasMan - ok
22:04:30.0464 3456 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
22:04:30.0480 3456 RasPppoe - ok
22:04:30.0495 3456 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
22:04:30.0511 3456 RasSstp - ok
22:04:30.0558 3456 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
22:04:30.0558 3456 rdbss - ok
22:04:30.0573 3456 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
22:04:30.0589 3456 rdpbus - ok
22:04:30.0605 3456 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
22:04:30.0605 3456 RDPCDD - ok
22:04:30.0636 3456 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
22:04:30.0636 3456 RDPENCDD - ok
22:04:30.0683 3456 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
22:04:30.0683 3456 RDPREFMP - ok
22:04:30.0745 3456 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
22:04:30.0745 3456 RDPWD - ok
22:04:30.0807 3456 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
22:04:30.0807 3456 rdyboost - ok
22:04:30.0854 3456 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
22:04:30.0854 3456 RemoteAccess - ok
22:04:30.0901 3456 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
22:04:30.0901 3456 RemoteRegistry - ok
22:04:30.0917 3456 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
22:04:30.0917 3456 RpcEptMapper - ok
22:04:30.0932 3456 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
22:04:30.0932 3456 RpcLocator - ok
22:04:31.0010 3456 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
22:04:31.0010 3456 RpcSs - ok
22:04:31.0057 3456 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
22:04:31.0057 3456 rspndr - ok
22:04:31.0119 3456 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
22:04:31.0119 3456 RSUSBSTOR - ok
22:04:31.0166 3456 [ B89C0601A05E1140AC96FA965D94C340 ] rtl8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
22:04:31.0182 3456 rtl8192Ce - ok
22:04:31.0197 3456 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
22:04:31.0213 3456 SamSs - ok
22:04:31.0291 3456 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:04:31.0291 3456 SASDIFSV - ok
22:04:31.0307 3456 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:04:31.0307 3456 SASKUTIL - ok
22:04:31.0369 3456 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
22:04:31.0369 3456 sbp2port - ok
22:04:31.0400 3456 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
22:04:31.0400 3456 SCardSvr - ok
22:04:31.0447 3456 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
22:04:31.0463 3456 scfilter - ok
22:04:31.0525 3456 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
22:04:31.0556 3456 Schedule - ok
22:04:31.0619 3456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
22:04:31.0619 3456 SCPolicySvc - ok
22:04:31.0665 3456 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
22:04:31.0665 3456 SDRSVC - ok
22:04:31.0712 3456 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
22:04:31.0712 3456 secdrv - ok
22:04:31.0759 3456 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
22:04:31.0759 3456 seclogon - ok
22:04:31.0790 3456 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
22:04:31.0790 3456 SENS - ok
22:04:31.0806 3456 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
22:04:31.0806 3456 SensrSvc - ok
22:04:31.0821 3456 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
22:04:31.0821 3456 Serenum - ok
22:04:31.0837 3456 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
22:04:31.0837 3456 Serial - ok
22:04:31.0899 3456 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
22:04:31.0899 3456 sermouse - ok
22:04:31.0977 3456 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
22:04:31.0977 3456 SessionEnv - ok
22:04:32.0040 3456 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
22:04:32.0040 3456 sffdisk - ok
22:04:32.0055 3456 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
22:04:32.0055 3456 sffp_mmc - ok
22:04:32.0071 3456 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
22:04:32.0071 3456 sffp_sd - ok
22:04:32.0102 3456 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
22:04:32.0102 3456 sfloppy - ok
22:04:32.0149 3456 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
22:04:32.0165 3456 SharedAccess - ok
22:04:32.0211 3456 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:04:32.0211 3456 ShellHWDetection - ok
22:04:32.0227 3456 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
22:04:32.0243 3456 SiSRaid2 - ok
22:04:32.0243 3456 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
22:04:32.0243 3456 SiSRaid4 - ok
22:04:32.0274 3456 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
22:04:32.0274 3456 Smb - ok
22:04:32.0321 3456 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
22:04:32.0321 3456 SNMPTRAP - ok
22:04:32.0336 3456 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
22:04:32.0336 3456 spldr - ok
22:04:32.0414 3456 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
22:04:32.0430 3456 Spooler - ok
22:04:32.0555 3456 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
22:04:32.0648 3456 sppsvc - ok
22:04:32.0679 3456 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
22:04:32.0679 3456 sppuinotify - ok
22:04:32.0742 3456 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
22:04:32.0757 3456 srv - ok
22:04:32.0773 3456 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
22:04:32.0789 3456 srv2 - ok
22:04:32.0820 3456 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS
22:04:32.0820 3456 SrvHsfHDA - ok
22:04:32.0867 3456 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS
22:04:32.0898 3456 SrvHsfV92 - ok
22:04:32.0913 3456 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS
22:04:32.0929 3456 SrvHsfWinac - ok
22:04:32.0960 3456 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
22:04:32.0960 3456 srvnet - ok
22:04:32.0991 3456 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
22:04:32.0991 3456 SSDPSRV - ok
22:04:33.0007 3456 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
22:04:33.0007 3456 SstpSvc - ok
22:04:33.0038 3456 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
22:04:33.0038 3456 stexstor - ok
22:04:33.0116 3456 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
22:04:33.0116 3456 stisvc - ok
22:04:33.0179 3456 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
22:04:33.0179 3456 swenum - ok
22:04:33.0210 3456 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
22:04:33.0225 3456 swprv - ok
22:04:33.0257 3456 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
22:04:33.0272 3456 SynTP - ok
22:04:33.0366 3456 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
22:04:33.0397 3456 SysMain - ok
22:04:33.0444 3456 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
22:04:33.0459 3456 TabletInputService - ok
22:04:33.0475 3456 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
22:04:33.0475 3456 TapiSrv - ok
22:04:33.0506 3456 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
22:04:33.0506 3456 TBS - ok
22:04:33.0600 3456 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
22:04:33.0631 3456 Tcpip - ok
22:04:33.0709 3456 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
22:04:33.0740 3456 TCPIP6 - ok
22:04:33.0787 3456 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
22:04:33.0787 3456 tcpipreg - ok
22:04:33.0818 3456 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
22:04:33.0818 3456 tdcmdpst - ok
22:04:33.0849 3456 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
22:04:33.0849 3456 TDPIPE - ok
22:04:33.0896 3456 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
22:04:33.0896 3456 TDTCP - ok
22:04:33.0974 3456 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
22:04:33.0974 3456 tdx - ok
22:04:33.0990 3456 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
22:04:33.0990 3456 TermDD - ok
22:04:34.0068 3456 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
22:04:34.0068 3456 TermService - ok
22:04:34.0099 3456 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
22:04:34.0099 3456 Themes - ok
22:04:34.0115 3456 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
22:04:34.0130 3456 THREADORDER - ok
22:04:34.0193 3456 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:04:34.0193 3456 TMachInfo - ok
22:04:34.0224 3456 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
22:04:34.0239 3456 TODDSrv - ok
22:04:34.0317 3456 [ DB9719688C08F42705FEB3F6A0C98B91 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:04:34.0317 3456 TosCoSrv - ok
22:04:34.0349 3456 [ BAE96AD126F4EED4D361B092BA2E61FE ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:04:34.0364 3456 TOSHIBA eco Utility Service - ok
22:04:34.0411 3456 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:04:34.0411 3456 TOSHIBA HDD SSD Alert Service - ok
22:04:34.0473 3456 [ 97687D094AA597DA366E1194B218CC6C ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
22:04:34.0489 3456 TPCHSrv - ok
22:04:34.0520 3456 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
22:04:34.0520 3456 TrkWks - ok
22:04:34.0614 3456 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:04:34.0614 3456 TrustedInstaller - ok
22:04:34.0676 3456 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
22:04:34.0676 3456 tssecsrv - ok
22:04:34.0739 3456 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
22:04:34.0739 3456 TsUsbFlt - ok
22:04:34.0817 3456 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
22:04:34.0817 3456 tunnel - ok
22:04:34.0848 3456 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
22:04:34.0848 3456 TVALZ - ok
22:04:34.0879 3456 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
22:04:34.0879 3456 TVALZFL - ok
22:04:34.0895 3456 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
22:04:34.0895 3456 uagp35 - ok
22:04:34.0957 3456 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
22:04:34.0957 3456 udfs - ok
22:04:34.0988 3456 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
22:04:34.0988 3456 UI0Detect - ok
22:04:35.0051 3456 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
22:04:35.0051 3456 uliagpkx - ok
22:04:35.0129 3456 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
22:04:35.0129 3456 umbus - ok
22:04:35.0144 3456 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
22:04:35.0144 3456 UmPass - ok
22:04:35.0254 3456 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:04:35.0300 3456 UNS - ok
22:04:35.0332 3456 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
22:04:35.0332 3456 upnphost - ok
22:04:35.0410 3456 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
22:04:35.0410 3456 usbaudio - ok
22:04:35.0456 3456 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\windows\system32\drivers\usbccgp.sys
22:04:35.0472 3456 usbccgp - ok
22:04:35.0503 3456 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
22:04:35.0503 3456 usbcir - ok
22:04:35.0534 3456 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\windows\system32\drivers\usbehci.sys
22:04:35.0534 3456 usbehci - ok
22:04:35.0566 3456 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\windows\system32\drivers\usbhub.sys
22:04:35.0566 3456 usbhub - ok
22:04:35.0597 3456 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\windows\system32\drivers\usbohci.sys
22:04:35.0597 3456 usbohci - ok
22:04:35.0644 3456 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
22:04:35.0644 3456 usbprint - ok
22:04:35.0722 3456 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\windows\system32\drivers\USBSTOR.SYS
22:04:35.0722 3456 USBSTOR - ok
22:04:35.0737 3456 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
22:04:35.0753 3456 usbuhci - ok
22:04:35.0784 3456 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
22:04:35.0784 3456 usbvideo - ok
22:04:35.0815 3456 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
22:04:35.0815 3456 UxSms - ok
22:04:35.0846 3456 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
22:04:35.0846 3456 VaultSvc - ok
22:04:35.0909 3456 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\windows\system32\DRIVERS\VClone.sys
22:04:35.0909 3456 VClone - ok
22:04:36.0002 3456 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
22:04:36.0002 3456 vdrvroot - ok
22:04:36.0065 3456 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
22:04:36.0080 3456 vds - ok
22:04:36.0127 3456 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
22:04:36.0127 3456 vga - ok
22:04:36.0143 3456 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
22:04:36.0143 3456 VgaSave - ok
22:04:36.0190 3456 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
22:04:36.0205 3456 vhdmp - ok
22:04:36.0252 3456 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
22:04:36.0252 3456 viaide - ok
22:04:36.0299 3456 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
22:04:36.0299 3456 volmgr - ok
22:04:36.0361 3456 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
22:04:36.0361 3456 volmgrx - ok
22:04:36.0377 3456 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
22:04:36.0392 3456 volsnap - ok
22:04:36.0424 3456 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
22:04:36.0424 3456 vsmraid - ok
22:04:36.0502 3456 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
22:04:36.0533 3456 VSS - ok
22:04:36.0548 3456 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
22:04:36.0548 3456 vwifibus - ok
22:04:36.0564 3456 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
22:04:36.0564 3456 vwififlt - ok
22:04:36.0611 3456 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
22:04:36.0611 3456 W32Time - ok
22:04:36.0626 3456 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
22:04:36.0642 3456 WacomPen - ok
22:04:36.0704 3456 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
22:04:36.0704 3456 WANARP - ok
22:04:36.0704 3456 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
22:04:36.0720 3456 Wanarpv6 - ok
22:04:36.0814 3456 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
22:04:36.0829 3456 WatAdminSvc - ok
22:04:36.0907 3456 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
22:04:36.0938 3456 wbengine - ok
22:04:36.0970 3456 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
22:04:36.0970 3456 WbioSrvc - ok
22:04:37.0032 3456 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
22:04:37.0032 3456 wcncsvc - ok
22:04:37.0048 3456 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:04:37.0048 3456 WcsPlugInService - ok
22:04:37.0079 3456 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
22:04:37.0094 3456 Wd - ok
22:04:37.0110 3456 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
22:04:37.0126 3456 Wdf01000 - ok
22:04:37.0141 3456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
22:04:37.0141 3456 WdiServiceHost - ok
22:04:37.0157 3456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
22:04:37.0157 3456 WdiSystemHost - ok
22:04:37.0204 3456 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
22:04:37.0219 3456 WebClient - ok
22:04:37.0235 3456 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
22:04:37.0235 3456 Wecsvc - ok
22:04:37.0250 3456 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
22:04:37.0266 3456 wercplsupport - ok
22:04:37.0297 3456 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
22:04:37.0297 3456 WerSvc - ok
22:04:37.0328 3456 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
22:04:37.0328 3456 WfpLwf - ok
22:04:37.0344 3456 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
22:04:37.0344 3456 WIMMount - ok
22:04:37.0344 3456 WinHttpAutoProxySvc - ok
22:04:37.0406 3456 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
22:04:37.0422 3456 Winmgmt - ok
22:04:37.0516 3456 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
22:04:37.0547 3456 WinRM - ok
22:04:37.0625 3456 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
22:04:37.0640 3456 WinUsb - ok
22:04:37.0687 3456 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
22:04:37.0703 3456 Wlansvc - ok
22:04:37.0765 3456 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:04:37.0781 3456 wlcrasvc - ok
22:04:37.0874 3456 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:04:37.0921 3456 wlidsvc - ok
22:04:37.0968 3456 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
22:04:37.0968 3456 WmiAcpi - ok
22:04:37.0999 3456 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
22:04:37.0999 3456 wmiApSrv - ok
22:04:38.0030 3456 WMPNetworkSvc - ok
22:04:38.0062 3456 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
22:04:38.0062 3456 WPCSvc - ok
22:04:38.0108 3456 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
22:04:38.0108 3456 WPDBusEnum - ok
22:04:38.0140 3456 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
22:04:38.0140 3456 ws2ifsl - ok
22:04:38.0155 3456 WSearch - ok
22:04:38.0264 3456 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
22:04:38.0296 3456 wuauserv - ok
22:04:38.0342 3456 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
22:04:38.0342 3456 WudfPf - ok
22:04:38.0374 3456 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
22:04:38.0389 3456 WUDFRd - ok
22:04:38.0436 3456 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
22:04:38.0436 3456 wudfsvc - ok
22:04:38.0467 3456 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
22:04:38.0483 3456 WwanSvc - ok
22:04:38.0498 3456 ================ Scan global ===============================
22:04:38.0530 3456 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
22:04:38.0576 3456 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
22:04:38.0592 3456 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
22:04:38.0623 3456 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
22:04:38.0639 3456 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
22:04:38.0654 3456 [Global] - ok
22:04:38.0654 3456 ================ Scan MBR ==================================
22:04:38.0654 3456 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
22:04:38.0966 3456 \Device\Harddisk0\DR0 - ok
22:04:38.0966 3456 ================ Scan VBR ==================================
22:04:38.0998 3456 [ 6A4047103C82B68602958F46EEC19E17 ] \Device\Harddisk0\DR0\Partition1
22:04:38.0998 3456 \Device\Harddisk0\DR0\Partition1 - ok
22:04:39.0013 3456 ============================================================
22:04:39.0013 3456 Scan finished
22:04:39.0013 3456 ============================================================
22:04:39.0029 3540 Detected object count: 0
22:04:39.0029 3540 Actual detected object count: 0

Edited by mastakhan, 03 October 2012 - 06:58 PM.


#4 mastakhan

mastakhan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 03 October 2012 - 06:57 PM

And aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-02 22:14:22
-----------------------------
22:14:22.696 OS Version: Windows x64 6.1.7601 Service Pack 1
22:14:22.696 Number of processors: 4 586 0x2505
22:14:22.696 ComputerName: FAUST-PC UserName: Faust
22:14:24.987 Initialize success
22:18:20.011 AVAST engine defs: 12100300
22:18:30.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:18:30.179 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
22:18:30.195 Disk 0 MBR read successfully
22:18:30.195 Disk 0 MBR scan
22:18:30.195 Disk 0 Windows VISTA default MBR code
22:18:30.210 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:18:30.226 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291742 MB offset 3074048
22:18:30.257 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12002 MB offset 600561664
22:18:30.288 Disk 0 scanning C:\windows\system32\drivers
22:18:43.357 Service scanning
22:19:18.236 Modules scanning
22:19:18.246 Disk 0 trace - called modules:
22:19:18.286 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:19:18.286 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ca4060]
22:19:18.296 3 CLASSPNP.SYS[fffff88001a7643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049c7050]
22:19:19.375 AVAST engine scan C:\windows
22:19:21.373 AVAST engine scan C:\windows\system32
22:22:16.152 AVAST engine scan C:\windows\system32\drivers
22:22:30.940 AVAST engine scan C:\Users\Faust
22:52:15.771 AVAST engine scan C:\ProgramData
22:54:46.685 Scan finished successfully
07:16:13.288 Disk 0 MBR has been saved successfully to "C:\Users\Faust\Desktop\David\Downloads (new)\BleepingComputer\MBR.dat"
07:16:13.288 The log file has been saved successfully to "C:\Users\Faust\Desktop\David\Downloads (new)\BleepingComputer\aswMBR.txt"

#5 mastakhan

mastakhan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 03 October 2012 - 06:59 PM

And then ESET:

C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Default\aadddcdhdbdcggdgdadcdggedegbdbdf\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Default\aadddcdhdbdcggdgdadcdggedegbdbdf\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined

I should also note that after running all 3 programs, the redirect is still happening.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:14 AM

Posted 03 October 2012 - 07:05 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#7 mastakhan

mastakhan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 04 October 2012 - 06:45 PM

Malwarebytes:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.03.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Faust :: FAUST-PC [administrator]

10/3/2012 9:52:52 PM
mbam-log-2012-10-03 (21-52-52).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 357929
Time elapsed: 51 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by mastakhan, 04 October 2012 - 06:47 PM.


#8 mastakhan

mastakhan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 04 October 2012 - 06:47 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Faust (administrator) on 04-10-2012 at 19:16:17
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Atheros AR8152 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Faust-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.md.comcast.net.
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 1C-65-9D-A0-5B-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5df6:d302:b50f:61eb%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.123(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, October 02, 2012 10:10:18 PM
Lease Expires . . . . . . . . . . : Friday, October 05, 2012 5:52:04 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 320628125
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-88-C3-C9-60-EB-69-94-7C-DD
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.md.comcast.net.
Description . . . . . . . . . . . : Atheros AR8152 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 60-EB-69-94-7C-DD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.md.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 2607:f8b0:4004:802::1009
74.125.228.71
74.125.228.73
74.125.228.70
74.125.228.68
74.125.228.69
74.125.228.67
74.125.228.78
74.125.228.64
74.125.228.65
74.125.228.72
74.125.228.66


Pinging google.com [74.125.228.67] with 32 bytes of data:
Reply from 74.125.228.67: bytes=32 time=13ms TTL=55
Reply from 74.125.228.67: bytes=32 time=15ms TTL=55

Ping statistics for 74.125.228.67:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 15ms, Average = 14ms
Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=67ms TTL=51
Reply from 98.139.183.24: bytes=32 time=57ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 57ms, Maximum = 67ms, Average = 62ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...1c 65 9d a0 5b c9 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
10...60 eb 69 94 7c dd ......Atheros AR8152 PCI-E Fast Ethernet Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.123 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.123 281
192.168.1.123 255.255.255.255 On-link 192.168.1.123 281
192.168.1.255 255.255.255.255 On-link 192.168.1.123 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.123 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.123 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::5df6:d302:b50f:61eb/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/04/2012 11:37:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2012 11:36:49 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (10/04/2012 11:36:17 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/03/2012 07:55:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/03/2012 06:04:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/03/2012 06:04:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/03/2012 00:31:19 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (10/02/2012 10:12:25 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/02/2012 07:49:36 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/02/2012 07:41:49 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)


System errors:
=============
Error: (10/02/2012 10:10:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/02/2012 10:10:25 PM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

Error: (10/02/2012 10:10:25 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (10/02/2012 10:10:23 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (10/02/2012 10:10:05 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/02/2012 10:10:04 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/02/2012 10:10:20 PM) (Source: BugCheck) (User: )
Description: 0x000000d1 (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0x0000000000000000)C:\windows\MEMORY.DMP100212-31184-01

Error: (10/02/2012 10:10:15 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:08:11 PM on ?10/?2/?2012 was unexpected.

Error: (10/02/2012 07:45:45 PM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

Error: (10/02/2012 07:45:45 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (10/04/2012 11:37:01 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Faust\Desktop\David\downloads (new)\bleepingcomputer\esetsmartinstaller_enu.exe

Error: (10/04/2012 11:36:49 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (10/04/2012 11:36:17 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (10/03/2012 07:55:19 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Faust\Desktop\David\Downloads (new)\BleepingComputer\esetsmartinstaller_enu.exe

Error: (10/03/2012 06:04:39 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Faust\Desktop\David\Downloads (new)\BleepingComputer\esetsmartinstaller_enu.exe

Error: (10/03/2012 06:04:27 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Faust\Desktop\David\Downloads (new)\BleepingComputer\esetsmartinstaller_enu.exe

Error: (10/03/2012 00:31:19 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (10/02/2012 10:12:25 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/02/2012 07:49:36 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/02/2012 07:41:49 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)


=========================== Installed Programs ============================

µTorrent (Version: 2.2.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Audition 1.5 (Version: 1.5)
Adobe Flash Player 10 ActiveX (Version: 10.1.82.76)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.26)
Audacity 1.2.6
Auto Gordian Knot 2.45 (Version: 2.45)
AVG 2011 (Version: 10.0.1427)
AVG 2011 (Version: 10.0.2441)
AviSynth 2.5
CDisplay 1.8
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Conexant HD Audio (Version: 4.119.0.60)
ConvertHelper 2.2
D3DX10 (Version: 15.4.2368.0902)
Dropbox (Version: 1.4.9)
DVD Decrypter (Remove Only)
ESET Online Scanner v3
Exact Audio Copy 1.0beta1 (Version: 1.0beta1)
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
foobar2000 v1.1.13 (Version: 1.1.13)
GmoteServer (Version: 2.0.2)
Google Chrome (Version: 22.0.1229.79)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.123)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2189)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.1.1001)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 20 (Version: 6.0.200)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Mega Codec Pack 6.6.6 (Version: 6.6.6)
Label@Once 1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
Mp3 Tag Tools v1.2
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MusicBrainz Tagger 0.10.5
OpenOffice.org 3.2 (Version: 3.2.9502)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Project64 1.6 (Version: 1.6)
QT Lite 4.1.0 (Version: 4.1.0)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30113)
Realtek WLAN Driver (Version: 2.00.0011)
Reason 5.0 (Version: 5.0)
Skype Launcher (Version: 2.01)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.5.1022)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
Toshiba App Place (Version: 1.0.6.3)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 3.00.11)
TOSHIBA Bulletin Board (Version: 1.6.06.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA eco Utility (Version: 1.2.7.64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Hardware Setup (Version: 4.03.02.00)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
Toshiba Laptop Checkup (Version: 2.0.5.60)
TOSHIBA Media Controller (Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (Version: 1.0.4.9)
Toshiba Online Backup (Version: 2.0.0.25)
TOSHIBA PC Health Monitor (Version: 1.6.0.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.6.05.64)
TOSHIBA Service Station (Version: 2.1.40)
TOSHIBA Supervisor Password (Version: 4.03.02.00)
TOSHIBA Value Added Package (Version: 1.3.19.64)
TOSHIBA Web Camera Application (Version: 1.1.1.15)
ToshibaRegistration (Version: 1.0.4)
VirtualCloneDrive
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 1.1.5 (Version: 1.1.5)
VobSub v2.23 (Remove Only)
Vuze (Version: 4.5)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
XviD MPEG4 Video Codec (remove only)
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 3893.86 MB
Available physical RAM: 1569.61 MB
Total Pagefile: 7785.91 MB
Available Pagefile: 4675.91 MB
Total Virtual: 4095.88 MB
Available Virtual: 3956.92 MB

========================= Partitions: =====================================

1 Drive c: (TI106033W0C) (Fixed) (Total:284.9 GB) (Free:39.37 GB) NTFS

========================= Users: ========================================

User accounts for \\FAUST-PC

Administrator Faust Guest

========================= Restore Points ==================================

30-09-2012 02:54:34 Scheduled Checkpoint
02-10-2012 23:42:44 RegRun Virus Scan
02-10-2012 23:47:32 RegRun Virus Scan

**** End of log ****

#9 mastakhan

mastakhan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 04 October 2012 - 06:49 PM

Farbar Service Scanner Version: 19-09-2012
Ran by Faust (administrator) on 04-10-2012 at 19:17:41
Running from "C:\Users\Faust\Desktop\David\Downloads (new)\BleepingComputer"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of wscsvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of wscsvc. The value does not exist.
Unable to retrieve ServiceDll of wscsvc. The value does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by mastakhan, 04 October 2012 - 06:50 PM.


#10 mastakhan

mastakhan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 04 October 2012 - 06:52 PM

# AdwCleaner v2.003 - Logfile created 10/04/2012 at 19:18:57
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Faust - FAUST-PC
# Boot Mode : Normal
# Running from : C:\Users\Faust\Desktop\David\Downloads (new)\BleepingComputer\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Faust\AppData\Local\Temp\boost_interprocess

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\qbmg665j.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1612 octets] - [04/10/2012 19:18:57]

########## EOF - C:\AdwCleaner[S1].txt - [1672 octets] ##########

Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.3 (10.03.2012)
OS: Windows 7 Home Premium x64
Ran by Faust on Thu 10/04/2012 at 19:37:30.42
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files:

Failed to delete: [FILE-LOCKED!] C:\eula.1028.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1031.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1033.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1036.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1040.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1041.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1042.txt
Failed to delete: [FILE-LOCKED!] C:\eula.2052.txt
Failed to delete: [FILE-LOCKED!] C:\install.res.1028.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1031.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1033.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1036.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1040.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1041.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1042.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.2052.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.3082.dll



*** Folders: 0 Detections



*** FireFox detected and repaired

Trojan:Win32/Tracur.AV Detected!
Successfully deleted: jlpnxhoiuh@jlpnxhoiuh.org.xpi


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Thu 10/04/2012 at 19:37:44.28
End of Report

Edited by mastakhan, 04 October 2012 - 06:51 PM.


#11 mastakhan

mastakhan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 04 October 2012 - 06:55 PM

Sorry, Adware and JRT got combined in the last post.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:14 AM

Posted 04 October 2012 - 07:03 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#13 mastakhan

mastakhan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 04 October 2012 - 08:17 PM

Farbar Service Scanner Version: 19-09-2012
Ran by Faust (administrator) on 04-10-2012 at 21:15:22
Running from "C:\Users\Faust\Desktop\David\Downloads (new)\BleepingComputer"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#14 mastakhan

mastakhan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 04 October 2012 - 08:20 PM

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/04/2012 09:18:55 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Faust\Desktop\rkill\rkill-10-04-2012-09-18-59.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
* HKCU\SOFTWARE\Classes\exefile has been deleted!


Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-21-3817850385-1437492871-3789226613-1000\$d0d044e97abb0899018b0676cf8a906a\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3817850385-1437492871-3789226613-1000\$d0d044e97abb0899018b0676cf8a906a\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-3817850385-1437492871-3789226613-1000\$d0d044e97abb0899018b0676cf8a906a\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3817850385-1437492871-3789226613-1000\$d0d044e97abb0899018b0676cf8a906a\U\ [ZA Dir]

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/04/2012 09:19:13 PM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)

#15 mastakhan

mastakhan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 04 October 2012 - 08:25 PM

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "00TCrdMain" "TOSHIBA Flash Cards" "TOSHIBA Corporation" "c:\program files\toshiba\flashcards\tcrdmain.exe"
+ "cAudioFilterAgent" "Conexant High Definition Audio Filter Agent" "Conexant Systems, Inc." "c:\program files\conexant\caudiofilteragent\caudiofilteragent64.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "HSON" "HotStartOn" "TOSHIBA Corporation" "c:\program files\toshiba\tbs\hson.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "SmartAudio" "SAIICpl MFC Application" "" "c:\program files\conexant\saii\saiicpl.exe"
+ "SmartFaceVWatcher" "SmartFaceVWatcher" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevwatcher.exe"
+ "SmoothView" "SmoothView" "TOSHIBA Corporation" "c:\program files\toshiba\smoothview\smoothview.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "Teco" "TOSHIBA eco Utility" "TOSHIBA Corporation" "c:\program files\toshiba\teco\teco.exe"
+ "TosNC" "Message Center" "TOSHIBA Corporation" "c:\program files\toshiba\bulletinboard\tosnccore.exe"
+ "TosReelTimeMonitor" "Monitor of TOSHIBA ReelTime" "TOSHIBA Corporation" "c:\program files\toshiba\reeltime\tosreeltimemonitor.exe"
+ "TosSENotify" "" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe"
+ "TosVolRegulator" " Toshiba Volume Regulator" "TOSHIBA Corporation" "c:\program files\toshiba\tosvolregulator\tosvolregulator.exe"
+ "TosWaitSrv" "" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\toswaitsrv.exe"
+ "TPwrMain" "TOSHIBA Power Saver" "TOSHIBA Corporation" "c:\program files\toshiba\power saver\tpwrmain.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgtray.exe"
+ "NortonOnlineBackupReminder" "Toshiba Online Backup Service" "Toshiba" "c:\program files (x86)\toshiba\toshiba online backup\activation\tobuactivation.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "ToshibaAppPlace" "Toshiba App Place" "Toshiba" "c:\program files (x86)\toshiba\toshiba app place\toshibaappplace.exe"
+ "ToshibaServiceStation" "TOSHIBA Service Station" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\toshibaservicestation.exe"
+ "TWebCamera" "" "TOSHIBA CORPORATION." "c:\program files (x86)\toshiba\toshiba web camera application\twebcamera.exe"
+ "VirtualCloneDrive" "Virtual CloneDrive Daemon" "Elaborate Bytes AG" "c:\program files (x86)\elaborate bytes\virtualclonedrive\vcddaemon.exe"
"C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\users\faust\appdata\roaming\dropbox\bin\dropbox.exe"
+ "OpenOffice.org 3.2.lnk" "" "" "c:\program files (x86)\openoffice.org 3\program\quickstart.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "SpybotSD TeaTimer" "System settings protector" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy\teatimer.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
+ "uTorrent" "µTorrent" "BitTorrent, Inc." "c:\program files (x86)\utorrent\utorrent.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgppa.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\faust\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgsea.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "VirtualCloneDrive" "CloseTray" "Elaborate Bytes AG" "c:\program files (x86)\elaborate bytes\virtualclonedrive\elbyvcdshell.dll"
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgse.dll"
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\faust\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\faust\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "OpenOffice.org" "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl_x64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "OpenOffice.org" "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgsea.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgse.dll"
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\faust\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\faust\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\faust\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\faust\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\faust\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\faust\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\faust\appdata\roaming\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgssiea.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgssie.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files (x86)\spybot - search & destroy\sdhelper.dll"
+ "TOSHIBA Media Controller Plug-in" "TOSHIBA Media Controller Plug-in " "<TOSHIBA>" "c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "Spybot - Search && Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files (x86)\spybot - search & destroy\sdhelper.dll"
"Task Scheduler" "" "" ""
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore64.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\identity protection\agent\bin\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgwdsvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "Norton PC Checkup Application Launcher" "Provides consolidated application launching facility" "Symantec Corporation" "c:\program files (x86)\norton pc checkup\engine\2.0.5.60\symcpcculaunchsvc.exe"
+ "PCCUJobMgr" "Job Manager service for common client services" "Symantec Corporation" "c:\program files (x86)\norton pc checkup\engine\2.0.5.60\ccsvchst.exe"
+ "TMachInfo" "TOSHIBA Machine Information Service" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe"
+ "TODDSrv" "TDCSrv Application" "TOSHIBA Corporation" "c:\windows\system32\toddsrv.exe"
+ "TosCoSrv" "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped." "TOSHIBA Corporation" "c:\program files\toshiba\power saver\toscosrv.exe"
+ "TOSHIBA eco Utility Service" "TOSHIBA eco Utility Service" "TOSHIBA Corporation" "c:\program files\toshiba\teco\tecoservice.exe"
+ "TOSHIBA HDD SSD Alert Service" "TOSHIBA HDD SSD Alert" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe"
+ "TPCHSrv" "TOSHIBA PC Health Monitor" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\tpchsrv.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriver.sys"
+ "AVGIDSEH" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidseh.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfilter.sys"
+ "Avgldx64" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx64.sys"
+ "Avgmfx64" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx64.sys"
+ "Avgrkx64" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx64.sys"
+ "Avgtdia" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdia.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "CnxtHdAudService" "64-bit High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdrt64.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "ElbyCDIO" "ElbyCD Windows x64 I/O driver" "Elaborate Bytes AG" "c:\windows\system32\drivers\elbycdio.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "L1C" "Atheros L1c PCI-E Gigabit Ethernet Controller" "Atheros Communications, Inc." "c:\windows\system32\drivers\l1c62x64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "Partizan" "" "" "File not found: system32\drivers\Partizan.sys"
+ "pfc" "" "" "File not found: system32\drivers\pfc.sys"
+ "PGEffect" "TOSHIBA Universal Camera Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\pgeffect.sys"
+ "QIOMem" "Generic IO & Memory Access" "TOSHIBA" "c:\windows\system32\drivers\qiomem.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "rtl8192Ce" "Realtek RTL81892CE NDIS Driverr" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8192ce.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Serial" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv6.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt6.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "tdcmdpst" "TOSHIBA ODD Writing Driver for x64." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys"
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys"
+ "TVALZFL" "TOSHIBA TVALZ Filter Driver for x64" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalzfl.sys"
+ "VClone" "VirtualCloneCD Driver" "Elaborate Bytes AG" "c:\windows\system32\drivers\vclone.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3acm" "AC-3 ACM Codec" "fccHandler" "c:\windows\syswow64\ac3acm.acm"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "msacm.l3fhg" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\mp3fhg.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "VIDC.FFDS" "" "" "c:\windows\syswow64\ff_vfw.dll"
+ "vidc.XVID" "" "" "c:\windows\syswow64\xvidvfw.dll"
+ "VIDC.YV12" "Helix YV12 YUV Codec" "www.helixcommunity.org" "c:\windows\syswow64\yv12vfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll"
+ "SFVCaptureFilter" "SmartFaceVCapt" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcapt.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AC3File" "" "" "c:\program files (x86)\k-lite codec pack\filters\ac3file.ax"
+ "Audition Null Audio" "Adobe® Audition™ SCSI CD Interface" "Adobe Systems®, Incorporated" "c:\program files (x86)\adobe\audition 1.5\videodump.ax"
+ "Audition VideoDump" "Adobe® Audition™ SCSI CD Interface" "Adobe Systems®, Incorporated" "c:\program files (x86)\adobe\audition 1.5\videodump.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "DC-Bass Source" "DirectShow™ Audio Decoder" "http://www.dsp-worx.de" "c:\program files (x86)\k-lite codec pack\filters\dcbasssource.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files (x86)\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files (x86)\k-lite codec pack\filters\vsfilter.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow DXVA Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"
+ "File Source (Monkey Audio)" "" "" "c:\program files (x86)\k-lite codec pack\filters\monkeysource.ax"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files (x86)\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax"
+ "Image Effects" "TimeStam Dynamic Link Library" "" "c:\program files (x86)\toshiba\toshiba web camera application\pgtimefilter.dll"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files (x86)\k-lite codec pack\filters\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files (x86)\k-lite codec pack\filters\madflac.ax"
+ "MONOGRAM AMR Decoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files (x86)\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Encoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files (x86)\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Mux" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files (x86)\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Splitter" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files (x86)\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM Musepack Decoder" "mmmpcdec" "" "c:\program files (x86)\k-lite codec pack\filters\mmmpcdec.ax"
+ "MONOGRAM Musepack Splitter" "mmmpcdmx" "" "c:\program files (x86)\k-lite codec pack\filters\mmmpcdmx.ax"
+ "MPC - FLV Source (Gabest)" "FLV Splitter" "MPC-HC Team" "c:\program files (x86)\k-lite codec pack\filters\flvsplitter.ax"
+ "MPC - FLV Splitter (Gabest)" "FLV Splitter" "MPC-HC Team" "c:\program files (x86)\k-lite codec pack\filters\flvsplitter.ax"
+ "MPC - MP4 Source" "MP4 Splitter" "MPC-HC Team" "c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - MP4 Splitter" "MP4 Splitter" "MPC-HC Team" "c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - Mpeg Source (Gabest)" "Mpeg Splitter" "MPC-HC Team" "c:\program files (x86)\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPC - Mpeg Splitter (Gabest)" "Mpeg Splitter" "MPC-HC Team" "c:\program files (x86)\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPC - MPEG4 Video Source" "MP4 Splitter" "MPC-HC Team" "c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - MPEG4 Video Splitter" "MP4 Splitter" "MPC-HC Team" "c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - RealAudio Decoder" "RealMedia Splitter" "MPC-HC Team" "c:\program files (x86)\k-lite codec pack\filters\realmediasplitter.ax"
+ "MPC - RealMedia Source" "RealMedia Splitter" "MPC-HC Team" "c:\program files (x86)\k-lite codec pack\filters\realmediasplitter.ax"
+ "MPC - RealMedia Splitter" "RealMedia Splitter" "MPC-HC Team" "c:\program files (x86)\k-lite codec pack\filters\realmediasplitter.ax"
+ "MPC - RealVideo Decoder" "RealMedia Splitter" "MPC-HC Team" "c:\program files (x86)\k-lite codec pack\filters\realmediasplitter.ax"
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prdmowrapper.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Subtitle Source" "DirectVobSub" "Gabest" "c:\windows\syswow64\dvobsub.ax"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "c:\program files (x86)\k-lite codec pack\filters\vp7dec.ax"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\tprogmon.ax"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\twavconv.ax"
+ "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "-" "c:\program files (x86)\k-lite codec pack\filters\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "-" "c:\program files (x86)\k-lite codec pack\filters\wavpackdssplitter.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "XviD MPEG-4 Video Decoder" "" "" "c:\windows\syswow64\xvid.ax"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync" "AVG Cache Server" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgchsva.exe"
+ "C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgrsa.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "SmartFaceVCP" "SmartFaceVCP" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcp.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users