Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox attempts redirect to click.livesearchnow.com


  • Please log in to reply
14 replies to this topic

#1 Hiram Q. Pustule

Hiram Q. Pustule

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 05 October 2012 - 11:27 PM

A little over a month ago, I got a ransomware infection. I was able to get rid of that without any help, but now I have another problem. I can't tell whether it's related to the previous one. The thing is, if I use Firefox and do a Google search, then click one of the result links, often they browser will try to go to click.livesearchnow.com with a long list of arguments to that site. Fortunately, it usually fails to connect, and the browser throbber just sits there throbbing until I click Back, which takes me back to the Google search. Then I can click on the same link, and this time it will go to the desired link.

Doesn't seem to be an issue in Chrome, and I don't use IE often enough to tell whether it would be happening there.

One other thing, also possibly unrelated: My Sophos antivirus has HIPS/RegMod-012 in quarantine, and the only action I can take with it is "Authorize." If my antivirus thinks it's dodgy, you'd think it would be open to removing the file. Malwarebytes doesn't seem to think there's anything wrong with my PC, but clicking on w3schools.com and going to livesearchnow is definitely sub-optimal. Thanks in advance for any help anyone might be able to offer.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:34 AM

Posted 06 October 2012 - 04:54 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Hiram Q. Pustule

Hiram Q. Pustule
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 06 October 2012 - 08:16 PM

Thanks for taking my case, narenxp.

19:43:46.0714 1844 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:43:47.0281 1844 ============================================================
19:43:47.0281 1844 Current date / time: 2012/10/06 19:43:47.0281
19:43:47.0281 1844 SystemInfo:
19:43:47.0281 1844
19:43:47.0281 1844 OS Version: 6.1.7601 ServicePack: 1.0
19:43:47.0281 1844 Product type: Workstation
19:43:47.0281 1844 ComputerName: AURORA
19:43:47.0281 1844 UserName: Edward
19:43:47.0281 1844 Windows directory: C:\Windows
19:43:47.0281 1844 System windows directory: C:\Windows
19:43:47.0281 1844 Running under WOW64
19:43:47.0281 1844 Processor architecture: Intel x64
19:43:47.0282 1844 Number of processors: 4
19:43:47.0282 1844 Page size: 0x1000
19:43:47.0282 1844 Boot type: Normal boot
19:43:47.0282 1844 ============================================================
19:43:47.0843 1844 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:47.0856 1844 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:47.0862 1844 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:43:47.0876 1844 ============================================================
19:43:47.0876 1844 \Device\Harddisk0\DR0:
19:43:47.0876 1844 MBR partitions:
19:43:47.0876 1844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x773F800
19:43:47.0876 1844 \Device\Harddisk1\DR1:
19:43:47.0876 1844 MBR partitions:
19:43:47.0876 1844 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC35314E
19:43:47.0876 1844 \Device\Harddisk2\DR2:
19:43:47.0876 1844 MBR partitions:
19:43:47.0876 1844 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747061A1
19:43:47.0876 1844 ============================================================
19:43:47.0878 1844 C: <-> \Device\Harddisk0\DR0\Partition1
19:43:47.0895 1844 D: <-> \Device\Harddisk1\DR1\Partition1
19:43:47.0920 1844 U: <-> \Device\Harddisk2\DR2\Partition1
19:43:47.0920 1844 ============================================================
19:43:47.0920 1844 Initialize success
19:43:47.0920 1844 ============================================================
19:44:54.0947 5072 ============================================================
19:44:54.0947 5072 Scan started
19:44:54.0947 5072 Mode: Manual; TDLFS;
19:44:54.0947 5072 ============================================================
19:44:55.0813 5072 ================ Scan system memory ========================
19:44:55.0813 5072 System memory - ok
19:44:55.0814 5072 ================ Scan services =============================
19:44:55.0847 5072 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:44:55.0861 5072 1394ohci - ok
19:44:55.0870 5072 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:44:55.0871 5072 ACPI - ok
19:44:55.0875 5072 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:44:55.0875 5072 AcpiPmi - ok
19:44:55.0883 5072 [ 047BD1EB681453A7FE492A71802AC9F3 ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
19:44:55.0884 5072 AdobeActiveFileMonitor10.0 - ok
19:44:55.0892 5072 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
19:44:55.0896 5072 AdobeActiveFileMonitor7.0 - ok
19:44:55.0900 5072 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:44:55.0901 5072 AdobeARMservice - ok
19:44:55.0922 5072 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:44:55.0924 5072 AdobeFlashPlayerUpdateSvc - ok
19:44:55.0937 5072 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:44:55.0940 5072 adp94xx - ok
19:44:55.0948 5072 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:44:55.0950 5072 adpahci - ok
19:44:55.0955 5072 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:44:55.0956 5072 adpu320 - ok
19:44:55.0962 5072 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:44:55.0963 5072 AeLookupSvc - ok
19:44:55.0972 5072 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:44:55.0975 5072 AFD - ok
19:44:55.0979 5072 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:44:55.0990 5072 agp440 - ok
19:44:55.0995 5072 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:44:56.0016 5072 ALG - ok
19:44:56.0019 5072 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:44:56.0019 5072 aliide - ok
19:44:56.0022 5072 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:44:56.0022 5072 amdide - ok
19:44:56.0027 5072 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:44:56.0027 5072 AmdK8 - ok
19:44:56.0031 5072 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:44:56.0031 5072 AmdPPM - ok
19:44:56.0035 5072 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:44:56.0036 5072 amdsata - ok
19:44:56.0041 5072 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:44:56.0042 5072 amdsbs - ok
19:44:56.0046 5072 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:44:56.0046 5072 amdxata - ok
19:44:56.0050 5072 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:44:56.0059 5072 AppID - ok
19:44:56.0063 5072 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:44:56.0071 5072 AppIDSvc - ok
19:44:56.0075 5072 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:44:56.0086 5072 Appinfo - ok
19:44:56.0091 5072 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:44:56.0092 5072 Apple Mobile Device - ok
19:44:56.0101 5072 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:44:56.0107 5072 AppMgmt - ok
19:44:56.0113 5072 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:44:56.0113 5072 arc - ok
19:44:56.0117 5072 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:44:56.0118 5072 arcsas - ok
19:44:56.0121 5072 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
19:44:56.0121 5072 AsIO - ok
19:44:56.0131 5072 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:44:56.0133 5072 aspnet_state - ok
19:44:56.0136 5072 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:44:56.0145 5072 AsyncMac - ok
19:44:56.0148 5072 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:44:56.0149 5072 atapi - ok
19:44:56.0163 5072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:44:56.0206 5072 AudioEndpointBuilder - ok
19:44:56.0215 5072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:44:56.0218 5072 AudioSrv - ok
19:44:56.0225 5072 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:44:56.0236 5072 AxInstSV - ok
19:44:56.0249 5072 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:44:56.0252 5072 b06bdrv - ok
19:44:56.0263 5072 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:44:56.0264 5072 b57nd60a - ok
19:44:56.0270 5072 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:44:56.0280 5072 BDESVC - ok
19:44:56.0286 5072 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:44:56.0296 5072 Beep - ok
19:44:56.0315 5072 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:44:56.0339 5072 BFE - ok
19:44:56.0357 5072 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:44:56.0402 5072 BITS - ok
19:44:56.0406 5072 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:44:56.0407 5072 blbdrive - ok
19:44:56.0420 5072 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:44:56.0427 5072 Bonjour Service - ok
19:44:56.0434 5072 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:44:56.0434 5072 bowser - ok
19:44:56.0438 5072 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:44:56.0438 5072 BrFiltLo - ok
19:44:56.0441 5072 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:44:56.0441 5072 BrFiltUp - ok
19:44:56.0446 5072 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:44:56.0456 5072 BridgeMP - ok
19:44:56.0461 5072 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:44:56.0472 5072 Browser - ok
19:44:56.0480 5072 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:44:56.0482 5072 Brserid - ok
19:44:56.0485 5072 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:44:56.0486 5072 BrSerWdm - ok
19:44:56.0489 5072 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:44:56.0489 5072 BrUsbMdm - ok
19:44:56.0491 5072 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:44:56.0492 5072 BrUsbSer - ok
19:44:56.0495 5072 BTCFilterService - ok
19:44:56.0500 5072 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:44:56.0500 5072 BTHMODEM - ok
19:44:56.0505 5072 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:44:56.0522 5072 bthserv - ok
19:44:56.0526 5072 [ FC278504BFA3AC7E9ED92359D0EE7282 ] busenum C:\Windows\system32\DRIVERS\busenum.sys
19:44:56.0527 5072 busenum - ok
19:44:56.0534 5072 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
19:44:56.0534 5072 BVRPMPR5a64 - ok
19:44:56.0540 5072 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:44:56.0550 5072 cdfs - ok
19:44:56.0556 5072 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:44:56.0571 5072 cdrom - ok
19:44:56.0576 5072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:44:56.0585 5072 CertPropSvc - ok
19:44:56.0589 5072 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:44:56.0589 5072 circlass - ok
19:44:56.0597 5072 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:44:56.0601 5072 CLFS - ok
19:44:56.0606 5072 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:56.0607 5072 clr_optimization_v2.0.50727_32 - ok
19:44:56.0612 5072 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:44:56.0613 5072 clr_optimization_v2.0.50727_64 - ok
19:44:56.0621 5072 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:56.0623 5072 clr_optimization_v4.0.30319_32 - ok
19:44:56.0628 5072 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:44:56.0630 5072 clr_optimization_v4.0.30319_64 - ok
19:44:56.0633 5072 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:44:56.0633 5072 CmBatt - ok
19:44:56.0636 5072 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:44:56.0636 5072 cmdide - ok
19:44:56.0646 5072 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:44:56.0648 5072 CNG - ok
19:44:56.0652 5072 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:44:56.0652 5072 Compbatt - ok
19:44:56.0655 5072 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:44:56.0665 5072 CompositeBus - ok
19:44:56.0668 5072 COMSysApp - ok
19:44:56.0671 5072 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:44:56.0672 5072 crcdisk - ok
19:44:56.0678 5072 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:44:56.0688 5072 CryptSvc - ok
19:44:56.0700 5072 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:44:56.0718 5072 CSC - ok
19:44:56.0732 5072 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:44:56.0735 5072 CscService - ok
19:44:56.0749 5072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:44:56.0752 5072 DcomLaunch - ok
19:44:56.0759 5072 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:44:56.0774 5072 defragsvc - ok
19:44:56.0780 5072 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:44:56.0780 5072 DfsC - ok
19:44:56.0790 5072 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:44:56.0797 5072 Dhcp - ok
19:44:56.0805 5072 [ 79B9D7643C9E3AD10B89DF8EF0A9D2FE ] DigiartyVirtualCDBus C:\Windows\system32\drivers\DigiartyVirtualCDBus.sys
19:44:56.0807 5072 DigiartyVirtualCDBus - ok
19:44:56.0810 5072 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:44:56.0811 5072 discache - ok
19:44:56.0815 5072 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:44:56.0815 5072 Disk - ok
19:44:56.0821 5072 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:44:56.0835 5072 Dnscache - ok
19:44:56.0843 5072 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:44:56.0857 5072 dot3svc - ok
19:44:56.0862 5072 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:44:56.0864 5072 DPS - ok
19:44:56.0866 5072 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:44:56.0874 5072 drmkaud - ok
19:44:56.0897 5072 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:44:56.0930 5072 DXGKrnl - ok
19:44:56.0934 5072 EagleX64 - ok
19:44:56.0938 5072 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:44:56.0948 5072 EapHost - ok
19:44:57.0014 5072 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:44:57.0084 5072 ebdrv - ok
19:44:57.0089 5072 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:44:57.0090 5072 EFS - ok
19:44:57.0109 5072 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:44:57.0135 5072 ehRecvr - ok
19:44:57.0140 5072 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:44:57.0141 5072 ehSched - ok
19:44:57.0144 5072 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
19:44:57.0144 5072 ElbyCDIO - ok
19:44:57.0155 5072 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:44:57.0178 5072 elxstor - ok
19:44:57.0182 5072 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:44:57.0191 5072 ErrDev - ok
19:44:57.0203 5072 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:44:57.0210 5072 EventSystem - ok
19:44:57.0217 5072 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:44:57.0230 5072 exfat - ok
19:44:57.0236 5072 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:44:57.0250 5072 fastfat - ok
19:44:57.0266 5072 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:44:57.0287 5072 Fax - ok
19:44:57.0292 5072 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:44:57.0292 5072 fdc - ok
19:44:57.0295 5072 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:44:57.0304 5072 fdPHost - ok
19:44:57.0308 5072 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:44:57.0318 5072 FDResPub - ok
19:44:57.0322 5072 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:44:57.0323 5072 FileInfo - ok
19:44:57.0325 5072 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:44:57.0335 5072 Filetrace - ok
19:44:57.0351 5072 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:44:57.0412 5072 FLEXnet Licensing Service - ok
19:44:57.0416 5072 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:44:57.0416 5072 flpydisk - ok
19:44:57.0423 5072 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:44:57.0424 5072 FltMgr - ok
19:44:57.0444 5072 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:44:57.0459 5072 FontCache - ok
19:44:57.0465 5072 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:44:57.0465 5072 FontCache3.0.0.0 - ok
19:44:57.0470 5072 [ 07AF7870ABF051EBBAE8A8A92FF34ABE ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
19:44:57.0486 5072 FreeAgentGoNext Service - ok
19:44:57.0491 5072 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:44:57.0502 5072 FsDepends - ok
19:44:57.0506 5072 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:44:57.0515 5072 Fs_Rec - ok
19:44:57.0521 5072 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:44:57.0522 5072 fvevol - ok
19:44:57.0526 5072 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:44:57.0527 5072 gagp30kx - ok
19:44:57.0530 5072 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:44:57.0531 5072 GEARAspiWDM - ok
19:44:57.0545 5072 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:44:57.0557 5072 gpsvc - ok
19:44:57.0568 5072 [ 615CF0ACE0B3BD7931E6BB4653E27523 ] HauppaugeTVServer C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
19:44:57.0588 5072 HauppaugeTVServer - ok
19:44:57.0591 5072 [ F531C096D13A9E12B143DB770814DE92 ] hcw72ADFilter C:\Windows\system32\DRIVERS\hcw72ADFilter.sys
19:44:57.0592 5072 hcw72ADFilter - ok
19:44:57.0617 5072 [ 0496F2A26A9B45412C5CC096D451AA22 ] hcw72ATV C:\Windows\system32\DRIVERS\hcw72ATV.sys
19:44:57.0648 5072 hcw72ATV - ok
19:44:57.0675 5072 [ 13D8E1F19E5F461F99C24E50BC987B58 ] hcw72DTV C:\Windows\system32\DRIVERS\hcw72DTV.sys
19:44:57.0706 5072 hcw72DTV - ok
19:44:57.0710 5072 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:44:57.0711 5072 hcw85cir - ok
19:44:57.0722 5072 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:44:57.0737 5072 HdAudAddService - ok
19:44:57.0742 5072 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:44:57.0754 5072 HDAudBus - ok
19:44:57.0758 5072 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:44:57.0758 5072 HidBatt - ok
19:44:57.0764 5072 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:44:57.0765 5072 HidBth - ok
19:44:57.0769 5072 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:44:57.0770 5072 HidIr - ok
19:44:57.0775 5072 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:44:57.0778 5072 hidserv - ok
19:44:57.0783 5072 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:44:57.0794 5072 HidUsb - ok
19:44:57.0801 5072 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:44:57.0831 5072 hkmsvc - ok
19:44:57.0838 5072 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:44:57.0870 5072 HomeGroupListener - ok
19:44:57.0877 5072 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:44:57.0882 5072 HomeGroupProvider - ok
19:44:57.0886 5072 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:44:57.0887 5072 HpSAMD - ok
19:44:57.0890 5072 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
19:44:57.0890 5072 HTCAND64 - ok
19:44:57.0895 5072 [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
19:44:57.0896 5072 HTCMonitorService - ok
19:44:57.0899 5072 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
19:44:57.0899 5072 htcnprot - ok
19:44:57.0921 5072 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:44:57.0925 5072 HTTP - ok
19:44:57.0929 5072 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:44:57.0930 5072 hwpolicy - ok
19:44:57.0935 5072 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:44:57.0946 5072 i8042prt - ok
19:44:57.0954 5072 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:44:57.0956 5072 iaStorV - ok
19:44:57.0961 5072 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:44:57.0962 5072 IDriverT - ok
19:44:57.0976 5072 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:44:58.0066 5072 idsvc - ok
19:44:58.0071 5072 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:44:58.0072 5072 iirsp - ok
19:44:58.0092 5072 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:44:58.0119 5072 IKEEXT - ok
19:44:58.0124 5072 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:44:58.0124 5072 intelide - ok
19:44:58.0128 5072 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:44:58.0139 5072 intelppm - ok
19:44:58.0146 5072 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:44:58.0156 5072 IPBusEnum - ok
19:44:58.0161 5072 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:58.0171 5072 IpFilterDriver - ok
19:44:58.0183 5072 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:44:58.0202 5072 iphlpsvc - ok
19:44:58.0207 5072 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:44:58.0208 5072 IPMIDRV - ok
19:44:58.0212 5072 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:44:58.0222 5072 IPNAT - ok
19:44:58.0248 5072 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:44:58.0269 5072 iPod Service - ok
19:44:58.0273 5072 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:44:58.0282 5072 IRENUM - ok
19:44:58.0285 5072 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:44:58.0295 5072 isapnp - ok
19:44:58.0302 5072 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:44:58.0318 5072 iScsiPrt - ok
19:44:58.0322 5072 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:44:58.0334 5072 kbdclass - ok
19:44:58.0337 5072 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:44:58.0347 5072 kbdhid - ok
19:44:58.0351 5072 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:44:58.0351 5072 KeyIso - ok
19:44:58.0355 5072 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:44:58.0356 5072 KSecDD - ok
19:44:58.0361 5072 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:44:58.0362 5072 KSecPkg - ok
19:44:58.0365 5072 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:44:58.0374 5072 ksthunk - ok
19:44:58.0384 5072 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:44:58.0400 5072 KtmRm - ok
19:44:58.0408 5072 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:44:58.0424 5072 LanmanServer - ok
19:44:58.0429 5072 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:44:58.0441 5072 LanmanWorkstation - ok
19:44:58.0446 5072 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:44:58.0456 5072 lltdio - ok
19:44:58.0465 5072 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:44:58.0498 5072 lltdsvc - ok
19:44:58.0502 5072 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:44:58.0514 5072 lmhosts - ok
19:44:58.0519 5072 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:44:58.0520 5072 LSI_FC - ok
19:44:58.0524 5072 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:44:58.0524 5072 LSI_SAS - ok
19:44:58.0528 5072 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:44:58.0529 5072 LSI_SAS2 - ok
19:44:58.0535 5072 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:44:58.0536 5072 LSI_SCSI - ok
19:44:58.0539 5072 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:44:58.0550 5072 luafv - ok
19:44:58.0554 5072 [ A3B7A450C59DED98FC189B1BD4D6AB5C ] MADFUMIDISPORT2010 C:\Windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys
19:44:58.0554 5072 MADFUMIDISPORT2010 - ok
19:44:58.0560 5072 [ 2E48BF22134BD7104EDF51AA82A6841F ] MAUSBMIDISPORT C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys
19:44:58.0561 5072 MAUSBMIDISPORT - ok
19:44:58.0565 5072 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:44:58.0595 5072 Mcx2Svc - ok
19:44:58.0599 5072 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:44:58.0600 5072 megasas - ok
19:44:58.0608 5072 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:44:58.0609 5072 MegaSR - ok
19:44:58.0614 5072 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:44:58.0615 5072 Microsoft Office Groove Audit Service - ok
19:44:58.0640 5072 [ 2511976346FE182EB0992F6D3685FACC ] MIDISPORTAudioDevMon C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
19:44:58.0661 5072 MIDISPORTAudioDevMon - ok
19:44:58.0665 5072 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:44:58.0666 5072 MMCSS - ok
19:44:58.0670 5072 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:44:58.0680 5072 Modem - ok
19:44:58.0684 5072 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:44:58.0694 5072 monitor - ok
19:44:58.0697 5072 motccgp - ok
19:44:58.0700 5072 motccgpfl - ok
19:44:58.0703 5072 motmodem - ok
19:44:58.0705 5072 MotoSwitchService - ok
19:44:58.0708 5072 Motousbnet - ok
19:44:58.0711 5072 motusbdevice - ok
19:44:58.0715 5072 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:44:58.0726 5072 mouclass - ok
19:44:58.0729 5072 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:44:58.0738 5072 mouhid - ok
19:44:58.0743 5072 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:44:58.0744 5072 mountmgr - ok
19:44:58.0748 5072 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:44:58.0749 5072 MozillaMaintenance - ok
19:44:58.0753 5072 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:44:58.0767 5072 mpio - ok
19:44:58.0771 5072 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:44:58.0780 5072 mpsdrv - ok
19:44:58.0800 5072 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:44:58.0805 5072 MpsSvc - ok
19:44:58.0811 5072 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:44:58.0823 5072 MRxDAV - ok
19:44:58.0829 5072 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:44:58.0830 5072 mrxsmb - ok
19:44:58.0836 5072 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:44:58.0837 5072 mrxsmb10 - ok
19:44:58.0842 5072 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:44:58.0843 5072 mrxsmb20 - ok
19:44:58.0846 5072 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:44:58.0847 5072 msahci - ok
19:44:58.0851 5072 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:44:58.0864 5072 msdsm - ok
19:44:58.0870 5072 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:44:58.0888 5072 MSDTC - ok
19:44:58.0895 5072 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:44:58.0896 5072 Msfs - ok
19:44:58.0898 5072 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:44:58.0911 5072 mshidkmdf - ok
19:44:58.0914 5072 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:44:58.0915 5072 msisadrv - ok
19:44:58.0920 5072 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:44:58.0964 5072 MSiSCSI - ok
19:44:58.0966 5072 msiserver - ok
19:44:58.0969 5072 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:44:58.0979 5072 MSKSSRV - ok
19:44:58.0982 5072 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:44:58.0990 5072 MSPCLOCK - ok
19:44:58.0994 5072 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:44:59.0003 5072 MSPQM - ok
19:44:59.0012 5072 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:44:59.0014 5072 MsRPC - ok
19:44:59.0018 5072 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:44:59.0029 5072 mssmbios - ok
19:44:59.0032 5072 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:44:59.0041 5072 MSTEE - ok
19:44:59.0045 5072 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:44:59.0045 5072 MTConfig - ok
19:44:59.0048 5072 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:44:59.0048 5072 MTsensor - ok
19:44:59.0052 5072 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:44:59.0052 5072 Mup - ok
19:44:59.0062 5072 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:44:59.0081 5072 napagent - ok
19:44:59.0091 5072 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:44:59.0106 5072 NativeWifiP - ok
19:44:59.0131 5072 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:44:59.0135 5072 NDIS - ok
19:44:59.0139 5072 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:44:59.0149 5072 NdisCap - ok
19:44:59.0152 5072 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:44:59.0161 5072 NdisTapi - ok
19:44:59.0165 5072 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:44:59.0175 5072 Ndisuio - ok
19:44:59.0181 5072 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:44:59.0194 5072 NdisWan - ok
19:44:59.0199 5072 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:44:59.0208 5072 NDProxy - ok
19:44:59.0213 5072 [ 8C15C55796BD674BA91BE0FE79DD364E ] NEOFLTR_710_20169 C:\Windows\system32\Drivers\NEOFLTR_710_20169.SYS
19:44:59.0214 5072 NEOFLTR_710_20169 - ok
19:44:59.0217 5072 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:44:59.0218 5072 NetBIOS - ok
19:44:59.0224 5072 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:44:59.0226 5072 NetBT - ok
19:44:59.0229 5072 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:44:59.0230 5072 Netlogon - ok
19:44:59.0237 5072 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:44:59.0253 5072 Netman - ok
19:44:59.0259 5072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:59.0260 5072 NetMsmqActivator - ok
19:44:59.0263 5072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:59.0264 5072 NetPipeActivator - ok
19:44:59.0273 5072 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:44:59.0276 5072 netprofm - ok
19:44:59.0283 5072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:59.0284 5072 NetTcpActivator - ok
19:44:59.0289 5072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:59.0290 5072 NetTcpPortSharing - ok
19:44:59.0294 5072 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:44:59.0295 5072 nfrd960 - ok
19:44:59.0301 5072 [ 39645FF63EE21582D40704C2CAAC1252 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
19:44:59.0304 5072 NitroReaderDriverReadSpool2 - ok
19:44:59.0316 5072 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:44:59.0318 5072 NlaSvc - ok
19:44:59.0325 5072 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:44:59.0326 5072 Npfs - ok
19:44:59.0331 5072 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:44:59.0341 5072 nsi - ok
19:44:59.0345 5072 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:44:59.0346 5072 nsiproxy - ok
19:44:59.0384 5072 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:44:59.0392 5072 Ntfs - ok
19:44:59.0396 5072 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:44:59.0407 5072 Null - ok
19:44:59.0416 5072 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
19:44:59.0418 5072 NVENETFD - ok
19:44:59.0424 5072 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:44:59.0425 5072 NVHDA - ok
19:44:59.0618 5072 [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:44:59.0864 5072 nvlddmkm - ok
19:44:59.0917 5072 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:44:59.0918 5072 nvraid - ok
19:44:59.0923 5072 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:44:59.0924 5072 nvstor - ok
19:44:59.0940 5072 [ 34E5498528BB3D5A951F889F8756AD26 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:44:59.0972 5072 nvsvc - ok
19:45:00.0009 5072 [ CD0BFAA6872CFE38C908D313AE17C350 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:45:00.0525 5072 nvUpdatusService - ok
19:45:00.0532 5072 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:45:00.0533 5072 nv_agp - ok
19:45:00.0545 5072 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:45:00.0554 5072 odserv - ok
19:45:00.0557 5072 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:45:00.0567 5072 ohci1394 - ok
19:45:00.0573 5072 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:45:00.0574 5072 ose - ok
19:45:00.0584 5072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:45:00.0598 5072 p2pimsvc - ok
19:45:00.0608 5072 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:45:00.0624 5072 p2psvc - ok
19:45:00.0630 5072 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:45:00.0639 5072 Parport - ok
19:45:00.0644 5072 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:45:00.0644 5072 partmgr - ok
19:45:00.0648 5072 [ 9987ABA0E5DD0D46C95076B157B38C06 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
19:45:00.0649 5072 PassThru Service - ok
19:45:00.0655 5072 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:45:00.0670 5072 PcaSvc - ok
19:45:00.0677 5072 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:45:00.0678 5072 pci - ok
19:45:00.0681 5072 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:45:00.0682 5072 pciide - ok
19:45:00.0687 5072 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:45:00.0689 5072 pcmcia - ok
19:45:00.0692 5072 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:45:00.0693 5072 pcw - ok
19:45:00.0708 5072 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:45:00.0731 5072 PEAUTH - ok
19:45:00.0756 5072 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:45:00.0789 5072 PeerDistSvc - ok
19:45:00.0812 5072 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:45:00.0823 5072 PerfHost - ok
19:45:00.0860 5072 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:45:00.0896 5072 pla - ok
19:45:00.0907 5072 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:45:00.0924 5072 PlugPlay - ok
19:45:00.0929 5072 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:45:00.0937 5072 PNRPAutoReg - ok
19:45:00.0948 5072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:45:00.0951 5072 PNRPsvc - ok
19:45:00.0963 5072 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:45:00.0980 5072 PolicyAgent - ok
19:45:00.0987 5072 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:45:00.0999 5072 Power - ok
19:45:01.0004 5072 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:45:01.0014 5072 PptpMiniport - ok
19:45:01.0018 5072 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:45:01.0019 5072 Processor - ok
19:45:01.0024 5072 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:45:01.0037 5072 ProfSvc - ok
19:45:01.0040 5072 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:45:01.0041 5072 ProtectedStorage - ok
19:45:01.0046 5072 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:45:01.0047 5072 Psched - ok
19:45:01.0051 5072 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:45:01.0052 5072 PxHlpa64 - ok
19:45:01.0086 5072 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:45:01.0129 5072 ql2300 - ok
19:45:01.0136 5072 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:45:01.0137 5072 ql40xx - ok
19:45:01.0144 5072 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:45:01.0162 5072 QWAVE - ok
19:45:01.0166 5072 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:45:01.0175 5072 QWAVEdrv - ok
19:45:01.0178 5072 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:45:01.0187 5072 RasAcd - ok
19:45:01.0191 5072 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:45:01.0201 5072 RasAgileVpn - ok
19:45:01.0206 5072 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:45:01.0256 5072 RasAuto - ok
19:45:01.0263 5072 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:45:01.0275 5072 Rasl2tp - ok
19:45:01.0285 5072 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:45:01.0302 5072 RasMan - ok
19:45:01.0307 5072 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:45:01.0317 5072 RasPppoe - ok
19:45:01.0321 5072 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:45:01.0331 5072 RasSstp - ok
19:45:01.0340 5072 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:45:01.0342 5072 rdbss - ok
19:45:01.0346 5072 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:45:01.0355 5072 rdpbus - ok
19:45:01.0358 5072 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:45:01.0358 5072 RDPCDD - ok
19:45:01.0365 5072 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:45:01.0377 5072 RDPDR - ok
19:45:01.0381 5072 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:45:01.0382 5072 RDPENCDD - ok
19:45:01.0386 5072 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:45:01.0386 5072 RDPREFMP - ok
19:45:01.0392 5072 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:45:01.0404 5072 RDPWD - ok
19:45:01.0411 5072 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:45:01.0412 5072 rdyboost - ok
19:45:01.0416 5072 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:45:01.0419 5072 RemoteAccess - ok
19:45:01.0424 5072 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:45:01.0437 5072 RemoteRegistry - ok
19:45:01.0441 5072 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:45:01.0453 5072 RpcEptMapper - ok
19:45:01.0455 5072 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:45:01.0465 5072 RpcLocator - ok
19:45:01.0477 5072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:45:01.0481 5072 RpcSs - ok
19:45:01.0485 5072 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:45:01.0495 5072 rspndr - ok
19:45:01.0498 5072 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:45:01.0499 5072 s3cap - ok
19:45:01.0501 5072 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:45:01.0502 5072 SamSs - ok
19:45:01.0512 5072 [ CA7D665C871026AE6EAD6E52F141F92A ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
19:45:01.0513 5072 SAVAdminService - ok
19:45:01.0520 5072 [ 2192AE4D310ADB821B38595150F5A384 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
19:45:01.0521 5072 SAVOnAccess - ok
19:45:01.0525 5072 [ B8A272D4E91EFB366E16BEA0FA42D7EE ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
19:45:01.0528 5072 SAVService - ok
19:45:01.0532 5072 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:45:01.0533 5072 sbp2port - ok
19:45:01.0538 5072 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:45:01.0551 5072 SCardSvr - ok
19:45:01.0554 5072 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:45:01.0564 5072 scfilter - ok
19:45:01.0590 5072 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:45:01.0625 5072 Schedule - ok
19:45:01.0631 5072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:45:01.0632 5072 SCPolicySvc - ok
19:45:01.0635 5072 [ 894BFBEC492E9E838D9E4406A90A3EDB ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys
19:45:01.0635 5072 sdcfilter - ok
19:45:01.0642 5072 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:45:01.0656 5072 SDRSVC - ok
19:45:01.0659 5072 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:45:01.0660 5072 secdrv - ok
19:45:01.0663 5072 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:45:01.0672 5072 seclogon - ok
19:45:01.0676 5072 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:45:01.0678 5072 SENS - ok
19:45:01.0681 5072 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:45:01.0691 5072 SensrSvc - ok
19:45:01.0695 5072 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:45:01.0705 5072 Serenum - ok
19:45:01.0709 5072 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:45:01.0719 5072 Serial - ok
19:45:01.0722 5072 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:45:01.0732 5072 sermouse - ok
19:45:01.0740 5072 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:45:01.0744 5072 SessionEnv - ok
19:45:01.0747 5072 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:45:01.0756 5072 sffdisk - ok
19:45:01.0759 5072 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:45:01.0769 5072 sffp_mmc - ok
19:45:01.0772 5072 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:45:01.0782 5072 sffp_sd - ok
19:45:01.0787 5072 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:45:01.0788 5072 sfloppy - ok
19:45:01.0791 5072 SgtSch2Svc - ok
19:45:01.0801 5072 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:45:02.0108 5072 SharedAccess - ok
19:45:02.0117 5072 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:45:02.0125 5072 ShellHWDetection - ok
19:45:02.0129 5072 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:45:02.0129 5072 SiSRaid2 - ok
19:45:02.0133 5072 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:45:02.0134 5072 SiSRaid4 - ok
19:45:02.0138 5072 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:45:02.0149 5072 Smb - ok
19:45:02.0154 5072 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:45:02.0165 5072 SNMPTRAP - ok
19:45:02.0172 5072 [ 8A12AB5DE877B8F97D5EE70E16A5C9B2 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
19:45:02.0175 5072 Sophos AutoUpdate Service - ok
19:45:02.0178 5072 [ 69FBE35A8165ADBC313AA7F64B868CA1 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
19:45:02.0179 5072 SophosBootDriver - ok
19:45:02.0189 5072 [ 3AF5C4C8930F5E208BD2D99E435F3129 ] SplashtopRemoteService C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
19:45:02.0196 5072 SplashtopRemoteService - ok
19:45:02.0200 5072 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:45:02.0200 5072 spldr - ok
19:45:02.0213 5072 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:45:02.0234 5072 Spooler - ok
19:45:02.0295 5072 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:45:02.0461 5072 sppsvc - ok
19:45:02.0467 5072 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:45:02.0478 5072 sppuinotify - ok
19:45:02.0493 5072 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:45:02.0495 5072 srv - ok
19:45:02.0507 5072 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:45:02.0509 5072 srv2 - ok
19:45:02.0515 5072 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:45:02.0517 5072 srvnet - ok
19:45:02.0523 5072 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:45:02.0538 5072 SSDPSRV - ok
19:45:02.0542 5072 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:45:02.0555 5072 SstpSvc - ok
19:45:02.0563 5072 [ 1CFA4A1F3C7BB4C8F299E00428EB8677 ] SSUService C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
19:45:02.0603 5072 SSUService - ok
19:45:02.0614 5072 [ 8544A200C40447E465F06E58687428BB ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:45:02.0617 5072 Stereo Service - ok
19:45:02.0621 5072 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:45:02.0621 5072 stexstor - ok
19:45:02.0634 5072 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:45:02.0656 5072 stisvc - ok
19:45:02.0660 5072 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:45:02.0661 5072 storflt - ok
19:45:02.0664 5072 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
19:45:02.0674 5072 StorSvc - ok
19:45:02.0678 5072 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:45:02.0678 5072 storvsc - ok
19:45:02.0681 5072 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:45:02.0681 5072 swenum - ok
19:45:02.0735 5072 [ 6D092C11A8D706F0A0F6791B4C6FC59B ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
19:45:02.0786 5072 swi_service - ok
19:45:02.0836 5072 [ AA17EA2EF6E050904426C027C8F5BD01 ] swi_update_64 C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
19:45:02.0894 5072 swi_update_64 - ok
19:45:02.0907 5072 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:45:02.0915 5072 swprv - ok
19:45:02.0925 5072 [ EEEFA1A758C2866A2FF27025ECAFAE1D ] SynoDrService C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
19:45:02.0931 5072 SynoDrService - ok
19:45:02.0972 5072 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:45:03.0008 5072 SysMain - ok
19:45:03.0013 5072 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:45:03.0024 5072 TabletInputService - ok
19:45:03.0034 5072 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:45:03.0044 5072 TapiSrv - ok
19:45:03.0049 5072 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:45:03.0059 5072 TBS - ok
19:45:03.0090 5072 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:45:03.0100 5072 Tcpip - ok
19:45:03.0121 5072 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:45:03.0130 5072 TCPIP6 - ok
19:45:03.0136 5072 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:45:03.0146 5072 tcpipreg - ok
19:45:03.0150 5072 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:45:03.0159 5072 TDPIPE - ok
19:45:03.0163 5072 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:45:03.0172 5072 TDTCP - ok
19:45:03.0177 5072 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:45:03.0187 5072 tdx - ok
19:45:03.0238 5072 [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
19:45:03.0915 5072 TeamViewer7 - ok
19:45:03.0921 5072 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:45:03.0931 5072 TermDD - ok
19:45:03.0945 5072 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:45:03.0949 5072 TermService - ok
19:45:03.0952 5072 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:45:03.0962 5072 Themes - ok
19:45:03.0966 5072 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:45:03.0967 5072 THREADORDER - ok
19:45:03.0988 5072 [ F741B146F00DCC340AF5B0E32A874F1B ] timounter C:\Windows\system32\DRIVERS\timntr.sys
19:45:03.0992 5072 timounter - ok
19:45:03.0997 5072 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:45:04.0009 5072 TrkWks - ok
19:45:04.0015 5072 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:45:04.0018 5072 TrustedInstaller - ok
19:45:04.0023 5072 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:45:04.0033 5072 tssecsrv - ok
19:45:04.0038 5072 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:45:04.0048 5072 TsUsbFlt - ok
19:45:04.0053 5072 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:45:04.0064 5072 tunnel - ok
19:45:04.0068 5072 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:45:04.0069 5072 uagp35 - ok
19:45:04.0078 5072 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:45:04.0095 5072 udfs - ok
19:45:04.0102 5072 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:45:04.0112 5072 UI0Detect - ok
19:45:04.0116 5072 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:45:04.0116 5072 uliagpkx - ok
19:45:04.0119 5072 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:45:04.0130 5072 umbus - ok
19:45:04.0133 5072 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:45:04.0134 5072 UmPass - ok
19:45:04.0139 5072 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:45:04.0153 5072 UmRdpService - ok
19:45:04.0164 5072 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:45:04.0174 5072 upnphost - ok
19:45:04.0178 5072 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:45:04.0179 5072 USBAAPL64 - ok
19:45:04.0183 5072 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:45:04.0193 5072 usbaudio - ok
19:45:04.0198 5072 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:45:04.0208 5072 usbccgp - ok
19:45:04.0213 5072 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:45:04.0214 5072 usbcir - ok
19:45:04.0219 5072 [ 6AF12011C88C80920D0543616E107CFF ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
19:45:04.0238 5072 UsbClientService - ok
19:45:04.0242 5072 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:45:04.0251 5072 usbehci - ok
19:45:04.0262 5072 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:45:04.0279 5072 usbhub - ok
19:45:04.0283 5072 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:45:04.0292 5072 usbohci - ok
19:45:04.0296 5072 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:45:04.0305 5072 usbprint - ok
19:45:04.0309 5072 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:45:04.0310 5072 usbscan - ok
19:45:04.0313 5072 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:45:04.0323 5072 USBSTOR - ok
19:45:04.0327 5072 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:45:04.0336 5072 usbuhci - ok
19:45:04.0339 5072 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:45:04.0350 5072 UxSms - ok
19:45:04.0353 5072 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:45:04.0354 5072 VaultSvc - ok
19:45:04.0357 5072 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
19:45:04.0357 5072 VClone - ok
19:45:04.0360 5072 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:45:04.0361 5072 vdrvroot - ok
19:45:04.0373 5072 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:45:04.0394 5072 vds - ok
19:45:04.0398 5072 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:45:04.0408 5072 vga - ok
19:45:04.0412 5072 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:45:04.0421 5072 VgaSave - ok
19:45:04.0428 5072 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:45:04.0442 5072 vhdmp - ok
19:45:04.0447 5072 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:45:04.0447 5072 viaide - ok
19:45:04.0453 5072 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:45:04.0454 5072 vmbus - ok
19:45:04.0457 5072 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:45:04.0458 5072 VMBusHID - ok
19:45:04.0461 5072 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:45:04.0462 5072 volmgr - ok
19:45:04.0471 5072 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:45:04.0473 5072 volmgrx - ok
19:45:04.0481 5072 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:45:04.0483 5072 volsnap - ok
19:45:04.0488 5072 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:45:04.0489 5072 vsmraid - ok
19:45:04.0525 5072 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:45:04.0558 5072 VSS - ok
19:45:04.0562 5072 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:45:04.0573 5072 vwifibus - ok
19:45:04.0585 5072 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:45:04.0604 5072 W32Time - ok
19:45:04.0610 5072 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:45:04.0611 5072 WacomPen - ok
19:45:04.0615 5072 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:45:04.0625 5072 WANARP - ok
19:45:04.0628 5072 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:45:04.0629 5072 Wanarpv6 - ok
19:45:04.0652 5072 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:45:04.0826 5072 WatAdminSvc - ok
19:45:04.0862 5072 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:45:04.0902 5072 wbengine - ok
19:45:04.0910 5072 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:45:04.0924 5072 WbioSrvc - ok
19:45:04.0935 5072 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:45:04.0951 5072 wcncsvc - ok
19:45:04.0955 5072 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:45:04.0965 5072 WcsPlugInService - ok
19:45:04.0969 5072 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:45:04.0969 5072 Wd - ok
19:45:04.0982 5072 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:45:04.0985 5072 Wdf01000 - ok
19:45:04.0992 5072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:45:04.0996 5072 WdiServiceHost - ok
19:45:04.0999 5072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:45:05.0001 5072 WdiSystemHost - ok
19:45:05.0008 5072 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:45:05.0015 5072 WebClient - ok
19:45:05.0023 5072 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:45:05.0039 5072 Wecsvc - ok
19:45:05.0044 5072 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:45:05.0062 5072 wercplsupport - ok
19:45:05.0066 5072 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:45:05.0076 5072 WerSvc - ok
19:45:05.0080 5072 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:45:05.0088 5072 WfpLwf - ok
19:45:05.0092 5072 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:45:05.0102 5072 WIMMount - ok
19:45:05.0104 5072 WinDefend - ok
19:45:05.0109 5072 WinHttpAutoProxySvc - ok
19:45:05.0120 5072 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:45:05.0136 5072 Winmgmt - ok
19:45:05.0176 5072 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:45:05.0226 5072 WinRM - ok
19:45:05.0233 5072 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:45:05.0244 5072 WinUsb - ok
19:45:05.0264 5072 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:45:05.0290 5072 Wlansvc - ok
19:45:05.0294 5072 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:45:05.0303 5072 WmiAcpi - ok
19:45:05.0312 5072 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:45:05.0324 5072 wmiApSrv - ok
19:45:05.0328 5072 WMPNetworkSvc - ok
19:45:05.0333 5072 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:45:05.0343 5072 WPCSvc - ok
19:45:05.0350 5072 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:45:05.0363 5072 WPDBusEnum - ok
19:45:05.0368 5072 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:45:05.0369 5072 ws2ifsl - ok
19:45:05.0373 5072 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:45:05.0385 5072 wscsvc - ok
19:45:05.0387 5072 WSearch - ok
19:45:05.0428 5072 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:45:05.0441 5072 wuauserv - ok
19:45:05.0448 5072 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:45:05.0461 5072 WudfPf - ok
19:45:05.0467 5072 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:45:05.0481 5072 WUDFRd - ok
19:45:05.0486 5072 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:45:05.0504 5072 wudfsvc - ok
19:45:05.0512 5072 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:45:05.0526 5072 WwanSvc - ok
19:45:05.0530 5072 ================ Scan global ===============================
19:45:05.0533 5072 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:45:05.0547 5072 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:45:05.0566 5072 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:45:05.0570 5072 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:45:05.0586 5072 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:45:05.0589 5072 [Global] - ok
19:45:05.0589 5072 ================ Scan MBR ==================================
19:45:05.0591 5072 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:45:05.0667 5072 \Device\Harddisk0\DR0 - ok
19:45:05.0669 5072 [ D16BB06611F63F00B7789573F8799A61 ] \Device\Harddisk1\DR1
19:45:05.0721 5072 \Device\Harddisk1\DR1 - ok
19:45:05.0733 5072 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
19:45:05.0786 5072 \Device\Harddisk2\DR2 - ok
19:45:05.0787 5072 ================ Scan VBR ==================================
19:45:05.0801 5072 [ 4517B5487F1E8E7CAB58B52C913755AC ] \Device\Harddisk0\DR0\Partition1
19:45:05.0802 5072 \Device\Harddisk0\DR0\Partition1 - ok
19:45:05.0805 5072 [ FA57772DC2F64B1962C23B446091C6EE ] \Device\Harddisk1\DR1\Partition1
19:45:05.0806 5072 \Device\Harddisk1\DR1\Partition1 - ok
19:45:05.0807 5072 [ 5BC809A5ECC5C3F940B18D98A6DD373C ] \Device\Harddisk2\DR2\Partition1
19:45:05.0809 5072 \Device\Harddisk2\DR2\Partition1 - ok
19:45:05.0809 5072 ============================================================
19:45:05.0809 5072 Scan finished
19:45:05.0809 5072 ============================================================
19:45:05.0815 3240 Detected object count: 0
19:45:05.0815 3240 Actual detected object count: 0

Will post aswMBR report and ESET list after I reboot and rerun.

#4 Hiram Q. Pustule

Hiram Q. Pustule
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 07 October 2012 - 12:21 AM

Hmmm... aswMBR seemed to stall. The first time was when I was running in normal mode, and it hit Android SDK.exe and stopped updating the screen. I waited 20 minutes, and it still never came back. So I killed it, rebooted into safe mode with networking, and this time it went beyond the Android SDK, but got hung up on some other file. I waited a good 40 minutes and it never changed the screen, so I killed it again. Rebooted back into normal mode and ran the Eset program. I think I'm going to try rerunning aswMBR one more time, just letting it do its thing overnight and see if it actually goes to good EOJ. IF it does, I'll update this thread yet again with the complete aswMBR log. For now, though, here's as far as it got.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-06 20:19:56
-----------------------------
20:19:56.953 OS Version: Windows x64 6.1.7601 Service Pack 1
20:19:56.953 Number of processors: 4 586 0x170A
20:19:56.953 ComputerName: AURORA UserName: Edward
20:19:57.296 Initialize success
20:20:03.568 AVAST engine defs: 12100601
20:20:10.010 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
20:20:10.010 Disk 0 Vendor: OCZ-VERT 1.4_ Size: 61057MB BusType: 3
20:20:10.010 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000066
20:20:10.010 Disk 1 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
20:20:10.010 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000067
20:20:10.026 Disk 2 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
20:20:10.026 Disk 0 MBR read successfully
20:20:10.026 Disk 0 MBR scan
20:20:10.026 Disk 0 Windows 7 default MBR code
20:20:10.026 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61055 MB offset 2048
20:20:10.042 Disk 0 scanning C:\Windows\system32\drivers
20:20:13.380 Service scanning
20:20:22.537 Modules scanning
20:20:22.537 Disk 0 trace - called modules:
20:20:22.537 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
20:20:22.553 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005df9790]
20:20:22.553 3 CLASSPNP.SYS[fffff880011ce43f] -> nt!IofCallDriver -> [0xfffffa8005bbde40]
20:20:22.568 5 ACPI.sys[fffff88000f937a1] -> nt!IofCallDriver -> \Device\00000065[0xfffffa8005bb99c0]
20:20:22.646 AVAST engine scan C:\Windows
20:20:23.130 AVAST engine scan C:\Windows\system32
20:21:40.022 AVAST engine scan C:\Windows\system32\drivers
20:21:44.578 AVAST engine scan U:\Users\Edward
21:01:52.640 Disk 0 MBR has been saved successfully to "U:\Users\Edward\Desktop\MBR.dat"
21:01:52.640 The log file has been saved successfully to "U:\Users\Edward\Desktop\aswMBR.txt"


And here's the ESET log...

U:\Users\Edward\AppData\Local\{7C5654D8-F71D-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
U:\Users\Edward\Downloads\cnet2_pdftotif_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
U:\Users\Edward\Downloads\cnet_alienarena-7_52-win20110929_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
U:\Users\Edward\Downloads\cnet_PosMIPrintingUtility_Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
U:\Users\Edward\Downloads\MorpheusPhotoAnimationSuite-315.exe a variant of Win32/Adware.RK.AG application cleaned by deleting - quarantined
U:\Users\Edward\Downloads\PosMIPrintingUtility_Setup.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
U:\Users\Edward\RecoveredData\MorpheusPhotoAnimSuite3.1\MorpheusPhotoAnimationSuite-310.exe multiple threats cleaned by deleting - quarantined
U:\Users\Penny\AppData\Local\{7C5654D8-F71D-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:34 AM

Posted 07 October 2012 - 04:15 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#6 Hiram Q. Pustule

Hiram Q. Pustule
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 07 October 2012 - 06:28 AM

Apparently, I was too impatient earlier. The aswMBR program took about 4 hours to run, and gave me this output:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-06 20:19:56
-----------------------------
20:19:56.953 OS Version: Windows x64 6.1.7601 Service Pack 1
20:19:56.953 Number of processors: 4 586 0x170A
20:19:56.953 ComputerName: AURORA UserName: Edward
20:19:57.296 Initialize success
20:20:03.568 AVAST engine defs: 12100601
20:20:10.010 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
20:20:10.010 Disk 0 Vendor: OCZ-VERT 1.4_ Size: 61057MB BusType: 3
20:20:10.010 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000066
20:20:10.010 Disk 1 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
20:20:10.010 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000067
20:20:10.026 Disk 2 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
20:20:10.026 Disk 0 MBR read successfully
20:20:10.026 Disk 0 MBR scan
20:20:10.026 Disk 0 Windows 7 default MBR code
20:20:10.026 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61055 MB offset 2048
20:20:10.042 Disk 0 scanning C:\Windows\system32\drivers
20:20:13.380 Service scanning
20:20:22.537 Modules scanning
20:20:22.537 Disk 0 trace - called modules:
20:20:22.537 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
20:20:22.553 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005df9790]
20:20:22.553 3 CLASSPNP.SYS[fffff880011ce43f] -> nt!IofCallDriver -> [0xfffffa8005bbde40]
20:20:22.568 5 ACPI.sys[fffff88000f937a1] -> nt!IofCallDriver -> \Device\00000065[0xfffffa8005bb99c0]
20:20:22.646 AVAST engine scan C:\Windows
20:20:23.130 AVAST engine scan C:\Windows\system32
20:21:40.022 AVAST engine scan C:\Windows\system32\drivers
20:21:44.578 AVAST engine scan U:\Users\Edward
21:01:52.640 Disk 0 MBR has been saved successfully to "U:\Users\Edward\Desktop\MBR.dat"
21:01:52.640 The log file has been saved successfully to "U:\Users\Edward\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-07 00:22:40
-----------------------------
00:22:40.318 OS Version: Windows x64 6.1.7601 Service Pack 1
00:22:40.318 Number of processors: 4 586 0x170A
00:22:40.334 ComputerName: AURORA UserName: Edward
00:22:40.568 Initialize success
00:22:46.870 AVAST engine defs: 12100601
00:23:00.224 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
00:23:00.224 Disk 0 Vendor: OCZ-VERT 1.4_ Size: 61057MB BusType: 3
00:23:00.224 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000066
00:23:00.224 Disk 1 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
00:23:00.224 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000067
00:23:00.224 Disk 2 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
00:23:00.239 Disk 0 MBR read successfully
00:23:00.239 Disk 0 MBR scan
00:23:00.239 Disk 0 Windows 7 default MBR code
00:23:00.239 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61055 MB offset 2048
00:23:00.286 Disk 0 scanning C:\Windows\system32\drivers
00:23:10.208 Service scanning
00:23:27.196 Modules scanning
00:23:27.196 Disk 0 trace - called modules:
00:23:27.196 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
00:23:27.212 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80061ff790]
00:23:27.212 3 CLASSPNP.SYS[fffff88001af443f] -> nt!IofCallDriver -> [0xfffffa8005fcfd20]
00:23:27.212 5 ACPI.sys[fffff88000f487a1] -> nt!IofCallDriver -> \Device\00000065[0xfffffa8005b069c0]
00:23:27.305 AVAST engine scan C:\Windows
00:23:28.383 AVAST engine scan C:\Windows\system32
00:27:35.970 AVAST engine scan C:\Windows\system32\drivers
00:27:46.984 AVAST engine scan U:\Users\Edward
03:58:07.853 AVAST engine scan C:\ProgramData
03:59:32.483 Scan finished successfully
06:25:26.229 Disk 0 MBR has been saved successfully to "U:\Users\Edward\Desktop\MBR.dat"
06:25:26.229 The log file has been saved successfully to "U:\Users\Edward\Desktop\aswMBR.txt"


Please let me know if I should rerun the ESET program so that everything is done in the order you specified.

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:34 AM

Posted 07 October 2012 - 09:14 AM

Check my previous instructions :thumbup2:

#8 Hiram Q. Pustule

Hiram Q. Pustule
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 07 October 2012 - 03:44 PM

Here are the results of the various programs you directed me to run. It looks like they found a few things to address. One note: for the junkware removal tool, my Sophos web protection objected to the site. I turned off web protection and downloaded the file and ran it per your instructions. Hope that was the right decision.

+++++ MalwareBytes Log +++++

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.07.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Edward :: AURORA [administrator]

10/7/2012 12:52:49 PM
mbam-log-2012-10-07 (12-52-49).txt

Scan type: Full scan (C:\|D:\|U:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 933528
Time elapsed: 1 hour(s), 40 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
U:\Users\Edward\RecoveredData\Program Files\RoboTask\SD.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


+++++ Mini Toolbox Results +++++

MiniToolBox by Farbar Version: 23-07-2012
Ran by Edward (administrator) on 07-10-2012 at 14:51:55
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Aurora
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : E0-CB-4E-3C-04-4E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e8e6:70a8:e611:a382%10(Preferred)
IPv4 Address. . . . . . . . . . . : 64.9.20.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, October 07, 2012 2:48:28 PM
Lease Expires . . . . . . . . . . : Wednesday, October 05, 2022 2:48:28 PM
Default Gateway . . . . . . . . . : 64.9.20.1
DHCP Server . . . . . . . . . . . : 64.9.20.1
DHCPv6 IAID . . . . . . . . . . . : 249613134
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-2B-F9-D9-E0-CB-4E-3C-04-4E
DNS Servers . . . . . . . . . . . : 64.9.20.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{4C20400C-49CF-4D6E-B86C-823EC5A72E75}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4009:140b::4009:140b(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 64.9.20.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c07:1e78:bff6:ebf4(Preferred)
Link-local IPv6 Address . . . . . : fe80::c07:1e78:bff6:ebf4%12(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 64.9.20.1

Name: google.com
Addresses: 2607:f8b0:4009:801::1001
74.125.225.135
74.125.225.128
74.125.225.136
74.125.225.129
74.125.225.133
74.125.225.131
74.125.225.132
74.125.225.137
74.125.225.142
74.125.225.130
74.125.225.134


Pinging google.com [74.125.225.134] with 32 bytes of data:
Reply from 74.125.225.134: bytes=32 time=26ms TTL=56
Reply from 74.125.225.134: bytes=32 time=22ms TTL=56

Ping statistics for 74.125.225.134:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 26ms, Average = 24ms
Server: UnKnown
Address: 64.9.20.1

Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=473ms TTL=52
Reply from 98.139.183.24: bytes=32 time=546ms TTL=52

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 473ms, Maximum = 546ms, Average = 509ms
Server: UnKnown
Address: 64.9.20.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...e0 cb 4e 3c 04 4e ......NVIDIA nForce Networking Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 64.9.20.1 64.9.20.11 20
64.9.20.0 255.255.255.0 On-link 64.9.20.11 276
64.9.20.11 255.255.255.255 On-link 64.9.20.11 276
64.9.20.255 255.255.255.255 On-link 64.9.20.11 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 64.9.20.11 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 64.9.20.11 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:c07:1e78:bff6:ebf4/128
On-link
14 1025 2002::/16 On-link
14 281 2002:4009:140b::4009:140b/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::c07:1e78:bff6:ebf4/128
On-link
10 276 fe80::e8e6:70a8:e611:a382/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 U:\Windows\SysWOW64\NLAapi.dll [File Not found] ()
Catalog5 02 U:\Windows\SysWOW64\napinsp.dll [File Not found] ()
Catalog5 03 U:\Windows\SysWOW64\pnrpnsp.dll [File Not found] ()
Catalog5 04 U:\Windows\SysWOW64\pnrpnsp.dll [File Not found] ()
Catalog5 05 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog5 06 U:\Windows\SysWOW64\winrnr.dll [File Not found] ()
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87104] (Sophos Limited)
Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87104] (Sophos Limited)
Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87104] (Sophos Limited)
Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87104] (Sophos Limited)
Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87104] (Sophos Limited)
Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87104] (Sophos Limited)
Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87104] (Sophos Limited)
Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87104] (Sophos Limited)
Catalog9 09 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog9 10 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog9 11 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog9 12 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog9 13 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog9 14 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog9 15 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog9 16 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog9 17 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog9 18 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87104] (Sophos Limited)
x64-Catalog5 01 U:\Windows\System32\NLAapi.dll [File Not found] ()
x64-Catalog5 02 U:\Windows\System32\napinsp.dll [File Not found] ()
x64-Catalog5 03 U:\Windows\System32\pnrpnsp.dll [File Not found] ()
x64-Catalog5 04 U:\Windows\System32\pnrpnsp.dll [File Not found] ()
x64-Catalog5 05 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog5 06 U:\Windows\System32\winrnr.dll [File Not found] ()
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126016] (Sophos Limited)
x64-Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126016] (Sophos Limited)
x64-Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126016] (Sophos Limited)
x64-Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126016] (Sophos Limited)
x64-Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126016] (Sophos Limited)
x64-Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126016] (Sophos Limited)
x64-Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126016] (Sophos Limited)
x64-Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126016] (Sophos Limited)
x64-Catalog9 09 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 10 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 11 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 12 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 13 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 14 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 15 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 16 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 17 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 18 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126016] (Sophos Limited)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/07/2012 02:49:30 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 20 Aurora._printershare._tcp.local. SRV 0 0 13924 Aurora.local.

Error: (10/07/2012 02:49:30 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 64.9.20.11:5353 20 Aurora._printershare._tcp.local. SRV 0 0 25654 Aurora.local.

Error: (10/07/2012 02:49:29 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 20 Aurora._printershare._tcp.local. SRV 0 0 13924 Aurora.local.

Error: (10/07/2012 02:49:28 PM) (Source: Bonjour Service) (User: )
Description: ResolveSimultaneousProbe: 0000000000000000 Our Record 3 lost: 5C14CCC8 20 Aurora._printershare._tcp.local. SRV 0 0 13924 Aurora.local.

Error: (10/07/2012 02:49:28 PM) (Source: Bonjour Service) (User: )
Description: ResolveSimultaneousProbe: 00000000018A8970 Pkt Record: 5C14CCC8 20 Aurora._printershare._tcp.local. SRV 0 0 25654 Aurora.local.

Error: (10/07/2012 02:49:28 PM) (Source: Bonjour Service) (User: )
Description: ResolveSimultaneousProbe: 0000000000000000 Our Record 3 lost: 5C14CCC8 20 Aurora._printershare._tcp.local. SRV 0 0 13924 Aurora.local.

Error: (10/07/2012 02:49:28 PM) (Source: Bonjour Service) (User: )
Description: ResolveSimultaneousProbe: 00000000018A8970 Pkt Record: 5C14CCC8 20 Aurora._printershare._tcp.local. SRV 0 0 25654 Aurora.local.

Error: (10/07/2012 02:49:28 PM) (Source: Bonjour Service) (User: )
Description: ResolveSimultaneousProbe: 0000000000000000 Our Record 2 won: 5C14CCC8 20 Aurora._printershare._tcp.local. SRV 0 0 25654 Aurora.local.

Error: (10/07/2012 02:49:28 PM) (Source: Bonjour Service) (User: )
Description: ResolveSimultaneousProbe: 00000000018A8970 Pkt Record: 5C14CCC8 20 Aurora._printershare._tcp.local. SRV 0 0 13924 Aurora.local.

Error: (10/07/2012 02:49:28 PM) (Source: Bonjour Service) (User: )
Description: ResolveSimultaneousProbe: 0000000000000000 Our Record 3 lost: 5C14CCC8 20 Aurora._printershare._tcp.local. SRV 0 0 13924 Aurora.local.


System errors:
=============
Error: (10/07/2012 02:50:36 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (10/07/2012 02:50:36 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1326

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/07/2012 02:48:31 PM) (Source: Service Control Manager) (User: )
Description: The Seagate Scheduler2 Service service failed to start due to the following error:
%%2

Error: (10/06/2012 09:05:23 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (10/06/2012 09:05:23 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1326

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/06/2012 09:03:18 PM) (Source: Service Control Manager) (User: )
Description: The Seagate Scheduler2 Service service failed to start due to the following error:
%%2

Error: (10/06/2012 09:01:30 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2012 09:01:30 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2012 09:01:30 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2012 08:56:30 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (Version: 3.3.0.3650)
Adobe Community Help (Version: 3.5.23)
Adobe Download Assistant (Version: 1.0.6)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Photoshop Elements 10 (Version: 10.0)
Adobe Photoshop Elements 7.0 (Version: 7.0)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3)
Adobe Photoshop.com Inspiration Browser (Version: 3.07)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Agent Ransack 2010 (64-bit)
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Android SDK Tools (Version: 1.16)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ASUS Android USB Drivers (Version: 1.0.6351)
ASUS Sync (Version: 1.0.83)
ASUS WebStorage (Version: 3.0.130.270)
Bonjour (Version: 3.0.0.10)
Brother P-touch Address Book 1.1 (Version: 1.1.2201)
Brother P-touch Editor 5.0 (Version: 5.0.2200)
Brother P-touch Editor Label Collection - Birthday Banners [ENU] (Version: 1.0.001)
Brother P-touch Editor Label Collection - Building-Facility [ENU] (Version: 1.0.001)
Brother P-touch Editor Label Collection - Celebration Banners [ENU] (Version: 1.0.001)
Brother P-touch Editor Label Collection - Enviro-Recycle [ENU] (Version: 1.0.001)
Brother P-touch Editor Label Collection - Event Planning [ENU] (Version: 1.0.001)
Brother P-touch Editor Label Collection - Package Shipping [ENU] (Version: 1.0.001)
Brother P-touch Editor Label Collection - Retail Store [ENU] (Version: 1.0.001)
Brother P-touch Editor Label Collection - Sports Preparation [ENU] (Version: 1.0.001)
Brother P-touch Editor Label Collection - Warning [ENU] (Version: 1.0.001)
Brother P-touch Update Software (Version: 1.0.0041)
Burnout™ Paradise The Ultimate Box (Version: 1.0.0.0)
CanoScan LiDE 110 Scanner Driver
CDBurnerXP (Version: 4.3.9.2783)
Cool & Quiet
CopyTrans Suite Remove Only (Version: 2.36)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.0.0)
CSVed 2.2.3 (Version: 2.2.3)
DHTML Editing Component (Version: 6.02.0001)
DisplayFusion 4.1 (Version: 4.1.0.0)
Dropbox (Version: 1.4.7)
EKS Mrs. Hudson
EKS Sherlock
EKS Watson's Map
Elements 10 Organizer (Version: 10.0)
Eraser 6.0.8.2273 (Version: 6.0.2273)
ESET Online Scanner v3
FileZilla Client 3.5.3 (Version: 3.5.3)
Finale 2002b
FlickrEdit
Foxit Reader 5.0 (Version: 5.0.2.718)
FreeFileSync 5.6 (Version: 5.6)
Google Chrome (Version: 22.0.1229.79)
Growl for Windows (Version: 2.0.9001)
Hauppauge WinTV 7 (Version: v7.0.29304 (CD 2.4d))
HTC Driver Installer (Version: 3.0.0.023)
HTC Sync Manager (Version: 1.0.34.4169)
Internet TV for Windows Media Center (Version: 4.2.2.0)
IrfanView (remove only) (Version: 4.30)
iTunes (Version: 10.7.0.21)
Java 7 Update 6 (Version: 7.0.60)
Java Auto Updater (Version: 2.1.9.0)
Java SE Development Kit 7 Update 6 (Version: 1.7.0.60)
Java™ 7 Update 1 (64-bit) (Version: 7.0.10)
JGoodies JDiskReport 1.3.2 (Version: 1.3.2 (2009-12-18 11:57:44))
John's Background Switcher 4.5 (Version: 4.5)
Juniper Networks Host Checker (Version: 7.1.0.20169)
Juniper Networks Secure Application Manager (Version: 7.1.0.20169)
Juniper Networks, Inc. Setup Client (Version: 7.1.6.17115)
Juniper Networks, Inc. Setup Client Activex Control (Version: 2.1.1.1)
LAME v3.99.3 (for Windows)
LastPass (uninstall only)
lcc-win version 1.1 (base 64 bit system)
LibreOffice 3.6 (Version: 3.6.1.2)
M-Audio MIDISPORT Driver 6.1.2 (x64) (Version: 6.1.2)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Games for Windows - LIVE Redistributable (Version: 1.2.0241)
Microsoft Money 2004 (Version: 12.0.120)
Microsoft Money 2004 System Pack (Version: 12.0.120)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server Management Objects Collection (Version: 9.00.1399.06)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 8.0 Support DLLs (Version: 1.0.0)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MobileSheetsCompanion (Version: 1.3.0)
MotoHelper MergeModules (Version: 1.2.0)
Mozilla Firefox 15.0 (x86 en-US) (Version: 15.0)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
Mozilla Thunderbird 15.0.1 (x86 en-US) (Version: 15.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Music Manager
MusicBee (Version: 1.4.4443)
Nexon Game Manager
Nitro Reader 2 (Version: 2.5.0.41)
Notepad++ (Version: 5.9.8)
NVIDIA 3D Vision Controller Driver 295.73 (Version: 295.73)
NVIDIA 3D Vision Driver 295.73 (Version: 295.73)
NVIDIA Control Panel 295.73 (Version: 295.73)
NVIDIA Graphics Driver 295.73 (Version: 295.73)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (Version: 9.12.0209)
NVIDIA PhysX System Software 9.12.0209 (Version: 9.12.0209)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9573)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
OneClickdigital Media Manager (Version: 59.0.0.0)
OpenAL
Pando Media Booster (Version: 2.3.6.0)
PaperScan Free Edition (Version: 1.4.0000)
PDF to TIFF Converter
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
PFPortChecker 1.0.39 (Version: 1.0.39)
PhotoScape
PodTrans 1.3.0 (Version: 1.3.0)
Pos Multiple Image Printing Utility (Version: 1.15)
PrinterShare 2.3.06 (Version: 2.3.6.0)
Pro/ENGINEER Schools Edition Release Wildfire 5.0 Datecode M040 (Version: Wildfire 5.0)
Pro/ENGINEER Thumbnail Viewer 1.0 (Version: 28.10.100)
ProductView Express 9.1 (Version: 9.1.40.14)
PrtScr 1.5
PSE10 STI Installer (Version: 10.0)
SABnzbd 0.6.14 (Version: 0.6.14)
Scan2PDF 1.6
Seagate Manager Installer (Version: 2.02.0109)
Sophos Anti-Virus (Version: 10.0.7)
Sophos AutoUpdate (Version: 2.7.4.317)
Splashtop Streamer (Version: 2.1.0.4)
SPORE™ (Version: 1.00.0000)
Sublime Text 2 Build 2181
swMSM (Version: 12.0.0.1)
Synergy (Version: 1.3.7)
Synology Assistant (remove only)
Synology Data Replicator 3 (Version: 1.0.0.0)
TaxACT 2011 - 1040 Edition
TeamViewer 7 (Version: 7.0.14484)
TeraCopy 2.27
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtualCloneDrive
VLC media player 2.0.1 (Version: 2.0.1)
Windows Media Center Add-in for Flash (Version: 4.1.2.0)
Windows Resource Kit Tools (Version: 5.2.3790)
WinX DVD Copy Pro 3.0.0
XBMC
Zimbra Desktop (Version: 2.0.0)

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 6142.55 MB
Available physical RAM: 3855.22 MB
Total Pagefile: 12283.3 MB
Available Pagefile: 9740.54 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.1 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:59.62 GB) (Free:7.32 GB) NTFS
2 Drive d: (Games) (Fixed) (Total:97.66 GB) (Free:62.21 GB) NTFS
7 Drive u: (Users) (Fixed) (Total:931.51 GB) (Free:555.39 GB) NTFS

========================= Users: ========================================

User accounts for \\AURORA

Administrator Edward Guest
Penny SophosSAUAURORA0

========================= Restore Points ==================================

02-10-2012 08:48:02 Windows Update

**** End of log ****


+++++ Farbar Service Scanner Log +++++

Farbar Service Scanner Version: 07-10-2012
Ran by Edward (administrator) on 07-10-2012 at 15:02:42
Running from "U:\Users\Edward\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========

ATTENTION!=====> U:\Windows\System32\nsisvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\drivers\nsiproxy.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\dhcpcore.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\drivers\afd.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\drivers\tdx.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\Drivers\tcpip.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\dnsrslvr.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\mpssvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\bfe.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\drivers\mpsdrv.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\SDRSVC.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\vssvc.exe FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\wbem\WMIsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\wuaueng.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\qmgr.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\es.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\cryptsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\ipnathlp.dll FILE IS MISSING.


ATTENTION!=====> U:\Windows\System32\svchost.exe FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> U:\Windows\System32\rpcss.dll FILE IS MISSING AND SHOULD BE RESTORED.



**** End of log ****


+++++ Adware Cleaner Log +++++

# AdwCleaner v2.004 - Logfile created 10/07/2012 at 15:12:33
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Edward - AURORA
# Boot Mode : Normal
# Running from : U:\Users\Edward\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\splashtop
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\splashtop
Folder Deleted : U:\Users\Edward\AppData\Local\Conduit
Folder Deleted : U:\Users\Edward\AppData\LocalLow\Conduit
Folder Deleted : U:\Users\Edward\AppData\Roaming\Mozilla\Firefox\Profiles\431wz2gs.default\Conduit
Folder Deleted : U:\Users\Edward\AppData\Roaming\Mozilla\Firefox\Profiles\431wz2gs.default\ConduitCommon
Folder Deleted : U:\Users\Penny\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\DSSFormatCtls.msiFmtLine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : U:\Users\Edward\AppData\Roaming\Mozilla\Firefox\Profiles\431wz2gs.default\prefs.js

U:\Users\Edward\AppData\Roaming\Mozilla\Firefox\Profiles\431wz2gs.default\user.js ... Deleted !

Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2438727.CTID", "CT2438727");
Deleted : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2438727.CurrentServerDate", "28-7-2010");
Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2438727.DownloadReferralCookieData", "");
Deleted : user_pref("CT2438727.FirstServerDate", "16-4-2010");
Deleted : user_pref("CT2438727.FirstTime", true);
Deleted : user_pref("CT2438727.FirstTimeFF3", true);
Deleted : user_pref("CT2438727.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2438727.GroupingInvalidateCache", false);
Deleted : user_pref("CT2438727.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2438727.Initialize", true);
Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 2);
Deleted : user_pref("CT2438727.InstalledDate", "Mon Apr 12 2010 01:10:49 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2438727.InvalidateCache", false);
Deleted : user_pref("CT2438727.IsGrouping", false);
Deleted : user_pref("CT2438727.IsMulticommunity", false);
Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Tue Jul 27 2010 23:11:09 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2438727.LastLogin_2.5.8.6", "Sat Jul 24 2010 22:37:30 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2438727.LastLogin_2.7.1.3", "Tue Jul 27 2010 23:11:09 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2438727.LatestVersion", "2.7.1.3");
Deleted : user_pref("CT2438727.Locale", "en");
Deleted : user_pref("CT2438727.LoginCache", 4);
Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2438727.RadioLastCheckTime", "0");
Deleted : user_pref("CT2438727.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2438727.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2438727.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2438727.SearchBoxWidth", 215);
Deleted : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Tue Jul 27 2010 23:11:08 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2438727.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Tue Jul 27 2010 23:17:44 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2438727.SettingsLastUpdate", "1278548974");
Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Wed Jul 14 2010 18:37:09 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1278548974");
Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2438727.UserID", "UN64177086873694434");
Deleted : user_pref("CT2438727.ValidationData_Search", 0);
Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2438727.alertChannelId", "832836");
Deleted : user_pref("CT2438727.clientLogIsEnabled", false);
Deleted : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2438727.myStuffEnabled", true);
Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "21-5-2012");
Deleted : user_pref("CT3072253.DSInstall", true);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Mon May 21 2012 08:48:43 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "21-5-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FirstTimeHiddenVer", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=[...]
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT3072253.InstallationType", "Unknown");
Deleted : user_pref("CT3072253.InstalledDate", "Mon May 21 2012 08:48:45 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", true);
Deleted : user_pref("CT3072253.IsProtectorsInit", true);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Mon May 21 2012 08:48:45 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.2.3", "Mon May 21 2012 08:48:47 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT3072253.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.12.2.3");
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Mon May 21 2012 08:48:47 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchProtectorEnabled", true);
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Mon May 21 2012 08:48:42 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Mon May 21 2012 08:48:42 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1337169810");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Mon May 21 2012 08:48:42 GMT-0500 (Central Day[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072253.ToolbarDisabled", true);
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN89360730190689539");
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "4D6F6E204D617920323120323031322030383A34383A34332[...]
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Mon May 21 2012 08:48:43 GMT-0500 (Central [...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3072253.revertSettingsEnabled", false);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Mon May 21 2012 08:48:43 GMT-0500 (Central D[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon May 21 2012 08:48:45 GMT-0500 (Central D[...]
Deleted : user_pref("CT3072253.usagesFlag", 1);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3072253&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentControl2 Customized Web Search,uTorrentCont[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///U:\\Users\\Edward\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727,CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727,CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jul 27 2010 23:17:44 GMT-0500 (Centr[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jul 27 2010 23:11:07 GMT-0500 (Central D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1276093853");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{980d0151-edf3-447a-8e6a-b07acb6d19a3}");
Deleted : user_pref("CommunityToolbar.globalUserId", "3204ae4d-f621-4b5e-95f7-af53f829d397");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon May 21 2012 08:41:2[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon May 21 2012 08:41:23 GMT-0500 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "63a8525b-87cc-4e5d-be1c-e31c433bee57");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&Sea[...]
Deleted : user_pref("browser.search.selectedEngine", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]

Profile name : default
File : U:\Users\Penny\AppData\Roaming\Mozilla\Firefox\Profiles\8pm6mh8p.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.79

File : U:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [20296 octets] - [07/10/2012 15:12:33]

########## EOF - U:\AdwCleaner[S1].txt - [20357 octets] ##########



+++++ Junkware Removal Tool Log +++++

Junkware Removal Tool (JRT) by Thisisu
Version: 1.3.1 (10.07.2012)
OS: Windows 7 Professional x64
Ran by Edward on Sun 10/07/2012 at 15:36:23.32
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



*** Files:

Successfully deleted: [FILE] C:\eula.1028.txt
Successfully deleted: [FILE] C:\eula.1031.txt
Successfully deleted: [FILE] C:\eula.1033.txt
Successfully deleted: [FILE] C:\eula.1036.txt
Successfully deleted: [FILE] C:\eula.1040.txt
Successfully deleted: [FILE] C:\eula.1041.txt
Successfully deleted: [FILE] C:\eula.1042.txt
Successfully deleted: [FILE] C:\eula.2052.txt
Successfully deleted: [FILE] C:\install.res.1028.dll
Successfully deleted: [FILE] C:\install.res.1031.dll
Successfully deleted: [FILE] C:\install.res.1033.dll
Successfully deleted: [FILE] C:\install.res.1036.dll
Successfully deleted: [FILE] C:\install.res.1040.dll
Successfully deleted: [FILE] C:\install.res.1041.dll
Successfully deleted: [FILE] C:\install.res.1042.dll
Successfully deleted: [FILE] C:\install.res.2052.dll
Successfully deleted: [FILE] C:\install.res.3082.dll



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Sun 10/07/2012 at 15:36:38.67
End of Report

Edited by Hiram Q. Pustule, 07 October 2012 - 03:50 PM.


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:34 AM

Posted 07 October 2012 - 03:47 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#10 Hiram Q. Pustule

Hiram Q. Pustule
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 07 October 2012 - 04:13 PM

+++++ Rkill.txt +++++

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/07/2012 04:07:58 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* U:\Users\Edward\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (PID: 4172) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/07/2012 04:08:11 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)


+++++ Autoruns.txt +++++

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Eraser" "Eraser" "The Eraser Project" "c:\program files\eraser\eraser.exe"
+ "Java™ ME Platform SDK 3.0.5" "" "" "File not found: D:\eclipse\Java_ME_platform_SDK_3.0.5\bin\device-manager.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "ASUS Sync Loader" "ASUS Sync" "Futuredial Inc." "c:\program files (x86)\asus\asus sync\asusupctloader.exe"
+ "ASUSWebStorage" "AsusWebStorage" "ASUS Cloud Corporation" "c:\program files (x86)\asus\asus webstorage\3.0.130.270\asuswspanel.exe"
+ "GrooveMonitor" "GrooveMonitor Utility" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\groovemonitor.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "d:\program files (x86)\itunes\ituneshelper.exe"
+ "Sophos AutoUpdate Monitor" "Sophos Endpoint Security and Control" "Sophos Limited" "c:\program files (x86)\sophos\autoupdate\almon.exe"
+ "VirtualCloneDrive" "Virtual CloneDrive Daemon" "Elaborate Bytes AG" "c:\program files (x86)\elaborate bytes\virtualclonedrive\vcddaemon.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "AutoStart IR.lnk" "IR" "Hauppauge Computer Works" "c:\program files (x86)\wintv\ir.exe"
+ "WinTV Recording Status..lnk" "WinTVTray" "Hauppauge Computer Works, Inc." "c:\program files (x86)\wintv\wintv7\wintvtray.exe"
+ "WinTV Recording Status.lnk" "WinTVTray" "Hauppauge Computer Works, Inc." "c:\program files (x86)\wintv\wintv7\wintvtray.exe"
"U:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "u:\users\edward\appdata\roaming\dropbox\bin\dropbox.exe"
+ "Update Tool Notifier.exe" "Update Tool Notifier" "Oracle Corporation" "u:\users\edward\appdata\roaming\microsoft\windows\start menu\programs\startup\update tool notifier.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "BackgroundSwitcher" "John's Background Switcher" "johnsadventures.com" "d:\program files (x86)\johnsadventures.com\john's background switcher\backgroundswitcher.exe"
+ "Data Replicator 3" "" "Synology Inc." "c:\program files (x86)\synology data replicator 3\backup.exe"
+ "DisplayFusion" "DisplayFusion" "Binary Fortress Software" "d:\program files (x86)\displayfusion\displayfusion.exe"
+ "Growl" "Growl" "element code project" "c:\program files (x86)\growl for windows\growl.exe"
+ "MusicManager" "Music Manager" "Google Inc." "u:\users\edward\appdata\local\programs\google\musicmanager\musicmanager.exe"
+ "PeerBlock" "PeerBlock" "PeerBlock, LLC" "c:\program files\peerblock\peerblock.exe"
+ "PrinterShare" "PrinterAnywhere Console" "PrinterAnywhere" "c:\program files (x86)\printershare\paconsole.exe"
+ "PrtScr by FireStarter" "PrtScr" "FireStarter" "c:\program files (x86)\prtscr\prtscr.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "u:\users\edward\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "Eraser" "Eraser Shell Extension" "The Eraser Project" "c:\program files\eraser\eraser.shell.dll"
+ "ISOWINDOWMENU" "TODO: <File description>" "TODO: <Company name>" "c:\program files\digiarty\winx_dvd_copy_pro\isowindowmenu64.dll"
+ "Notepad++64" "ShellHandler for Notepad++ (64 bit)" "" "c:\program files (x86)\notepad++\nppshell_04.dll"
+ "SavShellExt" "Components for extending windows shell with SAV scan" "Sophos Limited" "c:\program files (x86)\sophos\sophos anti-virus\savshellextx64.dll"
+ "TeraCopy" "" "" "d:\program files\teracopy\teracopyext.dll"
+ "TeraCopyS64" "Simple Context Menu" "" "d:\program files\teracopy\teracopyext64.dll"
+ "VirtualCloneDrive" "CloseTray" "Elaborate Bytes AG" "c:\program files (x86)\elaborate bytes\virtualclonedrive\elbyvcdshell.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "SavShellExt" "Components for extending windows shell with SAV scan" "Sophos Limited" "c:\program files (x86)\sophos\sophos anti-virus\savshellext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "d:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "u:\users\edward\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "AgentRansack" "Agent Ransack Shell Extensions" "Mythicsoft Ltd" "c:\program files\mythicsoft\agent ransack\shellext.dll"
+ "Eraser" "Eraser Shell Extension" "The Eraser Project" "c:\program files\eraser\eraser.shell.dll"
+ "SavShellExt" "Components for extending windows shell with SAV scan" "Sophos Limited" "c:\program files (x86)\sophos\sophos anti-virus\savshellextx64.dll"
+ "TeraCopy" "" "" "d:\program files\teracopy\teracopyext.dll"
+ "TeraCopyS64" "Simple Context Menu" "" "d:\program files\teracopy\teracopyext64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SavShellExt" "Components for extending windows shell with SAV scan" "Sophos Limited" "c:\program files (x86)\sophos\sophos anti-virus\savshellext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "Eraser" "Eraser Shell Extension" "The Eraser Project" "c:\program files\eraser\eraser.shell.dll"
+ "TeraCopy" "" "" "d:\program files\teracopy\teracopy.dll"
+ "TeraCopy64" "Simple Context Menu" "" "d:\program files\teracopy\teracopy64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "TeraCopy" "" "" "d:\program files\teracopy\teracopy.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "d:\program files (x86)\filezilla ftp client\fzshellext_64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "d:\program files (x86)\filezilla ftp client\fzshellext.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "u:\users\edward\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "NvCplDesktopContext" "" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll"
+ "TeraCopy" "" "" "d:\program files\teracopy\teracopyext.dll"
+ "TeraCopyS64" "Simple Context Menu" "" "d:\program files\teracopy\teracopyext64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "The Document Foundation" "c:\program files (x86)\libreoffice 3.6\program\shlxthdl\shlxthdl_x64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "The Document Foundation" "c:\program files (x86)\libreoffice 3.6\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AgentRansack" "Agent Ransack Shell Extensions" "Mythicsoft Ltd" "c:\program files\mythicsoft\agent ransack\shellext.dll"
+ "Eraser" "Eraser Shell Extension" "The Eraser Project" "c:\program files\eraser\eraser.shell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "d:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "SavShellExt" "Components for extending windows shell with SAV scan" "Sophos Limited" "c:\program files (x86)\sophos\sophos anti-virus\savshellextx64.dll"
+ "TeraCopy" "" "" "d:\program files\teracopy\teracopyext.dll"
+ "TeraCopyS64" "Simple Context Menu" "" "d:\program files\teracopy\teracopyext64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "SavShellExt" "Components for extending windows shell with SAV scan" "Sophos Limited" "c:\program files (x86)\sophos\sophos anti-virus\savshellext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "Eraser" "Eraser Shell Extension" "The Eraser Project" "c:\program files\eraser\eraser.shell.dll"
+ "TeraCopy" "" "" "d:\program files\teracopy\teracopy.dll"
+ "TeraCopy64" "Simple Context Menu" "" "d:\program files\teracopy\teracopy64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "TeraCopy" "" "" "d:\program files\teracopy\teracopy.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "AsusWSShellExt_B" "AsusWSShellExt64" "ASUS Cloud Corporation." "c:\program files (x86)\asus\asus webstorage\3.0.130.270\asuswsshellext64.dll"
+ "AsusWSShellExt_O" "AsusWSShellExt64" "ASUS Cloud Corporation." "c:\program files (x86)\asus\asus webstorage\3.0.130.270\asuswsshellext64.dll"
+ "AsusWSShellExt_U" "AsusWSShellExt64" "ASUS Cloud Corporation." "c:\program files (x86)\asus\asus webstorage\3.0.130.270\asuswsshellext64.dll"
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "u:\users\edward\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "u:\users\edward\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "u:\users\edward\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "u:\users\edward\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "u:\users\edward\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "u:\users\edward\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "u:\users\edward\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "LastPass Browser Helper Object" "LastPass Toolbar" "LastPass" "c:\program files (x86)\lastpass\lpbar64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Groove GFS Browser Helper" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "d:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "d:\program files (x86)\java\jre7\bin\ssv.dll"
+ "LastPass Browser Helper Object" "LastPass Toolbar" "LastPass" "c:\program files (x86)\lastpass\lpbar.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "LastPass Toolbar" "LastPass Toolbar" "LastPass" "c:\program files (x86)\lastpass\lpbar64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "LastPass Toolbar" "LastPass Toolbar" "LastPass" "c:\program files (x86)\lastpass\lpbar.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "LastPass" "LastPass Toolbar" "LastPass" "c:\program files (x86)\lastpass\lpbar64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "LastPass" "LastPass Toolbar" "LastPass" "c:\program files (x86)\lastpass\lpbar.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\AdobeAAMUpdater-1.0-Aurora-Edward" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-746511410-2074573730-2184164037-1004Core" "Google Installer" "Google Inc." "u:\users\edward\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-746511410-2074573730-2184164037-1004UA" "Google Installer" "Google Inc." "u:\users\edward\appdata\local\google\update\googleupdate.exe"
+ "\Launch ASUS Sync Loader" "ASUS Sync" "Futuredial Inc." "c:\program files (x86)\asus\asus sync\asusupctloader.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "" "" "File not found: C:\Program Files\Microsoft Security Client\MpCmdRun.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeActiveFileMonitor10.0" "Tracks files that are managed by Elements Organizer" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\elements 10 organizer\photoshopelementsfileagent.exe"
+ "AdobeActiveFileMonitor7.0" "Tracks files that are managed by Adobe Photoshop Elements" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\photoshop elements 7.0\photoshopelementsfileagent.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "FreeAgentGoNext Service" "Seagate Service" "Seagate Technology LLC" "c:\program files (x86)\seagate\seagatemanager\sync\freeagentservice.exe"
+ "HauppaugeTVServer" "Hauppauge TV Server" "Hauppauge Computer Works" "c:\program files (x86)\wintv\tvserver\hauppaugetvserver.exe"
+ "HTCMonitorService" "This service supports to HTC for getting device information" "Nero AG" "c:\program files (x86)\htc\htc sync manager\hsmserviceentry.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveauditservice.exe"
+ "MIDISPORTAudioDevMon" "Manages device settings and hot plugging for M-Audio MIDISPORT devices." "M-Audio" "c:\program files (x86)\m-audio\midisport\audiodevmon.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "NitroReaderDriverReadSpool2" "Nitro Reader Driver Read Spool 2" "Nitro PDF Software" "c:\program files\common files\nitro pdf\reader\2.0\nitropdfreaderdriverservice2x64.exe"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe"
+ "nvUpdatusService" "NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server." "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "PassThru Service" "Detect HTC Android device for internet pass-through function." "" "c:\program files (x86)\htc\internet pass-through\passthrusvr.exe"
+ "SAVAdminService" "Provides information to Windows Security Center on whether Sophos Anti-Virus is up to date and whether on-access scanning is enabled." "Sophos Limited" "c:\program files (x86)\sophos\sophos anti-virus\savadminservice.exe"
+ "SAVService" "Performs threat scanning and cleanup functions." "Sophos Limited" "c:\program files (x86)\sophos\sophos anti-virus\savservice.exe"
+ "SgtSch2Svc" "Provides task scheduling for Seagate applications." "" "File not found: C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe"
+ "Sophos AutoUpdate Service" "Part of the updating system for Sophos components" "Sophos Limited" "c:\program files (x86)\sophos\autoupdate\alsvc.exe"
+ "SplashtopRemoteService" "Splashtop Remote Streamer" "Splashtop Inc." "c:\program files (x86)\splashtop\splashtop remote\server\srservice.exe"
+ "SSUService" "Splashtop software updater enables updates and enhancements to the SmartView browser extension." "Splashtop Inc." "c:\program files (x86)\splashtop\splashtop software updater\ssuservice.exe"
+ "swi_service" "Protects against threats from malicious websites." "Sophos Limited" "c:\program files (x86)\sophos\sophos anti-virus\web intelligence\swi_service.exe"
+ "swi_update_64" "Reconfigure the Sophos Web Intelligence components." "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_update_64.exe"
+ "SynoDrService" "Synology Data Replicator Service" "" "c:\program files (x86)\synology data replicator 3\synodrservicex64.exe"
+ "TeamViewer7" "TeamViewer Remote Software" "TeamViewer GmbH" "c:\program files (x86)\teamviewer\version7\teamviewer_service.exe"
+ "UsbClientService" "Synology Remote Usb Client Service" "" "c:\program files (x86)\synology\assistant\usbclientservice.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AsIO" "" "" "c:\windows\syswow64\drivers\asio.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "BTCFilterService" "" "" "File not found: system32\DRIVERS\motfilt.sys"
+ "busenum" "Synology Virtual USB Hub" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\busenum.sys"
+ "BVRPMPR5a64" "BVRP NDIS 5.0 MPR Protocol Driver" "Avanquest Software" "c:\windows\system32\drivers\bvrpmpr5a64.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "DigiartyVirtualCDBus" "Digiarty Virtual CD driver" "Digiarty Software, Inc." "c:\windows\system32\drivers\digiartyvirtualcdbus.sys"
+ "EagleX64" "" "" "File not found: C:\Windows\system32\drivers\EagleX64.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "ElbyCDIO" "ElbyCD Windows x64 I/O driver" "Elaborate Bytes AG" "c:\windows\system32\drivers\elbycdio.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw72ADFilter" "WinTV HVR-950 USB Audio Filter Service" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw72adfilter.sys"
+ "hcw72ATV" "WinTV HVR-950 AVStream Driver" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw72atv.sys"
+ "hcw72DTV" "WinTV HVR-950 BDA Driver" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw72dtv.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "HTCAND64" "ADB Interface" "HTC, Corporation" "c:\windows\system32\drivers\androidusb.sys"
+ "htcnprot" "HTC NDIS Protocol Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\htcnprot.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MADFUMIDISPORT2010" "M-Audio WDM DFU Driver" "M-Audio" "c:\windows\system32\drivers\maudiomidisport_dfu.sys"
+ "MAUSBMIDISPORT" "M-Audio USB Audio Driver (WDM)" "M-Audio" "c:\windows\system32\drivers\maudiomidisport.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "motccgp" "" "" "File not found: system32\DRIVERS\motccgp.sys"
+ "motccgpfl" "" "" "File not found: system32\DRIVERS\motccgpfl.sys"
+ "motmodem" "" "" "File not found: system32\DRIVERS\motmodem.sys"
+ "MotoSwitchService" "" "" "File not found: system32\DRIVERS\motswch.sys"
+ "Motousbnet" "" "" "File not found: system32\DRIVERS\Motousbnet.sys"
+ "motusbdevice" "" "" "File not found: system32\DRIVERS\motusbdevice.sys"
+ "MTsensor" "ATK0110 ACPI Utility" "" "c:\windows\system32\drivers\asacpi.sys"
+ "NEOFLTR_710_20169" "NetBIOS Redirector" "Juniper Networks" "c:\windows\system32\drivers\neofltr_710_20169.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "NVENETFD" "NVIDIA MCP Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvm62x64.sys"
+ "NVHDA" "NVIDIA HDMI Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvhda64v.sys"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 295.73 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvraid" "NVIDIAŽ nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIAŽ nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PxHlpa64" "Px Engine Device Driver for 64-bit Windows" "Sonic Solutions" "c:\windows\system32\drivers\pxhlpa64.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "SAVOnAccess" "SAV on-access mini-filter driver" "Sophos Limited" "c:\windows\system32\drivers\savonaccess.sys"
+ "sdcfilter" "Sophos CD-Rom Class filter driver" "Sophos Plc" "c:\windows\system32\drivers\sdcfilter.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Serial" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "timounter" "Acronis Backup Archive Explorer" "Acronis" "c:\windows\system32\drivers\timntr.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "VClone" "VirtualCloneCD Driver" "Elaborate Bytes AG" "c:\windows\system32\drivers\vclone.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "IndeoŽ audio software" "Intel Corporation" "c:\windows\syswow64\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "CinepakŽ Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "VIDC.IV41" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\syswow64\ir41_32.ax"
+ "vidc.iv50" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\syswow64\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "IndeoŽ video 4.4 Compression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\syswow64\ir41_32.ax"
+ "IndeoŽ video 4.4 Decompression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\syswow64\ir41_32.ax"
+ "MainConcept MPEG Demultiplexer" "MPEG-1/2 Demultiplexer" "MainConcept GmbH" "c:\program files (x86)\adobe\elements 10 organizer\mc_codecs\mc_demux_mp2_ds.ax"
+ "MainConcept MPEG Push Demultiplexer" "MPEG Push Demultiplexer" "MainConcept GmbH" "c:\program files (x86)\adobe\elements 10 organizer\mc_codecs\mc_demuxpush_mp2_ds.ax"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ArcSoft Mpeg Mplex Filter" "MplexFilter" "ArcSoft Inc." "c:\program files (x86)\wintv\wintv7\codecs\mpeg-2 ps mux\arcmplexfilter.ax"
+ "ArcSoft TS Stream" "ArcSoft Mpeg Demux" "ArcSoft Inc." "c:\program files (x86)\wintv\wintv7\codecs\encoders\arcdemux.ax"
+ "AsyncEx" "VisioForge AsyncEx Filter" "VisioForge" "u:\users\edward\appdata\roaming\windsolutions\copytransmanager\copytransmanager.ax"
+ "Dump" "hcwTSSub Dynamic Link Library" "Hauppauge Computer Works, Inc." "c:\program files (x86)\wintv\wintv7\hcwtssubtitles.ax"
+ "Dump" "hcwTSTel Dynamic Link Library" "Hauppauge Computer Works, Inc." "c:\program files (x86)\wintv\wintv7\hcwtsteletext.dll"
+ "Hauppauge AC3 Decoder" "Hauppauge AC3 Decoder -" "PCTV Systems S.ā r.l." "c:\program files (x86)\wintv\wintv7\codecs\ac3\haupac3decoder.ax"
+ "Hauppauge CC Dump" "hcwCCDump" "Hauppauge Computer Works" "c:\program files (x86)\wintv\wintv7\hcwccdump.ax"
+ "Hauppauge CC Inserter" "HCW CC Inserter" "Hauppauge Computer Works" "c:\program files (x86)\wintv\wintv7\hcwccinserter.ax"
+ "HAUPPAUGE E-AC3 Decoder" "Hauppauge E-AC3 Decoder -" "PCTV Systems S.ā r.l." "c:\program files (x86)\wintv\wintv7\codecs\eac3\haupeac3codec.ax"
+ "Hauppauge MPEG Layer-1/2 Audio Decoder" "Hauppauge MPEG Audio Decoder - DirectX Filter" "PCTV Systems S.ā r.l." "c:\program files (x86)\wintv\wintv7\codecs\mpeg-1 layer 2 audio\haupmpegbox.ax"
+ "Hauppauge Net Push Source" "" "" "c:\program files (x86)\wintv\wintv7\hcwnetpushsource.ax"
+ "Hauppauge PSI Parser" "Hauppauge WinTV MPEG PSI Parser" "Hauppauge Computer Works, Inc." "c:\program files (x86)\wintv\wintv7\psiparser.ax"
+ "Hauppauge Raw Sink" "" "" "c:\program files (x86)\wintv\wintv7\hcwrawsink.ax"
+ "Hauppauge Raw Source" "" "" "c:\program files (x86)\wintv\wintv7\hcwrawsource.ax"
+ "Hauppauge Transport Analog Teletext" "Hauppauge WinTV Analog Teletext Filter" "Hauppauge Computer Works" "c:\program files (x86)\wintv\wintv7\hcwtsanalogtxt.ax"
+ "Hauppauge Transport Filter" "HCW TS Statistics" "Hauppauge Computer Works" "c:\program files (x86)\wintv\wintv7\hcwtsfilter.ax"
+ "Hauppauge Transport Reader" "Hauppauge WinTV Transport File Reader" "Hauppauge Computer Works, Inc." "c:\program files (x86)\wintv\wintv7\hcwtsreader.ax"
+ "Hauppauge Transport Writer" "HCW Transport Writer" "Hauppauge Computer Works" "c:\program files (x86)\wintv\wintv7\hcwtswriter.ax"
+ "Hauppauge VBI Slicer" "HCW VBI Slicer" "Hauppauge Computer Works" "c:\program files (x86)\wintv\wintv7\hcwvbislicer.ax"
+ "IndeoŽ audio software" "IndeoŽ audio software" "Intel Corporation" "c:\windows\syswow64\iac25_32.ax"
+ "IndeoŽ video 5.10 Compression Filter" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\syswow64\ir50_32.dll"
+ "IndeoŽ video 5.10 Decompression Filter" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\syswow64\ir50_32.dll"
+ "MainConcept (Broadcast) AVC/H.264 Video Decoder" "AVC/H.264 Decoder DirectShow Filter" "MainConcept GmbH" "c:\program files (x86)\adobe\elements 10 organizer\mc_codecs\mc_bc_dec_avc_ds.ax"
+ "MainConcept (HCW) Layer II Audio Encoder" "Layer-II Audio Encoder" "MainConcept GmbH" "c:\program files (x86)\wintv\wintv7\softpvr\hcw_mcl2ae.ax"
+ "MainConcept (HCW) MPEG Multiplexer-Plus" "MPEG Multiplexer-Plus DS Filter" "MainConcept GmbH" "c:\program files (x86)\wintv\wintv7\softpvr\hcw_mcmpeg2mux.ax"
+ "MainConcept (HCW) MPEG-2 Video Decoder" "MPEG-2 Video Decoder" "MainConcept AG" "c:\program files (x86)\wintv\wintv7\codecs\mpeg-2 video\hcw_mcm2vd.ax"
+ "MainConcept (HCW) MPEG-2 Video Encoder" "MPEG-2 Video Encoder" "MainConcept GmbH" "c:\program files (x86)\wintv\wintv7\softpvr\hcw_mcm2ve.ax"
+ "MainConcept AAC Decoder" "AAC audio decoder filter" "MainConcept GmbH" "c:\program files (x86)\adobe\elements 10 organizer\mc_codecs\mc_dec_aac_ds.ax"
+ "MainConcept AVC/H.264 Video Decoder" "AVC/H.264 Decoder DirectShow Filter" "MainConcept GmbH" "c:\program files (x86)\adobe\elements 10 organizer\mc_codecs\mc_dec_avc_ds.ax"
+ "MainConcept MPEG Demultiplexer" "MPEG-1/2 Demultiplexer" "MainConcept GmbH" "c:\program files (x86)\adobe\elements 10 organizer\mc_codecs\mc_demux_mp2_ds.ax"
+ "MainConcept MPEG Push Demultiplexer" "MPEG Push Demultiplexer" "MainConcept GmbH" "c:\program files (x86)\adobe\elements 10 organizer\mc_codecs\mc_demuxpush_mp2_ds.ax"
+ "MainConcept Stream Parser" "MPEG-1/2 Demultiplexer" "MainConcept GmbH" "c:\program files (x86)\adobe\elements 10 organizer\mc_codecs\mc_demux_mp2_ds.ax"
+ "Pinnacle CSC" "Color Space Converter - DirectX Filter" "PCTV Systems S.ā r.l." "c:\program files (x86)\wintv\wintv7\pclecsc.ax"
+ "Pinnacle Image Converter" "Color Space Converter - DirectX Filter" "PCTV Systems S.ā r.l." "c:\program files (x86)\wintv\wintv7\pclecsc.ax"
+ "Pinnacle Image Scaler" "Color Space Converter - DirectX Filter" "PCTV Systems S.ā r.l." "c:\program files (x86)\wintv\wintv7\pclecsc.ax"
+ "Pinnacle Video AntiJitter" "Color Space Converter - DirectX Filter" "PCTV Systems S.ā r.l." "c:\program files (x86)\wintv\wintv7\pclecsc.ax"
+ "Pinnacle Video Block Filter" "Color Space Converter - DirectX Filter" "PCTV Systems S.ā r.l." "c:\program files (x86)\wintv\wintv7\pclecsc.ax"
+ "Pinnacle Video Deinterlacer" "Color Space Converter - DirectX Filter" "PCTV Systems S.ā r.l." "c:\program files (x86)\wintv\wintv7\pclecsc.ax"
+ "Track1Filter" "Adobe Photoshop Elements 10.0 (component)" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\elements 10 organizer\track1filter.dll"
+ "Track1Filter" "" "" "c:\program files (x86)\adobe\photoshop elements 7.0\track1filter.dll"
+ "Track2Filter" "" "" "c:\program files (x86)\adobe\photoshop elements 7.0\track2filter.dll"
+ "Track2Filter" "Adobe Photoshop Elements 10.0 (component)" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\elements 10 organizer\track2filter.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll" "Sophos Buffer Overrun Protection" "Sophos Limited" "c:\program files (x86)\sophos\sophos anti-virus\sophos_detoured_x64.dll"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll" "Sophos Buffer Overrun Protection" "Sophos Limited" "c:\program files (x86)\sophos\sophos anti-virus\sophos_detoured.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
+ "Sophos Web Intelligence IFSLSP" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp.dll"
+ "Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [TCP/IP]]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp.dll"
+ "Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [TCP/IPv6]]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp.dll"
+ "Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [UDP/IP]]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp.dll"
+ "Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [UDP/IPv6]]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp.dll"
+ "Sophos Web Intelligence IFSLSP over [RSVP TCP Service Provider]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp.dll"
+ "Sophos Web Intelligence IFSLSP over [RSVP TCPv6 Service Provider]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp.dll"
+ "Sophos Web Intelligence IFSLSP over [RSVP UDP Service Provider]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp.dll"
+ "Sophos Web Intelligence IFSLSP over [RSVP UDPv6 Service Provider]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64" "" "" ""
+ "Sophos Web Intelligence IFSLSP" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp_64.dll"
+ "Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [TCP/IP]]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp_64.dll"
+ "Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [TCP/IPv6]]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp_64.dll"
+ "Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [UDP/IP]]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp_64.dll"
+ "Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [UDP/IPv6]]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp_64.dll"
+ "Sophos Web Intelligence IFSLSP over [RSVP TCP Service Provider]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp_64.dll"
+ "Sophos Web Intelligence IFSLSP over [RSVP TCPv6 Service Provider]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp_64.dll"
+ "Sophos Web Intelligence IFSLSP over [RSVP UDP Service Provider]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp_64.dll"
+ "Sophos Web Intelligence IFSLSP over [RSVP UDPv6 Service Provider]" "Sophos Web Intelligence" "Sophos Limited" "c:\programdata\sophos\web intelligence\swi_ifslsp_64.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "BJ Language Monitor3_3" "Canon Inkjet Printer Driver" "CANON INC." "c:\windows\system32\cnblm3_3.dll"
+ "Brother QL-500 Monitor" "Brother Language Monitor" "Brother Industries, Ltd." "c:\windows\system32\ptql5l.dll"
+ "Nitro PDF Port Monitor" "Windows NT Nitro Print PDF Interface Driver" "Nitro PDF Software" "c:\windows\system32\nitrolocalmon2.dll"

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:34 AM

Posted 07 October 2012 - 04:18 PM

Any current issues?

#12 Hiram Q. Pustule

Hiram Q. Pustule
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 07 October 2012 - 04:40 PM

It's hard to say, since it seems to be an intermittent problem, but I was able to do a google search, click on a link, and go to that site, and I did that process three times, without getting redirected. Since we saw the various tools remove a number of things, and I'm not getting redirected at the moment, I'm willing to consider the problem gone.

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:34 AM

Posted 07 October 2012 - 04:41 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#14 Hiram Q. Pustule

Hiram Q. Pustule
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 07 October 2012 - 05:59 PM

Formidable! Thanks so much, narenxp. I truly appreciate the assistance.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:34 AM

Posted 07 October 2012 - 06:01 PM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users