Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirection to wrong websites on google search


  • Please log in to reply
9 replies to this topic

#1 ilbruno87

ilbruno87

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 17 October 2012 - 08:34 PM

Hello, I'm currently having this problem with links from google searches redirecting to completely different websites. I'm afraid something very wrong is going on. I know my malware bytes deleted a bunch of trojans a few months back but I've been advised to only run one Virus protection program at a time so I deleted it and kept McAfee Internet Security since I'm already paying for it. Bottom line, I can't get the old logs. I do remember a trojan named happillii and the one I'm most afraid about, spyware.password.nexgen or something of the sort, which was deleted back in December. My debit card was compromised last week so I need to know if my computer is the reason for that.

I've ran virus scans with McAfee everyday for the last week and it keeps on showing no infections, even though the redirecting problem persists. I also don't see any weird processes running on my task manager. I'd appreciate any help.
Thanks,
Andre

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:02 AM

Posted 17 October 2012 - 09:08 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 ilbruno87

ilbruno87
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 17 October 2012 - 09:55 PM

Here's the TDSSkiller log:

19:10:09.0180 2424 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:10:11.0182 2424 ============================================================
19:10:11.0182 2424 Current date / time: 2012/10/17 19:10:11.0182
19:10:11.0182 2424 SystemInfo:
19:10:11.0182 2424
19:10:11.0182 2424 OS Version: 6.1.7601 ServicePack: 1.0
19:10:11.0182 2424 Product type: Workstation
19:10:11.0182 2424 ComputerName: ANDRE-PC
19:10:11.0183 2424 UserName: Andre
19:10:11.0183 2424 Windows directory: C:\windows
19:10:11.0183 2424 System windows directory: C:\windows
19:10:11.0183 2424 Running under WOW64
19:10:11.0183 2424 Processor architecture: Intel x64
19:10:11.0183 2424 Number of processors: 4
19:10:11.0183 2424 Page size: 0x1000
19:10:11.0183 2424 Boot type: Normal boot
19:10:11.0183 2424 ============================================================
19:10:11.0718 2424 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:10:11.0723 2424 ============================================================
19:10:11.0723 2424 \Device\Harddisk0\DR0:
19:10:11.0723 2424 MBR partitions:
19:10:11.0723 2424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
19:10:11.0723 2424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xC800000
19:10:11.0723 2424 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE632800, BlocksNum 0x2BD52800
19:10:11.0723 2424 ============================================================
19:10:11.0767 2424 C: <-> \Device\Harddisk0\DR0\Partition2
19:10:11.0798 2424 D: <-> \Device\Harddisk0\DR0\Partition3
19:10:11.0798 2424 ============================================================
19:10:11.0798 2424 Initialize success
19:10:11.0798 2424 ============================================================
19:10:48.0799 6232 ============================================================
19:10:48.0799 6232 Scan started
19:10:48.0799 6232 Mode: Manual; TDLFS;
19:10:48.0799 6232 ============================================================
19:10:48.0963 6232 ================ Scan system memory ========================
19:10:48.0963 6232 System memory - ok
19:10:48.0963 6232 ================ Scan services =============================
19:10:49.0191 6232 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:10:49.0253 6232 1394ohci - ok
19:10:49.0295 6232 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:10:49.0301 6232 ACPI - ok
19:10:49.0332 6232 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:10:49.0390 6232 AcpiPmi - ok
19:10:49.0537 6232 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:10:49.0540 6232 AdobeFlashPlayerUpdateSvc - ok
19:10:49.0595 6232 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
19:10:49.0628 6232 adp94xx - ok
19:10:49.0655 6232 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
19:10:49.0672 6232 adpahci - ok
19:10:49.0696 6232 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
19:10:49.0707 6232 adpu320 - ok
19:10:49.0740 6232 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:10:49.0741 6232 AeLookupSvc - ok
19:10:49.0778 6232 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
19:10:49.0784 6232 AFD - ok
19:10:49.0807 6232 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
19:10:49.0813 6232 agp440 - ok
19:10:49.0841 6232 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
19:10:49.0847 6232 ALG - ok
19:10:49.0874 6232 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
19:10:49.0880 6232 aliide - ok
19:10:49.0898 6232 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
19:10:49.0901 6232 amdide - ok
19:10:49.0933 6232 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
19:10:49.0937 6232 AmdK8 - ok
19:10:49.0950 6232 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
19:10:49.0954 6232 AmdPPM - ok
19:10:49.0985 6232 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:10:50.0043 6232 amdsata - ok
19:10:50.0056 6232 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
19:10:50.0063 6232 amdsbs - ok
19:10:50.0082 6232 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:10:50.0127 6232 amdxata - ok
19:10:50.0156 6232 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
19:10:50.0199 6232 AppID - ok
19:10:50.0215 6232 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:10:50.0219 6232 AppIDSvc - ok
19:10:50.0249 6232 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
19:10:50.0250 6232 Appinfo - ok
19:10:50.0358 6232 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:10:50.0360 6232 Apple Mobile Device - ok
19:10:50.0389 6232 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
19:10:50.0394 6232 arc - ok
19:10:50.0414 6232 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
19:10:50.0425 6232 arcsas - ok
19:10:50.0442 6232 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:10:50.0450 6232 AsyncMac - ok
19:10:50.0471 6232 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
19:10:50.0475 6232 atapi - ok
19:10:50.0572 6232 [ 3D68A1EEF77307142636AF5127990BCB ] athr C:\windows\system32\DRIVERS\athrx.sys
19:10:50.0632 6232 athr - ok
19:10:50.0677 6232 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:10:50.0745 6232 AudioEndpointBuilder - ok
19:10:50.0756 6232 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
19:10:50.0759 6232 AudioSrv - ok
19:10:50.0816 6232 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
19:10:50.0850 6232 AxInstSV - ok
19:10:50.0898 6232 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
19:10:50.0909 6232 b06bdrv - ok
19:10:50.0940 6232 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:10:50.0948 6232 b57nd60a - ok
19:10:51.0002 6232 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
19:10:51.0007 6232 BDESVC - ok
19:10:51.0024 6232 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:10:51.0028 6232 Beep - ok
19:10:51.0082 6232 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
19:10:51.0139 6232 BFE - ok
19:10:51.0174 6232 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
19:10:51.0262 6232 BITS - ok
19:10:51.0287 6232 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:10:51.0292 6232 blbdrive - ok
19:10:51.0396 6232 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:10:51.0401 6232 Bonjour Service - ok
19:10:51.0432 6232 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:10:51.0504 6232 bowser - ok
19:10:51.0515 6232 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
19:10:51.0520 6232 BrFiltLo - ok
19:10:51.0538 6232 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
19:10:51.0543 6232 BrFiltUp - ok
19:10:51.0573 6232 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
19:10:51.0608 6232 Browser - ok
19:10:51.0627 6232 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:10:51.0635 6232 Brserid - ok
19:10:51.0653 6232 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:10:51.0657 6232 BrSerWdm - ok
19:10:51.0668 6232 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:10:51.0671 6232 BrUsbMdm - ok
19:10:51.0680 6232 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:10:51.0683 6232 BrUsbSer - ok
19:10:51.0719 6232 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
19:10:51.0725 6232 BthEnum - ok
19:10:51.0740 6232 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
19:10:51.0745 6232 BTHMODEM - ok
19:10:51.0775 6232 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
19:10:51.0780 6232 BthPan - ok
19:10:51.0843 6232 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
19:10:51.0912 6232 BTHPORT - ok
19:10:51.0938 6232 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
19:10:51.0942 6232 bthserv - ok
19:10:51.0979 6232 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
19:10:52.0021 6232 BTHUSB - ok
19:10:52.0067 6232 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\windows\system32\drivers\btusbflt.sys
19:10:52.0111 6232 btusbflt - ok
19:10:52.0126 6232 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
19:10:52.0172 6232 btwaudio - ok
19:10:52.0201 6232 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\windows\system32\drivers\btwavdt.sys
19:10:52.0248 6232 btwavdt - ok
19:10:52.0317 6232 [ DCF8D8F1F87743509D9C0207CB28637D ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:10:52.0325 6232 btwdins - ok
19:10:52.0361 6232 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
19:10:52.0425 6232 btwl2cap - ok
19:10:52.0441 6232 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
19:10:52.0486 6232 btwrchid - ok
19:10:52.0508 6232 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:10:52.0513 6232 cdfs - ok
19:10:52.0553 6232 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
19:10:52.0601 6232 cdrom - ok
19:10:52.0640 6232 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
19:10:52.0674 6232 CertPropSvc - ok
19:10:52.0721 6232 [ 45B5A89DC41577282E5BF41B1165EA71 ] cfwids C:\windows\system32\drivers\cfwids.sys
19:10:52.0722 6232 cfwids - ok
19:10:52.0760 6232 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
19:10:52.0764 6232 circlass - ok
19:10:52.0797 6232 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
19:10:52.0802 6232 CLFS - ok
19:10:52.0862 6232 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:10:52.0865 6232 clr_optimization_v2.0.50727_32 - ok
19:10:52.0917 6232 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:10:52.0920 6232 clr_optimization_v2.0.50727_64 - ok
19:10:52.0996 6232 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:10:52.0998 6232 clr_optimization_v4.0.30319_32 - ok
19:10:53.0020 6232 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:10:53.0023 6232 clr_optimization_v4.0.30319_64 - ok
19:10:53.0054 6232 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:10:53.0060 6232 CmBatt - ok
19:10:53.0081 6232 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
19:10:53.0087 6232 cmdide - ok
19:10:53.0122 6232 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
19:10:53.0189 6232 CNG - ok
19:10:53.0214 6232 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
19:10:53.0219 6232 Compbatt - ok
19:10:53.0270 6232 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
19:10:53.0318 6232 CompositeBus - ok
19:10:53.0332 6232 COMSysApp - ok
19:10:53.0351 6232 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
19:10:53.0353 6232 crcdisk - ok
19:10:53.0387 6232 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
19:10:53.0420 6232 CryptSvc - ok
19:10:53.0470 6232 [ 51C55DA62CD9BCEC3494A3A362EA793C ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
19:10:53.0543 6232 dc3d - ok
19:10:53.0569 6232 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
19:10:53.0573 6232 DcomLaunch - ok
19:10:53.0597 6232 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
19:10:53.0605 6232 defragsvc - ok
19:10:53.0638 6232 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:10:53.0681 6232 DfsC - ok
19:10:53.0717 6232 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
19:10:53.0756 6232 Dhcp - ok
19:10:53.0764 6232 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
19:10:53.0765 6232 discache - ok
19:10:53.0791 6232 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
19:10:53.0796 6232 Disk - ok
19:10:53.0826 6232 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:10:53.0861 6232 Dnscache - ok
19:10:53.0886 6232 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
19:10:53.0921 6232 dot3svc - ok
19:10:53.0939 6232 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
19:10:53.0940 6232 DPS - ok
19:10:53.0963 6232 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:10:53.0968 6232 drmkaud - ok
19:10:54.0017 6232 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:10:54.0072 6232 DXGKrnl - ok
19:10:54.0108 6232 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
19:10:54.0112 6232 EapHost - ok
19:10:54.0195 6232 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
19:10:54.0293 6232 ebdrv - ok
19:10:54.0314 6232 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
19:10:54.0316 6232 EFS - ok
19:10:54.0380 6232 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:10:54.0401 6232 ehRecvr - ok
19:10:54.0431 6232 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
19:10:54.0434 6232 ehSched - ok
19:10:54.0478 6232 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
19:10:54.0505 6232 elxstor - ok
19:10:54.0537 6232 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
19:10:54.0542 6232 ErrDev - ok
19:10:54.0584 6232 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
19:10:54.0593 6232 EventSystem - ok
19:10:54.0616 6232 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
19:10:54.0627 6232 exfat - ok
19:10:54.0636 6232 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
19:10:54.0646 6232 fastfat - ok
19:10:54.0692 6232 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
19:10:54.0700 6232 Fax - ok
19:10:54.0710 6232 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
19:10:54.0716 6232 fdc - ok
19:10:54.0742 6232 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
19:10:54.0743 6232 fdPHost - ok
19:10:54.0768 6232 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:10:54.0771 6232 FDResPub - ok
19:10:54.0804 6232 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:10:54.0807 6232 FileInfo - ok
19:10:54.0834 6232 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:10:54.0837 6232 Filetrace - ok
19:10:54.0850 6232 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
19:10:54.0855 6232 flpydisk - ok
19:10:54.0862 6232 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:10:54.0865 6232 FltMgr - ok
19:10:54.0895 6232 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
19:10:54.0929 6232 FontCache - ok
19:10:54.0977 6232 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:10:55.0031 6232 FontCache3.0.0.0 - ok
19:10:55.0059 6232 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:10:55.0063 6232 FsDepends - ok
19:10:55.0127 6232 [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
19:10:55.0192 6232 fssfltr - ok
19:10:55.0261 6232 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:10:55.0358 6232 fsssvc - ok
19:10:55.0380 6232 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:10:55.0426 6232 Fs_Rec - ok
19:10:55.0456 6232 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:10:55.0459 6232 fvevol - ok
19:10:55.0476 6232 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
19:10:55.0482 6232 gagp30kx - ok
19:10:55.0507 6232 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:10:55.0552 6232 GEARAspiWDM - ok
19:10:55.0603 6232 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
19:10:55.0626 6232 gpsvc - ok
19:10:55.0644 6232 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:10:55.0649 6232 hcw85cir - ok
19:10:55.0700 6232 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:10:55.0763 6232 HdAudAddService - ok
19:10:55.0801 6232 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
19:10:55.0803 6232 HDAudBus - ok
19:10:55.0843 6232 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
19:10:55.0847 6232 HidBatt - ok
19:10:55.0868 6232 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
19:10:55.0875 6232 HidBth - ok
19:10:55.0903 6232 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
19:10:55.0909 6232 HidIr - ok
19:10:55.0934 6232 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
19:10:55.0936 6232 hidserv - ok
19:10:55.0968 6232 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
19:10:56.0030 6232 HidUsb - ok
19:10:56.0070 6232 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\windows\system32\drivers\HipShieldK.sys
19:10:56.0072 6232 HipShieldK - ok
19:10:56.0111 6232 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
19:10:56.0144 6232 hkmsvc - ok
19:10:56.0167 6232 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:10:56.0170 6232 HomeGroupListener - ok
19:10:56.0193 6232 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:10:56.0195 6232 HomeGroupProvider - ok
19:10:56.0220 6232 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:10:56.0267 6232 HpSAMD - ok
19:10:56.0307 6232 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:10:56.0311 6232 HTTP - ok
19:10:56.0334 6232 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:10:56.0334 6232 hwpolicy - ok
19:10:56.0364 6232 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
19:10:56.0370 6232 i8042prt - ok
19:10:56.0386 6232 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:10:56.0389 6232 iaStor - ok
19:10:56.0419 6232 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:10:56.0472 6232 iaStorV - ok
19:10:56.0544 6232 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:10:56.0564 6232 idsvc - ok
19:10:56.0731 6232 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
19:10:56.0869 6232 igfx - ok
19:10:56.0883 6232 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
19:10:56.0888 6232 iirsp - ok
19:10:56.0925 6232 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
19:10:56.0978 6232 IKEEXT - ok
19:10:57.0040 6232 [ 42AB9EB7A48B173F32743FBBB4B85626 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
19:10:57.0042 6232 Impcd - ok
19:10:57.0130 6232 [ 801946CE25DD2179FE68599826B0BB88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:10:57.0207 6232 IntcAzAudAddService - ok
19:10:57.0226 6232 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
19:10:57.0228 6232 intelide - ok
19:10:57.0246 6232 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:10:57.0247 6232 intelppm - ok
19:10:57.0290 6232 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:10:57.0292 6232 IPBusEnum - ok
19:10:57.0331 6232 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:10:57.0401 6232 IpFilterDriver - ok
19:10:57.0427 6232 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:10:57.0468 6232 iphlpsvc - ok
19:10:57.0492 6232 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:10:57.0537 6232 IPMIDRV - ok
19:10:57.0563 6232 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:10:57.0569 6232 IPNAT - ok
19:10:57.0636 6232 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:10:57.0645 6232 iPod Service - ok
19:10:57.0675 6232 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:10:57.0681 6232 IRENUM - ok
19:10:57.0713 6232 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:10:57.0718 6232 isapnp - ok
19:10:57.0747 6232 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:10:57.0809 6232 iScsiPrt - ok
19:10:57.0823 6232 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
19:10:57.0827 6232 kbdclass - ok
19:10:57.0852 6232 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
19:10:57.0896 6232 kbdhid - ok
19:10:57.0914 6232 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
19:10:57.0915 6232 KeyIso - ok
19:10:57.0942 6232 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:10:57.0977 6232 KSecDD - ok
19:10:57.0997 6232 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:10:58.0043 6232 KSecPkg - ok
19:10:58.0077 6232 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:10:58.0083 6232 ksthunk - ok
19:10:58.0117 6232 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
19:10:58.0144 6232 KtmRm - ok
19:10:58.0197 6232 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
19:10:58.0261 6232 LanmanServer - ok
19:10:58.0292 6232 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:10:58.0327 6232 LanmanWorkstation - ok
19:10:58.0376 6232 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:10:58.0380 6232 lltdio - ok
19:10:58.0408 6232 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
19:10:58.0416 6232 lltdsvc - ok
19:10:58.0435 6232 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:10:58.0441 6232 lmhosts - ok
19:10:58.0478 6232 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
19:10:58.0483 6232 LSI_FC - ok
19:10:58.0488 6232 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
19:10:58.0491 6232 LSI_SAS - ok
19:10:58.0496 6232 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
19:10:58.0499 6232 LSI_SAS2 - ok
19:10:58.0503 6232 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
19:10:58.0508 6232 LSI_SCSI - ok
19:10:58.0532 6232 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
19:10:58.0534 6232 luafv - ok
19:10:58.0605 6232 [ BE8C524313DB75FA26FB2B0C0AAFF88E ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
19:10:58.0607 6232 McAfee SiteAdvisor Service - ok
19:10:58.0709 6232 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:10:58.0712 6232 McMPFSvc - ok
19:10:58.0733 6232 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:10:58.0735 6232 mcmscsvc - ok
19:10:58.0755 6232 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:10:58.0758 6232 McNaiAnn - ok
19:10:58.0783 6232 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:10:58.0786 6232 McNASvc - ok
19:10:58.0841 6232 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
19:10:58.0917 6232 McODS - ok
19:10:58.0946 6232 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:10:58.0948 6232 McProxy - ok
19:10:58.0997 6232 [ 4DEC9B5BEDAA97B1FF6A3923E1C4F58A ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:10:59.0000 6232 McShield - ok
19:10:59.0039 6232 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:10:59.0087 6232 Mcx2Svc - ok
19:10:59.0115 6232 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
19:10:59.0120 6232 megasas - ok
19:10:59.0127 6232 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
19:10:59.0136 6232 MegaSR - ok
19:10:59.0178 6232 [ B574522827D94126C03975FD53F0B26B ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
19:10:59.0181 6232 mfeapfk - ok
19:10:59.0196 6232 [ B393753ECE9A9E2307CB1984ACF3DA9D ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
19:10:59.0250 6232 mfeavfk - ok
19:10:59.0277 6232 mfeavfk01 - ok
19:10:59.0308 6232 [ 97C398750C8E80A48EB63999546F796E ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:10:59.0309 6232 mfefire - ok
19:10:59.0334 6232 [ C52A1ABF03DD219375EA0F6A8BE941C3 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
19:10:59.0384 6232 mfefirek - ok
19:10:59.0434 6232 [ 7092A6C6158FC4F5AA39EBEB9D5AF03D ] mfehidk C:\windows\system32\drivers\mfehidk.sys
19:10:59.0497 6232 mfehidk - ok
19:10:59.0534 6232 [ D2A941C82A0A9227CD6F47AD40A40F69 ] mferkdet C:\windows\system32\drivers\mferkdet.sys
19:10:59.0536 6232 mferkdet - ok
19:10:59.0555 6232 [ 624D717B11E5004F68442B5740F17F21 ] mferkdk C:\windows\system32\drivers\mferkdk.sys
19:10:59.0602 6232 mferkdk - ok
19:10:59.0628 6232 [ 0CD9DE7B96735F33F078C4EA044E8B34 ] mfesmfk C:\windows\system32\drivers\mfesmfk.sys
19:10:59.0674 6232 mfesmfk - ok
19:10:59.0718 6232 [ 04D48692EFF181DA46DD8EA8BE9FFB2B ] mfevtp C:\windows\system32\mfevtps.exe
19:10:59.0720 6232 mfevtp - ok
19:10:59.0757 6232 [ 1631E2DA6C4B47D97ECA94842836592E ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
19:10:59.0820 6232 mfewfpk - ok
19:10:59.0847 6232 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
19:10:59.0849 6232 MMCSS - ok
19:10:59.0863 6232 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
19:10:59.0866 6232 Modem - ok
19:10:59.0907 6232 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:10:59.0909 6232 monitor - ok
19:10:59.0939 6232 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:10:59.0947 6232 mouclass - ok
19:10:59.0992 6232 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:10:59.0997 6232 mouhid - ok
19:11:00.0010 6232 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:11:00.0012 6232 mountmgr - ok
19:11:00.0051 6232 [ AE2E68527013EB4F761ECCC630F7F1A3 ] MPFP C:\windows\system32\Drivers\Mpfp.sys
19:11:00.0099 6232 MPFP - ok
19:11:00.0120 6232 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
19:11:00.0170 6232 mpio - ok
19:11:00.0197 6232 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:11:00.0202 6232 mpsdrv - ok
19:11:00.0232 6232 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
19:11:00.0255 6232 MpsSvc - ok
19:11:00.0289 6232 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:11:00.0339 6232 MRxDAV - ok
19:11:00.0367 6232 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:11:00.0410 6232 mrxsmb - ok
19:11:00.0416 6232 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:11:00.0460 6232 mrxsmb10 - ok
19:11:00.0465 6232 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:11:00.0508 6232 mrxsmb20 - ok
19:11:00.0522 6232 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
19:11:00.0570 6232 msahci - ok
19:11:00.0595 6232 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:11:00.0649 6232 msdsm - ok
19:11:00.0670 6232 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
19:11:00.0676 6232 MSDTC - ok
19:11:00.0694 6232 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:11:00.0698 6232 Msfs - ok
19:11:00.0725 6232 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:11:00.0730 6232 mshidkmdf - ok
19:11:00.0734 6232 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:11:00.0737 6232 msisadrv - ok
19:11:00.0762 6232 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:11:00.0768 6232 MSiSCSI - ok
19:11:00.0772 6232 msiserver - ok
19:11:00.0797 6232 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:11:00.0799 6232 MSK80Service - ok
19:11:00.0808 6232 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:11:00.0813 6232 MSKSSRV - ok
19:11:00.0826 6232 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:11:00.0831 6232 MSPCLOCK - ok
19:11:00.0839 6232 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:11:00.0842 6232 MSPQM - ok
19:11:00.0857 6232 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:11:00.0893 6232 MsRPC - ok
19:11:00.0910 6232 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
19:11:00.0911 6232 mssmbios - ok
19:11:00.0925 6232 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:11:00.0928 6232 MSTEE - ok
19:11:00.0946 6232 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
19:11:00.0950 6232 MTConfig - ok
19:11:00.0982 6232 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
19:11:00.0987 6232 Mup - ok
19:11:01.0029 6232 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
19:11:01.0032 6232 napagent - ok
19:11:01.0073 6232 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:11:01.0079 6232 NativeWifiP - ok
19:11:01.0123 6232 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
19:11:01.0145 6232 NDIS - ok
19:11:01.0159 6232 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:11:01.0165 6232 NdisCap - ok
19:11:01.0186 6232 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:11:01.0190 6232 NdisTapi - ok
19:11:01.0214 6232 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:11:01.0261 6232 Ndisuio - ok
19:11:01.0300 6232 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:11:01.0342 6232 NdisWan - ok
19:11:01.0387 6232 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:11:01.0445 6232 NDProxy - ok
19:11:01.0479 6232 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:11:01.0484 6232 NetBIOS - ok
19:11:01.0502 6232 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:11:01.0504 6232 NetBT - ok
19:11:01.0514 6232 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
19:11:01.0515 6232 Netlogon - ok
19:11:01.0565 6232 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
19:11:01.0568 6232 Netman - ok
19:11:01.0594 6232 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
19:11:01.0600 6232 netprofm - ok
19:11:01.0629 6232 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:11:01.0631 6232 NetTcpPortSharing - ok
19:11:01.0654 6232 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
19:11:01.0658 6232 nfrd960 - ok
19:11:01.0675 6232 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
19:11:01.0678 6232 NlaSvc - ok
19:11:01.0702 6232 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:11:01.0704 6232 Npfs - ok
19:11:01.0731 6232 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
19:11:01.0737 6232 nsi - ok
19:11:01.0748 6232 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:11:01.0749 6232 nsiproxy - ok
19:11:01.0812 6232 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:11:01.0911 6232 Ntfs - ok
19:11:01.0932 6232 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
19:11:01.0936 6232 Null - ok
19:11:01.0968 6232 [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
19:11:02.0013 6232 NVHDA - ok
19:11:02.0249 6232 [ 1E5312E8DC483867EFB854935C7ACA65 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
19:11:02.0340 6232 nvlddmkm - ok
19:11:02.0389 6232 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
19:11:02.0435 6232 nvraid - ok
19:11:02.0471 6232 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
19:11:02.0518 6232 nvstor - ok
19:11:02.0543 6232 [ DEC39984871A20CC9CB3A340FF0919F2 ] nvsvc C:\windows\system32\nvvsvc.exe
19:11:02.0546 6232 nvsvc - ok
19:11:02.0570 6232 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:11:02.0577 6232 nv_agp - ok
19:11:02.0647 6232 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:11:02.0726 6232 odserv - ok
19:11:02.0746 6232 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:11:02.0752 6232 ohci1394 - ok
19:11:02.0817 6232 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:11:02.0820 6232 ose - ok
19:11:02.0858 6232 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:11:02.0869 6232 p2pimsvc - ok
19:11:02.0892 6232 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
19:11:02.0909 6232 p2psvc - ok
19:11:02.0949 6232 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
19:11:02.0957 6232 Parport - ok
19:11:03.0000 6232 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
19:11:03.0059 6232 partmgr - ok
19:11:03.0079 6232 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:11:03.0086 6232 PcaSvc - ok
19:11:03.0115 6232 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
19:11:03.0163 6232 pci - ok
19:11:03.0184 6232 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
19:11:03.0188 6232 pciide - ok
19:11:03.0203 6232 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
19:11:03.0209 6232 pcmcia - ok
19:11:03.0213 6232 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
19:11:03.0216 6232 pcw - ok
19:11:03.0236 6232 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:11:03.0245 6232 PEAUTH - ok
19:11:03.0346 6232 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
19:11:03.0348 6232 PerfHost - ok
19:11:03.0407 6232 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
19:11:03.0502 6232 pla - ok
19:11:03.0550 6232 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:11:03.0601 6232 PlugPlay - ok
19:11:03.0617 6232 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:11:03.0623 6232 PNRPAutoReg - ok
19:11:03.0634 6232 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:11:03.0637 6232 PNRPsvc - ok
19:11:03.0667 6232 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\windows\system32\DRIVERS\point64.sys
19:11:03.0714 6232 Point64 - ok
19:11:03.0741 6232 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:11:03.0751 6232 PolicyAgent - ok
19:11:03.0789 6232 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
19:11:03.0799 6232 Power - ok
19:11:03.0835 6232 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:11:03.0893 6232 PptpMiniport - ok
19:11:03.0909 6232 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
19:11:03.0913 6232 Processor - ok
19:11:03.0939 6232 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
19:11:03.0942 6232 ProfSvc - ok
19:11:03.0958 6232 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:11:03.0959 6232 ProtectedStorage - ok
19:11:03.0987 6232 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:11:03.0988 6232 Psched - ok
19:11:04.0026 6232 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
19:11:04.0084 6232 ql2300 - ok
19:11:04.0117 6232 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
19:11:04.0121 6232 ql40xx - ok
19:11:04.0151 6232 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
19:11:04.0159 6232 QWAVE - ok
19:11:04.0179 6232 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:11:04.0180 6232 QWAVEdrv - ok
19:11:04.0188 6232 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:11:04.0192 6232 RasAcd - ok
19:11:04.0217 6232 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:11:04.0219 6232 RasAgileVpn - ok
19:11:04.0233 6232 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
19:11:04.0241 6232 RasAuto - ok
19:11:04.0264 6232 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:11:04.0315 6232 Rasl2tp - ok
19:11:04.0349 6232 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
19:11:04.0387 6232 RasMan - ok
19:11:04.0402 6232 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:11:04.0408 6232 RasPppoe - ok
19:11:04.0436 6232 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:11:04.0439 6232 RasSstp - ok
19:11:04.0460 6232 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:11:04.0505 6232 rdbss - ok
19:11:04.0531 6232 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
19:11:04.0536 6232 rdpbus - ok
19:11:04.0561 6232 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:11:04.0562 6232 RDPCDD - ok
19:11:04.0581 6232 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:11:04.0582 6232 RDPENCDD - ok
19:11:04.0603 6232 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:11:04.0604 6232 RDPREFMP - ok
19:11:04.0626 6232 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:11:04.0671 6232 RDPWD - ok
19:11:04.0696 6232 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:11:04.0744 6232 rdyboost - ok
19:11:04.0778 6232 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:11:04.0784 6232 RemoteAccess - ok
19:11:04.0802 6232 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:11:04.0807 6232 RemoteRegistry - ok
19:11:04.0837 6232 [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip C:\windows\SysWOW64\Rezip.exe
19:11:04.0840 6232 Rezip - ok
19:11:04.0869 6232 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
19:11:04.0876 6232 RFCOMM - ok
19:11:04.0971 6232 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:11:04.0974 6232 RichVideo - ok
19:11:05.0006 6232 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:11:05.0016 6232 RpcEptMapper - ok
19:11:05.0053 6232 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
19:11:05.0062 6232 RpcLocator - ok
19:11:05.0103 6232 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
19:11:05.0110 6232 RpcSs - ok
19:11:05.0144 6232 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:11:05.0147 6232 rspndr - ok
19:11:05.0165 6232 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
19:11:05.0173 6232 RTL8167 - ok
19:11:05.0188 6232 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys
19:11:05.0235 6232 SABI - ok
19:11:05.0259 6232 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
19:11:05.0260 6232 SamSs - ok
19:11:05.0282 6232 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:11:05.0329 6232 sbp2port - ok
19:11:05.0364 6232 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
19:11:05.0374 6232 SCardSvr - ok
19:11:05.0405 6232 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:11:05.0476 6232 scfilter - ok
19:11:05.0515 6232 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
19:11:05.0537 6232 Schedule - ok
19:11:05.0562 6232 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
19:11:05.0563 6232 SCPolicySvc - ok
19:11:05.0585 6232 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:11:05.0620 6232 SDRSVC - ok
19:11:05.0646 6232 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:11:05.0649 6232 secdrv - ok
19:11:05.0678 6232 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
19:11:05.0712 6232 seclogon - ok
19:11:05.0731 6232 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
19:11:05.0733 6232 SENS - ok
19:11:05.0761 6232 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:11:05.0764 6232 SensrSvc - ok
19:11:05.0788 6232 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
19:11:05.0791 6232 Serenum - ok
19:11:05.0814 6232 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
19:11:05.0818 6232 Serial - ok
19:11:05.0847 6232 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
19:11:05.0851 6232 sermouse - ok
19:11:05.0884 6232 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
19:11:05.0920 6232 SessionEnv - ok
19:11:05.0938 6232 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:11:05.0942 6232 sffdisk - ok
19:11:05.0953 6232 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:11:05.0957 6232 sffp_mmc - ok
19:11:05.0966 6232 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:11:06.0009 6232 sffp_sd - ok
19:11:06.0034 6232 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
19:11:06.0038 6232 sfloppy - ok
19:11:06.0076 6232 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
19:11:06.0087 6232 SharedAccess - ok
19:11:06.0118 6232 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:11:06.0161 6232 ShellHWDetection - ok
19:11:06.0177 6232 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
19:11:06.0182 6232 SiSRaid2 - ok
19:11:06.0190 6232 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
19:11:06.0195 6232 SiSRaid4 - ok
19:11:06.0272 6232 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:11:06.0274 6232 SkypeUpdate - ok
19:11:06.0305 6232 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:11:06.0314 6232 Smb - ok
19:11:06.0374 6232 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:11:06.0381 6232 SNMPTRAP - ok
19:11:06.0430 6232 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
19:11:06.0436 6232 spldr - ok
19:11:06.0469 6232 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
19:11:06.0476 6232 Spooler - ok
19:11:06.0595 6232 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
19:11:06.0614 6232 sppsvc - ok
19:11:06.0631 6232 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:11:06.0637 6232 sppuinotify - ok
19:11:06.0646 6232 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
19:11:06.0690 6232 srv - ok
19:11:06.0711 6232 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:11:06.0755 6232 srv2 - ok
19:11:06.0772 6232 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:11:06.0816 6232 srvnet - ok
19:11:06.0843 6232 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:11:06.0846 6232 SSDPSRV - ok
19:11:06.0861 6232 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
19:11:06.0866 6232 SstpSvc - ok
19:11:06.0911 6232 Steam Client Service - ok
19:11:06.0938 6232 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
19:11:06.0942 6232 stexstor - ok
19:11:06.0971 6232 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
19:11:06.0974 6232 StillCam - ok
19:11:07.0005 6232 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
19:11:07.0067 6232 stisvc - ok
19:11:07.0092 6232 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
19:11:07.0095 6232 swenum - ok
19:11:07.0134 6232 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
19:11:07.0170 6232 swprv - ok
19:11:07.0225 6232 [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
19:11:07.0286 6232 SynTP - ok
19:11:07.0328 6232 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
19:11:07.0362 6232 SysMain - ok
19:11:07.0398 6232 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:11:07.0432 6232 TabletInputService - ok
19:11:07.0448 6232 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
19:11:07.0485 6232 TapiSrv - ok
19:11:07.0499 6232 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
19:11:07.0503 6232 TBS - ok
19:11:07.0581 6232 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:11:07.0723 6232 Tcpip - ok
19:11:07.0773 6232 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:11:07.0782 6232 TCPIP6 - ok
19:11:07.0803 6232 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:11:07.0845 6232 tcpipreg - ok
19:11:07.0863 6232 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:11:07.0868 6232 TDPIPE - ok
19:11:07.0888 6232 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:11:07.0932 6232 TDTCP - ok
19:11:07.0963 6232 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:11:08.0006 6232 tdx - ok
19:11:08.0035 6232 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
19:11:08.0069 6232 TermDD - ok
19:11:08.0089 6232 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
19:11:08.0141 6232 TermService - ok
19:11:08.0160 6232 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
19:11:08.0166 6232 Themes - ok
19:11:08.0181 6232 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
19:11:08.0182 6232 THREADORDER - ok
19:11:08.0213 6232 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
19:11:08.0219 6232 TrkWks - ok
19:11:08.0275 6232 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:11:08.0277 6232 TrustedInstaller - ok
19:11:08.0308 6232 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:11:08.0366 6232 tssecsrv - ok
19:11:08.0420 6232 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:11:08.0481 6232 TsUsbFlt - ok
19:11:08.0529 6232 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:11:08.0531 6232 tunnel - ok
19:11:08.0557 6232 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
19:11:08.0565 6232 uagp35 - ok
19:11:08.0598 6232 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:11:08.0669 6232 udfs - ok
19:11:08.0697 6232 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:11:08.0703 6232 UI0Detect - ok
19:11:08.0720 6232 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:11:08.0724 6232 uliagpkx - ok
19:11:08.0750 6232 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:11:08.0793 6232 umbus - ok
19:11:08.0832 6232 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
19:11:08.0833 6232 UmPass - ok
19:11:08.0871 6232 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
19:11:08.0874 6232 upnphost - ok
19:11:08.0895 6232 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
19:11:08.0941 6232 USBAAPL64 - ok
19:11:08.0962 6232 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:11:09.0005 6232 usbccgp - ok
19:11:09.0040 6232 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
19:11:09.0045 6232 usbcir - ok
19:11:09.0059 6232 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
19:11:09.0102 6232 usbehci - ok
19:11:09.0135 6232 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:11:09.0179 6232 usbhub - ok
19:11:09.0188 6232 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
19:11:09.0232 6232 usbohci - ok
19:11:09.0258 6232 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
19:11:09.0261 6232 usbprint - ok
19:11:09.0281 6232 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:11:09.0324 6232 USBSTOR - ok
19:11:09.0342 6232 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
19:11:09.0386 6232 usbuhci - ok
19:11:09.0424 6232 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
19:11:09.0472 6232 usbvideo - ok
19:11:09.0493 6232 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
19:11:09.0497 6232 UxSms - ok
19:11:09.0514 6232 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
19:11:09.0515 6232 VaultSvc - ok
19:11:09.0545 6232 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:11:09.0549 6232 vdrvroot - ok
19:11:09.0582 6232 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
19:11:09.0657 6232 vds - ok
19:11:09.0682 6232 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:11:09.0685 6232 vga - ok
19:11:09.0696 6232 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
19:11:09.0701 6232 VgaSave - ok
19:11:09.0727 6232 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:11:09.0776 6232 vhdmp - ok
19:11:09.0800 6232 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
19:11:09.0805 6232 viaide - ok
19:11:09.0824 6232 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:11:09.0871 6232 volmgr - ok
19:11:09.0883 6232 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:11:09.0885 6232 volmgrx - ok
19:11:09.0900 6232 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
19:11:09.0968 6232 volsnap - ok
19:11:09.0984 6232 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
19:11:09.0991 6232 vsmraid - ok
19:11:10.0045 6232 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
19:11:10.0159 6232 VSS - ok
19:11:10.0188 6232 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:11:10.0191 6232 vwifibus - ok
19:11:10.0210 6232 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:11:10.0218 6232 vwififlt - ok
19:11:10.0241 6232 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
19:11:10.0247 6232 vwifimp - ok
19:11:10.0281 6232 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
19:11:10.0307 6232 W32Time - ok
19:11:10.0327 6232 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
19:11:10.0335 6232 WacomPen - ok
19:11:10.0360 6232 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:11:10.0410 6232 WANARP - ok
19:11:10.0424 6232 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:11:10.0425 6232 Wanarpv6 - ok
19:11:10.0513 6232 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
19:11:10.0650 6232 WatAdminSvc - ok
19:11:10.0699 6232 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
19:11:10.0818 6232 wbengine - ok
19:11:10.0845 6232 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:11:10.0853 6232 WbioSrvc - ok
19:11:10.0870 6232 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
19:11:10.0873 6232 wcncsvc - ok
19:11:10.0884 6232 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:11:10.0888 6232 WcsPlugInService - ok
19:11:10.0916 6232 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
19:11:10.0921 6232 Wd - ok
19:11:10.0955 6232 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:11:10.0978 6232 Wdf01000 - ok
19:11:11.0009 6232 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:11:11.0011 6232 WdiServiceHost - ok
19:11:11.0014 6232 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:11:11.0016 6232 WdiSystemHost - ok
19:11:11.0054 6232 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
19:11:11.0090 6232 WebClient - ok
19:11:11.0109 6232 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:11:11.0117 6232 Wecsvc - ok
19:11:11.0130 6232 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:11:11.0135 6232 wercplsupport - ok
19:11:11.0167 6232 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
19:11:11.0173 6232 WerSvc - ok
19:11:11.0208 6232 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:11:11.0211 6232 WfpLwf - ok
19:11:11.0228 6232 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:11:11.0231 6232 WIMMount - ok
19:11:11.0249 6232 WinDefend - ok
19:11:11.0254 6232 WinHttpAutoProxySvc - ok
19:11:11.0308 6232 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:11:11.0318 6232 Winmgmt - ok
19:11:11.0392 6232 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
19:11:11.0515 6232 WinRM - ok
19:11:11.0562 6232 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
19:11:11.0605 6232 WinUsb - ok
19:11:11.0649 6232 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
19:11:11.0655 6232 Wlansvc - ok
19:11:11.0810 6232 [ E23A257A54FA12C2AEF8AD51E6556357 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:11:11.0824 6232 wlidsvc - ok
19:11:11.0844 6232 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
19:11:11.0848 6232 WmiAcpi - ok
19:11:11.0878 6232 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:11:11.0885 6232 wmiApSrv - ok
19:11:11.0910 6232 WMPNetworkSvc - ok
19:11:11.0932 6232 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
19:11:11.0937 6232 WPCSvc - ok
19:11:11.0955 6232 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:11:11.0957 6232 WPDBusEnum - ok
19:11:11.0988 6232 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:11:11.0992 6232 ws2ifsl - ok
19:11:12.0016 6232 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
19:11:12.0021 6232 wscsvc - ok
19:11:12.0058 6232 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
19:11:12.0059 6232 WSDPrintDevice - ok
19:11:12.0063 6232 WSearch - ok
19:11:12.0141 6232 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
19:11:12.0164 6232 wuauserv - ok
19:11:12.0177 6232 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:11:12.0221 6232 WudfPf - ok
19:11:12.0257 6232 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:11:12.0302 6232 WUDFRd - ok
19:11:12.0334 6232 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:11:12.0369 6232 wudfsvc - ok
19:11:12.0395 6232 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
19:11:12.0403 6232 WwanSvc - ok
19:11:12.0442 6232 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys
19:11:12.0444 6232 yukonw7 - ok
19:11:12.0523 6232 [ 74983ADDCA2D9618512C088D856D6615 ] {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
19:11:12.0525 6232 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
19:11:12.0568 6232 ================ Scan global ===============================
19:11:12.0583 6232 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:11:12.0623 6232 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
19:11:12.0678 6232 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
19:11:12.0702 6232 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:11:12.0736 6232 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:11:12.0739 6232 [Global] - ok
19:11:12.0739 6232 ================ Scan MBR ==================================
19:11:12.0751 6232 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
19:11:13.0264 6232 \Device\Harddisk0\DR0 - ok
19:11:13.0265 6232 ================ Scan VBR ==================================
19:11:13.0268 6232 [ 8D1C1D53413A9338BB83BD1792E3461D ] \Device\Harddisk0\DR0\Partition1
19:11:13.0271 6232 \Device\Harddisk0\DR0\Partition1 - ok
19:11:13.0286 6232 [ 320648E8C0B59BD797F01A6A1D235CF3 ] \Device\Harddisk0\DR0\Partition2
19:11:13.0288 6232 \Device\Harddisk0\DR0\Partition2 - ok
19:11:13.0306 6232 [ 68E42B6F8EE78EA5C2F6FDEA1216B2A0 ] \Device\Harddisk0\DR0\Partition3
19:11:13.0308 6232 \Device\Harddisk0\DR0\Partition3 - ok
19:11:13.0309 6232 ============================================================
19:11:13.0309 6232 Scan finished
19:11:13.0309 6232 ============================================================
19:11:13.0323 6576 Detected object count: 0
19:11:13.0323 6576 Actual detected object count: 0



And the MBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-17 19:12:54
-----------------------------
19:12:54.017 OS Version: Windows x64 6.1.7601 Service Pack 1
19:12:54.017 Number of processors: 4 586 0x2502
19:12:54.018 ComputerName: ANDRE-PC UserName: Andre
19:12:54.742 Initialize success
19:13:57.258 AVAST engine defs: 12101701
19:14:10.629 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:14:10.632 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
19:14:10.669 Disk 0 MBR read successfully
19:14:10.671 Disk 0 MBR scan
19:14:10.676 Disk 0 unknown MBR code
19:14:10.681 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
19:14:10.697 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
19:14:10.715 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 102400 MB offset 31664128
19:14:10.734 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 359077 MB offset 241379328
19:14:10.777 Disk 0 scanning C:\windows\system32\drivers
19:14:20.754 Service scanning
19:14:41.727 Modules scanning
19:14:41.742 Disk 0 trace - called modules:
19:14:41.790 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:14:41.798 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c30060]
19:14:41.808 3 CLASSPNP.SYS[fffff88001bbf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004934050]
19:14:42.800 AVAST engine scan C:\windows
19:14:45.442 AVAST engine scan C:\windows\system32
19:18:56.622 AVAST engine scan C:\windows\system32\drivers
19:19:08.582 AVAST engine scan C:\Users\Andre
19:29:56.577 AVAST engine scan C:\ProgramData
19:40:02.534 Scan finished successfully
19:40:45.829 Disk 0 MBR has been saved successfully to "C:\Users\Andre\Desktop\MBR.dat"
19:40:45.836 The log file has been saved successfully to "C:\Users\Andre\Desktop\aswMBR.txt"

The ESET scan would not work. When it tried to download the definitions it got stuck at 52% and said "can not get update. Is proxy configured?"

#4 ilbruno87

ilbruno87
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 17 October 2012 - 11:12 PM

the ESET works now and it's currently scanning. I'll post the log as soon as it's done.

#5 ilbruno87

ilbruno87
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 18 October 2012 - 12:10 AM

list of found threats from eset:

C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Default\aadfgedegfgedagggbgbdedededededa\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Default\aadfgedegfgedagggbgbdedededededa\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Andre\Music\21st century breakdown [new album].au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Andre\Music\no line on the horizon album.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Andre\Music\the cure 4 13 dream (from new album).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:02 AM

Posted 18 October 2012 - 04:00 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#7 ilbruno87

ilbruno87
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 18 October 2012 - 02:14 PM

Malware Log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andre :: ANDRE-PC [administrator]

10/18/2012 10:43:15 AM
mbam-log-2012-10-18 (10-43-15).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 387122
Time elapsed: 1 hour(s), 3 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


mini toolbox log:


MiniToolBox by Farbar Version: 23-07-2012
Ran by Andre (administrator) on 18-10-2012 at 11:48:01
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Marvell Yukon 88E8059 Family PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Andre-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : san.rr.com

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : E6-17-FE-D1-23-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : san.rr.com
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : C4-17-FE-D1-23-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2048:ea42:a200:de53%19(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.114(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 17, 2012 6:17:44 PM
Lease Expires . . . . . . . . . . : Friday, October 19, 2012 10:41:34 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 465836030
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-FA-9F-49-00-24-54-39-E8-3B
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : WESTWOODCLUB
Description . . . . . . . . . . . : Marvell Yukon 88E8059 Family PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-24-54-5F-30-F5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.san.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : san.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{424C1AF5-19EE-4B8D-8AEA-EE25E2F3EA87}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:10e7:1a12:b3a7:9fb1(Preferred)
Link-local IPv6 Address . . . . . : fe80::10e7:1a12:b3a7:9fb1%20(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.WESTWOODCLUB:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 2607:f8b0:4007:801::1005
74.125.224.201
74.125.224.206
74.125.224.192
74.125.224.193
74.125.224.194
74.125.224.195
74.125.224.196
74.125.224.197
74.125.224.198
74.125.224.199
74.125.224.200


Pinging google.com [74.125.224.194] with 32 bytes of data:
Reply from 74.125.224.194: bytes=32 time=529ms TTL=54
Reply from 74.125.224.194: bytes=32 time=12ms TTL=54

Ping statistics for 74.125.224.194:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 529ms, Average = 270ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=220ms TTL=48
Reply from 98.138.253.109: bytes=32 time=137ms TTL=48

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 137ms, Maximum = 220ms, Average = 178ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
21...e6 17 fe d1 23 b0 ......Microsoft Virtual WiFi Miniport Adapter
19...c4 17 fe d1 23 b0 ......Atheros AR9285 Wireless Network Adapter
12...00 24 54 5f 30 f5 ......Marvell Yukon 88E8059 Family PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.114 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.114 281
192.168.1.114 255.255.255.255 On-link 192.168.1.114 281
192.168.1.255 255.255.255.255 On-link 192.168.1.114 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.114 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.114 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
20 58 ::/0 On-link
1 306 ::1/128 On-link
20 58 2001::/32 On-link
20 306 2001:0:9d38:6ab8:10e7:1a12:b3a7:9fb1/128
On-link
19 281 fe80::/64 On-link
20 306 fe80::/64 On-link
20 306 fe80::10e7:1a12:b3a7:9fb1/128
On-link
19 281 fe80::2048:ea42:a200:de53/128
On-link
1 306 ff00::/8 On-link
20 306 ff00::/8 On-link
19 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134512] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134512] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/18/2012 00:49:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/18/2012 00:49:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/18/2012 00:48:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/18/2012 00:46:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/17/2012 08:20:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/17/2012 08:20:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/17/2012 08:20:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/17/2012 08:20:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/17/2012 08:18:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/17/2012 08:16:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (10/18/2012 10:45:34 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.

Error: (10/18/2012 10:44:34 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.

Error: (10/17/2012 09:27:16 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.

Error: (10/17/2012 09:26:15 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.

Error: (10/17/2012 07:52:00 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.

Error: (10/17/2012 06:19:43 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Andre\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/17/2012 06:18:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/17/2012 05:52:17 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Andre\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/17/2012 05:52:17 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Andre\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/17/2012 05:51:56 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Andre\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Reader 9.4.6 (Version: 9.4.6)
Aleks 3.18
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
AnyPC Client (Version: 1.0.0.25)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.4.0)
Ask Toolbar Updater (Version: 1.2.2.23821)
Atheros Client Installation Program (Version: 1.0.2.1119)
BatteryLifeExtender (Version: 1.0.1)
Bonjour (Version: 3.0.0.10)
ChargeableUSB (Version: 1.0.0.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CyberLink Blu-ray Disc Suite (Version: 6.0.3226)
CyberLink LabelPrint (Version: 2.5.2511)
CyberLink Power2Go (Version: 6.0.3604b)
CyberLink PowerDirector (Version: 7.0.3227)
CyberLink PowerDVD 10 (Version: 10.0.3715.54)
CyberLink PowerProducer (Version: 5.0.2.2429)
CyberLink YouCam (Version: 2.0.3304)
Diablo III (Version: 1.0.4.11327)
DivX Setup (Version: 2.6.0.34)
Easy Display Manager (Version: 3.0)
Easy Network Manager (Version: 4.2.8)
Easy SpeedUp Manager (Version: 3.0.0.5)
EasyBatteryManager (Version: 4.0.0.3)
Empire: Total War
ESET Online Scanner v3
Google Chrome (Version: 22.0.1229.94)
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Photo Creations (Version: 1.0.0.5192)
HP Photosmart 5510 series Basic Device Software (Version: 25.0.621.0)
HP Update (Version: 5.003.001.001)
iCloud (Version: 2.0.2.187)
Intel® Rapid Storage Technology (Version: 9.5.4.1001)
Intel® Turbo Boost Technology Driver (Version: 01.00.01.1003)
iTunes (Version: 10.7.0.21)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 14.0.8117.416)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Marvell Miniport Driver (Version: 11.22.3.3)
McAfee Internet Security (Version: 11.6.434)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft UI Engine (Version: 4.0.0318.1)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Move Media Player
MSVCRT (Version: 14.0.1468.721)
NVIDIA Drivers (Version: 1.9)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 6.0.1.6003)
REALTEK Wireless LAN Software (Version: 1.01.0088)
Safari (Version: 5.34.57.2)
Samsung R-Series (Version: 1.0)
Samsung Recovery Solution 4 (Version: 4.0.0.6)
Samsung Support Center (Version: 1.1.0)
Samsung Update Plus (Version: 2.0)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.550.0)
Shared C Run-time for x64 (Version: 10.0.0)
Skype Toolbars (Version: 1.0.4051)
Skype™ 5.10 (Version: 5.10.116)
StarCraft II (Version: 1.1.3.16939)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 14.0.10.0)
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User Guide (Version: 1.0)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC_AR) (Version: 1.10.1002)
WIDCOMM Bluetooth Software (Version: 6.2.1.800)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live ID Sign-in Assistant (Version: 6.500.3146.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)

========================= Memory info: ===================================

Percentage of memory in use: 66%
Total physical RAM: 3956.55 MB
Available physical RAM: 1336.53 MB
Total Pagefile: 7911.29 MB
Available Pagefile: 5204.04 MB
Total Virtual: 4095.88 MB
Available Virtual: 3957.82 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:100 GB) (Free:15.14 GB) NTFS
2 Drive d: () (Fixed) (Total:350.66 GB) (Free:342.7 GB) NTFS
3 Drive e: (WALKING_DEAD_S2_D1) (CDROM) (Total:39.13 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\ANDRE-PC

Administrator Andre Guest

========================= Restore Points ==================================

13-10-2012 23:06:16 Windows Update
13-10-2012 23:16:36 Windows Update

**** End of log ****


Farbar Service Scanner Log:


Farbar Service Scanner Version: 07-10-2012
Ran by Andre (administrator) on 18-10-2012 at 11:50:11
Running from "C:\Users\Andre\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-09 17:58] - [2012-06-01 22:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Adware Cleaner Log:



# AdwCleaner v2.005 - Logfile created 10/18/2012 at 11:53:05
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Andre - ANDRE-PC
# Boot Mode : Normal
# Running from : C:\Users\Andre\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\vShare
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Andre\AppData\Local\APN
Folder Deleted : C:\Users\Andre\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Andre\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [4614 octets] - [18/10/2012 11:53:05]

########## EOF - C:\AdwCleaner[S2].txt - [4674 octets] ##########


Junkremoval Tool Log:


Junkware Removal Tool (JRT) by Thisisu
Version: 1.7.5 (10.18.2012)
OS: Windows 7 Home Premium x64
Ran by Andre on Thu 10/18/2012 at 11:56:48.67
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Thu 10/18/2012 at 12:14:13.27
End of Report

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:02 AM

Posted 18 October 2012 - 04:12 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#9 ilbruno87

ilbruno87
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 18 October 2012 - 10:55 PM

Rkill Log:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/18/2012 08:51:00 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\windows\SysWOW64\Rezip.exe (PID: 1904) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Andre\Desktop\rkill\rkill-10-18-2012-08-51-13.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/18/2012 08:51:25 PM
Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)


Autoruns Log:


"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "APLangApp" "AnyPC Language Application" "DoctorSoft" "c:\program files (x86)\anypc client\aplangapp.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "BDRegion" "brs" "cyberlink" "c:\program files (x86)\cyberlink\shared files\brs.exe"
+ "CLMLServer" "CyberLink MediaLibray Service" "CyberLink" "c:\program files (x86)\cyberlink\power2go\clmlsvc.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files (x86)\hp\hp software update\hpwuschd2.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "mcui_exe" "McAfee Security Center" "McAfee, Inc." "c:\program files\mcafee.com\agent\mcagent.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "RemoteControl10" "PowerDVD RC Service" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "UCam_Menu" "MUI StartMenu Application" "CyberLink Corp." "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe"
+ "UpdateLBPShortCut" "MUI StartMenu Application" "CyberLink Corp." "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe"
+ "UpdateP2GoShortCut" "MUI StartMenu Application" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe"
+ "UpdatePDRShortCut" "MUI StartMenu Application" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe"
+ "UpdatePPShortCut" "MUI StartMenu Application" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\muitransfer\muistartmenu.exe"
+ "UpdatePSTShortCut" "MUI StartMenu Application" "CyberLink Corp." "c:\program files (x86)\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Bluetooth.lnk" "Bluetooth Tray Application" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\bttray.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\users\andre\appdata\local\google\update\googleupdate.exe"
+ "HP Photosmart 5510 series (NET)" "ScanToPCActivationApp" "Hewlett-Packard Co." "c:\program files\hp\hp photosmart 5510 series\bin\scantopcactivationapp.exe"
+ "MobileDocuments" "" "" "File not found: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
+ "msnmsgr" "Windows Live Messenger" "Microsoft Corporation" "c:\program files (x86)\windows live\messenger\msnmsgr.exe"
+ "Steam" "Steam" "Valve Corporation" "c:\program files (x86)\steam\steam.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "application/x-mfe-ipt" "McAfee MSC IE plugin DLL" "McAfee, Inc." "c:\program files\mcafee\msc\mcsniepl64.dll"
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "dssrequest" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
+ "sacore" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "McCtxMenuFrmWrk" "McAfee ContextMenu Framework" "McAfee, Inc." "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
+ "PhotoStreamsExt" "" "" "c:\program files\common files\apple\internet services\shellstreams64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "PhotoStreamsExt" "ShellStreams.dll" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\shellstreams.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btncopy.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "NvCplDesktopContext" "" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "McCtxMenuFrmWrk" "McAfee ContextMenu Framework" "McAfee, Inc." "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
+ "Windows Live Family Safety Browser Helper Class" "Family Safety Browser Helper Object Library" "Microsoft Corporation" "c:\program files\windows live\family safety\fssbho.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "DivX Plus Web Player HTML5 <video>" "DivX Plus Web Player HTML5 <video> version 2.1.2.145" "DivX, LLC" "c:\program files (x86)\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "McAfee Phishing Filter" "" "" "c:\program files\mcafee\msk\mskapbho.dll"
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll"
+ "Skype add-on for Internet Explorer" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "McAfee SiteAdvisor Toolbar" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
+ "Skype add-on for Internet Explorer" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
"Task Scheduler" "" "" ""
+ "\Adobe online update program" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "\advSRS4" "Samsung Recovery Solution 4" "SEC" "c:\program files (x86)\samsung\samsung recovery solution 4\wcscheduler.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\BatteryLifeExtender" "Battery Life Extender" "Samsung Electronics. Co. Ltd." "c:\program files (x86)\samsung\batterylifeextender\batterylifeextender.exe"
+ "\Divx online update program" "DivX Update" "" "c:\program files (x86)\divx\divx update\divxupdate.exe"
+ "\EasyBatteryManager" "" "SAMSUNG Electronics co., LTD." "c:\program files (x86)\samsung\easybatterymanager\easybatterymgr4.exe"
+ "\EasyDisplayMgr" "Easy Display Manager" "Samsung Electronics Co., Ltd." "c:\program files (x86)\samsung\easy display manager\dmhkcore.exe"
+ "\EasySpeedUpManager" "EasySpeedUpManager" "Samsung Electronics Co., Ltd." "c:\program files (x86)\samsung\easyspeedupmanager\easyspeedupmanager.exe"
+ "\Google Updater and Installer" "Google Installer" "Google Inc." "c:\users\andre\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1025616775-32965946-2427245248-1001Core" "Google Installer" "Google Inc." "c:\users\andre\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1025616775-32965946-2427245248-1001UA" "Google Installer" "Google Inc." "c:\users\andre\appdata\local\google\update\googleupdate.exe"
+ "\HP Photo Creations Messager" "" "" "c:\programdata\hp photo creations\messagecheck.exe"
+ "\Java Update Scheduler" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft_Hardware_Launch_IPoint_exe" "" "" "File not found: C:\Program Files\Microsoft IntelliPoint\IPoint.exe"
+ "\SamsungSupportCenter" "SSCKbdHk" "SAMSUNG Electronics" "c:\program files (x86)\samsung\samsung support center\ssckbdhk.exe"
+ "\Scheduled Update for Ask Toolbar" "" "" "File not found: C:\Program Files (x86)\Ask.com\UpdateTask.exe"
+ "\SUPBackground" "" "" "File not found: C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe"
+ "\{FBF489AB-BA8F-46F0-9963-C5F7FDDBF778}" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "0070601350607039mcinstcleanup" "" "" "File not found: C:\windows\TEMP\007060~1.EXE -cleanup -nolog"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "btwdins" "Handles installation and removal of Bluetooth devices." "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwdins.exe"
+ "fsssvc" "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work." "Microsoft Corporation" "c:\program files (x86)\windows live\family safety\fsssvc.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "McAfee SiteAdvisor Service" "Provides low-level support for McAfee SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\mcsacore.exe"
+ "McMPFSvc" "Helps protect your computer from intrusion and let's you manage your computer's trusted programs." "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "mcmscsvc" "McAfee Services" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McNaiAnn" "McAfee VirusScan Announcer" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McNASvc" "McAfee Network Agent" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McODS" "McAfee Scanner" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcods.exe"
+ "McProxy" "McAfee Proxy Service" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McShield" "McAfee OnAccess Scanner" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mcshield.exe"
+ "mfefire" "Provides firewall services to McAfee products" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mfefire.exe"
+ "mfevtp" "Provides validation trust protection services" "McAfee, Inc." "c:\windows\system32\mfevtps.exe"
+ "MSK80Service" "This service filters e-mail messages on your computer" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "Rezip" "" "" "c:\windows\syswow64\rezip.exe"
+ "RichVideo" "RichVideo Module" "" "c:\program files (x86)\cyberlink\shared files\richvideo.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "btusbflt" "Widcomm Bluetooth USB Filter for Windows XP" "Broadcom Corporation." "c:\windows\system32\drivers\btusbflt.sys"
+ "btwaudio" "Bluetooth Audio Device" "Broadcom Corporation." "c:\windows\system32\drivers\btwaudio.sys"
+ "btwavdt" "Broadcom Bluetooth AVDT Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwavdt.sys"
+ "btwl2cap" "Broadcom Bluetooth L2CAP Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwl2cap.sys"
+ "btwrchid" "Bluetooth Remote Control HID Minidriver" "Broadcom Corporation." "c:\windows\system32\drivers\btwrchid.sys"
+ "cfwids" "McAfee Personal Firewall IDS Plugin" "McAfee, Inc." "c:\windows\system32\drivers\cfwids.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HipShieldK" "McAfee HIP IPS Driver" "McAfee, Inc." "c:\windows\system32\drivers\hipshieldk.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "mfeapfk" "Access Protection Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeapfk.sys"
+ "mfeavfk" "Anti-Virus File System Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeavfk.sys"
+ "mfeavfk01" "" "" "File not found: C:\windows\System32\Drivers\mfeavfk01.sys"
+ "mfefirek" "McAfee Core Firewall Engine Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfefirek.sys"
+ "mfehidk" "McAfee Link Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfehidk.sys"
+ "mferkdet" "McAfee Code Analysis Driver" "McAfee, Inc." "c:\windows\system32\drivers\mferkdet.sys"
+ "mferkdk" "VSCore Code Analysis Driver" "McAfee, Inc." "c:\windows\system32\drivers\mferkdk.sys"
+ "mfesmfk" "System Monitor Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfesmfk.sys"
+ "mfewfpk" "Anti-Virus Mini-Firewall Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfewfpk.sys"
+ "MPFP" "McAfee Personal Firewall Plus Driver" "McAfee, Inc." "c:\windows\system32\drivers\mpfp.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "NVHDA" "NVIDIA HDMI Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvhda64v.sys"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 188.64 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8101E/8168/8169 NDIS 6.20 64-bit Driver " "Realtek Corporation " "c:\windows\system32\drivers\rt64win7.sys"
+ "SABI" "SAMSUNG Kernel Driver" "SAMSUNG ELECTRONICS" "c:\windows\system32\drivers\sabi.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Serial" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "yukonw7" "" "" "c:\windows\system32\drivers\yk62x64.sys"
+ "{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}" "" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\navfilter\000.fcl"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Commercial Cut Analyzer" "CLAudCM" "Cyberlink Corp." "c:\program files (x86)\cyberlink\powerproducer\claudcm.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\se_claud.ax"
+ "CyberLink Audio Decoder (PDVD10)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claud.ax"
+ "CyberLink Audio Decoder(PDVD10 UPnP)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\upnp\claud.ax"
+ "CyberLink Audio Effect (PDVD10)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudfx.ax"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaunrwrapper.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaursmpl.ax"
+ "CyberLink Audio Spectrum Analyzer(PDVD10 UPnP)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\upnp\claudspa.ax"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvb.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudiocd.ax"
+ "CyberLink AudioCD Filter (PDVD10)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudiocd.ax"
+ "CyberLink AVCHD Navigator" "CLBDROMNav" "cyberlink" "c:\program files (x86)\cyberlink\powerdvd10\navfilter\clavchdnav.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\cldemuxer.ax"
+ "CyberLink Demultiplexer(PDVD10 UPnP)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\upnp\cldemuxer.ax"
+ "Cyberlink Demuxer 2.0" "CLDemuxer2" "Cyberlink" "c:\program files (x86)\cyberlink\powerdvd10\navfilter\cldemuxer2.ax"
+ "CyberLink Digest Filter (PDVD10)" "DigestFilter Dynamic Link Library" "" "c:\program files (x86)\cyberlink\powerdvd10\digestfilter.dll"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\se_cldumpdispatch.ax"
+ "Cyberlink Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdump.ax"
+ "CyberLink DV Buffer" "DV dump Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerproducer\ppdvdump.ax"
+ "CyberLink DVD Navigator (PDVD10)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\navfilter\clnavx.ax"
+ "CyberLink Editing Service 3.0 (Source)" "CES Kernel" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gedtkrn.dll"
+ "CyberLink Editing Service 4.5 (Source)" "CES Kernel (LT15)" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\cledtkrn.dll"
+ "Cyberlink File Reader (Async.)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2greader.ax"
+ "CyberLink FLV Splitter(PDVD10)" "CyberLink FLV Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\navfilter\clflvsplitter.ax"
+ "CyberLink Frame Parser" "CLFParser" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\clfparser.ax"
+ "CyberLink H.264/AVC Decoder" "CyberLink 264 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\cl264dec.ax"
+ "CyberLink HAM Decoder" "CyberLink Video Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax"
+ "CyberLink HD/BD Mixer (PDVD10)" "CLHBMixer" " " "c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clhbmixer.ax"
+ "CyberLink Line21 Decoder (PDVD10)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\clline21.ax"
+ "CyberLink Load Image Filter" "CLImage (LT15)" "CyberLink" "c:\program files (x86)\cyberlink\shared files\climage.ax"
+ "CyberLink M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gm2vwriter.ax"
+ "CyberLink Matroska Splitter(PDVD10)" "CyberLink Matroska Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\navfilter\clmkvsplter.ax"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\se_mpgmux.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\upnp\clsplter.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\navfilter\clsplter.ax"
+ "CyberLink MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\cyberlink\power2go\p2gvidenc.ax"
+ "CyberLink MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm2spliter.ax"
+ "CyberLink MPEG-4 Muxer" "CyberLink MPEG-4 Muxer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\se_clm4muxer.ax"
+ "CyberLink MPEG-4 Muxer" "CyberLink MPEG-4 Muxer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\clm4muxer.ax"
+ "CyberLink MPEG-4 Splitter" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\se_clm4splt.ax"
+ "CyberLink MPEG-4 Splitter" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\clm4splt.ax"
+ "CyberLink MPEG-4 Splitter (PDVD10)" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\navfilter\clm4splt.ax"
+ "CyberLink MPEGV Analyzer" "CLMPEGAnalysis" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\se_clmpegvanalyzer.ax"
+ "CyberLink MPEGV Analyzer" "CLMPEGAnalysis" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\clmpegvanalyzer.ax"
+ "CyberLink Mux Push Source" "Cyberlink push-mode file source" "Cyberlink" "c:\program files (x86)\cyberlink\powerproducer\se_clmuxpushsrc.ax"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gpcmenc.ax"
+ "CyberLink Push-Mode CLStream(PDVD10)" "CLStream" "CyberLink" "c:\program files (x86)\cyberlink\powerdvd10\upnp\clstream(pushmode).ax"
+ "CyberLink RealAudio Decoder(PDVD10)" "CyberLink RealMedia Audio Decoder" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clrmaud.ax"
+ "CyberLink RealMedia Splitter(PDVD10)" "CyberLink RealMedia Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\navfilter\clrmsplitter.ax"
+ "CyberLink RealVideo Decoder(PDVD10)" "CyberLink RealMedia Video Decoder" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\clrmvd.ax"
+ "CyberLink SBE Filter" "CLSBE" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\clsbe.ax"
+ "CyberLink SBE Source Filter" "CLSBESrc" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\clsbesrc.ax"
+ "Cyberlink Scene Detect Filter" "CLScnDt" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\ppscndt.ax"
+ "CyberLink SnapShotTIP Filter" "CLSShot" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\clsshot.ax"
+ "CyberLink Stamp Effect" "" "CyberLink corporate" "c:\program files (x86)\cyberlink\powerproducer\ppstampeffect.ax"
+ "CyberLink Streamming Filter(PDVD10)" "Cyberlink Streaming Source Filter(Scramble)" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\upnp\clstream.ax"
+ "Cyberlink Sub-Picture Filter" "Cyberlink Sub-Picture Filter" "Cyberlink" "c:\program files (x86)\cyberlink\powerproducer\clsubpic.ax"
+ "Cyberlink SubTitle Importor (PDVD10)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax"
+ "Cyberlink SubTitle Importor 2.0 (PDVD10)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gauts.ax"
+ "CyberLink TimeStretch Filter (PDVD10)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clauts.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\se_cltlmsplter.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\youcam\yctlmsplter.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gtlmsplter.ax"
+ "Cyberlink Track Filter" "Cyberlink Track Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\youcam\yctrack.ax"
+ "Cyberlink TS Information" "CLTSInfo" "Cyberlink" "c:\program files (x86)\cyberlink\powerproducer\pptsinfo.ax"
+ "CyberLink Tzan Filter" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\cltzan.ax"
+ "CyberLink Tzan Filter (PDVD10)" "CyberLink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\cltzan.ax"
+ "CyberLink UltraSpeed/SVRT Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\se_cledtdemuxer.ax"
+ "CyberLink UltraSpeed/SVRT Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\cledtdemuxer.ax"
+ "CyberLink Video Decoder (PDVD10)" "CyberLink Video Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvidfx.ax"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files (x86)\cyberlink\power2go\p2grgl.ax"
+ "CyberLink Video Regulator" "Video Regulator" "Cyberlink" "c:\program files (x86)\cyberlink\youcam\ycrgl.ax"
+ "CyberLink Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvideostabilizer.ax"
+ "CyberLink Video/SP Decoder (PDVD10)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\clvsd.ax"
+ "CyberLink Video/SP Decoder(PDVD10 UPnP)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\upnp\clvsd.ax"
+ "CyberLink WebCamera NULL Render" "CLWEBCAMERARENDER" "CyberLink" "c:\program files (x86)\cyberlink\youcam\ycwebcamerarender.ax"
+ "CyberLink WMV Dumper" "CLWMVDump Dynamic Link Library" "" "c:\program files (x86)\cyberlink\youcam\ycwmvdump.ax"
+ "CyberLink WMV/WMA Demux(PDVD10)" "WMV/WMA Demux" "CyberLink" "c:\program files (x86)\cyberlink\powerdvd10\upnp\clwmfdemux.ax"
+ "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX® Decoder Filter" "DivX, Inc." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\dxdec.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx codec\divxdec.ax"
+ "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\divxdech264.ax"
+ "P2G Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaud.ax"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudenc.ax"
+ "P2G Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvsd.ax"
+ "P2G Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gresample.ax"
+ "PowerProducer Double Tee" "Cyberlink Double Tee Filter" "CtberLink Corporation" "c:\program files (x86)\cyberlink\powerproducer\ppdoubletee.ax"
+ "PP Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\claud.ax"
+ "PP Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerproducer\claudfx.ax"
+ "PP Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\cyberlink\powerproducer\claudenc.ax"
+ "PP Audio Noise Reduction (CES)" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\claunrwrapper.ax"
+ "PP Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\ppaursmpl.ax"
+ "PP Byte Counter" "PP Byte Counter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerproducer\ppbytecounter.ax"
+ "PP DDR" "PP DDR" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\pprender.ax"
+ "PP Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\cldumpdispatch.ax"
+ "PP Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\cldump.ax"
+ "PP DV Buffer" "CLDVBuffer Filter" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\ppdvbuffer.ax"
+ "PP DV Dump Filter" "DV dump Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerproducer\ppdvdump.ax"
+ "PP DV TCR" "DVTCR" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\ppdvtcr.ax"
+ "PP File Reader (Async.)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\ppreader.ax"
+ "PP Gate Filter" "CLGate" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\ppgate.ax"
+ "PP IDM" "idmf" "Cyberlink" "c:\program files (x86)\cyberlink\powerproducer\ppidmf.ax"
+ "PP M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\ppm2vwriter.ax"
+ "PP MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\mpgmux.ax"
+ "PP MPEG Splitter" "PP MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\ppsplter.ax"
+ "PP MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\cyberlink\powerproducer\clvidenc.ax"
+ "PP PCM Wrapper" "PP PCM Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\pppcmenc.ax"
+ "PP Snapshot Filter" "CLSnapShot Filter" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\ppsnapshot.ax"
+ "PP SnapShotTIP Filter" "CLSShot" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\ppsshot.ax"
+ "PP TimeStretch Filter (CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\clauts.ax"
+ "PP TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\cltlmsplter.ax"
+ "PP TV Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\claudtv.ax"
+ "PP Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\ppgenericvsd.ax"
+ "PP Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\ppvidfx.ax"
+ "PP Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\ppresample.ax"
+ "PP Video Regulator" "Video Regulator" "Cyberlink" "c:\program files (x86)\cyberlink\powerproducer\clrgl.ax"
+ "PP WAV Dest" "CLWavDest" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\ppwavdest.ax"
+ "PP YUY2 Deinterlace" "DitlYuY2" "CyberLink" "c:\program files (x86)\cyberlink\powerproducer\ppditlyuy2.ax"
+ "PP YUY2 Sub-Sampling" "SubYUY2 Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerproducer\ppsubyuy2.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Time Regulator" "TimeRegulator" "cyberlink" "c:\program files (x86)\cyberlink\powerproducer\avi_audtr.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "YC_EVRWindow" "CLEvr" "CyberLink Corp." "c:\program files (x86)\cyberlink\youcam\ycevr.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "BtwCredentialProvider" "BtwCP DLL" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwcp.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "HP a111 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpinkstsa111lm.dll"
+ "HP Discovery Port Monitor (HP Photosmart 5510 series)" "HP Discovery Port Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpdiscopma111.dll"
+ "PCL hpz3lw71" "LanguageMonitor" "Hewlett-Packard Corporation" "c:\windows\system32\hpz3lw71.dll"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:02 AM

Posted 18 October 2012 - 10:58 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users