Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinXP Google search redirects in Firefox + rundll error on startup


  • Please log in to reply
11 replies to this topic

#1 antipode56

antipode56

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 22 October 2012 - 02:44 PM

Hello -
About two weeks ago my Avira scanner detected a virus in a dll file and quarantined it. The original location was:
C:\Documents and Settings\(MyName)\Application Data\cpcts.dll

From then on, at bootup I would receive a rundll32 error loading that dll, saying that "the specified module could not be found". I went into msconfig and found that "cpcts" was one of the startup processes, so I disabled that and the errors no longer appeared - but I was aware this was a quick and dirty solution and the problem was still there - if possible my preference is to permanently correct that problem.

But around this same time - I can't be sure if it was after the quarantine or not, so I'm not entirely sure the two issues are related - I started to get google search redirects (as in, upon clicking a link in the results, I'd be taken to some other loosely-related website instead - and sometimes I'd have to go back to the google results multiple times before the actual link would go through). This confirmed I still had some sort of adware or infection - but I ran an Avira scan of all drives and it found nothing, and then (after temporarily disabling Avira) a FULL scan in MBAM and that found nothing either. Within the last two days the problem has progressed to opening new tabs containing ads at random, and I'm not sure what to do to get rid of the problems. At a quick glance I can't see any unfamiliar processes running in the task manager, but I can see that my processor usage is going crazy (idling at 30-50% usage with "nothing" running, when ordinarily it would be 1-2%).

EDIT: A new error has come up that I'd never seen before, just in the few minutes since I posted this - whenever I attempt to disconnect my external harddrive with the "safely remove hardware" feature, the computer instantly bluescreens and shuts down. This happened twice before I just unplugged the harddrive while the computer was off - but it leads me to believe something regarding the infection may be stored there as well. I'll plug it back in before running any scans you recommend.

Is there any help you can offer regarding these issues? I'm running Windows XP SP3 with Firefox.

Thanks.

Edited by antipode56, 22 October 2012 - 03:12 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:07 PM

Posted 22 October 2012 - 06:43 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 antipode56

antipode56
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 23 October 2012 - 09:50 AM

Thanks very much for helping me with this - it's much appreciated.
First I ran the TDSSKiller scan with the default options but with TDLFS File System checked, and it found one item: MRxSmb ( Virus.Win32.ZAccess.aml ) - but I don't think I was actually infected with this. I had it several months ago (and got rid of it with your help) and I think maybe TDSSKiller found it remaining in whatever quarantine it was left in or something because we were quite certain it was gone at the time. Either way, the default action selected (as you instructed) was Cure, so it went to work and rebooted, resulting in a second log. Both logs are pasted below:



20:14:17.0000 5404 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
20:14:19.0000 5404 ============================================================
20:14:19.0000 5404 Current date / time: 2012/10/22 20:14:19.0000
20:14:19.0000 5404 SystemInfo:
20:14:19.0000 5404
20:14:19.0000 5404 OS Version: 5.1.2600 ServicePack: 3.0
20:14:19.0000 5404 Product type: Workstation
20:14:19.0000 5404 ComputerName: TRISKELION
20:14:19.0000 5404 UserName: Gary
20:14:19.0000 5404 Windows directory: C:\WINDOWS
20:14:19.0000 5404 System windows directory: C:\WINDOWS
20:14:19.0000 5404 Processor architecture: Intel x86
20:14:19.0000 5404 Number of processors: 2
20:14:19.0000 5404 Page size: 0x1000
20:14:19.0000 5404 Boot type: Normal boot
20:14:19.0000 5404 ============================================================
20:14:20.0843 5404 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:14:21.0203 5404 Drive \Device\Harddisk1\DR1 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:14:21.0234 5404 Drive \Device\Harddisk2\DR5 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:14:21.0234 5404 ============================================================
20:14:21.0234 5404 \Device\Harddisk0\DR0:
20:14:21.0234 5404 MBR partitions:
20:14:21.0234 5404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB84F13F
20:14:21.0234 5404 \Device\Harddisk1\DR1:
20:14:21.0234 5404 MBR partitions:
20:14:21.0234 5404 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA50E02
20:14:21.0234 5404 \Device\Harddisk2\DR5:
20:14:21.0234 5404 MBR partitions:
20:14:21.0234 5404 \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
20:14:21.0234 5404 ============================================================
20:14:21.0359 5404 C: <-> \Device\Harddisk0\DR0\Partition1
20:14:21.0390 5404 D: <-> \Device\Harddisk1\DR1\Partition1
20:14:21.0437 5404 H: <-> \Device\Harddisk2\DR5\Partition1
20:14:21.0437 5404 ============================================================
20:14:21.0437 5404 Initialize success
20:14:21.0437 5404 ============================================================
20:14:40.0796 2644 ============================================================
20:14:40.0796 2644 Scan started
20:14:40.0796 2644 Mode: Manual; TDLFS;
20:14:40.0796 2644 ============================================================
20:14:42.0890 2644 ================ Scan system memory ========================
20:14:42.0906 2644 System memory - ok
20:14:42.0906 2644 ================ Scan services =============================
20:14:43.0187 2644 [ D2142FEE659D97B2B05820F21594BFE2 ] 5U870CAP_VID_1262&PID_25FD C:\WINDOWS\system32\Drivers\5U870CAP.sys
20:14:43.0187 2644 5U870CAP_VID_1262&PID_25FD - ok
20:14:43.0187 2644 Abiosdsk - ok
20:14:43.0234 2644 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:14:43.0234 2644 abp480n5 - ok
20:14:43.0296 2644 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:14:43.0296 2644 ACPI - ok
20:14:43.0296 2644 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:14:43.0296 2644 ACPIEC - ok
20:14:43.0515 2644 [ 746742588C07DB53731143229E2EE450 ] AddFiltr C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
20:14:43.0546 2644 AddFiltr - ok
20:14:43.0656 2644 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
20:14:43.0718 2644 Adobe LM Service - ok
20:14:43.0750 2644 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:14:43.0750 2644 adpu160m - ok
20:14:43.0796 2644 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:14:43.0796 2644 aec - ok
20:14:43.0875 2644 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:14:43.0875 2644 AFD - ok
20:14:43.0953 2644 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
20:14:43.0953 2644 agp440 - ok
20:14:43.0968 2644 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:14:43.0968 2644 agpCPQ - ok
20:14:44.0046 2644 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:14:44.0046 2644 Aha154x - ok
20:14:44.0093 2644 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:14:44.0093 2644 aic78u2 - ok
20:14:44.0140 2644 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:14:44.0140 2644 aic78xx - ok
20:14:44.0218 2644 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:14:44.0250 2644 Alerter - ok
20:14:44.0406 2644 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:14:44.0437 2644 ALG - ok
20:14:44.0468 2644 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
20:14:44.0468 2644 AliIde - ok
20:14:44.0500 2644 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:14:44.0500 2644 alim1541 - ok
20:14:44.0515 2644 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:14:44.0515 2644 amdagp - ok
20:14:44.0531 2644 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
20:14:44.0531 2644 amsint - ok
20:14:44.0625 2644 [ 548DFB36A6B1A8123BBA4DCFE0BEAD83 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:14:44.0734 2644 AntiVirSchedulerService - ok
20:14:44.0781 2644 [ 2FC40C57EECC7C7E400654605E76A0B3 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:14:44.0828 2644 AntiVirService - ok
20:14:44.0921 2644 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:14:44.0968 2644 Apple Mobile Device - ok
20:14:45.0031 2644 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:14:45.0078 2644 AppMgmt - ok
20:14:45.0109 2644 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:14:45.0109 2644 Arp1394 - ok
20:14:45.0171 2644 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
20:14:45.0171 2644 asc - ok
20:14:45.0203 2644 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:14:45.0234 2644 asc3350p - ok
20:14:45.0281 2644 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:14:45.0281 2644 asc3550 - ok
20:14:45.0421 2644 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:14:45.0484 2644 aspnet_state - ok
20:14:45.0515 2644 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:14:45.0515 2644 AsyncMac - ok
20:14:45.0531 2644 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:14:45.0531 2644 atapi - ok
20:14:45.0531 2644 Atdisk - ok
20:14:45.0562 2644 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:14:45.0562 2644 Atmarpc - ok
20:14:45.0609 2644 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:14:45.0640 2644 AudioSrv - ok
20:14:45.0656 2644 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:14:45.0656 2644 audstub - ok
20:14:45.0734 2644 [ 583B68234A159BA64090F3CAE7360F03 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:14:45.0734 2644 avgntflt - ok
20:14:45.0750 2644 [ C499333D8915597FE415F0058EFFD7D2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:14:45.0765 2644 avipbb - ok
20:14:45.0796 2644 [ 52EC5F852B42136C513B9009A3C27891 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:14:45.0812 2644 avkmgr - ok
20:14:45.0859 2644 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:14:45.0859 2644 Beep - ok
20:14:45.0984 2644 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:14:46.0015 2644 Bonjour Service - ok
20:14:46.0046 2644 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:14:46.0078 2644 Browser - ok
20:14:46.0109 2644 [ 4272BAB9291D26DA5AC913BC79C3CE85 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
20:14:46.0109 2644 BTWUSB - ok
20:14:46.0140 2644 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:14:46.0140 2644 cbidf - ok
20:14:46.0156 2644 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:14:46.0156 2644 cbidf2k - ok
20:14:46.0218 2644 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:14:46.0218 2644 CCDECODE - ok
20:14:46.0234 2644 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:14:46.0234 2644 cd20xrnt - ok
20:14:46.0250 2644 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:14:46.0250 2644 Cdaudio - ok
20:14:46.0281 2644 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:14:46.0281 2644 Cdfs - ok
20:14:46.0296 2644 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:14:46.0296 2644 Cdrom - ok
20:14:46.0296 2644 CFcatchme - ok
20:14:46.0312 2644 Changer - ok
20:14:46.0375 2644 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:14:46.0406 2644 CiSvc - ok
20:14:46.0453 2644 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:14:46.0453 2644 ClipSrv - ok
20:14:46.0515 2644 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:14:46.0687 2644 clr_optimization_v2.0.50727_32 - ok
20:14:46.0765 2644 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:14:46.0812 2644 clr_optimization_v4.0.30319_32 - ok
20:14:46.0890 2644 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:14:46.0890 2644 CmBatt - ok
20:14:46.0937 2644 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:14:46.0953 2644 CmdIde - ok
20:14:46.0968 2644 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:14:46.0968 2644 Compbatt - ok
20:14:46.0984 2644 COMSysApp - ok
20:14:47.0046 2644 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:14:47.0046 2644 Cpqarray - ok
20:14:47.0109 2644 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:14:47.0140 2644 CryptSvc - ok
20:14:47.0250 2644 [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv C:\Program Files\Creative\Shared Files\CTDevSrv.exe
20:14:47.0312 2644 CTDevice_Srv - ok
20:14:47.0390 2644 [ 8E26D772F53B7883A651E0E4A9598F21 ] CTUPnPSv C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
20:14:47.0453 2644 CTUPnPSv - ok
20:14:47.0500 2644 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:14:47.0500 2644 dac2w2k - ok
20:14:47.0562 2644 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:14:47.0562 2644 dac960nt - ok
20:14:47.0656 2644 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:14:47.0671 2644 DcomLaunch - ok
20:14:47.0734 2644 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:14:47.0812 2644 Dhcp - ok
20:14:47.0859 2644 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:14:47.0875 2644 Disk - ok
20:14:47.0890 2644 dmadmin - ok
20:14:47.0953 2644 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:14:48.0078 2644 dmboot - ok
20:14:48.0109 2644 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:14:48.0109 2644 dmio - ok
20:14:48.0156 2644 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:14:48.0156 2644 dmload - ok
20:14:48.0203 2644 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:14:48.0203 2644 dmserver - ok
20:14:48.0250 2644 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:14:48.0250 2644 DMusic - ok
20:14:48.0296 2644 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:14:48.0328 2644 Dnscache - ok
20:14:48.0453 2644 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:14:48.0500 2644 Dot3svc - ok
20:14:48.0546 2644 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:14:48.0546 2644 dpti2o - ok
20:14:48.0625 2644 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:14:48.0625 2644 drmkaud - ok
20:14:48.0703 2644 [ F239EC59B4A30266A4A7B081A5DEE0FC ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:14:48.0703 2644 e1express - ok
20:14:48.0734 2644 [ B5CB3084046146FD2587D8C9B219FEB4 ] eabfiltr C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
20:14:48.0734 2644 eabfiltr - ok
20:14:48.0796 2644 [ 231F4547AE1E4B3E60ECA66C3A96D218 ] eabusb C:\WINDOWS\system32\DRIVERS\eabusb.sys
20:14:48.0796 2644 eabusb - ok
20:14:48.0890 2644 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:14:48.0937 2644 EapHost - ok
20:14:49.0000 2644 [ D039A0C347632622934906BD59A4E1EA ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
20:14:49.0359 2644 ehRecvr - ok
20:14:49.0390 2644 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
20:14:49.0421 2644 ehSched - ok
20:14:49.0468 2644 [ B4556F3D468C8DCB0B259D9D866CD4C4 ] enodpl C:\WINDOWS\system32\drivers\enodpl.sys
20:14:49.0468 2644 enodpl - ok
20:14:49.0515 2644 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
20:14:49.0546 2644 epmntdrv - ok
20:14:49.0609 2644 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:14:49.0656 2644 ERSvc - ok
20:14:49.0718 2644 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
20:14:49.0765 2644 EuGdiDrv - ok
20:14:49.0843 2644 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:14:49.0890 2644 Eventlog - ok
20:14:49.0968 2644 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:14:49.0968 2644 EventSystem - ok
20:14:50.0015 2644 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:14:50.0015 2644 Fastfat - ok
20:14:50.0078 2644 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:14:50.0125 2644 FastUserSwitchingCompatibility - ok
20:14:50.0156 2644 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
20:14:50.0156 2644 Fdc - ok
20:14:50.0171 2644 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:14:50.0171 2644 Fips - ok
20:14:50.0203 2644 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:14:50.0203 2644 Flpydisk - ok
20:14:50.0250 2644 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:14:50.0265 2644 FltMgr - ok
20:14:50.0375 2644 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:14:50.0484 2644 FontCache3.0.0.0 - ok
20:14:50.0546 2644 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
20:14:50.0578 2644 FsUsbExDisk - ok
20:14:50.0609 2644 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:14:50.0609 2644 Fs_Rec - ok
20:14:50.0640 2644 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:14:50.0656 2644 Ftdisk - ok
20:14:50.0703 2644 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:14:50.0703 2644 GEARAspiWDM - ok
20:14:50.0765 2644 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:14:50.0765 2644 Gpc - ok
20:14:51.0171 2644 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
20:14:51.0171 2644 hamachi - ok
20:14:51.0312 2644 [ DA1B48FDE74125128D0D846A3701D344 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
20:14:51.0593 2644 Hamachi2Svc - ok
20:14:51.0625 2644 [ 4D4D97671C63C3AF869B3518E6054204 ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
20:14:51.0640 2644 HBtnKey - ok
20:14:51.0734 2644 [ 2A6E9A118DA2DD0439551A7EB3A8F65E ] HdAudAddService C:\WINDOWS\system32\drivers\CHDAud.sys
20:14:51.0765 2644 HdAudAddService - ok
20:14:51.0812 2644 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:14:51.0828 2644 HDAudBus - ok
20:14:51.0921 2644 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:14:51.0953 2644 helpsvc - ok
20:14:52.0000 2644 [ BB1A6FB7D35A91E599973FA74A619056 ] HidIr C:\WINDOWS\system32\DRIVERS\hidir.sys
20:14:52.0031 2644 HidIr - ok
20:14:52.0140 2644 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:14:52.0187 2644 HidServ - ok
20:14:52.0250 2644 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:14:52.0250 2644 HidUsb - ok
20:14:52.0312 2644 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:14:52.0359 2644 hkmsvc - ok
20:14:52.0421 2644 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
20:14:52.0421 2644 hpn - ok
20:14:52.0468 2644 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
20:14:52.0515 2644 hpqwmiex - ok
20:14:52.0562 2644 [ 448C0FD272FE1B80046F4767DB21EB8D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:14:52.0562 2644 HSFHWAZL - ok
20:14:52.0625 2644 [ 2715A27DE9C17BDBAF6D6C79989A7B12 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:14:52.0687 2644 HSF_DPV - ok
20:14:52.0765 2644 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:14:52.0781 2644 HTTP - ok
20:14:53.0250 2644 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:14:53.0296 2644 HTTPFilter - ok
20:14:53.0328 2644 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
20:14:53.0328 2644 i2omgmt - ok
20:14:53.0359 2644 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:14:53.0375 2644 i2omp - ok
20:14:53.0421 2644 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:14:53.0421 2644 i8042prt - ok
20:14:53.0531 2644 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
20:14:53.0546 2644 iaStor - ok
20:14:53.0703 2644 [ 299F68C088B7C55CF1AC48980A1FCA21 ] iComp C:\WINDOWS\system32\DRIVERS\p2usbwdm.sys
20:14:53.0796 2644 iComp - ok
20:14:53.0921 2644 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:14:53.0953 2644 IDriverT - ok
20:14:54.0078 2644 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:14:54.0250 2644 idsvc - ok
20:14:54.0281 2644 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:14:54.0281 2644 Imapi - ok
20:14:54.0437 2644 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:14:54.0437 2644 ImapiService - ok
20:14:54.0468 2644 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:14:54.0468 2644 ini910u - ok
20:14:54.0500 2644 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:14:54.0500 2644 IntelIde - ok
20:14:54.0546 2644 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:14:54.0546 2644 intelppm - ok
20:14:54.0578 2644 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:14:54.0578 2644 Ip6Fw - ok
20:14:54.0640 2644 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:14:54.0640 2644 IpFilterDriver - ok
20:14:54.0656 2644 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:14:54.0656 2644 IpInIp - ok
20:14:54.0703 2644 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:14:54.0703 2644 IpNat - ok
20:14:54.0781 2644 [ 8F610078437A459948480407F4DB91EA ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:14:54.0828 2644 iPod Service - ok
20:14:54.0859 2644 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:14:54.0875 2644 IPSec - ok
20:14:54.0890 2644 [ B43B36B382AEA10861F7C7A37F9D4AE2 ] IrBus C:\WINDOWS\system32\DRIVERS\IrBus.sys
20:14:54.0906 2644 IrBus - ok
20:14:54.0937 2644 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:14:54.0937 2644 IRENUM - ok
20:14:54.0953 2644 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:14:54.0953 2644 isapnp - ok
20:14:55.0078 2644 [ AA1E275CC4A98FCFC65AB5F8AB5B1ACC ] iZ3DInjectionDriver C:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys
20:14:55.0109 2644 iZ3DInjectionDriver - ok
20:14:55.0203 2644 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:14:55.0250 2644 JavaQuickStarterService - ok
20:14:55.0296 2644 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:14:55.0312 2644 Kbdclass - ok
20:14:55.0328 2644 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:14:55.0328 2644 kbdhid - ok
20:14:55.0343 2644 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:14:55.0359 2644 kmixer - ok
20:14:55.0468 2644 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:14:55.0468 2644 KSecDD - ok
20:14:55.0531 2644 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:14:55.0578 2644 lanmanserver - ok
20:14:55.0625 2644 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:14:55.0671 2644 lanmanworkstation - ok
20:14:55.0671 2644 lbrtfdc - ok
20:14:55.0750 2644 [ 86E8BCAA91FC2ACFACD99CF2BF9F1F47 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:14:55.0781 2644 LightScribeService - ok
20:14:55.0812 2644 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:14:55.0843 2644 LmHosts - ok
20:14:55.0890 2644 [ 4C14B1315E7BE1838E11C34D368E94BF ] Macromedia Licensing Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
20:14:55.0937 2644 Macromedia Licensing Service - ok
20:14:56.0000 2644 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
20:14:56.0046 2644 McrdSvc - ok
20:14:56.0109 2644 [ 74F4372AF97A587ECEC527EC34955712 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:14:56.0109 2644 mdmxsdk - ok
20:14:56.0156 2644 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:14:56.0203 2644 Messenger - ok
20:14:56.0234 2644 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
20:14:56.0265 2644 MHN - ok
20:14:56.0296 2644 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:14:56.0296 2644 MHNDRV - ok
20:14:56.0343 2644 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:14:56.0343 2644 mnmdd - ok
20:14:56.0421 2644 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:14:56.0453 2644 mnmsrvc - ok
20:14:56.0484 2644 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:14:56.0484 2644 Modem - ok
20:14:56.0531 2644 [ 69CD0527A73636990967093674A176E2 ] motccgp C:\WINDOWS\system32\DRIVERS\motccgp.sys
20:14:56.0531 2644 motccgp - ok
20:14:56.0578 2644 [ AAD6191A4DAA519F04AB12B2AF73E356 ] motccgpfl C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
20:14:56.0593 2644 motccgpfl - ok
20:14:56.0625 2644 [ 20FF89C59B0A50F53822303064988E00 ] MotDev C:\WINDOWS\system32\DRIVERS\motodrv.sys
20:14:56.0625 2644 MotDev - ok
20:14:56.0671 2644 [ FE80C18BA448DDD76B7BEAD9EB203D37 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys
20:14:56.0671 2644 motmodem - ok
20:14:56.0687 2644 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:14:56.0703 2644 Mouclass - ok
20:14:56.0750 2644 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:14:56.0750 2644 mouhid - ok
20:14:56.0796 2644 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:14:56.0796 2644 MountMgr - ok
20:14:56.0859 2644 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:14:56.0906 2644 MozillaMaintenance - ok
20:14:56.0937 2644 [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
20:14:56.0953 2644 MQAC - ok
20:14:57.0015 2644 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:14:57.0015 2644 mraid35x - ok
20:14:57.0031 2644 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:14:57.0031 2644 MRxDAV - ok
20:14:57.0109 2644 [ 0FF0FB35E1B225DC3D230A6BAE2DBB6E ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:14:57.0156 2644 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: 0FF0FB35E1B225DC3D230A6BAE2DBB6E, Fake md5: 7D304A5EB4344EBEEAB53A2FE3FFB9F0
20:14:57.0171 2644 MRxSmb ( Virus.Win32.ZAccess.aml ) - infected
20:14:57.0171 2644 MRxSmb - detected Virus.Win32.ZAccess.aml (0)
20:14:57.0234 2644 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:14:57.0265 2644 MSDTC - ok
20:14:57.0312 2644 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:14:57.0312 2644 Msfs - ok
20:14:57.0328 2644 MSIServer - ok
20:14:57.0359 2644 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:14:57.0359 2644 MSKSSRV - ok
20:14:57.0390 2644 [ AFB909B537AAE1BEAE7BBDB6A36D40B0 ] MSMQ C:\WINDOWS\system32\mqsvc.exe
20:14:57.0421 2644 MSMQ - ok
20:14:57.0453 2644 [ 7F955FF3B1BB93376EBE75D5ACCDC6DB ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe
20:14:57.0500 2644 MSMQTriggers - ok
20:14:57.0515 2644 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:14:57.0515 2644 MSPCLOCK - ok
20:14:57.0531 2644 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:14:57.0546 2644 MSPQM - ok
20:14:57.0578 2644 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:14:57.0578 2644 mssmbios - ok
20:14:57.0656 2644 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:14:57.0656 2644 MSTEE - ok
20:14:57.0687 2644 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:14:57.0687 2644 Mup - ok
20:14:57.0734 2644 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:14:57.0765 2644 NABTSFEC - ok
20:14:57.0828 2644 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:14:57.0890 2644 napagent - ok
20:14:57.0921 2644 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:14:57.0921 2644 NDIS - ok
20:14:57.0953 2644 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:14:57.0968 2644 NdisIP - ok
20:14:58.0031 2644 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:14:58.0062 2644 NdisTapi - ok
20:14:58.0093 2644 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:14:58.0109 2644 Ndisuio - ok
20:14:58.0156 2644 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:14:58.0203 2644 NdisWan - ok
20:14:58.0453 2644 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:14:58.0500 2644 NDProxy - ok
20:14:58.0546 2644 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:14:58.0578 2644 NetBIOS - ok
20:14:58.0609 2644 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:14:58.0625 2644 NetBT - ok
20:14:58.0671 2644 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:14:58.0703 2644 NetDDE - ok
20:14:58.0703 2644 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:14:58.0718 2644 NetDDEdsdm - ok
20:14:58.0750 2644 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:14:58.0781 2644 Netlogon - ok
20:14:59.0125 2644 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:14:59.0187 2644 Netman - ok
20:14:59.0281 2644 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:14:59.0406 2644 NetTcpPortSharing - ok
20:14:59.0437 2644 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:14:59.0437 2644 NIC1394 - ok
20:14:59.0531 2644 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:14:59.0593 2644 Nla - ok
20:14:59.0640 2644 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:14:59.0640 2644 Npfs - ok
20:14:59.0687 2644 [ 53F7546E8DAEFB3A0813F5E19C4613C9 ] NSNDIS5 C:\WINDOWS\system32\NSNDIS5.SYS
20:14:59.0734 2644 NSNDIS5 - ok
20:14:59.0859 2644 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:15:00.0312 2644 Ntfs - ok
20:15:00.0343 2644 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:15:00.0343 2644 NtLmSsp - ok
20:15:00.0421 2644 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:15:00.0453 2644 NtmsSvc - ok
20:15:00.0515 2644 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:15:00.0515 2644 Null - ok
20:15:01.0312 2644 [ D42FB8615E810901779294F5627364FE ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:15:01.0625 2644 nv - ok
20:15:01.0656 2644 [ 755D3A2DE4B05024F90430FE32FF26A5 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
20:15:01.0687 2644 NVSvc - ok
20:15:01.0718 2644 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:15:01.0718 2644 NwlnkFlt - ok
20:15:01.0750 2644 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:15:01.0750 2644 NwlnkFwd - ok
20:15:01.0796 2644 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:15:01.0843 2644 ohci1394 - ok
20:15:01.0937 2644 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:15:01.0968 2644 ose - ok
20:15:02.0015 2644 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
20:15:02.0015 2644 Parport - ok
20:15:02.0062 2644 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:15:02.0062 2644 PartMgr - ok
20:15:02.0109 2644 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:15:02.0109 2644 ParVdm - ok
20:15:02.0109 2644 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:15:02.0109 2644 PCI - ok
20:15:02.0125 2644 PCIDump - ok
20:15:02.0156 2644 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:15:02.0156 2644 PCIIde - ok
20:15:02.0171 2644 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:15:02.0171 2644 Pcmcia - ok
20:15:02.0187 2644 PDCOMP - ok
20:15:02.0187 2644 PDFRAME - ok
20:15:02.0203 2644 PDRELI - ok
20:15:02.0203 2644 PDRFRAME - ok
20:15:02.0250 2644 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
20:15:02.0250 2644 perc2 - ok
20:15:02.0265 2644 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:15:02.0265 2644 perc2hib - ok
20:15:02.0328 2644 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:15:02.0328 2644 PlugPlay - ok
20:15:02.0359 2644 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:15:02.0359 2644 PolicyAgent - ok
20:15:02.0421 2644 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:15:02.0453 2644 PptpMiniport - ok
20:15:02.0453 2644 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:15:02.0453 2644 ProtectedStorage - ok
20:15:02.0468 2644 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:15:02.0468 2644 PSched - ok
20:15:02.0500 2644 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:15:02.0500 2644 Ptilink - ok
20:15:02.0500 2644 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:15:02.0500 2644 PxHelp20 - ok
20:15:02.0562 2644 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:15:02.0578 2644 ql1080 - ok
20:15:02.0609 2644 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:15:02.0609 2644 Ql10wnt - ok
20:15:02.0625 2644 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:15:02.0625 2644 ql12160 - ok
20:15:02.0640 2644 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:15:02.0671 2644 ql1240 - ok
20:15:02.0718 2644 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:15:02.0718 2644 ql1280 - ok
20:15:02.0734 2644 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:15:02.0734 2644 RasAcd - ok
20:15:02.0781 2644 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:15:02.0812 2644 RasAuto - ok
20:15:03.0125 2644 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:15:03.0125 2644 Rasl2tp - ok
20:15:03.0187 2644 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:15:03.0234 2644 RasMan - ok
20:15:03.0234 2644 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:15:03.0234 2644 RasPppoe - ok
20:15:03.0281 2644 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:15:03.0281 2644 Raspti - ok
20:15:03.0296 2644 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:15:03.0312 2644 Rdbss - ok
20:15:03.0328 2644 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:15:03.0328 2644 RDPCDD - ok
20:15:03.0359 2644 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:15:03.0375 2644 rdpdr - ok
20:15:03.0421 2644 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:15:03.0437 2644 RDPWD - ok
20:15:03.0500 2644 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:15:03.0531 2644 RDSessMgr - ok
20:15:03.0562 2644 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:15:03.0578 2644 redbook - ok
20:15:03.0640 2644 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:15:03.0656 2644 RemoteAccess - ok
20:15:03.0703 2644 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:15:03.0750 2644 RemoteRegistry - ok
20:15:03.0812 2644 [ 7A6648B61661B1421FFAB762E391E33F ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
20:15:03.0828 2644 rimmptsk - ok
20:15:03.0875 2644 [ D0A35B7670AA3558EAAB483F64446496 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
20:15:03.0875 2644 rimsptsk - ok
20:15:03.0890 2644 [ 3AC17802740C3A4764DC9750E92E6233 ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
20:15:03.0906 2644 rismxdp - ok
20:15:04.0000 2644 [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys
20:15:04.0000 2644 RMCAST - ok
20:15:04.0078 2644 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:15:04.0140 2644 RpcLocator - ok
20:15:04.0187 2644 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:15:04.0187 2644 RpcSs - ok
20:15:04.0265 2644 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:15:04.0296 2644 RSVP - ok
20:15:04.0343 2644 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:15:04.0343 2644 rtl8139 - ok
20:15:04.0421 2644 [ 85005FE943290205A2576135D44D1AA2 ] S3DSvc32 C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
20:15:04.0484 2644 S3DSvc32 - ok
20:15:04.0515 2644 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:15:04.0515 2644 SamSs - ok
20:15:04.0546 2644 [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port C:\WINDOWS\system32\DRIVERS\sbp2port.sys
20:15:04.0546 2644 sbp2port - ok
20:15:04.0562 2644 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:15:04.0593 2644 SCardSvr - ok
20:15:04.0656 2644 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:15:04.0687 2644 Schedule - ok
20:15:04.0718 2644 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:15:04.0718 2644 sdbus - ok
20:15:04.0765 2644 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:15:04.0765 2644 Secdrv - ok
20:15:04.0812 2644 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:15:05.0156 2644 seclogon - ok
20:15:05.0187 2644 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:15:05.0187 2644 SENS - ok
20:15:05.0218 2644 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
20:15:05.0218 2644 Serial - ok
20:15:05.0296 2644 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
20:15:05.0296 2644 sffdisk - ok
20:15:05.0343 2644 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
20:15:05.0390 2644 sffp_sd - ok
20:15:05.0406 2644 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:15:05.0406 2644 Sfloppy - ok
20:15:05.0437 2644 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:15:05.0437 2644 ShellHWDetection - ok
20:15:05.0453 2644 Simbad - ok
20:15:05.0468 2644 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:15:05.0468 2644 sisagp - ok
20:15:05.0765 2644 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:15:06.0078 2644 Skype C2C Service - ok
20:15:06.0156 2644 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:15:06.0343 2644 SkypeUpdate - ok
20:15:06.0406 2644 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:15:06.0406 2644 SLIP - ok
20:15:06.0484 2644 [ FAC7B89330E20713950925050C91CD04 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
20:15:06.0500 2644 SNP2UVC - ok
20:15:06.0625 2644 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:15:06.0687 2644 Sparrow - ok
20:15:06.0718 2644 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:15:06.0734 2644 splitter - ok
20:15:06.0843 2644 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:15:06.0921 2644 Spooler - ok
20:15:07.0171 2644 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:15:07.0203 2644 sr - ok
20:15:07.0265 2644 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:15:07.0343 2644 srservice - ok
20:15:07.0468 2644 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:15:07.0500 2644 Srv - ok
20:15:07.0531 2644 [ B2063CE662AF3AB20045121A5B716DF6 ] sscebus C:\WINDOWS\system32\DRIVERS\sscebus.sys
20:15:07.0546 2644 sscebus - ok
20:15:07.0593 2644 [ 66799DC0AFE3DCAF8368CAE17394A762 ] sscemdfl C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
20:15:07.0593 2644 sscemdfl - ok
20:15:07.0640 2644 [ CBF03FFC08F8DB547BAB2F79AA663D16 ] sscemdm C:\WINDOWS\system32\DRIVERS\sscemdm.sys
20:15:07.0640 2644 sscemdm - ok
20:15:07.0656 2644 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:15:07.0687 2644 SSDPSRV - ok
20:15:07.0734 2644 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:15:07.0734 2644 ssmdrv - ok
20:15:07.0796 2644 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:15:07.0859 2644 stisvc - ok
20:15:07.0937 2644 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:15:07.0953 2644 streamip - ok
20:15:07.0968 2644 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:15:07.0968 2644 swenum - ok
20:15:08.0078 2644 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:15:08.0140 2644 SwitchBoard - ok
20:15:08.0171 2644 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:15:08.0171 2644 swmidi - ok
20:15:08.0187 2644 SwPrv - ok
20:15:08.0234 2644 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
20:15:08.0250 2644 symc810 - ok
20:15:08.0265 2644 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:15:08.0265 2644 symc8xx - ok
20:15:08.0296 2644 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:15:08.0296 2644 sym_hi - ok
20:15:08.0312 2644 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:15:08.0312 2644 sym_u3 - ok
20:15:08.0375 2644 [ D7B9AD3ABD0F7F9F694D71F38B5C7B72 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:15:08.0375 2644 SynTP - ok
20:15:08.0484 2644 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:15:08.0484 2644 sysaudio - ok
20:15:08.0546 2644 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:15:08.0593 2644 SysmonLog - ok
20:15:08.0703 2644 [ 126D7B3B4C7B724491C604060E1F4E14 ] tandpl C:\WINDOWS\system32\drivers\tandpl.sys
20:15:08.0703 2644 tandpl - ok
20:15:08.0718 2644 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:15:08.0765 2644 TapiSrv - ok
20:15:08.0843 2644 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:15:08.0843 2644 Tcpip - ok
20:15:08.0890 2644 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:15:08.0906 2644 TDPIPE - ok
20:15:08.0953 2644 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:15:08.0953 2644 TDTCP - ok
20:15:08.0984 2644 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:15:08.0984 2644 TermDD - ok
20:15:09.0062 2644 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:15:09.0140 2644 TermService - ok
20:15:09.0156 2644 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:15:09.0171 2644 Themes - ok
20:15:09.0250 2644 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:15:09.0281 2644 TlntSvr - ok
20:15:09.0343 2644 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
20:15:09.0343 2644 TosIde - ok
20:15:09.0421 2644 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:15:09.0453 2644 TrkWks - ok
20:15:09.0500 2644 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:15:09.0500 2644 Udfs - ok
20:15:09.0515 2644 UIUSys - ok
20:15:09.0562 2644 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
20:15:09.0562 2644 ultra - ok
20:15:09.0671 2644 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:15:09.0687 2644 Update - ok
20:15:09.0734 2644 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:15:09.0828 2644 upnphost - ok
20:15:09.0921 2644 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:15:09.0984 2644 UPS - ok
20:15:10.0062 2644 [ C1CA131F4E3ED63D6BC89A35FFAD4CDA ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
20:15:10.0062 2644 USBAAPL - ok
20:15:10.0125 2644 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:15:10.0156 2644 usbccgp - ok
20:15:10.0171 2644 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:15:10.0171 2644 usbehci - ok
20:15:10.0234 2644 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:15:10.0250 2644 usbhub - ok
20:15:10.0281 2644 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:15:10.0281 2644 usbprint - ok
20:15:10.0328 2644 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:15:10.0343 2644 usbscan - ok
20:15:10.0359 2644 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:15:10.0359 2644 USBSTOR - ok
20:15:10.0406 2644 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:15:10.0406 2644 usbuhci - ok
20:15:10.0453 2644 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:15:10.0453 2644 VgaSave - ok
20:15:10.0500 2644 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:15:10.0500 2644 viaagp - ok
20:15:10.0531 2644 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
20:15:10.0531 2644 ViaIde - ok
20:15:10.0750 2644 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:15:10.0765 2644 VolSnap - ok
20:15:10.0812 2644 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:15:10.0921 2644 VSS - ok
20:15:10.0953 2644 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:15:10.0984 2644 W32Time - ok
20:15:11.0109 2644 [ C79918A5BD269035F3A34D157401B9DF ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
20:15:11.0125 2644 w39n51 - ok
20:15:11.0250 2644 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:15:11.0250 2644 Wanarp - ok
20:15:11.0312 2644 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:15:11.0328 2644 Wdf01000 - ok
20:15:11.0328 2644 WDICA - ok
20:15:11.0375 2644 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:15:11.0375 2644 wdmaud - ok
20:15:11.0421 2644 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:15:11.0453 2644 WebClient - ok
20:15:11.0500 2644 [ 7FE372B1AB60736CC67E8EB6F1FB1F5B ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:15:11.0531 2644 winachsf - ok
20:15:11.0656 2644 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:15:11.0687 2644 winmgmt - ok
20:15:11.0796 2644 [ CD99C9FEAE87C1963273F6B150251E33 ] WMConnectCDS C:\Program Files\Windows Media Connect 2\wmccds.exe
20:15:11.0937 2644 WMConnectCDS - ok
20:15:11.0984 2644 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:15:12.0015 2644 WmdmPmSN - ok
20:15:12.0187 2644 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:15:12.0375 2644 Wmi - ok
20:15:12.0437 2644 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:15:12.0453 2644 WmiAcpi - ok
20:15:12.0578 2644 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:15:12.0671 2644 WmiApSrv - ok
20:15:12.0703 2644 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:15:12.0718 2644 WpdUsb - ok
20:15:13.0281 2644 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:15:13.0734 2644 WPFFontCache_v0400 - ok
20:15:13.0796 2644 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:15:13.0828 2644 WS2IFSL - ok
20:15:13.0875 2644 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:15:13.0906 2644 WSTCODEC - ok
20:15:14.0046 2644 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:15:14.0093 2644 WudfPf - ok
20:15:14.0234 2644 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:15:14.0250 2644 WudfRd - ok
20:15:14.0312 2644 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:15:14.0359 2644 WudfSvc - ok
20:15:14.0656 2644 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:15:14.0828 2644 WZCSVC - ok
20:15:14.0937 2644 [ DDD8286B88FE764AD2A8BD171E7B569A ] xmasbus C:\WINDOWS\system32\DRIVERS\xmasbus.sys
20:15:14.0953 2644 xmasbus - ok
20:15:14.0984 2644 [ 4059AD5E639FA47E334304CBE82E9572 ] xmasscsi C:\WINDOWS\system32\Drivers\xmasscsi.sys
20:15:15.0046 2644 xmasscsi - ok
20:15:15.0171 2644 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:15:15.0500 2644 xmlprov - ok
20:15:15.0609 2644 [ 09E5340BD9B2CB730BF4DC6BE7721291 ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys
20:15:15.0640 2644 xusb21 - ok
20:15:15.0671 2644 ================ Scan global ===============================
20:15:15.0750 2644 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:15:16.0031 2644 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:15:16.0500 2644 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:15:16.0531 2644 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:15:16.0546 2644 [Global] - ok
20:15:16.0546 2644 ================ Scan MBR ==================================
20:15:16.0578 2644 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:15:17.0218 2644 \Device\Harddisk0\DR0 - ok
20:15:17.0234 2644 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
20:15:17.0750 2644 \Device\Harddisk1\DR1 - ok
20:15:17.0765 2644 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR5
20:15:17.0890 2644 \Device\Harddisk2\DR5 - ok
20:15:17.0890 2644 ================ Scan VBR ==================================
20:15:17.0906 2644 [ 753DE2EF9A81B1EB402F59F5481CEBF4 ] \Device\Harddisk0\DR0\Partition1
20:15:17.0906 2644 \Device\Harddisk0\DR0\Partition1 - ok
20:15:17.0906 2644 [ 3B59C194A51BC13F2AEEECA7042E37E5 ] \Device\Harddisk1\DR1\Partition1
20:15:17.0921 2644 \Device\Harddisk1\DR1\Partition1 - ok
20:15:17.0921 2644 [ ABA4ABBBBA63DEDAF4F2A967E1D5A9B0 ] \Device\Harddisk2\DR5\Partition1
20:15:17.0921 2644 \Device\Harddisk2\DR5\Partition1 - ok
20:15:17.0921 2644 ============================================================
20:15:17.0921 2644 Scan finished
20:15:17.0921 2644 ============================================================
20:15:17.0937 2124 Detected object count: 1
20:15:17.0937 2124 Actual detected object count: 1
20:16:04.0703 2124 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
20:16:08.0484 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\@ - copied to quarantine
20:16:08.0515 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\Desktop.ini - copied to quarantine
20:16:08.0531 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\L\00000004.@ - copied to quarantine
20:16:08.0531 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\L\201d3dde - copied to quarantine
20:16:08.0593 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\L\trbssmgb - copied to quarantine
20:16:08.0625 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\U\00000004.@ - copied to quarantine
20:16:08.0640 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\U\00000008.@ - copied to quarantine
20:16:08.0671 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\U\000000cb.@ - copied to quarantine
20:16:08.0687 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\U\80000000.@ - copied to quarantine
20:16:08.0718 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\U\80000032.@ - copied to quarantine
20:16:13.0875 2124 Backup copy found, using it..
20:16:14.0640 2124 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
20:16:14.0703 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\@ - will be deleted on reboot
20:16:14.0703 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\Desktop.ini - will be deleted on reboot
20:16:14.0750 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\U\00000004.@ - will be deleted on reboot
20:16:14.0750 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\U\00000008.@ - will be deleted on reboot
20:16:14.0750 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\U\000000cb.@ - will be deleted on reboot
20:16:14.0750 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\U\80000000.@ - will be deleted on reboot
20:16:14.0750 2124 C:\WINDOWS\$NtUninstallKB54290$\3676704564\U\80000032.@ - will be deleted on reboot
20:16:14.0750 2124 C:\WINDOWS\$NtUninstallKB54290$\495035092 - will be deleted on reboot
20:16:14.0765 2124 MRxSmb ( Virus.Win32.ZAccess.aml ) - User select action: Cure
20:16:50.0140 5356 Deinitialize success




20:20:00.0234 0816 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
20:20:01.0468 0816 ============================================================
20:20:01.0468 0816 Current date / time: 2012/10/22 20:20:01.0468
20:20:01.0468 0816 SystemInfo:
20:20:01.0468 0816
20:20:01.0468 0816 OS Version: 5.1.2600 ServicePack: 3.0
20:20:01.0468 0816 Product type: Workstation
20:20:01.0468 0816 ComputerName: TRISKELION
20:20:01.0468 0816 UserName: Gary
20:20:01.0468 0816 Windows directory: C:\WINDOWS
20:20:01.0468 0816 System windows directory: C:\WINDOWS
20:20:01.0468 0816 Processor architecture: Intel x86
20:20:01.0468 0816 Number of processors: 2
20:20:01.0484 0816 Page size: 0x1000
20:20:01.0484 0816 Boot type: Normal boot
20:20:01.0484 0816 ============================================================
20:20:38.0093 0816 BG loaded
20:20:39.0156 0816 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:20:39.0281 0816 Drive \Device\Harddisk1\DR1 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:20:39.0406 0816 Drive \Device\Harddisk2\DR5 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:20:39.0406 0816 ============================================================
20:20:39.0406 0816 \Device\Harddisk0\DR0:
20:20:39.0468 0816 MBR partitions:
20:20:39.0468 0816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB84F13F
20:20:39.0468 0816 \Device\Harddisk1\DR1:
20:20:39.0468 0816 MBR partitions:
20:20:39.0468 0816 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA50E02
20:20:39.0468 0816 \Device\Harddisk2\DR5:
20:20:39.0468 0816 MBR partitions:
20:20:39.0468 0816 \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
20:20:39.0468 0816 ============================================================
20:20:40.0296 0816 C: <-> \Device\Harddisk0\DR0\Partition1
20:20:40.0328 0816 D: <-> \Device\Harddisk1\DR1\Partition1
20:20:40.0875 0816 H: <-> \Device\Harddisk2\DR5\Partition1
20:20:41.0156 0816 ============================================================
20:20:41.0156 0816 Initialize success
20:20:41.0156 0816 ============================================================
20:26:34.0062 0744 Deinitialize success








Next, I ran ASWMBR, which produced this log:



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-22 20:27:20
-----------------------------
20:27:20.843 OS Version: Windows 5.1.2600 Service Pack 3
20:27:20.843 Number of processors: 2 586 0xF06
20:27:20.843 ComputerName: TRISKELION UserName: Gary
20:27:33.562 Initialize success
20:42:26.375 AVAST engine defs: 12102201
20:43:10.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:43:10.968 Disk 0 Vendor: FUJITSU_ 892C Size: 95396MB BusType: 3
20:43:10.984 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
20:43:10.984 Disk 1 Vendor: FUJITSU_ 892C Size: 95396MB BusType: 3
20:43:11.015 Disk 0 MBR read successfully
20:43:11.031 Disk 0 MBR scan
20:43:11.093 Disk 0 Windows XP default MBR code
20:43:11.093 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 94366 MB offset 63
20:43:11.140 Disk 0 Partition 2 00 D7 NTFS 1027 MB offset 193262013
20:43:11.156 Disk 0 scanning sectors +195366465
20:43:11.265 Disk 0 scanning C:\WINDOWS\system32\drivers
20:43:35.390 Service scanning
20:44:07.265 Modules scanning
20:44:16.234 Disk 0 trace - called modules:
20:44:16.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
20:44:16.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83f5eab8]
20:44:16.343 3 CLASSPNP.SYS[f75c3fd7] -> nt!IofCallDriver -> \Device\00000091[0x83f7ca20]
20:44:16.359 5 ACPI.sys[f740c620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x83f5d030]
20:44:17.156 AVAST engine scan C:\WINDOWS
20:44:29.203 AVAST engine scan C:\WINDOWS\system32
20:50:19.031 AVAST engine scan C:\WINDOWS\system32\drivers
20:50:45.828 AVAST engine scan C:\Documents and Settings\Gary
21:24:53.531 AVAST engine scan C:\Documents and Settings\All Users
21:31:25.937 Scan finished successfully
21:32:18.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gary\Desktop\MBR.dat"
21:32:18.515 The log file has been saved successfully to "C:\Documents and Settings\Gary\Desktop\aswMBR.txt"






...and then the lengthy ESET scan, which seems to have at last found something! I see here that it found a Redirector trojan, which neither Avira nor MalwareBytes (nor TDSS/ASWMBR) located. It also found and appropriated the contents of the TDSSKiller quarantine - hopefully that isn't an issue.


C:\Documents and Settings\Gary\Local Settings\Application Data\{2CB7FF6B-F3A1-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.10.2012_20.14.19\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.10.2012_20.14.19\rtkt0000\zafs0000\tsk0001.dta Win32/Sirefef.EZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.10.2012_20.14.19\rtkt0000\zafs0000\tsk0005.dta Win32/Conedex.D trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.10.2012_20.14.19\rtkt0000\zafs0000\tsk0006.dta Win32/Sirefef.FG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.10.2012_20.14.19\rtkt0000\zafs0000\tsk0007.dta Win32/Conedex.E trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.10.2012_20.14.19\rtkt0000\zafs0000\tsk0008.dta a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.10.2012_20.14.19\rtkt0000\zafs0000\tsk0009.dta probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined



Any advice on further action?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:07 PM

Posted 23 October 2012 - 11:36 AM

Run TDSSkiller again and post the new log

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 antipode56

antipode56
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 24 October 2012 - 01:36 PM

Sorry for the delay. Here we go:





10:23:18.0578 2852 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
10:23:19.0234 2852 ============================================================
10:23:19.0234 2852 Current date / time: 2012/10/23 10:23:19.0234
10:23:19.0234 2852 SystemInfo:
10:23:19.0234 2852
10:23:19.0234 2852 OS Version: 5.1.2600 ServicePack: 3.0
10:23:19.0234 2852 Product type: Workstation
10:23:19.0234 2852 ComputerName: TRISKELION
10:23:19.0234 2852 UserName: Gary
10:23:19.0234 2852 Windows directory: C:\WINDOWS
10:23:19.0234 2852 System windows directory: C:\WINDOWS
10:23:19.0234 2852 Processor architecture: Intel x86
10:23:19.0234 2852 Number of processors: 2
10:23:19.0234 2852 Page size: 0x1000
10:23:19.0234 2852 Boot type: Normal boot
10:23:19.0234 2852 ============================================================
10:23:20.0171 2852 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:23:20.0531 2852 Drive \Device\Harddisk1\DR1 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:23:20.0578 2852 Drive \Device\Harddisk2\DR5 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:23:20.0578 2852 ============================================================
10:23:20.0578 2852 \Device\Harddisk0\DR0:
10:23:20.0593 2852 MBR partitions:
10:23:20.0593 2852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB84F13F
10:23:20.0593 2852 \Device\Harddisk1\DR1:
10:23:20.0593 2852 MBR partitions:
10:23:20.0593 2852 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA50E02
10:23:20.0593 2852 \Device\Harddisk2\DR5:
10:23:20.0593 2852 MBR partitions:
10:23:20.0593 2852 \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
10:23:20.0593 2852 ============================================================
10:23:20.0750 2852 C: <-> \Device\Harddisk0\DR0\Partition1
10:23:20.0812 2852 D: <-> \Device\Harddisk1\DR1\Partition1
10:23:20.0875 2852 H: <-> \Device\Harddisk2\DR5\Partition1
10:23:20.0890 2852 ============================================================
10:23:20.0890 2852 Initialize success
10:23:20.0890 2852 ============================================================
10:23:47.0453 2208 ============================================================
10:23:47.0453 2208 Scan started
10:23:47.0453 2208 Mode: Manual; TDLFS;
10:23:47.0453 2208 ============================================================
10:23:47.0734 2208 ================ Scan system memory ========================
10:23:47.0734 2208 System memory - ok
10:23:47.0734 2208 ================ Scan services =============================
10:23:48.0187 2208 [ D2142FEE659D97B2B05820F21594BFE2 ] 5U870CAP_VID_1262&PID_25FD C:\WINDOWS\system32\Drivers\5U870CAP.sys
10:23:48.0234 2208 5U870CAP_VID_1262&PID_25FD - ok
10:23:48.0250 2208 Abiosdsk - ok
10:23:48.0265 2208 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:23:48.0281 2208 abp480n5 - ok
10:23:48.0343 2208 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:23:48.0343 2208 ACPI - ok
10:23:48.0359 2208 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:23:48.0359 2208 ACPIEC - ok
10:23:48.0515 2208 [ 746742588C07DB53731143229E2EE450 ] AddFiltr C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
10:23:48.0531 2208 AddFiltr - ok
10:23:48.0625 2208 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
10:23:48.0640 2208 Adobe LM Service - ok
10:23:48.0687 2208 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:23:48.0718 2208 adpu160m - ok
10:23:48.0734 2208 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:23:48.0765 2208 aec - ok
10:23:48.0828 2208 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:23:48.0843 2208 AFD - ok
10:23:48.0890 2208 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
10:23:48.0906 2208 agp440 - ok
10:23:48.0921 2208 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:23:48.0937 2208 agpCPQ - ok
10:23:48.0984 2208 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:23:49.0000 2208 Aha154x - ok
10:23:49.0015 2208 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:23:49.0031 2208 aic78u2 - ok
10:23:49.0046 2208 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:23:49.0062 2208 aic78xx - ok
10:23:49.0109 2208 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:23:49.0125 2208 Alerter - ok
10:23:49.0156 2208 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:23:49.0156 2208 ALG - ok
10:23:49.0171 2208 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
10:23:49.0187 2208 AliIde - ok
10:23:49.0203 2208 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:23:49.0218 2208 alim1541 - ok
10:23:49.0234 2208 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:23:49.0250 2208 amdagp - ok
10:23:49.0265 2208 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
10:23:49.0265 2208 amsint - ok
10:23:49.0359 2208 [ 548DFB36A6B1A8123BBA4DCFE0BEAD83 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:23:49.0453 2208 AntiVirSchedulerService - ok
10:23:49.0500 2208 [ 2FC40C57EECC7C7E400654605E76A0B3 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:23:49.0515 2208 AntiVirService - ok
10:23:49.0625 2208 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:23:49.0640 2208 Apple Mobile Device - ok
10:23:49.0718 2208 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:23:49.0734 2208 AppMgmt - ok
10:23:49.0781 2208 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:23:49.0796 2208 Arp1394 - ok
10:23:49.0843 2208 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
10:23:49.0843 2208 asc - ok
10:23:49.0859 2208 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:23:49.0875 2208 asc3350p - ok
10:23:49.0890 2208 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:23:49.0906 2208 asc3550 - ok
10:23:50.0031 2208 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:23:50.0078 2208 aspnet_state - ok
10:23:50.0109 2208 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:23:50.0109 2208 AsyncMac - ok
10:23:50.0156 2208 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:23:50.0171 2208 atapi - ok
10:23:50.0187 2208 Atdisk - ok
10:23:50.0203 2208 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:23:50.0218 2208 Atmarpc - ok
10:23:50.0265 2208 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:23:50.0281 2208 AudioSrv - ok
10:23:50.0296 2208 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:23:50.0328 2208 audstub - ok
10:23:50.0390 2208 [ 583B68234A159BA64090F3CAE7360F03 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:23:50.0421 2208 avgntflt - ok
10:23:50.0515 2208 [ C499333D8915597FE415F0058EFFD7D2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:23:50.0546 2208 avipbb - ok
10:23:50.0625 2208 [ 52EC5F852B42136C513B9009A3C27891 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
10:23:50.0640 2208 avkmgr - ok
10:23:50.0718 2208 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:23:50.0718 2208 Beep - ok
10:23:50.0859 2208 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:23:50.0890 2208 Bonjour Service - ok
10:23:50.0906 2208 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
10:23:50.0921 2208 Browser - ok
10:23:50.0937 2208 [ 4272BAB9291D26DA5AC913BC79C3CE85 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
10:23:50.0953 2208 BTWUSB - ok
10:23:51.0000 2208 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:23:51.0000 2208 cbidf - ok
10:23:51.0015 2208 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:23:51.0015 2208 cbidf2k - ok
10:23:51.0078 2208 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:23:51.0078 2208 CCDECODE - ok
10:23:51.0140 2208 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:23:51.0156 2208 cd20xrnt - ok
10:23:51.0187 2208 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:23:51.0187 2208 Cdaudio - ok
10:23:51.0218 2208 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:23:51.0234 2208 Cdfs - ok
10:23:51.0250 2208 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:23:51.0250 2208 Cdrom - ok
10:23:51.0265 2208 CFcatchme - ok
10:23:51.0265 2208 Changer - ok
10:23:51.0328 2208 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:23:51.0343 2208 CiSvc - ok
10:23:51.0359 2208 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:23:51.0375 2208 ClipSrv - ok
10:23:51.0437 2208 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:23:51.0593 2208 clr_optimization_v2.0.50727_32 - ok
10:23:51.0687 2208 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:23:51.0703 2208 clr_optimization_v4.0.30319_32 - ok
10:23:51.0750 2208 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:23:51.0750 2208 CmBatt - ok
10:23:51.0796 2208 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:23:51.0796 2208 CmdIde - ok
10:23:51.0828 2208 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:23:51.0828 2208 Compbatt - ok
10:23:51.0843 2208 COMSysApp - ok
10:23:51.0906 2208 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:23:51.0906 2208 Cpqarray - ok
10:23:51.0953 2208 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:23:51.0968 2208 CryptSvc - ok
10:23:52.0078 2208 [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv C:\Program Files\Creative\Shared Files\CTDevSrv.exe
10:23:52.0078 2208 CTDevice_Srv - ok
10:23:52.0140 2208 [ 8E26D772F53B7883A651E0E4A9598F21 ] CTUPnPSv C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
10:23:52.0156 2208 CTUPnPSv - ok
10:23:52.0187 2208 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:23:52.0203 2208 dac2w2k - ok
10:23:52.0265 2208 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:23:52.0281 2208 dac960nt - ok
10:23:52.0343 2208 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:23:52.0343 2208 DcomLaunch - ok
10:23:52.0390 2208 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:23:52.0406 2208 Dhcp - ok
10:23:52.0421 2208 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:23:52.0437 2208 Disk - ok
10:23:52.0437 2208 dmadmin - ok
10:23:52.0515 2208 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:23:52.0578 2208 dmboot - ok
10:23:52.0593 2208 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:23:52.0609 2208 dmio - ok
10:23:52.0656 2208 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:23:52.0656 2208 dmload - ok
10:23:52.0703 2208 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:23:52.0703 2208 dmserver - ok
10:23:52.0718 2208 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:23:52.0734 2208 DMusic - ok
10:23:52.0765 2208 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:23:52.0781 2208 Dnscache - ok
10:23:52.0843 2208 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:23:52.0890 2208 Dot3svc - ok
10:23:52.0921 2208 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:23:52.0984 2208 dpti2o - ok
10:23:53.0031 2208 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:23:53.0046 2208 drmkaud - ok
10:23:53.0093 2208 [ F239EC59B4A30266A4A7B081A5DEE0FC ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
10:23:53.0171 2208 e1express - ok
10:23:53.0218 2208 [ B5CB3084046146FD2587D8C9B219FEB4 ] eabfiltr C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
10:23:53.0218 2208 eabfiltr - ok
10:23:53.0296 2208 [ 231F4547AE1E4B3E60ECA66C3A96D218 ] eabusb C:\WINDOWS\system32\DRIVERS\eabusb.sys
10:23:53.0296 2208 eabusb - ok
10:23:53.0343 2208 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:23:53.0359 2208 EapHost - ok
10:23:53.0453 2208 [ D039A0C347632622934906BD59A4E1EA ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
10:23:53.0468 2208 ehRecvr - ok
10:23:53.0484 2208 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
10:23:53.0484 2208 ehSched - ok
10:23:53.0531 2208 [ B4556F3D468C8DCB0B259D9D866CD4C4 ] enodpl C:\WINDOWS\system32\drivers\enodpl.sys
10:23:53.0531 2208 enodpl - ok
10:23:53.0593 2208 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
10:23:53.0609 2208 epmntdrv - ok
10:23:53.0656 2208 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:23:53.0671 2208 ERSvc - ok
10:23:53.0703 2208 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
10:23:53.0703 2208 EuGdiDrv - ok
10:23:53.0750 2208 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:23:53.0781 2208 Eventlog - ok
10:23:53.0828 2208 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
10:23:53.0843 2208 EventSystem - ok
10:23:53.0859 2208 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:23:53.0890 2208 Fastfat - ok
10:23:53.0953 2208 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:23:53.0968 2208 FastUserSwitchingCompatibility - ok
10:23:54.0031 2208 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:23:54.0062 2208 Fdc - ok
10:23:54.0062 2208 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:23:54.0078 2208 Fips - ok
10:23:54.0109 2208 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:23:54.0140 2208 Flpydisk - ok
10:23:54.0203 2208 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:23:54.0281 2208 FltMgr - ok
10:23:54.0421 2208 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:23:54.0500 2208 FontCache3.0.0.0 - ok
10:23:54.0578 2208 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
10:23:54.0609 2208 FsUsbExDisk - ok
10:23:54.0718 2208 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:23:54.0765 2208 Fs_Rec - ok
10:23:54.0828 2208 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:23:54.0984 2208 Ftdisk - ok
10:23:55.0062 2208 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:23:55.0078 2208 GEARAspiWDM - ok
10:23:55.0156 2208 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:23:55.0187 2208 Gpc - ok
10:23:55.0265 2208 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
10:23:55.0281 2208 hamachi - ok
10:23:55.0921 2208 [ DA1B48FDE74125128D0D846A3701D344 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
10:23:56.0546 2208 Hamachi2Svc - ok
10:23:56.0625 2208 [ 4D4D97671C63C3AF869B3518E6054204 ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
10:23:56.0656 2208 HBtnKey - ok
10:23:56.0953 2208 [ 2A6E9A118DA2DD0439551A7EB3A8F65E ] HdAudAddService C:\WINDOWS\system32\drivers\CHDAud.sys
10:23:56.0968 2208 HdAudAddService - ok
10:23:57.0093 2208 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:23:57.0093 2208 HDAudBus - ok
10:23:57.0250 2208 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:23:57.0421 2208 helpsvc - ok
10:23:57.0468 2208 [ BB1A6FB7D35A91E599973FA74A619056 ] HidIr C:\WINDOWS\system32\DRIVERS\hidir.sys
10:23:57.0500 2208 HidIr - ok
10:23:57.0562 2208 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:23:57.0593 2208 HidServ - ok
10:23:57.0687 2208 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:23:57.0703 2208 HidUsb - ok
10:23:57.0828 2208 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:23:57.0859 2208 hkmsvc - ok
10:23:57.0968 2208 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
10:23:57.0984 2208 hpn - ok
10:23:58.0093 2208 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
10:23:58.0109 2208 hpqwmiex - ok
10:23:58.0187 2208 [ 448C0FD272FE1B80046F4767DB21EB8D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
10:23:58.0218 2208 HSFHWAZL - ok
10:23:58.0484 2208 [ 2715A27DE9C17BDBAF6D6C79989A7B12 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
10:23:58.0750 2208 HSF_DPV - ok
10:23:58.0890 2208 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:23:58.0921 2208 HTTP - ok
10:23:59.0000 2208 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:23:59.0000 2208 HTTPFilter - ok
10:23:59.0031 2208 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
10:23:59.0062 2208 i2omgmt - ok
10:23:59.0093 2208 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:23:59.0125 2208 i2omp - ok
10:23:59.0250 2208 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:23:59.0265 2208 i8042prt - ok
10:23:59.0546 2208 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
10:23:59.0562 2208 iaStor - ok
10:24:00.0281 2208 [ 299F68C088B7C55CF1AC48980A1FCA21 ] iComp C:\WINDOWS\system32\DRIVERS\p2usbwdm.sys
10:24:01.0531 2208 iComp - ok
10:24:01.0781 2208 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:24:01.0843 2208 IDriverT - ok
10:24:02.0296 2208 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:24:03.0062 2208 idsvc - ok
10:24:03.0093 2208 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:24:03.0125 2208 Imapi - ok
10:24:03.0250 2208 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:24:03.0250 2208 ImapiService - ok
10:24:03.0281 2208 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:24:03.0296 2208 ini910u - ok
10:24:03.0328 2208 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:24:03.0343 2208 IntelIde - ok
10:24:03.0437 2208 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:24:03.0437 2208 intelppm - ok
10:24:03.0468 2208 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:24:03.0500 2208 Ip6Fw - ok
10:24:03.0562 2208 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:24:03.0609 2208 IpFilterDriver - ok
10:24:03.0625 2208 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:24:03.0640 2208 IpInIp - ok
10:24:03.0750 2208 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:24:03.0921 2208 IpNat - ok
10:24:04.0281 2208 [ 8F610078437A459948480407F4DB91EA ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:24:04.0281 2208 iPod Service - ok
10:24:04.0406 2208 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:24:04.0562 2208 IPSec - ok
10:24:04.0781 2208 [ B43B36B382AEA10861F7C7A37F9D4AE2 ] IrBus C:\WINDOWS\system32\DRIVERS\IrBus.sys
10:24:04.0859 2208 IrBus - ok
10:24:04.0921 2208 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:24:04.0953 2208 IRENUM - ok
10:24:05.0000 2208 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:24:05.0062 2208 isapnp - ok
10:24:05.0296 2208 [ AA1E275CC4A98FCFC65AB5F8AB5B1ACC ] iZ3DInjectionDriver C:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys
10:24:05.0312 2208 iZ3DInjectionDriver - ok
10:24:05.0609 2208 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:24:05.0625 2208 JavaQuickStarterService - ok
10:24:05.0671 2208 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:24:05.0718 2208 Kbdclass - ok
10:24:05.0781 2208 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:24:05.0812 2208 kbdhid - ok
10:24:05.0906 2208 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:24:05.0906 2208 kmixer - ok
10:24:06.0000 2208 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:24:06.0062 2208 KSecDD - ok
10:24:06.0156 2208 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:24:06.0234 2208 lanmanserver - ok
10:24:06.0359 2208 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:24:06.0515 2208 lanmanworkstation - ok
10:24:06.0531 2208 lbrtfdc - ok
10:24:06.0640 2208 [ 86E8BCAA91FC2ACFACD99CF2BF9F1F47 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
10:24:06.0656 2208 LightScribeService - ok
10:24:06.0750 2208 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:24:06.0796 2208 LmHosts - ok
10:24:06.0968 2208 [ 4C14B1315E7BE1838E11C34D368E94BF ] Macromedia Licensing Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
10:24:07.0031 2208 Macromedia Licensing Service - ok
10:24:07.0109 2208 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
10:24:07.0156 2208 McrdSvc - ok
10:24:07.0265 2208 [ 74F4372AF97A587ECEC527EC34955712 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:24:07.0296 2208 mdmxsdk - ok
10:24:07.0437 2208 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:24:07.0625 2208 Messenger - ok
10:24:07.0703 2208 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
10:24:07.0750 2208 MHN - ok
10:24:07.0781 2208 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
10:24:07.0859 2208 MHNDRV - ok
10:24:07.0875 2208 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:24:07.0890 2208 mnmdd - ok
10:24:07.0953 2208 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:24:07.0968 2208 mnmsrvc - ok
10:24:08.0015 2208 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:24:08.0015 2208 Modem - ok
10:24:08.0093 2208 [ 69CD0527A73636990967093674A176E2 ] motccgp C:\WINDOWS\system32\DRIVERS\motccgp.sys
10:24:08.0125 2208 motccgp - ok
10:24:08.0203 2208 [ AAD6191A4DAA519F04AB12B2AF73E356 ] motccgpfl C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
10:24:08.0312 2208 motccgpfl - ok
10:24:08.0718 2208 [ 20FF89C59B0A50F53822303064988E00 ] MotDev C:\WINDOWS\system32\DRIVERS\motodrv.sys
10:24:08.0750 2208 MotDev - ok
10:24:08.0812 2208 [ FE80C18BA448DDD76B7BEAD9EB203D37 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys
10:24:08.0812 2208 motmodem - ok
10:24:08.0828 2208 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:24:08.0843 2208 Mouclass - ok
10:24:09.0000 2208 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:24:09.0015 2208 mouhid - ok
10:24:09.0062 2208 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:24:09.0109 2208 MountMgr - ok
10:24:09.0578 2208 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:24:09.0593 2208 MozillaMaintenance - ok
10:24:09.0640 2208 [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
10:24:09.0640 2208 MQAC - ok
10:24:09.0703 2208 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:24:09.0703 2208 mraid35x - ok
10:24:09.0718 2208 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:24:09.0734 2208 MRxDAV - ok
10:24:09.0796 2208 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:24:09.0828 2208 MRxSmb - ok
10:24:09.0890 2208 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:24:09.0890 2208 MSDTC - ok
10:24:09.0906 2208 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:24:09.0906 2208 Msfs - ok
10:24:09.0921 2208 MSIServer - ok
10:24:09.0953 2208 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:24:09.0953 2208 MSKSSRV - ok
10:24:09.0984 2208 [ AFB909B537AAE1BEAE7BBDB6A36D40B0 ] MSMQ C:\WINDOWS\system32\mqsvc.exe
10:24:09.0984 2208 MSMQ - ok
10:24:10.0015 2208 [ 7F955FF3B1BB93376EBE75D5ACCDC6DB ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe
10:24:10.0015 2208 MSMQTriggers - ok
10:24:10.0031 2208 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:24:10.0031 2208 MSPCLOCK - ok
10:24:10.0046 2208 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:24:10.0046 2208 MSPQM - ok
10:24:10.0078 2208 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:24:10.0078 2208 mssmbios - ok
10:24:10.0140 2208 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
10:24:10.0140 2208 MSTEE - ok
10:24:10.0187 2208 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:24:10.0218 2208 Mup - ok
10:24:10.0265 2208 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:24:10.0281 2208 NABTSFEC - ok
10:24:10.0359 2208 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:24:10.0390 2208 napagent - ok
10:24:10.0421 2208 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:24:10.0437 2208 NDIS - ok
10:24:10.0484 2208 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:24:10.0484 2208 NdisIP - ok
10:24:10.0546 2208 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:24:10.0546 2208 NdisTapi - ok
10:24:10.0593 2208 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:24:10.0593 2208 Ndisuio - ok
10:24:10.0625 2208 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:24:10.0625 2208 NdisWan - ok
10:24:10.0687 2208 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:24:10.0687 2208 NDProxy - ok
10:24:10.0750 2208 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:24:10.0765 2208 NetBIOS - ok
10:24:10.0812 2208 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:24:10.0828 2208 NetBT - ok
10:24:10.0875 2208 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:24:10.0875 2208 NetDDE - ok
10:24:10.0890 2208 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:24:10.0890 2208 NetDDEdsdm - ok
10:24:10.0921 2208 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:24:10.0937 2208 Netlogon - ok
10:24:10.0968 2208 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:24:10.0968 2208 Netman - ok
10:24:11.0015 2208 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:24:11.0031 2208 NetTcpPortSharing - ok
10:24:11.0062 2208 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:24:11.0062 2208 NIC1394 - ok
10:24:11.0156 2208 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
10:24:11.0156 2208 Nla - ok
10:24:11.0187 2208 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:24:11.0234 2208 Npfs - ok
10:24:11.0296 2208 [ 53F7546E8DAEFB3A0813F5E19C4613C9 ] NSNDIS5 C:\WINDOWS\system32\NSNDIS5.SYS
10:24:11.0359 2208 NSNDIS5 - ok
10:24:11.0453 2208 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:24:11.0515 2208 Ntfs - ok
10:24:11.0531 2208 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:24:11.0546 2208 NtLmSsp - ok
10:24:11.0687 2208 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:24:11.0781 2208 NtmsSvc - ok
10:24:11.0937 2208 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:24:12.0000 2208 Null - ok
10:24:12.0781 2208 [ D42FB8615E810901779294F5627364FE ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:24:13.0515 2208 nv - ok
10:24:13.0578 2208 [ 755D3A2DE4B05024F90430FE32FF26A5 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
10:24:13.0593 2208 NVSvc - ok
10:24:13.0625 2208 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:24:13.0640 2208 NwlnkFlt - ok
10:24:13.0656 2208 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:24:13.0671 2208 NwlnkFwd - ok
10:24:13.0718 2208 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:24:13.0718 2208 ohci1394 - ok
10:24:13.0843 2208 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:24:13.0859 2208 ose - ok
10:24:13.0890 2208 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:24:13.0906 2208 Parport - ok
10:24:13.0937 2208 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:24:13.0937 2208 PartMgr - ok
10:24:13.0984 2208 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:24:14.0000 2208 ParVdm - ok
10:24:14.0000 2208 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:24:14.0015 2208 PCI - ok
10:24:14.0015 2208 PCIDump - ok
10:24:14.0046 2208 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:24:14.0062 2208 PCIIde - ok
10:24:14.0062 2208 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:24:14.0078 2208 Pcmcia - ok
10:24:14.0093 2208 PDCOMP - ok
10:24:14.0109 2208 PDFRAME - ok
10:24:14.0109 2208 PDRELI - ok
10:24:14.0187 2208 PDRFRAME - ok
10:24:14.0234 2208 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
10:24:14.0250 2208 perc2 - ok
10:24:14.0296 2208 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:24:14.0296 2208 perc2hib - ok
10:24:14.0359 2208 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:24:14.0359 2208 PlugPlay - ok
10:24:14.0375 2208 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:24:14.0375 2208 PolicyAgent - ok
10:24:14.0390 2208 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:24:14.0406 2208 PptpMiniport - ok
10:24:14.0406 2208 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:24:14.0406 2208 ProtectedStorage - ok
10:24:14.0421 2208 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:24:14.0437 2208 PSched - ok
10:24:14.0437 2208 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:24:14.0453 2208 Ptilink - ok
10:24:14.0468 2208 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:24:14.0484 2208 PxHelp20 - ok
10:24:14.0515 2208 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:24:14.0515 2208 ql1080 - ok
10:24:14.0578 2208 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:24:14.0578 2208 Ql10wnt - ok
10:24:14.0609 2208 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:24:14.0625 2208 ql12160 - ok
10:24:14.0750 2208 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:24:14.0765 2208 ql1240 - ok
10:24:14.0812 2208 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:24:14.0828 2208 ql1280 - ok
10:24:14.0859 2208 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:24:14.0890 2208 RasAcd - ok
10:24:15.0000 2208 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:24:15.0000 2208 RasAuto - ok
10:24:15.0031 2208 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:24:15.0046 2208 Rasl2tp - ok
10:24:15.0140 2208 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:24:15.0187 2208 RasMan - ok
10:24:15.0203 2208 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:24:15.0203 2208 RasPppoe - ok
10:24:15.0265 2208 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:24:15.0265 2208 Raspti - ok
10:24:15.0328 2208 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:24:15.0343 2208 Rdbss - ok
10:24:15.0343 2208 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:24:15.0359 2208 RDPCDD - ok
10:24:15.0375 2208 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:24:15.0406 2208 rdpdr - ok
10:24:15.0453 2208 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:24:15.0468 2208 RDPWD - ok
10:24:15.0515 2208 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:24:15.0531 2208 RDSessMgr - ok
10:24:15.0578 2208 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:24:15.0578 2208 redbook - ok
10:24:15.0671 2208 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:24:15.0671 2208 RemoteAccess - ok
10:24:15.0765 2208 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:24:15.0765 2208 RemoteRegistry - ok
10:24:15.0781 2208 [ 7A6648B61661B1421FFAB762E391E33F ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
10:24:15.0781 2208 rimmptsk - ok
10:24:15.0796 2208 [ D0A35B7670AA3558EAAB483F64446496 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
10:24:15.0796 2208 rimsptsk - ok
10:24:15.0828 2208 [ 3AC17802740C3A4764DC9750E92E6233 ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
10:24:15.0843 2208 rismxdp - ok
10:24:15.0921 2208 [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys
10:24:15.0937 2208 RMCAST - ok
10:24:15.0953 2208 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
10:24:15.0968 2208 RpcLocator - ok
10:24:16.0000 2208 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:24:16.0000 2208 RpcSs - ok
10:24:16.0046 2208 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:24:16.0062 2208 RSVP - ok
10:24:16.0062 2208 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:24:16.0078 2208 rtl8139 - ok
10:24:16.0140 2208 [ 85005FE943290205A2576135D44D1AA2 ] S3DSvc32 C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
10:24:16.0140 2208 S3DSvc32 - ok
10:24:16.0156 2208 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:24:16.0156 2208 SamSs - ok
10:24:16.0187 2208 [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port C:\WINDOWS\system32\DRIVERS\sbp2port.sys
10:24:16.0187 2208 sbp2port - ok
10:24:16.0234 2208 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:24:16.0250 2208 SCardSvr - ok
10:24:16.0312 2208 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:24:16.0328 2208 Schedule - ok
10:24:16.0375 2208 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:24:16.0390 2208 sdbus - ok
10:24:16.0453 2208 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:24:16.0453 2208 Secdrv - ok
10:24:16.0468 2208 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:24:16.0468 2208 seclogon - ok
10:24:16.0484 2208 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:24:16.0484 2208 SENS - ok
10:24:16.0500 2208 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
10:24:16.0500 2208 Serial - ok
10:24:16.0562 2208 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
10:24:16.0562 2208 sffdisk - ok
10:24:16.0609 2208 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
10:24:16.0625 2208 sffp_sd - ok
10:24:16.0640 2208 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:24:16.0656 2208 Sfloppy - ok
10:24:16.0671 2208 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:24:16.0671 2208 ShellHWDetection - ok
10:24:16.0671 2208 Simbad - ok
10:24:16.0703 2208 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:24:16.0718 2208 sisagp - ok
10:24:17.0000 2208 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:24:17.0140 2208 Skype C2C Service - ok
10:24:17.0203 2208 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:24:17.0265 2208 SkypeUpdate - ok
10:24:17.0312 2208 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:24:17.0312 2208 SLIP - ok
10:24:17.0375 2208 [ FAC7B89330E20713950925050C91CD04 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
10:24:17.0375 2208 SNP2UVC - ok
10:24:17.0437 2208 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:24:17.0437 2208 Sparrow - ok
10:24:17.0468 2208 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:24:17.0468 2208 splitter - ok
10:24:17.0515 2208 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:24:17.0515 2208 Spooler - ok
10:24:17.0546 2208 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:24:17.0546 2208 sr - ok
10:24:17.0593 2208 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
10:24:17.0609 2208 srservice - ok
10:24:17.0656 2208 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:24:17.0671 2208 Srv - ok
10:24:17.0718 2208 [ B2063CE662AF3AB20045121A5B716DF6 ] sscebus C:\WINDOWS\system32\DRIVERS\sscebus.sys
10:24:17.0718 2208 sscebus - ok
10:24:17.0765 2208 [ 66799DC0AFE3DCAF8368CAE17394A762 ] sscemdfl C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
10:24:17.0781 2208 sscemdfl - ok
10:24:17.0812 2208 [ CBF03FFC08F8DB547BAB2F79AA663D16 ] sscemdm C:\WINDOWS\system32\DRIVERS\sscemdm.sys
10:24:17.0812 2208 sscemdm - ok
10:24:17.0843 2208 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:24:17.0843 2208 SSDPSRV - ok
10:24:17.0906 2208 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:24:17.0906 2208 ssmdrv - ok
10:24:17.0937 2208 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:24:17.0953 2208 stisvc - ok
10:24:18.0000 2208 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:24:18.0000 2208 streamip - ok
10:24:18.0031 2208 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:24:18.0031 2208 swenum - ok
10:24:18.0125 2208 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:24:18.0125 2208 SwitchBoard - ok
10:24:18.0156 2208 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:24:18.0156 2208 swmidi - ok
10:24:18.0171 2208 SwPrv - ok
10:24:18.0218 2208 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
10:24:18.0234 2208 symc810 - ok
10:24:18.0250 2208 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:24:18.0265 2208 symc8xx - ok
10:24:18.0296 2208 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:24:18.0296 2208 sym_hi - ok
10:24:18.0312 2208 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:24:18.0312 2208 sym_u3 - ok
10:24:18.0390 2208 [ D7B9AD3ABD0F7F9F694D71F38B5C7B72 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:24:18.0390 2208 SynTP - ok
10:24:18.0453 2208 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:24:18.0468 2208 sysaudio - ok
10:24:18.0500 2208 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:24:18.0515 2208 SysmonLog - ok
10:24:18.0562 2208 [ 126D7B3B4C7B724491C604060E1F4E14 ] tandpl C:\WINDOWS\system32\drivers\tandpl.sys
10:24:18.0562 2208 tandpl - ok
10:24:18.0625 2208 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:24:18.0640 2208 TapiSrv - ok
10:24:18.0703 2208 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:24:18.0734 2208 Tcpip - ok
10:24:18.0781 2208 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:24:18.0781 2208 TDPIPE - ok
10:24:18.0843 2208 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:24:18.0843 2208 TDTCP - ok
10:24:18.0875 2208 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:24:18.0875 2208 TermDD - ok
10:24:18.0906 2208 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:24:18.0921 2208 TermService - ok
10:24:18.0953 2208 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:24:18.0953 2208 Themes - ok
10:24:19.0000 2208 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:24:19.0015 2208 TlntSvr - ok
10:24:19.0062 2208 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
10:24:19.0062 2208 TosIde - ok
10:24:19.0093 2208 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:24:19.0109 2208 TrkWks - ok
10:24:19.0140 2208 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:24:19.0140 2208 Udfs - ok
10:24:19.0156 2208 UIUSys - ok
10:24:19.0218 2208 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
10:24:19.0218 2208 ultra - ok
10:24:19.0296 2208 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:24:19.0328 2208 Update - ok
10:24:19.0375 2208 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:24:19.0390 2208 upnphost - ok
10:24:19.0421 2208 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:24:19.0421 2208 UPS - ok
10:24:19.0484 2208 [ C1CA131F4E3ED63D6BC89A35FFAD4CDA ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
10:24:19.0484 2208 USBAAPL - ok
10:24:19.0531 2208 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:24:19.0546 2208 usbccgp - ok
10:24:19.0562 2208 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:24:19.0562 2208 usbehci - ok
10:24:19.0609 2208 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:24:19.0625 2208 usbhub - ok
10:24:19.0640 2208 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:24:19.0640 2208 usbprint - ok
10:24:19.0703 2208 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:24:19.0703 2208 usbscan - ok
10:24:19.0703 2208 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:24:19.0718 2208 USBSTOR - ok
10:24:19.0718 2208 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:24:19.0734 2208 usbuhci - ok
10:24:19.0781 2208 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:24:19.0781 2208 VgaSave - ok
10:24:19.0859 2208 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:24:19.0859 2208 viaagp - ok
10:24:19.0906 2208 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
10:24:19.0921 2208 ViaIde - ok
10:24:19.0968 2208 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:24:19.0968 2208 VolSnap - ok
10:24:20.0000 2208 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:24:20.0015 2208 VSS - ok
10:24:20.0046 2208 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:24:20.0046 2208 W32Time - ok
10:24:20.0156 2208 [ C79918A5BD269035F3A34D157401B9DF ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
10:24:20.0218 2208 w39n51 - ok
10:24:20.0234 2208 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:24:20.0250 2208 Wanarp - ok
10:24:20.0296 2208 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:24:20.0312 2208 Wdf01000 - ok
10:24:20.0328 2208 WDICA - ok
10:24:20.0343 2208 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:24:20.0343 2208 wdmaud - ok
10:24:20.0390 2208 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:24:20.0406 2208 WebClient - ok
10:24:20.0437 2208 [ 7FE372B1AB60736CC67E8EB6F1FB1F5B ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:24:20.0484 2208 winachsf - ok
10:24:20.0609 2208 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:24:20.0625 2208 winmgmt - ok
10:24:20.0718 2208 [ CD99C9FEAE87C1963273F6B150251E33 ] WMConnectCDS C:\Program Files\Windows Media Connect 2\wmccds.exe
10:24:20.0921 2208 WMConnectCDS - ok
10:24:20.0984 2208 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:24:20.0984 2208 WmdmPmSN - ok
10:24:21.0031 2208 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:24:21.0046 2208 Wmi - ok
10:24:21.0046 2208 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:24:21.0046 2208 WmiAcpi - ok
10:24:21.0078 2208 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:24:21.0140 2208 WmiApSrv - ok
10:24:21.0171 2208 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:24:21.0171 2208 WpdUsb - ok
10:24:21.0343 2208 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:24:21.0437 2208 WPFFontCache_v0400 - ok
10:24:21.0546 2208 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:24:21.0546 2208 WS2IFSL - ok
10:24:21.0578 2208 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:24:21.0578 2208 WSTCODEC - ok
10:24:21.0640 2208 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:24:21.0640 2208 WudfPf - ok
10:24:21.0687 2208 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:24:21.0687 2208 WudfRd - ok
10:24:21.0718 2208 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:24:21.0734 2208 WudfSvc - ok
10:24:21.0921 2208 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:24:21.0953 2208 WZCSVC - ok
10:24:21.0984 2208 [ DDD8286B88FE764AD2A8BD171E7B569A ] xmasbus C:\WINDOWS\system32\DRIVERS\xmasbus.sys
10:24:21.0984 2208 xmasbus - ok
10:24:22.0015 2208 [ 4059AD5E639FA47E334304CBE82E9572 ] xmasscsi C:\WINDOWS\system32\Drivers\xmasscsi.sys
10:24:22.0015 2208 xmasscsi - ok
10:24:22.0078 2208 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:24:22.0093 2208 xmlprov - ok
10:24:22.0296 2208 [ 09E5340BD9B2CB730BF4DC6BE7721291 ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys
10:24:22.0312 2208 xusb21 - ok
10:24:22.0328 2208 ================ Scan global ===============================
10:24:22.0359 2208 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:24:22.0421 2208 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:24:22.0468 2208 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:24:22.0484 2208 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:24:22.0484 2208 [Global] - ok
10:24:22.0484 2208 ================ Scan MBR ==================================
10:24:22.0500 2208 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:24:22.0921 2208 \Device\Harddisk0\DR0 - ok
10:24:22.0921 2208 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
10:24:23.0406 2208 \Device\Harddisk1\DR1 - ok
10:24:23.0421 2208 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR5
10:24:23.0546 2208 \Device\Harddisk2\DR5 - ok
10:24:23.0546 2208 ================ Scan VBR ==================================
10:24:23.0562 2208 [ 753DE2EF9A81B1EB402F59F5481CEBF4 ] \Device\Harddisk0\DR0\Partition1
10:24:23.0562 2208 \Device\Harddisk0\DR0\Partition1 - ok
10:24:23.0562 2208 [ 3B59C194A51BC13F2AEEECA7042E37E5 ] \Device\Harddisk1\DR1\Partition1
10:24:23.0578 2208 \Device\Harddisk1\DR1\Partition1 - ok
10:24:23.0578 2208 [ ABA4ABBBBA63DEDAF4F2A967E1D5A9B0 ] \Device\Harddisk2\DR5\Partition1
10:24:23.0578 2208 \Device\Harddisk2\DR5\Partition1 - ok
10:24:23.0593 2208 ============================================================
10:24:23.0593 2208 Scan finished
10:24:23.0593 2208 ============================================================
10:24:23.0609 1452 Detected object count: 0
10:24:23.0609 1452 Actual detected object count: 0
10:24:42.0390 1864 Deinitialize success







Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.24.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gary :: TRISKELION [administrator]

10/24/2012 12:47:46 AM
mbam-log-2012-10-24 (10-30-23).txt

Scan type: Full scan (C:\|D:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 687877
Time elapsed: 7 hour(s), 24 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\Peavey Electronics\ReValver Mk IIIdotV\Revalver mkIII.V crk.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

(end)





MiniToolBox by Farbar Version: 23-07-2012
Ran by Gary (administrator) on 24-10-2012 at 10:35:35
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationCould not flush the DNS Resolver Cache: Function failed during execution.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)
Intel® PRO/1000 PL Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Hamachi"

set address name="Hamachi" source=dhcp
set dns name="Hamachi" source=dhcp register=NONE
set wins name="Hamachi" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : Triskelion Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Peer-Peer IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : BelkinEthernet adapter Hamachi: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Hamachi Network Interface Physical Address. . . . . . . . . : 7A-79-05-24-CB-D9 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : No IP Address. . . . . . . . . . . . : 5.36.203.217 Subnet Mask . . . . . . . . . . . : 255.0.0.0 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 5.0.0.1 Lease Obtained. . . . . . . . . . : Tuesday, October 23, 2012 10:13:55 AM Lease Expires . . . . . . . . . . : Wednesday, October 23, 2013 10:13:55 AMEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection Physical Address. . . . . . . . . : 00-16-36-9D-27-86Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : Belkin Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection Physical Address. . . . . . . . . : 00-18-DE-7B-CD-9E Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.2.4 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.2.1 Lease Obtained. . . . . . . . . . : Wednesday, October 24, 2012 10:32:12 AM Lease Expires . . . . . . . . . . : Monday, January 18, 2038 8:14:07 PMServer: router.belkin
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.224.228, 74.125.224.229, 74.125.224.230, 74.125.224.231
74.125.224.232, 74.125.224.233, 74.125.224.238, 74.125.224.224, 74.125.224.225
74.125.224.226, 74.125.224.227

Pinging google.com [74.125.224.227] with 32 bytes of data:Reply from 74.125.224.227: bytes=32 time=34ms TTL=55Reply from 74.125.224.227: bytes=32 time=50ms TTL=55Ping statistics for 74.125.224.227: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 34ms, Maximum = 50ms, Average = 42msServer: router.belkin
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:Reply from 72.30.38.140: bytes=32 time=54ms TTL=54Reply from 72.30.38.140: bytes=32 time=50ms TTL=54Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 50ms, Maximum = 54ms, Average = 52msServer: router.belkin
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Request timed out.Request timed out.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...7a 79 05 24 cb d9 ...... Hamachi Network Interface
0x3 ...00 16 36 9d 27 86 ...... Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport
0x20004 ...00 18 de 7b cd 9e ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.4 25
5.0.0.0 255.0.0.0 5.36.203.217 5.36.203.217 20
5.36.203.217 255.255.255.255 127.0.0.1 127.0.0.1 20
5.255.255.255 255.255.255.255 5.36.203.217 5.36.203.217 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 5.36.203.217 5.36.203.217 20
192.168.2.0 255.255.255.0 192.168.2.4 192.168.2.4 25
192.168.2.4 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.2.255 255.255.255.255 192.168.2.4 192.168.2.4 25
224.0.0.0 240.0.0.0 5.36.203.217 5.36.203.217 20
224.0.0.0 240.0.0.0 192.168.2.4 192.168.2.4 25
255.255.255.255 255.255.255.255 5.36.203.217 3 1
255.255.255.255 255.255.255.255 5.36.203.217 5.36.203.217 1
255.255.255.255 255.255.255.255 192.168.2.4 192.168.2.4 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/23/2012 03:31:12 PM) (Source: Application Error) (User: )
Description: Faulting application photoshop.exe, version 12.0.0.0, faulting module nvoglnt.dll, version 6.14.11.7948, fault address 0x00121f6d.
Processing media-specific event for [photoshop.exe!ws!]

Error: (10/23/2012 00:16:25 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.62.0.140, faulting module version.dll, version 5.1.2600.5512, fault address 0x00001d22.
Processing media-specific event for [mbam.exe!ws!]

System errors:
=============
Error: (02/20/2012 05:57:25 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverFLASHNetBT_Tcpip_{84FF76F5-07A7-4A1C-8B6

Error: (02/20/2012 04:57:25 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverFLASHNetBT_Tcpip_{84FF76F5-07A7-4A1C-8B6

Error: (02/20/2012 03:57:22 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverFLASHNetBT_Tcpip_{84FF76F5-07A7-4A1C-8B6

Error: (02/20/2012 02:45:21 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverFLASHNetBT_Tcpip_{84FF76F5-07A7-4A1C-8B6

Error: (02/20/2012 01:45:15 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverFLASHNetBT_Tcpip_{84FF76F5-07A7-4A1C-8B6

Error: (02/20/2012 00:45:14 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverFLASHNetBT_Tcpip_{84FF76F5-07A7-4A1C-8B6

Error: (02/19/2012 11:43:57 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverFLASHNetBT_Tcpip_{84FF76F5-07A7-4A1C-8B6

Error: (02/19/2012 10:39:28 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverFLASHNetBT_Tcpip_{84FF76F5-07A7-4A1C-8B6

Error: (02/19/2012 09:03:33 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverFLASHNetBT_Tcpip_{84FF76F5-07A7-4A1C-8B6

Error: (02/19/2012 08:27:29 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{84FF76F5-07A7-4A1C-8B69-C9E8E28EFE63}.
The backup browser is stopping.


Microsoft Office Sessions:
=========================
Error: (10/23/2012 03:31:12 PM) (Source: Application Error)(User: )
Description: photoshop.exe12.0.0.0nvoglnt.dll6.14.11.794800121f6d

Error: (10/23/2012 00:16:25 PM) (Source: Application Error)(User: )
Description: mbam.exe1.62.0.140version.dll5.1.2600.551200001d22


=========================== Installed Programs ============================

.sol Editor 1.1.0.1 (Version: 1.1.0.1)
7-Zip 9.10 beta
Adobe AIR (Version: 2.0.3.13070)
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe InDesign CS5 (Version: 7.0)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader XI (Version: 11.0.00)
Adobe Shockwave Player 11.6 (Version: 11.6.7.637)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Adobe SVG Viewer 3.0 (Version: 3.0)
AIM 7
Alcohol 120% (Trial Version) (Version: 1.4.8.1222)
AOL Instant Messenger
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.3.127)
ASIO4ALL (Version: 2.10)
Audacity 1.2.6
Avira Free Antivirus (Version: 13.0.0.2693)
balldroppings
Batch PPTX to PPT Converter 2009
Battlezone
Bonjour (Version: 2.0.2.0)
calibre (Version: 0.8.21)
CCleaner (Version: 3.21)
CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009)
CDisplay 1.8
Chipamp (Version: 0.9)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Conexant HD Audio
Coupon Printer for Windows (Version: 5.0.0.1)
CourseSmart Bookshelf (Version: 5.04.0014)
Creative Centrale
Creative Centrale (Version: 1.02.04)
Creative Removable Disk Manager
Creative Software Update (Version: 1.00.14)
Creative ZEN Mozaic User's Guide
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)
DC++ 0.782 (Version: 0.782)
DeadAIM (Version: 4.5.11)
Destinations (Version: 60.0.155.000)
DeviceManagementQFolder (Version: 1.00.0000)
DivX Content Uploader (Version: 1.2.1)
DivX Web Player (Version: 1.4.0)
doPDF 7.2 printer
Download Updater (AOL LLC)
Drumaxx
DX10
EASEUS Partition Master 8.0.1 Home Edition
Easy Internet Sign-up (Version: FE UI-4.1.0.1680)
Edison
EPSON Printer Software
ESET Online Scanner v3
F.lux
Far Cry (Patch 1.3) (Version: 1.00.0000)
FileZilla Client 3.0.4.1 (Version: 3.0.4.1)
FirstClass® Client (Version: 8.3 (8.325))
FL Studio 10
FL Studio v7.0
Free MP3 WMA OGG Converter 8.2.5
FreeAgent Pro Tools (Version: 1.05.0048)
GCFScape 1.6.6
GoldWave v5.08
Google Talk Plugin (Version: 3.9.1.9832)
Gravioli (Version: 1.0.0.0)
GTK+ Runtime 2.12.1 rev b (remove only)
Halo 2 for Windows Vista
HammerHead Rhythm Station
Hardcore
HP Help and Support (Version: 4.2.0013)
HP Imaging Device Functions 6.0 (Version: 6.0)
HP Pavilion Webcam (Version: 5.7.7.0)
HP Pavilion Webcam Demo (Version: 2.00.0000)
HP Product Detection (Version: 10.7.9.0)
HP Quick Launch Buttons 6.10 A2 (Version: 6.10 A2)
HP QuickPlay 2.3
HP Update (Version: 4.000.000.004)
HP User Guides 0036 (Version: 1.02.0000)
HP Wireless Assistant 2.00 G2 (Version: 2.00 G2)
HpSdpAppCoreApp (Version: 3.00.0000)
Hydrogen
IL Autogun
IL Download Manager
IL Harmless
IL Harmor
IL Juice Pack
IL Ogun
IL Slicex
IL Vocodex
ImgBurn (Version: 2.4.2.0)
IMSI Applications
Intel® PRO Network Connections Drivers
ips XP 1.11.2600 (Version: 1.11.2600)
iTunes (Version: 9.2.0.61)
iZ3D Driver Remove (Version: 1.13(5443))
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
JDownloader
K-Lite Codec Pack 3.2.0 Full (Version: 3.20)
Last.fm 1.5.4.27091
LightScribe 1.4.97.1 (Version: 1.4.97.1)
LIMBO
LIVE gaming on Windows Runtime Version 1.0.6027 (Version: 1.0.6027)
LogMeIn Hamachi (Version: 2.1.0.215)
LucasArts' The Phantom Menace
Macromedia Dreamweaver MX 2004 (Version: 7.0)
Macromedia Extension Manager (Version: 1.5)
Macromedia Flash MX 2004 (Version: 7)
Macromedia Shockwave Player (Version: 10.1.1.016)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Maximus
Media Player Classic - Home Cinema v1.5.2.3456 (Version: 1.5.2.3456)
Melodyne 3.2 (Version: 3.2.0202)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Game Studios Common Redistributables Pack 1 (Version: 1.0.0)
Microsoft Halo
Microsoft Halo Custom Edition
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WorldWide Telescope (Version: 2.1.06)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft XML Parser (Version: 8.20.8730.4)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 2.1.2.7)
Morphine
Motorola Driver Installation (Version: 2.9.0)
Mozilla Firefox 16.0.1 (x86 en-US) (Version: 16.0.1)
Mozilla Maintenance Service (Version: 16.0.1)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Multimedia Fusion 2
muvee autoProducer 5.0 (Version: 5.00.050)
MyDefrag v4.3.1 (Version: 4.0.0.0)
Native Instruments Absynth 4
Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
Native Instruments Kontakt 3
Native Instruments Kontakt 5
Native Instruments Kontakt 5 (Version: 5.0.0.5133)
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
Native Instruments Service Center
Native Instruments Service Center (Version: 2.2.6.676)
Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
Nero 6 Ultra Edition
NetWaiting (Version: 2.5.33)
Network Slime Client
Network Slime Server
Network Stumbler 0.4.0 (remove only)
NVIDIA Drivers (Version: 1.3)
NVIDIA PhysX (Version: 9.09.0203)
Office 2003 Trial Assistant (Version: 1.0.0)
OrganizeME v1.0
Otto
Ovine Rubber Transition
PDF Settings CS5 (Version: 10.0)
Pidgin (Version: 2.3.0)
PoiZone
Prey (Version: 1.0)
Project64 1.6 (Version: 1.6)
QuickTime (Version: 7.72.80.56)
Real Alternative 1.9.0 (Version: 1.9.0)
RealPlayer
Reason 3.0 (Version: 3.0)
Renoise 1.8.0 (Version: 1.8.0)
ReValver Mk IIIdotV
RGSS-RTP Standard (Version: 1.0.0)
Rocket Jockey v1.0
RPG MAKER VX Ace RTP (Version: 1.00)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0)
Sawer
SBaGen 1.4.4
sfArk
SFPack
Sibelius 5 (Version: 5.0.0)
SimSynth
skiStunt (Version: 1.1)
Skype Click to Call (Version: 6.2.10687)
Skype™ 5.10 (Version: 5.10.116)
SnappySoft (Version: 1.1.16)
Soft Data Fax Modem with SmartCP
Sonic Audio Module (Version: 2.0.4)
Sonic Copy Module (Version: 2.0.4)
Sonic Data Module (Version: 2.0.4)
Sonic Express Labeler (Version: 2.0.0)
Sonic MyDVD Plus (Version: 6.2.0)
Sonic Update Manager (Version: 3.0.0)
SonicAC3Encoder (Version: 1.00.0000)
SonicMPEGEncoder (Version: 1.00.0000)
SSH Secure Shell
Star Trek - Hidden Evil
Star Trek Voyager Elite Force
Star Wars JK II Jedi Outcast
Starcraft
Starscape V1.5c
Steam (Version: 1.0.0.0)
Super Meat Boy
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 10.1.8.0)
System Requirements Lab
Sytrus
TanksOnAHeightmap (Version: 1.0.0.0)
The Binding of Isaac
The File Splitter 1.31
The Red Odyssey
TortoiseSVN 1.5.4.14259 (32 bit) (Version: 1.5.14259)
TourSetup (Version: 1.0.0)
Toxic Biohazard
Tron 2.0
Unload (Version: 6.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Ventrilo Client (Version: 3.0.1)
VLC media player 2.0.3 (Version: 2.0.3)
Vongo (Version: 1.31.02)
Voxli Voice Chat Plugin 1.0.12.79 (Version: 1.0.12.79)
Warsow 0.42 (Version: 0.42)
Wasp
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.531 )
Winamp Remote (Version: 2.2008.0121.1800)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB915381
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Wireless Home Network Setup (Version: 1.1.154.1)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 2045.98 MB
Available physical RAM: 1472.84 MB
Total Pagefile: 4039.42 MB
Available Pagefile: 3375.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.55 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:92.15 GB) (Free:2.65 GB) NTFS
2 Drive d: () (Fixed) (Total:93.16 GB) (Free:4.05 GB) NTFS
5 Drive h: (Elements) (Fixed) (Total:1397.26 GB) (Free:485.14 GB) NTFS

========================= Users: ========================================

User accounts for \\TRISKELION

Administrator ASPNET Gary
Guest HelpAssistant SUPPORT_388945a0

========================= Restore Points ==================================


**** End of log ****







Farbar Service Scanner Version: 19-10-2012
Ran by Gary (administrator) on 24-10-2012 at 10:57:06
Running from "C:\Documents and Settings\Gary\Desktop\Maintenance"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****







# AdwCleaner v2.005 - Logfile created 10/24/2012 at 10:59:09
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Gary - TRISKELION
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Gary\Desktop\Maintenance\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\6z280lyq.default\CT329536
Folder Deleted : C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\6z280lyq.default\extensions\{e0c7b854-d5ce-4db6-9804-be1438603d89}
Folder Deleted : C:\Documents and Settings\Gary\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Gary\Local Settings\Application Data\FreeOnlineRadioPlayerRecorder
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FreeOnlineRadioPlayerRecorder
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C79815A-C9B2-4712-869C-C538007FCC50}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C79815A-C9B2-4712-869C-C538007FCC50}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C79815A-C9B2-4712-869C-C538007FCC50}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{47D0B51E-54DC-4417-87F2-2319950136C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\FreeOnlineRadioPlayerRecorder
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA5BC7A6-FCAF-4D92-A132-9E210F62DE97}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E48DEB7A-F72D-4130-92F3-2A9406E07594}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeOnlineRadioPlayerRecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2C79815A-C9B2-4712-869C-C538007FCC50}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\6z280lyq.default\prefs.js

C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\6z280lyq.default\user.js ... Deleted !

Deleted : user_pref("CT329536.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT329536.AllowNonPrivacy", true);
Deleted : user_pref("CT329536.CTID", "CT329536");
Deleted : user_pref("CT329536.CTPBaseServerUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT329536.CommunityChanged", false);
Deleted : user_pref("CT329536.DialogsAlignMode", "LTR");
Deleted : user_pref("CT329536.EMailNotifierPollDate", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Daylight Tim[...]
Deleted : user_pref("CT329536.EnableClickToSearchBox", false);
Deleted : user_pref("CT329536.EnableSearchHistory", true);
Deleted : user_pref("CT329536.EnableSearchSuggest", true);
Deleted : user_pref("CT329536.EnableUsage", false);
Deleted : user_pref("CT329536.ExternalComponentPollDate128227671964994584", "Mon Sep 10 2007 14:59:36 GMT-0700[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819665", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819666", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819667", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819668", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819669", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819670", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819671", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819672", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819673", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819674", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819675", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819676", "Fri Aug 17 2007 22:10:35 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819677", "Fri Aug 17 2007 22:10:35 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819678", "Fri Aug 17 2007 22:10:35 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819679", "Fri Aug 17 2007 22:10:35 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819680", "Fri Aug 17 2007 22:10:35 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819681", "Fri Aug 17 2007 22:10:35 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819682", "Fri Aug 17 2007 22:10:35 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819683", "Fri Aug 17 2007 22:10:35 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819684", "Fri Aug 17 2007 22:10:35 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819685", "Fri Aug 17 2007 22:10:36 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819686", "Fri Aug 17 2007 22:10:36 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819687", "Fri Aug 17 2007 22:10:36 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819688", "Fri Aug 17 2007 22:10:36 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819689", "Fri Aug 17 2007 22:10:36 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819690", "Fri Aug 17 2007 22:10:36 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819691", "Fri Aug 17 2007 22:10:36 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128221049659819692", "Fri Aug 17 2007 22:10:36 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128287241266625789", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128287241266625790", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128287241266625791", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128287241266625792", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128287241266625793", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128287241266625794", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128287241266625795", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128287241266625796", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128287241266625797", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128287241266625798", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128287241266625799", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128936467693162634", "Fri Aug 14 2009 23:18:43 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128936483207612648", "Fri Aug 14 2009 23:18:43 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FeedPollDate128936489354487596", "Sat Aug 15 2009 01:16:38 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT329536.FirstTime", true);
Deleted : user_pref("CT329536.GroupingLastCheckTime", "0");
Deleted : user_pref("CT329536.Initialize", true);
Deleted : user_pref("CT329536.IsGrouping", false);
Deleted : user_pref("CT329536.IsMulticommunity", false);
Deleted : user_pref("CT329536.LanguagePackLastCheckTime", "Thu Mar 11 2010 21:44:20 GMT-0800 (Pacific Standard[...]
Deleted : user_pref("CT329536.LanguagePackReloadInterval", "24");
Deleted : user_pref("CT329536.LastLogin", "Fri Mar 12 2010 12:52:21 GMT-0800 (Pacific Standard Time)");
Deleted : user_pref("CT329536.Locale", "en-us");
Deleted : user_pref("CT329536.LoginCache", "4");
Deleted : user_pref("CT329536.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT329536.MCDetectTooltipShow", true);
Deleted : user_pref("CT329536.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT329536.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT329536.RadioIsPodcast", false);
Deleted : user_pref("CT329536.RadioLastCheckTime", "0");
Deleted : user_pref("CT329536.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT329536.RadioLastUpdateServer", "0");
Deleted : user_pref("CT329536.RadioMediaType", "Media Player");
Deleted : user_pref("CT329536.RadioMenuSelectedID", "EBRadioMenu_CT3295369850");
Deleted : user_pref("CT329536.RadioStationName", "National%20Public%20Radio%3A%20Hourly%20Newscast");
Deleted : user_pref("CT329536.RadioStationURL", "hxxp://www.npr.org/dmg/dmg.php?getNewsCast=true&NPRMediaPref=[...]
Deleted : user_pref("CT329536.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT329536.SearchBoxWidth", 225);
Deleted : user_pref("CT329536.Server", "hxxp://users.conduit.com");
Deleted : user_pref("CT329536.SettingsLastUpdate", "1267665350");
Deleted : user_pref("CT329536.ThirdPartyComponentsInterval", "24");
Deleted : user_pref("CT329536.ThirdPartyComponentsLastCheck", "Fri Aug 17 2007 22:10:29 GMT-0700 (Pacific Dayl[...]
Deleted : user_pref("CT329536.ThirdPartyComponentsLastUpdate", "1186948261");
Deleted : user_pref("CT329536.ToolbarAlignMode", "SYSTEM");
Deleted : user_pref("CT329536.ToolbarName", "File-Search");
Deleted : user_pref("CT329536.UserID", "UN20070817221028546");
Deleted : user_pref("CT329536.VusualLastUpdateTime", "1267665350");
Deleted : user_pref("CT329536.WeatherNetwork", "");
Deleted : user_pref("CT329536.WeatherPollDate", "Fri Aug 17 2007 22:10:34 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT329536.WeatherUnit", "F");
Deleted : user_pref("CT329536.components.1000", false);
Deleted : user_pref("CT329536.components.1001", false);
Deleted : user_pref("CT329536.components.1002", false);
Deleted : user_pref("CT329536.components.1003", false);
Deleted : user_pref("CT329536.components.1004", false);
Deleted : user_pref("CT329536.components.1006", false);
Deleted : user_pref("CT329536.components.1007", false);
Deleted : user_pref("CT329536.components.1008", false);
Deleted : user_pref("CT329536.components.1010", false);
Deleted : user_pref("CT329536.components.1012", false);
Deleted : user_pref("CT329536.components.102", false);
Deleted : user_pref("CT329536.components.103", false);
Deleted : user_pref("CT329536.components.104", false);
Deleted : user_pref("CT329536.components.105", false);
Deleted : user_pref("CT329536.components.107", false);
Deleted : user_pref("CT329536.components.127991638630718968", false);
Deleted : user_pref("CT329536.components.128001100916425056", false);
Deleted : user_pref("CT329536.components.128069910347918974", false);
Deleted : user_pref("CT329536.components.128092306062637752", false);
Deleted : user_pref("CT329536.components.128092316989200272", false);
Deleted : user_pref("CT329536.components.128092763027619154", false);
Deleted : user_pref("CT329536.components.128227671964994584", false);
Deleted : user_pref("CT329536.components.128259757516250809", false);
Deleted : user_pref("CT329536.components.128303587084456512", false);
Deleted : user_pref("CT329536.components.128303587228050719", false);
Deleted : user_pref("CT329536.components.128331350114337673", false);
Deleted : user_pref("CT329536.components.128339351355157017", false);
Deleted : user_pref("CT329536.components.128371066568263216", false);
Deleted : user_pref("CT329536.components.128371066844044208", false);
Deleted : user_pref("CT329536.components.128371081067950652", true);
Deleted : user_pref("CT329536.components.128399109423106565", false);
Deleted : user_pref("CT329536.components.128430482862619177", false);
Deleted : user_pref("CT329536.components.128468014482650778", false);
Deleted : user_pref("CT329536.components.128469077492569294", false);
Deleted : user_pref("CT329536.components.128494098497582133", false);
Deleted : user_pref("CT329536.components.128533391069750363", false);
Deleted : user_pref("CT329536.components.128540755000219724", true);
Deleted : user_pref("CT329536.components.128558498208506624", false);
Deleted : user_pref("CT329536.components.128584284810781694", false);
Deleted : user_pref("CT329536.components.128807545636531776", false);
Deleted : user_pref("CT329536.components.128819840386781897", true);
Deleted : user_pref("CT329536.components.128839724909057100", false);
Deleted : user_pref("CT329536.components.128880360230150747", false);
Deleted : user_pref("CT329536.components.128880384481556280", false);
Deleted : user_pref("CT329536.components.128880385607338115", false);
Deleted : user_pref("CT329536.components.128880390254212925", false);
Deleted : user_pref("CT329536.components.128914045703219682", false);
Deleted : user_pref("CT329536.components.128936467693162634", false);
Deleted : user_pref("CT329536.components.128936483207612648", false);

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Gary\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [16384 octets] - [24/10/2012 10:59:09]

########## EOF - C:\AdwCleaner[S1].txt - [16445 octets] ##########







Junkware Removal Tool (JRT) by Thisisu
Version: 2.0.6 (10.24.2012)
OS: Microsoft Windows XP x86
Ran by Gary on Wed 10/24/2012 at 11:06:30.53
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



*** Files:

Successfully deleted: [FILE] C:\Program Files\coupons\Coupons.ico
Successfully deleted: [FILE] C:\Program Files\coupons\CouponsDotCom.url
Successfully deleted: [FILE] C:\Program Files\coupons\uninstall.exe



*** Folders:

Successfully deleted: [FOLDER] "C:\Program Files\coupons"



*** FireFox detected and repaired

Successfully deleted: [npCouponPrinter.dll] from [FF plugins]
Successfully deleted: [npMozCouponPrinter.dll] from [FF plugins]


*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Wed 10/24/2012 at 11:16:54.12
End of Report










That's the end of it - seems to be pretty clean! I should mention that I ran a full MBAM scan the first time and it crashed because I'd forgotten to disable my Avira blocker beforehand - that probably accounts for that crash in one of those logs. I'll test google results and the safely remove hardware feature and make sure those are now in working order. Unfortunately the Junkware Removal Tool seems to have deleted some of my Firefox preferences as well as my custom theme, which I can't retrieve (the new version of Firefox won't let me install it) and that's a real shame, but I guess it can't be helped.
Any further actions you'd recommend based on these? Again, your help is much appreciated on this - some stuff seems to have been cleaned out I didn't even know about, like some IE-related adware.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:07 PM

Posted 24 October 2012 - 03:18 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 antipode56

antipode56
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 24 October 2012 - 04:25 PM

Here's the new FSS scan:


Farbar Service Scanner Version: 19-10-2012
Ran by Gary (administrator) on 24-10-2012 at 14:08:53
Running from "C:\Documents and Settings\Gary\Desktop\Maintenance"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****





Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/24/2012 02:10:21 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Documents and Settings\Gary\Local Settings\Apps\F.lux\flux.exe (PID: 3160) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00d40000

Checking Windows Service Integrity:

* DNS Client (Dnscache) is not Running.
Startup Type set to: Disabled

* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic

* System Restore Filter Driver (sr) is not Running.
Startup Type set to: Disabled

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\UxTheme.dll [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\uxtheme.dll : 218,624 : 03/15/2006 08:00 PM : 2cde496666a975a2ce8f969f3042c8db [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll : 218,624 : 04/13/2008 05:12 PM : 7a2cc3719b255e6b5d74396183b7715b [Pos Repl]

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/24/2012 02:11:35 PM
Execution time: 0 hours(s), 1 minute(s), and 13 seconds(s)






"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "AdobeAAMUpdater-1.0" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"
+ "AdobeCS5ServiceManager" "Adobe CS5 Service Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\cs5servicemanager\cs5servicemanager.exe"
+ "AppleSyncNotifier" "AppleSyncNotifier" "Apple Inc." "c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "avgnt" "Avira System Tray Tool" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avgnt.exe"
+ "Cpqset" "" "" "c:\program files\hewlett-packard\default settings\cpqset.exe"
+ "High Definition Audio Property Page Shortcut" "High Definition Audio Property Page Shortcut v1.0" "Windows ® Server 2003 DDK provider" "c:\windows\system32\chdaudpropshortcut.exe"
+ "hpWirelessAssistant" "HP Wireless Assistant Module" "Hewlett-Packard Development Company, L.P." "c:\program files\hpq\hp wireless assistant\hp wireless assistant.exe"
+ "ISUSScheduler" "InstallShield Update Service Scheduler" "Macrovision Corporation" "c:\program files\common files\installshield\updateservice\issch.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "MSPY2002" "" "" "c:\windows\system32\ime\pintlgnt\imscinst.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 120.86 " "NVIDIA Corporation" "c:\windows\system32\nwiz.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RecGuard" "Recguard Application" "" "c:\windows\sminst\recguard.exe"
+ "StxTrayMenu" "FreeAgent™ Launcher" "Seagate LLC" "c:\program files\seagate\systemtray\stxmenumgr.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SwitchBoard" "SwitchBoard Server (32 bit)" "Adobe Systems Incorporated" "c:\program files\common files\adobe\switchboard\switchboard.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpenh.exe"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files\common files\real\update_ob\realsched.exe"
+ "XboxStat" "XBoxStat.exe" "Microsoft Corporation" "c:\program files\microsoft xbox 360 accessories\xboxstat.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "HP Pavilion Webcam Tray Icon.lnk" "HPWebcam" "" "c:\program files\hewlett-packard\hp pavilion webcam\hpwebcam.exe"
"C:\Documents and Settings\Gary\Start Menu\Programs\StartUp" "" "" ""
+ "Adobe Gamma.lnk" "Adobe Gamma Loader" "Adobe Systems, Inc." "c:\program files\common files\adobe\calibration\adobe gamma loader.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Aim" "AOL Instant Messenger" "AOL Inc." "c:\program files\aim7\aim.exe"
+ "F.lux" "" "" "c:\documents and settings\gary\local settings\apps\f.lux\flux.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\documents and settings\gary\local settings\application data\google\update\googleupdate.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
+ "skype-ie-addon-data" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "Shell Extension for Malware scanning" "Avira Shell Extension Library" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\shlext.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files\filezilla client\fzshellext.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 120.86 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "Shell Extension for Malware scanning" "Avira Shell Extension Library" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\shlext.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "1TortoiseNormal" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "2TortoiseModified" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "3TortoiseConflict" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "4TortoiseLocked" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "5TortoiseReadOnly" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "6TortoiseDeleted" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "7TortoiseAdded" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "8TortoiseIgnored" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "9TortoiseUnversioned" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "AIM" "AOL Instant Messenger" "America Online, Inc." "c:\program files\aim\aim.exe"
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "GoogleUpdateTaskUserS-1-5-21-2267045550-1316354526-338541988-1005Core.job" "Google Installer" "Google Inc." "c:\documents and settings\gary\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-2267045550-1316354526-338541988-1005UA.job" "Google Installer" "Google Inc." "c:\documents and settings\gary\local settings\application data\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AddFiltr" "Add Filter For Usb" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\hp quick launch buttons\addfiltr.exe"
+ "Adobe LM Service" "AdobeLM Service" "Adobe Systems" "c:\program files\common files\adobe systems shared\service\adobelmsvc.exe"
+ "AntiVirSchedulerService" "Service to schedule Avira Free Antivirus jobs and updates." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\sched.exe"
+ "AntiVirService" "Offers permanent protection against viruses and malware with the Avira search engine." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avguard.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "CTDevice_Srv" "CTDevSrv Window Service Application" "Creative Technology Ltd" "c:\program files\creative\shared files\ctdevsrv.exe"
+ "CTUPnPSv" "Creative Centrale Media Server Service" "Creative Technology Ltd" "c:\program files\creative\creative centrale\ctupnpsv.exe"
+ "Hamachi2Svc" "Hamachi Client Tunneling Engine" "LogMeIn Inc." "c:\program files\logmein hamachi\hamachi-2.exe"
+ "hpqwmiex" "hpqwmiex Module" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\shared\hpqwmiex.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\java\jre7\bin\jqs.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"
+ "Macromedia Licensing Service" "Provides authentication services for Macromedia applications." "" "c:\program files\common files\macromedia shared\service\macromedia licensing.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "S3DSvc32" "Inject and UnInject 3D driver" "iZ3D Inc." "c:\program files\iz3d driver\win32\s3dcservice.exe"
+ "Skype C2C Service" "Skype Click to Call Update Service" "Skype Technologies S.A." "c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "SwitchBoard" "Adobe SwitchBoard" "Adobe Systems Incorporated" "c:\program files\common files\adobe\switchboard\switchboard.exe"
+ "WMConnectCDS" "Shares media with media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media connect 2\wmccds.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "5U870CAP_VID_1262&PID_25FD" "Ricoh USB Camera driver" "Ricoh" "c:\windows\system32\drivers\5u870cap.sys"
+ "AliIde" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "avgntflt" "Avira mini-filter driver" "Avira Operations GmbH & Co. KG" "c:\windows\system32\drivers\avgntflt.sys"
+ "avipbb" "Avira Security Enhancement Driver" "Avira Operations GmbH & Co. KG" "c:\windows\system32\drivers\avipbb.sys"
+ "avkmgr" "Avira Manager Driver" "Avira Operations GmbH & Co. KG" "c:\windows\system32\drivers\avkmgr.sys"
+ "BTWUSB" "Driver for Bluetooth USB Devices" "Broadcom Corporation." "c:\windows\system32\drivers\btwusb.sys"
+ "CFcatchme" "" "" "File not found: C:\ComboFix\CFcatchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "e1express" "Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1e5132.sys"
+ "eabfiltr" "QLB PS/2 Keyboard filter driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\eabfiltr.sys"
+ "eabusb" "QLB USB Keyboard filter driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\eabusb.sys"
+ "enodpl" "" "" "c:\windows\system32\drivers\enodpl.sys"
+ "epmntdrv" "" "" "c:\windows\system32\epmntdrv.sys"
+ "EuGdiDrv" "" "" "c:\windows\system32\eugdidrv.sys"
+ "FsUsbExDisk" "" "" "c:\windows\system32\fsusbexdisk.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hamachi" "Hamachi Virtual Network Interface Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\hamachi.sys"
+ "HBtnKey" "HP Tablet PC Key Button HID Driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\cpqbttn.sys"
+ "HdAudAddService" "High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdaud.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dpv.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwazl.sys"
+ "iaStor" "Intel Matrix Storage Manager driver" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iComp" "Conexant USB WDM Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\p2usbwdm.sys"
+ "iZ3DInjectionDriver" "" "" "c:\program files\iz3d driver\win32\s3dinjectiondriver.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "motccgp" "Motorola USB Composite Device Driver" "Motorola" "c:\windows\system32\drivers\motccgp.sys"
+ "motccgpfl" "Motorola USB Composite Filter Driver" "Motorola" "c:\windows\system32\drivers\motccgpfl.sys"
+ "MotDev" "Motorola USB Composite/Flash Driver" "Motorola Inc" "c:\windows\system32\drivers\motodrv.sys"
+ "motmodem" "Motorola USB Modem and Ports Driver" "Motorola" "c:\windows\system32\drivers\motmodem.sys"
+ "NSNDIS5" "NetStumbler NDIS 5.0 Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\windows\system32\nsndis5.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 179.48 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "rimmptsk" "RICOH MMC Driver" "REDC" "c:\windows\system32\drivers\rimmptsk.sys"
+ "rimsptsk" "RICOH MS Driver" "REDC" "c:\windows\system32\drivers\rimsptsk.sys"
+ "rismxdp" "RICOH XD SM Driver" "REDC" "c:\windows\system32\drivers\rixdptsk.sys"
+ "rtl8139" "Realtek RTL8139 NDIS 5.0 Driver" "Realtek Semiconductor Corporation" "c:\windows\system32\drivers\rtl8139.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SNP2UVC" "USB2.0 PC Camera driver" "" "c:\windows\system32\drivers\snp2uvc.sys"
+ "sscebus" "SAMSUNG USB Composite Device V2 Driver" "MCCI Corporation" "c:\windows\system32\drivers\sscebus.sys"
+ "sscemdfl" "SAMSUNG Mobile Modem V2 Filter" "MCCI Corporation" "c:\windows\system32\drivers\sscemdfl.sys"
+ "sscemdm" "SAMSUNG Mobile Modem V2 Drivers" "MCCI Corporation" "c:\windows\system32\drivers\sscemdm.sys"
+ "ssmdrv" "Avira Snapshot Driver" "Avira GmbH" "c:\windows\system32\drivers\ssmdrv.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
+ "tandpl" "" "" "c:\windows\system32\drivers\tandpl.sys"
+ "UIUSys" "" "" "File not found: system32\DRIVERS\UIUSYS.SYS"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "w39n51" "Intel® Wireless LAN Driver" "Intel® Corporation" "c:\windows\system32\drivers\w39n51.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
+ "xmasbus" "Plug and Play BIOS Extension" " " "c:\windows\system32\drivers\xmasbus.sys"
+ "xmasscsi" "SCSI miniport" " " "c:\windows\system32\drivers\xmasscsi.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3filter" "" "" "c:\windows\system32\ac3filter.acm"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "msacm.vorbis" "Ogg Vorbis CODEC for MSACM" "HMS http://hp.vector.co.jp/authors/VA012897/" "c:\windows\system32\vorbis.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "VIDC.FFDS" "" "" "c:\windows\system32\ff_vfw.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "VIDC.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "vidc.yv12" "Helix YV12 YUV Codec" "www.helixcommunity.org" "c:\windows\system32\yv12vfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "IL FL Studio DXi" "" "Image-Line" "c:\program files\image-line\fl studio 10\system\plugin\dxi\fl studio dxi.dll"
+ "IL FL Studio DXi" "" "Image-Line" "c:\program files\image-line\fl studio 10\system\plugin\dxi\fl studio dxi.dll"
+ "IL Multi FL Studio DXi" "" "Image-Line" "c:\program files\image-line\fl studio 10\system\plugin\dxi\fl studio dxi (multi).dll"
+ "IL Multi FL Studio DXi" "" "Image-Line" "c:\program files\image-line\fl studio 10\system\plugin\dxi\fl studio dxi (multi).dll"
+ "IL Wasp DXi" "" "Image-Line" "c:\program files\image-line\wasp\wasp dxi.dll"
+ "IL Wasp DXi" "" "Image-Line" "c:\program files\image-line\wasp\wasp dxi.dll"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "NI Massive" "Massive" "Native Instruments GmbH" "c:\program files\native instruments\massive\dxi\massivedxi.dll"
+ "NI Massive" "Massive" "Native Instruments GmbH" "c:\program files\native instruments\massive\dxi\massivedxi.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "aac_parser" "Direct show parser filter for ADTS" "" "c:\program files\winamp remote\bin\aac_parser.ax"
+ "AC3File" "" "" "c:\program files\k-lite codec pack\filters\ac3file.ax"
+ "AC3Filter" "ac3filter" "" "c:\program files\k-lite codec pack\filters\ac3filter.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AVI Writer" "" "" "c:\program files\common files\muvee technologies\divx\aviwriter.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CoreAAC Audio Decoder" "CoreAAC" "" "c:\program files\winamp remote\bin\coreaac.ax"
+ "CoreAVC Video Decoder" "CoreAVC DirectShow Video Decoder" "CoreCodec, Inc." "c:\program files\k-lite codec pack\filters\coreavcdecoder.ax"
+ "CoreVorbis Audio Decoder" "CoreVorbis" "-" "c:\program files\k-lite codec pack\filters\corevorbis.ax"
+ "Creative CDDA Source Filter" "CDDA Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\cdda.ax"
+ "Creative Flac Source Filter" "Creative FLAC Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\flacsrcu.ax"
+ "Creative Frame Rate Converter" "Creative Frame Rate Converter" "Creative Technology Ltd" "c:\program files\creative\shared files\ctfrconv.ax"
+ "Creative Media Select" "" "Creative Technology Ltd." "c:\program files\creative\shared files\mediasel.ax"
+ "Creative MJPEG Encoder Filter" "Creative MJPEG Encoder Filter" "Creative Technology Ltd." "c:\program files\creative\shared files\mjpgencu.ax"
+ "Creative Ogg Source Filter" "Creative Ogg Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\oggsrcu.ax"
+ "Creative QT Source Filter" "Creative QT Source Filter" "Creative Technology Ltd." "c:\program files\creative\shared files\ctqtsf.ax"
+ "Creative Video Processing Filter" "Creative Video Processing Filter" "Creative Technology Ltd." "c:\program files\creative\shared files\vidprocu.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\claud.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer (HP_QP2005)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder (PDVD7)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\k-lite codec pack\filters\clline21.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clline21.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\hp\quickplay\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clvsd.ax"
+ "CyberLink Video/SP Decoder (PDVD7)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\k-lite codec pack\filters\clvsd.ax"
+ "DC-Bass Source" "DirectShow™ Audio Decoder" "http://www.dsp-worx.de" "c:\program files\k-lite codec pack\filters\dcbasssource.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "FLV Source" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "FLV Splitter" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "FLV Video Decoder" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MainConcept (Muvee) MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveedsmpeg.ax"
+ "MainConcept (Muvee) MPEG Audio Encoder" "MPEG Audio Encoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveeeampeg.ax"
+ "MainConcept (Muvee) MPEG Splitter" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveespmpeg.ax"
+ "MainConcept (Muvee) MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveedsmpeg.ax"
+ "MainConcept MPEG Audio Encoder" "MPEG Audio Encoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept\mceampeg.ax"
+ "Mp3Dump" "" "Creative Technology Ltd." "c:\program files\creative\shared files\mp3dump.ax"
+ "MP4 Source" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MP4 Splitter" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\program files\k-lite codec pack\filters\l3codecx.ax"
+ "MPEG4 Video Source" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPEG4 Video Splitter" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MpegAudio Filter" "MpegAudio Module" "DScaler Team" "c:\program files\winamp remote\bin\dscaler5\mpegaudio.dll"
+ "MpegVideo Filter" "MpegVideo Module" "DScaler Team" "c:\program files\winamp remote\bin\dscaler5\mpegvideo.dll"
+ "muvee HXImage Filter" "HXImage Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\hximagefilter.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvvanalyse.ax"
+ "Nero Audio CD Filter" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio Processor" "Nero Audio Processor" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudioconv.ax"
+ "Nero Audio Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Digital Audio Decoder" "Nero Audio Decoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudio.ax"
+ "Nero Digital AVC Audio Encoder" "AAC LC/HE Audio Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendaud.ax"
+ "Nero Digital AVC File Writer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Muxer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Null Renderer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital Parser" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero DV Splitter" "DV Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvsplitter.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero DVD Navigator" "DVD Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvd.ax"
+ "Nero ES Video Reader" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero File Source" "Nero SVCD source filter" "Nero AG " "c:\program files\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero File Source (Async.)" "NeFileSourceAsync" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nefilesourceasync.ax"
+ "Nero File Source / Splitter" "Push Mode VOB Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nefsource.ax"
+ "Nero Format Converter" "Frame rate / Color space converter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neroformatconv.ax"
+ "Nero Frame Capture" "Direct Show frame grabber filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\necapture.ax"
+ "Nero Mpeg2 Encoder" "MPEG 1/2 Video Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcr.ax"
+ "Nero Photo Source" "NePhotoSource" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nephotosource.ax"
+ "Nero PS Muxer" "" "" "c:\program files\common files\ahead\dsfilter\nepsmuxer.ax"
+ "Nero QuickTime™ Audio Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero QuickTime™ Video Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero Resize" "Nero Resizing Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neresize.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Splitter" "Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesplitter.ax"
+ "Nero Vcd Navigator" "Nero Vcd Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcd.ax"
+ "Nero Video Analyzer" "Nero Video Analyzer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideoanalyzer.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Processor" "" "" "c:\program files\common files\ahead\dsfilter\nerovideoproc.ax"
+ "Nero Video Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Orb RTSP Source Filter" " OrbRTSPSource Filter Dynamic Link Library" "" "c:\program files\winamp remote\bin\orbrtspsource.ax"
+ "OrbNSVSourceFilter" "OrbNSVSource Filter" "Orb Networks, Inc." "c:\program files\winamp remote\bin\orbnsvsourcefilter.ax"
+ "OrbSourceFilter" "OrbSourceFilter" "" "c:\program files\winamp remote\bin\orbsourcefilter.ax"
+ "OrbUrlSource" "OrbUrlSource.ax" "Orb Networks, Inc." "c:\program files\winamp remote\bin\orburlsource.ax"
+ "QuickTime Encoder" "QuickTime Encoder" "muvee Technologies" "c:\program files\common files\muvee technologies\030625\quicktimesink.ax"
+ "QuickTime Source Filter" "QuickTimeSource Module" "" "c:\program files\common files\muvee technologies\030625\quicktimesource.dll"
+ "QuickTimeRenderer Filter" "QuickTimeRenderer Filter" "muvee Technologies Pte. Ltd." "c:\program files\common files\muvee technologies\030625\quicktimerenderer.ax"
+ "RadLight MPC DirectShow Filter" "RLMPCDec" "RadLight" "c:\program files\k-lite codec pack\filters\rlmpcdec.ax"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "T" "VP6 Decompression Filter" "On2.com Inc." "c:\program files\k-lite codec pack\filters\vp6dec.ax"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "c:\program files\k-lite codec pack\filters\vp7dec.ax"
+ "Tivo DirectShow Source Filter" "TiVo DirectShow Filter" "TiVo Inc." "c:\program files\common files\tivo shared\directshow\tivodirectshowfilter.dll"
+ "Video Memory Render Filter" "" "" "c:\program files\image-line\fl studio 10\plugins\fruity\effects\zgameeditor visualizer\videomemoryrenderfilter.ax"
+ "Wave Transform" "" "Creative Technology Ltd." "c:\program files\creative\shared files\wavtrans.ax"
+ "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "-" "c:\program files\k-lite codec pack\filters\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "-" "c:\program files\k-lite codec pack\filters\wavpackdssplitter.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "doPDF 7 Monitor" "doPDF Port Monitor" "Softland" "c:\windows\system32\dopdfmn7.dll"
+ "EPSON V5 2KMonitor" "EPSON Bidirectional Monitor" "SEIKO EPSON CORPORATION" "c:\windows\system32\ebpmon2.dll"








I should mention that though cpcts.dll does not appear in this autoruns log, I opened msconfig after running these scans and checked the startup processes, and the entry is still listed there (with the box unchecked, as I left it): "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Gary\Application Data\cpcts.dll",Number_Subtract SOFTWARE\Microsoft\Windows\CurrentVersion\Run
I'm not sure if that's a problem anymore to have that still there, but I just thought you ought to know.
Also: The reason the hosts file couldn't be edited by Rkill is because I have my Avira software set up to protect the hosts file so it can't be edited. I'd rather not run that .bat file it's recommending, if possible.
Any recommendations on where to go from here?

Edited by antipode56, 24 October 2012 - 04:29 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:07 PM

Posted 24 October 2012 - 05:49 PM

Open msconfig and change the startup to normal

Now run autoruns and post the new log

#9 antipode56

antipode56
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 24 October 2012 - 06:18 PM

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "AdobeAAMUpdater-1.0" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"
+ "AdobeCS5ServiceManager" "Adobe CS5 Service Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\cs5servicemanager\cs5servicemanager.exe"
+ "AppleSyncNotifier" "AppleSyncNotifier" "Apple Inc." "c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "avgnt" "Avira System Tray Tool" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avgnt.exe"
+ "cpcts" "" "" "File not found: C:\Documents and Settings\Gary\Application Data\cpcts.dll"
+ "Cpqset" "" "" "c:\program files\hewlett-packard\default settings\cpqset.exe"
+ "High Definition Audio Property Page Shortcut" "High Definition Audio Property Page Shortcut v1.0" "Windows ® Server 2003 DDK provider" "c:\windows\system32\chdaudpropshortcut.exe"
+ "hpWirelessAssistant" "HP Wireless Assistant Module" "Hewlett-Packard Development Company, L.P." "c:\program files\hpq\hp wireless assistant\hp wireless assistant.exe"
+ "ISUSScheduler" "InstallShield Update Service Scheduler" "Macrovision Corporation" "c:\program files\common files\installshield\updateservice\issch.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "LogMeIn Hamachi Ui" "Hamachi Client Application" "LogMeIn Inc." "c:\program files\logmein hamachi\hamachi-2-ui.exe"
+ "MSPY2002" "" "" "c:\windows\system32\ime\pintlgnt\imscinst.exe"
+ "NeroFilterCheck" "NeroCheck" "Ahead Software Gmbh" "c:\windows\system32\nerocheck.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 120.86 " "NVIDIA Corporation" "c:\windows\system32\nwiz.exe"
+ "QPService" "HP QuickPlay Resident Program" "CyberLink Corp." "c:\program files\hp\quickplay\qpservice.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RecGuard" "Recguard Application" "" "c:\windows\sminst\recguard.exe"
+ "StxTrayMenu" "FreeAgent™ Launcher" "Seagate LLC" "c:\program files\seagate\systemtray\stxmenumgr.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SwitchBoard" "SwitchBoard Server (32 bit)" "Adobe Systems Incorporated" "c:\program files\common files\adobe\switchboard\switchboard.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpenh.exe"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files\common files\real\update_ob\realsched.exe"
+ "XboxStat" "XBoxStat.exe" "Microsoft Corporation" "c:\program files\microsoft xbox 360 accessories\xboxstat.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "HP Pavilion Webcam Tray Icon.lnk" "HPWebcam" "" "c:\program files\hewlett-packard\hp pavilion webcam\hpwebcam.exe"
"C:\Documents and Settings\Gary\Start Menu\Programs\StartUp" "" "" ""
+ "Adobe Gamma.lnk" "Adobe Gamma Loader" "Adobe Systems, Inc." "c:\program files\common files\adobe\calibration\adobe gamma loader.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Aim" "AOL Instant Messenger" "AOL Inc." "c:\program files\aim7\aim.exe"
+ "F.lux" "" "" "c:\documents and settings\gary\local settings\apps\f.lux\flux.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\documents and settings\gary\local settings\application data\google\update\googleupdate.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
+ "skype-ie-addon-data" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "Shell Extension for Malware scanning" "Avira Shell Extension Library" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\shlext.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files\filezilla client\fzshellext.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 120.86 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "Shell Extension for Malware scanning" "Avira Shell Extension Library" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\shlext.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "1TortoiseNormal" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "2TortoiseModified" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "3TortoiseConflict" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "4TortoiseLocked" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "5TortoiseReadOnly" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "6TortoiseDeleted" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "7TortoiseAdded" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "8TortoiseIgnored" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "9TortoiseUnversioned" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "AIM" "AOL Instant Messenger" "America Online, Inc." "c:\program files\aim\aim.exe"
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "GoogleUpdateTaskUserS-1-5-21-2267045550-1316354526-338541988-1005Core.job" "Google Installer" "Google Inc." "c:\documents and settings\gary\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-2267045550-1316354526-338541988-1005UA.job" "Google Installer" "Google Inc." "c:\documents and settings\gary\local settings\application data\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AddFiltr" "Add Filter For Usb" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\hp quick launch buttons\addfiltr.exe"
+ "Adobe LM Service" "AdobeLM Service" "Adobe Systems" "c:\program files\common files\adobe systems shared\service\adobelmsvc.exe"
+ "AntiVirSchedulerService" "Service to schedule Avira Free Antivirus jobs and updates." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\sched.exe"
+ "AntiVirService" "Offers permanent protection against viruses and malware with the Avira search engine." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avguard.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "CTDevice_Srv" "CTDevSrv Window Service Application" "Creative Technology Ltd" "c:\program files\creative\shared files\ctdevsrv.exe"
+ "CTUPnPSv" "Creative Centrale Media Server Service" "Creative Technology Ltd" "c:\program files\creative\creative centrale\ctupnpsv.exe"
+ "Hamachi2Svc" "Hamachi Client Tunneling Engine" "LogMeIn Inc." "c:\program files\logmein hamachi\hamachi-2.exe"
+ "hpqwmiex" "hpqwmiex Module" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\shared\hpqwmiex.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\java\jre7\bin\jqs.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"
+ "Macromedia Licensing Service" "Provides authentication services for Macromedia applications." "" "c:\program files\common files\macromedia shared\service\macromedia licensing.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "S3DSvc32" "Inject and UnInject 3D driver" "iZ3D Inc." "c:\program files\iz3d driver\win32\s3dcservice.exe"
+ "Skype C2C Service" "Skype Click to Call Update Service" "Skype Technologies S.A." "c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "SwitchBoard" "Adobe SwitchBoard" "Adobe Systems Incorporated" "c:\program files\common files\adobe\switchboard\switchboard.exe"
+ "WMConnectCDS" "Shares media with media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media connect 2\wmccds.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "5U870CAP_VID_1262&PID_25FD" "Ricoh USB Camera driver" "Ricoh" "c:\windows\system32\drivers\5u870cap.sys"
+ "AliIde" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "avgntflt" "Avira mini-filter driver" "Avira Operations GmbH & Co. KG" "c:\windows\system32\drivers\avgntflt.sys"
+ "avipbb" "Avira Security Enhancement Driver" "Avira Operations GmbH & Co. KG" "c:\windows\system32\drivers\avipbb.sys"
+ "avkmgr" "Avira Manager Driver" "Avira Operations GmbH & Co. KG" "c:\windows\system32\drivers\avkmgr.sys"
+ "BTWUSB" "Driver for Bluetooth USB Devices" "Broadcom Corporation." "c:\windows\system32\drivers\btwusb.sys"
+ "CFcatchme" "" "" "File not found: C:\ComboFix\CFcatchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "e1express" "Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1e5132.sys"
+ "eabfiltr" "QLB PS/2 Keyboard filter driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\eabfiltr.sys"
+ "eabusb" "QLB USB Keyboard filter driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\eabusb.sys"
+ "enodpl" "" "" "c:\windows\system32\drivers\enodpl.sys"
+ "epmntdrv" "" "" "c:\windows\system32\epmntdrv.sys"
+ "EuGdiDrv" "" "" "c:\windows\system32\eugdidrv.sys"
+ "FsUsbExDisk" "" "" "c:\windows\system32\fsusbexdisk.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hamachi" "Hamachi Virtual Network Interface Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\hamachi.sys"
+ "HBtnKey" "HP Tablet PC Key Button HID Driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\cpqbttn.sys"
+ "HdAudAddService" "High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdaud.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dpv.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwazl.sys"
+ "iaStor" "Intel Matrix Storage Manager driver" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iComp" "Conexant USB WDM Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\p2usbwdm.sys"
+ "iZ3DInjectionDriver" "" "" "c:\program files\iz3d driver\win32\s3dinjectiondriver.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "motccgp" "Motorola USB Composite Device Driver" "Motorola" "c:\windows\system32\drivers\motccgp.sys"
+ "motccgpfl" "Motorola USB Composite Filter Driver" "Motorola" "c:\windows\system32\drivers\motccgpfl.sys"
+ "MotDev" "Motorola USB Composite/Flash Driver" "Motorola Inc" "c:\windows\system32\drivers\motodrv.sys"
+ "motmodem" "Motorola USB Modem and Ports Driver" "Motorola" "c:\windows\system32\drivers\motmodem.sys"
+ "NSNDIS5" "NetStumbler NDIS 5.0 Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\windows\system32\nsndis5.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 179.48 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "rimmptsk" "RICOH MMC Driver" "REDC" "c:\windows\system32\drivers\rimmptsk.sys"
+ "rimsptsk" "RICOH MS Driver" "REDC" "c:\windows\system32\drivers\rimsptsk.sys"
+ "rismxdp" "RICOH XD SM Driver" "REDC" "c:\windows\system32\drivers\rixdptsk.sys"
+ "rtl8139" "Realtek RTL8139 NDIS 5.0 Driver" "Realtek Semiconductor Corporation" "c:\windows\system32\drivers\rtl8139.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SNP2UVC" "USB2.0 PC Camera driver" "" "c:\windows\system32\drivers\snp2uvc.sys"
+ "sscebus" "SAMSUNG USB Composite Device V2 Driver" "MCCI Corporation" "c:\windows\system32\drivers\sscebus.sys"
+ "sscemdfl" "SAMSUNG Mobile Modem V2 Filter" "MCCI Corporation" "c:\windows\system32\drivers\sscemdfl.sys"
+ "sscemdm" "SAMSUNG Mobile Modem V2 Drivers" "MCCI Corporation" "c:\windows\system32\drivers\sscemdm.sys"
+ "ssmdrv" "Avira Snapshot Driver" "Avira GmbH" "c:\windows\system32\drivers\ssmdrv.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
+ "tandpl" "" "" "c:\windows\system32\drivers\tandpl.sys"
+ "UIUSys" "" "" "File not found: system32\DRIVERS\UIUSYS.SYS"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "w39n51" "Intel® Wireless LAN Driver" "Intel® Corporation" "c:\windows\system32\drivers\w39n51.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
+ "xmasbus" "Plug and Play BIOS Extension" " " "c:\windows\system32\drivers\xmasbus.sys"
+ "xmasscsi" "SCSI miniport" " " "c:\windows\system32\drivers\xmasscsi.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3filter" "" "" "c:\windows\system32\ac3filter.acm"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "msacm.vorbis" "Ogg Vorbis CODEC for MSACM" "HMS http://hp.vector.co.jp/authors/VA012897/" "c:\windows\system32\vorbis.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "VIDC.FFDS" "" "" "c:\windows\system32\ff_vfw.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "VIDC.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "vidc.yv12" "Helix YV12 YUV Codec" "www.helixcommunity.org" "c:\windows\system32\yv12vfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "IL FL Studio DXi" "" "Image-Line" "c:\program files\image-line\fl studio 10\system\plugin\dxi\fl studio dxi.dll"
+ "IL FL Studio DXi" "" "Image-Line" "c:\program files\image-line\fl studio 10\system\plugin\dxi\fl studio dxi.dll"
+ "IL Multi FL Studio DXi" "" "Image-Line" "c:\program files\image-line\fl studio 10\system\plugin\dxi\fl studio dxi (multi).dll"
+ "IL Multi FL Studio DXi" "" "Image-Line" "c:\program files\image-line\fl studio 10\system\plugin\dxi\fl studio dxi (multi).dll"
+ "IL Wasp DXi" "" "Image-Line" "c:\program files\image-line\wasp\wasp dxi.dll"
+ "IL Wasp DXi" "" "Image-Line" "c:\program files\image-line\wasp\wasp dxi.dll"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "NI Massive" "Massive" "Native Instruments GmbH" "c:\program files\native instruments\massive\dxi\massivedxi.dll"
+ "NI Massive" "Massive" "Native Instruments GmbH" "c:\program files\native instruments\massive\dxi\massivedxi.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "aac_parser" "Direct show parser filter for ADTS" "" "c:\program files\winamp remote\bin\aac_parser.ax"
+ "AC3File" "" "" "c:\program files\k-lite codec pack\filters\ac3file.ax"
+ "AC3Filter" "ac3filter" "" "c:\program files\k-lite codec pack\filters\ac3filter.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AVI Writer" "" "" "c:\program files\common files\muvee technologies\divx\aviwriter.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CoreAAC Audio Decoder" "CoreAAC" "" "c:\program files\winamp remote\bin\coreaac.ax"
+ "CoreAVC Video Decoder" "CoreAVC DirectShow Video Decoder" "CoreCodec, Inc." "c:\program files\k-lite codec pack\filters\coreavcdecoder.ax"
+ "CoreVorbis Audio Decoder" "CoreVorbis" "-" "c:\program files\k-lite codec pack\filters\corevorbis.ax"
+ "Creative CDDA Source Filter" "CDDA Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\cdda.ax"
+ "Creative Flac Source Filter" "Creative FLAC Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\flacsrcu.ax"
+ "Creative Frame Rate Converter" "Creative Frame Rate Converter" "Creative Technology Ltd" "c:\program files\creative\shared files\ctfrconv.ax"
+ "Creative Media Select" "" "Creative Technology Ltd." "c:\program files\creative\shared files\mediasel.ax"
+ "Creative MJPEG Encoder Filter" "Creative MJPEG Encoder Filter" "Creative Technology Ltd." "c:\program files\creative\shared files\mjpgencu.ax"
+ "Creative Ogg Source Filter" "Creative Ogg Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\oggsrcu.ax"
+ "Creative QT Source Filter" "Creative QT Source Filter" "Creative Technology Ltd." "c:\program files\creative\shared files\ctqtsf.ax"
+ "Creative Video Processing Filter" "Creative Video Processing Filter" "Creative Technology Ltd." "c:\program files\creative\shared files\vidprocu.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\claud.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer (HP_QP2005)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder (PDVD7)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\k-lite codec pack\filters\clline21.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clline21.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\hp\quickplay\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clvsd.ax"
+ "CyberLink Video/SP Decoder (PDVD7)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\k-lite codec pack\filters\clvsd.ax"
+ "DC-Bass Source" "DirectShow™ Audio Decoder" "http://www.dsp-worx.de" "c:\program files\k-lite codec pack\filters\dcbasssource.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "FLV Source" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "FLV Splitter" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "FLV Video Decoder" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MainConcept (Muvee) MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveedsmpeg.ax"
+ "MainConcept (Muvee) MPEG Audio Encoder" "MPEG Audio Encoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveeeampeg.ax"
+ "MainConcept (Muvee) MPEG Splitter" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveespmpeg.ax"
+ "MainConcept (Muvee) MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveedsmpeg.ax"
+ "MainConcept MPEG Audio Encoder" "MPEG Audio Encoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept\mceampeg.ax"
+ "Mp3Dump" "" "Creative Technology Ltd." "c:\program files\creative\shared files\mp3dump.ax"
+ "MP4 Source" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MP4 Splitter" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\program files\k-lite codec pack\filters\l3codecx.ax"
+ "MPEG4 Video Source" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPEG4 Video Splitter" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MpegAudio Filter" "MpegAudio Module" "DScaler Team" "c:\program files\winamp remote\bin\dscaler5\mpegaudio.dll"
+ "MpegVideo Filter" "MpegVideo Module" "DScaler Team" "c:\program files\winamp remote\bin\dscaler5\mpegvideo.dll"
+ "muvee HXImage Filter" "HXImage Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\hximagefilter.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvvanalyse.ax"
+ "Nero Audio CD Filter" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio Processor" "Nero Audio Processor" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudioconv.ax"
+ "Nero Audio Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Digital Audio Decoder" "Nero Audio Decoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudio.ax"
+ "Nero Digital AVC Audio Encoder" "AAC LC/HE Audio Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendaud.ax"
+ "Nero Digital AVC File Writer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Muxer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Null Renderer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital Parser" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero DV Splitter" "DV Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvsplitter.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero DVD Navigator" "DVD Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvd.ax"
+ "Nero ES Video Reader" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero File Source" "Nero SVCD source filter" "Nero AG " "c:\program files\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero File Source (Async.)" "NeFileSourceAsync" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nefilesourceasync.ax"
+ "Nero File Source / Splitter" "Push Mode VOB Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nefsource.ax"
+ "Nero Format Converter" "Frame rate / Color space converter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neroformatconv.ax"
+ "Nero Frame Capture" "Direct Show frame grabber filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\necapture.ax"
+ "Nero Mpeg2 Encoder" "MPEG 1/2 Video Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcr.ax"
+ "Nero Photo Source" "NePhotoSource" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nephotosource.ax"
+ "Nero PS Muxer" "" "" "c:\program files\common files\ahead\dsfilter\nepsmuxer.ax"
+ "Nero QuickTime™ Audio Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero QuickTime™ Video Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero Resize" "Nero Resizing Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neresize.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Splitter" "Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesplitter.ax"
+ "Nero Vcd Navigator" "Nero Vcd Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcd.ax"
+ "Nero Video Analyzer" "Nero Video Analyzer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideoanalyzer.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Processor" "" "" "c:\program files\common files\ahead\dsfilter\nerovideoproc.ax"
+ "Nero Video Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Orb RTSP Source Filter" " OrbRTSPSource Filter Dynamic Link Library" "" "c:\program files\winamp remote\bin\orbrtspsource.ax"
+ "OrbNSVSourceFilter" "OrbNSVSource Filter" "Orb Networks, Inc." "c:\program files\winamp remote\bin\orbnsvsourcefilter.ax"
+ "OrbSourceFilter" "OrbSourceFilter" "" "c:\program files\winamp remote\bin\orbsourcefilter.ax"
+ "OrbUrlSource" "OrbUrlSource.ax" "Orb Networks, Inc." "c:\program files\winamp remote\bin\orburlsource.ax"
+ "QuickTime Encoder" "QuickTime Encoder" "muvee Technologies" "c:\program files\common files\muvee technologies\030625\quicktimesink.ax"
+ "QuickTime Source Filter" "QuickTimeSource Module" "" "c:\program files\common files\muvee technologies\030625\quicktimesource.dll"
+ "QuickTimeRenderer Filter" "QuickTimeRenderer Filter" "muvee Technologies Pte. Ltd." "c:\program files\common files\muvee technologies\030625\quicktimerenderer.ax"
+ "RadLight MPC DirectShow Filter" "RLMPCDec" "RadLight" "c:\program files\k-lite codec pack\filters\rlmpcdec.ax"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "T" "VP6 Decompression Filter" "On2.com Inc." "c:\program files\k-lite codec pack\filters\vp6dec.ax"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "c:\program files\k-lite codec pack\filters\vp7dec.ax"
+ "Tivo DirectShow Source Filter" "TiVo DirectShow Filter" "TiVo Inc." "c:\program files\common files\tivo shared\directshow\tivodirectshowfilter.dll"
+ "Video Memory Render Filter" "" "" "c:\program files\image-line\fl studio 10\plugins\fruity\effects\zgameeditor visualizer\videomemoryrenderfilter.ax"
+ "Wave Transform" "" "Creative Technology Ltd." "c:\program files\creative\shared files\wavtrans.ax"
+ "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "-" "c:\program files\k-lite codec pack\filters\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "-" "c:\program files\k-lite codec pack\filters\wavpackdssplitter.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "doPDF 7 Monitor" "doPDF Port Monitor" "Softland" "c:\windows\system32\dopdfmn7.dll"
+ "EPSON V5 2KMonitor" "EPSON Bidirectional Monitor" "SEIKO EPSON CORPORATION" "c:\windows\system32\ebpmon2.dll"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:07 PM

Posted 24 October 2012 - 06:24 PM

Launch Autoruns and uncheck this entry
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "cpcts" "" "" "File not found: C:\Documents and Settings\Gary\Application Data\cpcts.dll"

Any current issues?

#11 antipode56

antipode56
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 24 October 2012 - 06:56 PM

Excellent, that removed it from the msconfig listing. No other issues I can see as of now - I've now tried Safely Remove Hardware and was able to eject my external harddrive normally without the bluescreen (whew), the rundll issue seems to be taken care of, and I'm no longer getting Google redirects! I assume that was being caused by that JS/Redirector.NIQ trojan which ESET took care of.

Again, my eternal thanks for your help getting this resolved! Nothing like having a secure PC again.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:07 PM

Posted 24 October 2012 - 07:14 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users