Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with removing Mozilla Safe Browsing 2.0.14


  • Please log in to reply
12 replies to this topic

#1 molitar

molitar

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 04 November 2012 - 03:17 PM

I can not seem to find where this extension has added itself to get it removed from my Mozilla Firefox. Had it removed once but must have missed something because it's back again and not in the same location. Need some help removing this one. Thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 PM

Posted 04 November 2012 - 03:22 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 molitar

molitar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 04 November 2012 - 03:28 PM

Ok already started that process before you replied.. here is the tdss log.

15:20:34.0322 4976 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:20:34.0607 4976 ============================================================
15:20:34.0607 4976 Current date / time: 2012/11/04 15:20:34.0607
15:20:34.0607 4976 SystemInfo:
15:20:34.0607 4976
15:20:34.0608 4976 OS Version: 6.1.7600 ServicePack: 1.0
15:20:34.0608 4976 Product type: Workstation
15:20:34.0608 4976 ComputerName: ALLEGIANCE
15:20:34.0608 4976 UserName: malaac
15:20:34.0608 4976 Windows directory: C:\Windows
15:20:34.0608 4976 System windows directory: C:\Windows
15:20:34.0608 4976 Processor architecture: Intel x86
15:20:34.0608 4976 Number of processors: 4
15:20:34.0608 4976 Page size: 0x1000
15:20:34.0608 4976 Boot type: Normal boot
15:20:34.0608 4976 ============================================================
15:20:35.0202 4976 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:20:35.0212 4976 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:20:35.0227 4976 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:20:42.0251 4976 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:20:42.0253 4976 Drive \Device\Harddisk4\DR4 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:20:42.0262 4976 ============================================================
15:20:42.0262 4976 \Device\Harddisk0\DR0:
15:20:42.0262 4976 MBR partitions:
15:20:42.0262 4976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E06CC1
15:20:42.0262 4976 \Device\Harddisk1\DR1:
15:20:42.0278 4976 MBR partitions:
15:20:42.0278 4976 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
15:20:42.0278 4976 \Device\Harddisk2\DR2:
15:20:42.0278 4976 MBR partitions:
15:20:42.0278 4976 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
15:20:42.0278 4976 \Device\Harddisk3\DR3:
15:20:42.0282 4976 MBR partitions:
15:20:42.0282 4976 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x1000, BlocksNum 0xE8E064C1
15:20:42.0282 4976 \Device\Harddisk4\DR4:
15:20:42.0282 4976 MBR partitions:
15:20:42.0283 4976 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
15:20:42.0283 4976 ============================================================
15:20:42.0284 4976 E: <-> \Device\Harddisk3\DR3\Partition1
15:20:42.0355 4976 F: <-> \Device\Harddisk0\DR0\Partition1
15:20:42.0382 4976 D: <-> \Device\Harddisk2\DR2\Partition1
15:20:42.0385 4976 C: <-> \Device\Harddisk4\DR4\Partition1
15:20:42.0412 4976 G: <-> \Device\Harddisk1\DR1\Partition1
15:20:42.0413 4976 ============================================================
15:20:42.0413 4976 Initialize success
15:20:42.0413 4976 ============================================================
15:21:02.0284 6320 ============================================================
15:21:02.0285 6320 Scan started
15:21:02.0285 6320 Mode: Manual; TDLFS;
15:21:02.0285 6320 ============================================================
15:21:03.0003 6320 ================ Scan system memory ========================
15:21:03.0003 6320 System memory - ok
15:21:03.0003 6320 ================ Scan services =============================
15:21:03.0042 6320 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:21:03.0043 6320 1394ohci - ok
15:21:03.0048 6320 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:21:03.0050 6320 ACPI - ok
15:21:03.0053 6320 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:21:03.0054 6320 AcpiPmi - ok
15:21:03.0060 6320 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:21:03.0063 6320 adp94xx - ok
15:21:03.0068 6320 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:21:03.0070 6320 adpahci - ok
15:21:03.0074 6320 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:21:03.0075 6320 adpu320 - ok
15:21:03.0081 6320 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:21:03.0081 6320 AeLookupSvc - ok
15:21:03.0086 6320 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
15:21:03.0089 6320 AFD - ok
15:21:03.0093 6320 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
15:21:03.0094 6320 agp440 - ok
15:21:03.0097 6320 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:21:03.0098 6320 aic78xx - ok
15:21:03.0101 6320 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
15:21:03.0102 6320 ALG - ok
15:21:03.0105 6320 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
15:21:03.0105 6320 aliide - ok
15:21:03.0110 6320 [ E608D708EFE1F8AE7160DB7C0DE4D8E6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:21:03.0112 6320 AMD External Events Utility - ok
15:21:03.0120 6320 AMD FUEL Service - ok
15:21:03.0123 6320 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:21:03.0124 6320 amdagp - ok
15:21:03.0127 6320 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
15:21:03.0128 6320 amdide - ok
15:21:03.0131 6320 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:21:03.0132 6320 AmdK8 - ok
15:21:03.0194 6320 [ F611C341A8B0926D6C2D6417464BD11E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:21:03.0249 6320 amdkmdag - ok
15:21:03.0257 6320 [ C08F6E9987D2AACFF9653ADB30C4DA3D ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:21:03.0260 6320 amdkmdap - ok
15:21:03.0263 6320 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:21:03.0264 6320 AmdPPM - ok
15:21:03.0267 6320 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:21:03.0268 6320 amdsata - ok
15:21:03.0273 6320 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:21:03.0274 6320 amdsbs - ok
15:21:03.0277 6320 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:21:03.0278 6320 amdxata - ok
15:21:03.0282 6320 [ B63E2783AD88339A725329ACCE4E2F93 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
15:21:03.0282 6320 amd_sata - ok
15:21:03.0285 6320 [ DE00FE55A9C5902720F8B72027C5B750 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
15:21:03.0286 6320 amd_xata - ok
15:21:03.0289 6320 [ 66F4DE5876DC1A47BA1ACE909FA9AEEF ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
15:21:03.0290 6320 AODDriver4.01 - ok
15:21:03.0293 6320 [ 66F4DE5876DC1A47BA1ACE909FA9AEEF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
15:21:03.0293 6320 AODDriver4.2 - ok
15:21:03.0298 6320 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
15:21:03.0298 6320 AppID - ok
15:21:03.0301 6320 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:21:03.0302 6320 AppIDSvc - ok
15:21:03.0305 6320 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
15:21:03.0306 6320 Appinfo - ok
15:21:03.0310 6320 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:21:03.0311 6320 Apple Mobile Device - ok
15:21:03.0315 6320 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
15:21:03.0316 6320 AppMgmt - ok
15:21:03.0320 6320 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
15:21:03.0320 6320 arc - ok
15:21:03.0324 6320 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:21:03.0325 6320 arcsas - ok
15:21:03.0335 6320 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:21:03.0335 6320 aspnet_state - ok
15:21:03.0338 6320 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:21:03.0339 6320 AsyncMac - ok
15:21:03.0342 6320 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
15:21:03.0342 6320 atapi - ok
15:21:03.0348 6320 [ 434192D027A6A11E32E1C74C7C43E1ED ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
15:21:03.0349 6320 AtiHDAudioService - ok
15:21:03.0352 6320 [ 40A07E6916AC098E31A9E39AC202B8A1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
15:21:03.0353 6320 AtiHdmiService - ok
15:21:03.0356 6320 [ 4FFE74E33BD9170950116F0CA46EAC89 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
15:21:03.0357 6320 AtiPcie - ok
15:21:03.0363 6320 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:21:03.0367 6320 AudioEndpointBuilder - ok
15:21:03.0372 6320 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:21:03.0374 6320 Audiosrv - ok
15:21:03.0381 6320 [ F1CA8ED683D6945EFDC4492AB60B1460 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
15:21:03.0382 6320 AVP - ok
15:21:03.0386 6320 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:21:03.0387 6320 AxInstSV - ok
15:21:03.0392 6320 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
15:21:03.0395 6320 b06bdrv - ok
15:21:03.0400 6320 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:21:03.0402 6320 b57nd60x - ok
15:21:03.0407 6320 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
15:21:03.0408 6320 BDESVC - ok
15:21:03.0411 6320 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
15:21:03.0412 6320 Beep - ok
15:21:03.0432 6320 [ 512077C29D696D33D1161E0AF8C0F857 ] BestSyncSvc C:\Program Files\BestSync 2012\BestSyncSvc.exe
15:21:03.0450 6320 BestSyncSvc - ok
15:21:03.0457 6320 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
15:21:03.0460 6320 BFE - ok
15:21:03.0467 6320 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
15:21:03.0472 6320 BITS - ok
15:21:03.0476 6320 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:21:03.0477 6320 blbdrive - ok
15:21:03.0482 6320 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:21:03.0485 6320 Bonjour Service - ok
15:21:03.0489 6320 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:21:03.0489 6320 bowser - ok
15:21:03.0493 6320 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:21:03.0493 6320 BrFiltLo - ok
15:21:03.0496 6320 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:21:03.0497 6320 BrFiltUp - ok
15:21:03.0500 6320 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
15:21:03.0502 6320 Browser - ok
15:21:03.0507 6320 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:21:03.0509 6320 Brserid - ok
15:21:03.0512 6320 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:21:03.0513 6320 BrSerWdm - ok
15:21:03.0516 6320 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:21:03.0517 6320 BrUsbMdm - ok
15:21:03.0520 6320 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:21:03.0520 6320 BrUsbSer - ok
15:21:03.0525 6320 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
15:21:03.0527 6320 BrYNSvc - ok
15:21:03.0531 6320 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:21:03.0531 6320 BTHMODEM - ok
15:21:03.0536 6320 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
15:21:03.0537 6320 bthserv - ok
15:21:03.0540 6320 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:21:03.0541 6320 cdfs - ok
15:21:03.0545 6320 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:21:03.0546 6320 cdrom - ok
15:21:03.0549 6320 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
15:21:03.0550 6320 CertPropSvc - ok
15:21:03.0553 6320 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
15:21:03.0553 6320 circlass - ok
15:21:03.0558 6320 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
15:21:03.0560 6320 CLFS - ok
15:21:03.0565 6320 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:21:03.0566 6320 clr_optimization_v2.0.50727_32 - ok
15:21:03.0569 6320 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:21:03.0570 6320 clr_optimization_v4.0.30319_32 - ok
15:21:03.0574 6320 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:21:03.0575 6320 CmBatt - ok
15:21:03.0578 6320 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:21:03.0578 6320 cmdide - ok
15:21:03.0584 6320 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
15:21:03.0586 6320 CNG - ok
15:21:03.0590 6320 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:21:03.0590 6320 Compbatt - ok
15:21:03.0593 6320 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:21:03.0594 6320 CompositeBus - ok
15:21:03.0597 6320 COMSysApp - ok
15:21:03.0601 6320 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:21:03.0601 6320 crcdisk - ok
15:21:03.0607 6320 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:21:03.0609 6320 CryptSvc - ok
15:21:03.0615 6320 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
15:21:03.0617 6320 CSC - ok
15:21:03.0624 6320 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
15:21:03.0628 6320 CscService - ok
15:21:03.0635 6320 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
15:21:03.0639 6320 DcomLaunch - ok
15:21:03.0644 6320 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
15:21:03.0646 6320 defragsvc - ok
15:21:03.0649 6320 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:21:03.0650 6320 DfsC - ok
15:21:03.0654 6320 [ 50005CCAC474D525736D42D2C3435016 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
15:21:03.0655 6320 dg_ssudbus - ok
15:21:03.0659 6320 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:21:03.0661 6320 Dhcp - ok
15:21:03.0665 6320 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
15:21:03.0666 6320 discache - ok
15:21:03.0669 6320 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
15:21:03.0670 6320 Disk - ok
15:21:03.0673 6320 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:21:03.0674 6320 dmvsc - ok
15:21:03.0678 6320 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:21:03.0679 6320 Dnscache - ok
15:21:03.0684 6320 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
15:21:03.0686 6320 dot3svc - ok
15:21:03.0690 6320 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
15:21:03.0692 6320 DPS - ok
15:21:03.0695 6320 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:21:03.0696 6320 drmkaud - ok
15:21:03.0700 6320 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:21:03.0702 6320 dtsoftbus01 - ok
15:21:03.0710 6320 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:21:03.0715 6320 DXGKrnl - ok
15:21:03.0719 6320 [ C3CDC19B715514200F5CEC8BE5B9C9A8 ] Dyn Updater C:\Program Files\Dyn Updater\DynUpSvc.exe
15:21:03.0720 6320 Dyn Updater - ok
15:21:03.0724 6320 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
15:21:03.0725 6320 EapHost - ok
15:21:03.0748 6320 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
15:21:03.0767 6320 ebdrv - ok
15:21:03.0772 6320 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
15:21:03.0773 6320 EFS - ok
15:21:03.0779 6320 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:21:03.0782 6320 elxstor - ok
15:21:03.0785 6320 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:21:03.0785 6320 ErrDev - ok
15:21:03.0794 6320 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
15:21:03.0796 6320 EventSystem - ok
15:21:03.0800 6320 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
15:21:03.0802 6320 exfat - ok
15:21:03.0805 6320 [ 5D4BF387FAED15E832D5B575478A500C ] FARMNTIO c:\windows\system32\drivers\farmntio.sys
15:21:03.0805 6320 FARMNTIO - ok
15:21:03.0810 6320 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:21:03.0811 6320 fastfat - ok
15:21:03.0817 6320 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
15:21:03.0821 6320 Fax - ok
15:21:03.0825 6320 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:21:03.0825 6320 fdc - ok
15:21:03.0828 6320 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
15:21:03.0829 6320 fdPHost - ok
15:21:03.0832 6320 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
15:21:03.0833 6320 FDResPub - ok
15:21:03.0837 6320 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:21:03.0837 6320 FileInfo - ok
15:21:03.0841 6320 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:21:03.0842 6320 Filetrace - ok
15:21:03.0844 6320 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:21:03.0845 6320 flpydisk - ok
15:21:03.0849 6320 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:21:03.0851 6320 FltMgr - ok
15:21:03.0859 6320 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
15:21:03.0865 6320 FontCache - ok
15:21:03.0870 6320 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:21:03.0870 6320 FontCache3.0.0.0 - ok
15:21:03.0874 6320 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:21:03.0874 6320 FsDepends - ok
15:21:03.0878 6320 [ B07663A810E861EEBFD0EAC7E82CA62D ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
15:21:03.0879 6320 FsUsbExDisk - ok
15:21:03.0882 6320 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:21:03.0883 6320 Fs_Rec - ok
15:21:03.0887 6320 [ D02E0CBE4AB5FCEEFED21ED52D54A977 ] Futuremark SystemInfo Service C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
15:21:03.0888 6320 Futuremark SystemInfo Service - ok
15:21:03.0893 6320 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:21:03.0894 6320 fvevol - ok
15:21:03.0898 6320 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:21:03.0899 6320 gagp30kx - ok
15:21:03.0905 6320 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
15:21:03.0910 6320 gpsvc - ok
15:21:03.0914 6320 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:21:03.0914 6320 hcw85cir - ok
15:21:03.0918 6320 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:21:03.0919 6320 HDAudBus - ok
15:21:03.0922 6320 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:21:03.0923 6320 HidBatt - ok
15:21:03.0926 6320 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:21:03.0927 6320 HidBth - ok
15:21:03.0930 6320 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:21:03.0931 6320 HidIr - ok
15:21:03.0935 6320 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
15:21:03.0936 6320 hidserv - ok
15:21:03.0939 6320 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:21:03.0939 6320 HidUsb - ok
15:21:03.0943 6320 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:21:03.0945 6320 hkmsvc - ok
15:21:03.0949 6320 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:21:03.0951 6320 HomeGroupListener - ok
15:21:03.0956 6320 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:21:03.0958 6320 HomeGroupProvider - ok
15:21:03.0962 6320 [ 93DBE69BB4160C7D57DD1E739166E7F4 ] hotcore3 C:\Windows\system32\DRIVERS\hotcore3.sys
15:21:03.0963 6320 hotcore3 - ok
15:21:03.0966 6320 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:21:03.0967 6320 HpSAMD - ok
15:21:03.0970 6320 [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
15:21:03.0971 6320 HTCAND32 - ok
15:21:03.0977 6320 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:21:03.0981 6320 HTTP - ok
15:21:03.0984 6320 [ AC1E9496BA0AC3B27B45F2228ED51B2C ] HWiNFO32 C:\Program Files\HWiNFO32\HWiNFO32.SYS
15:21:03.0985 6320 HWiNFO32 - ok
15:21:03.0988 6320 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:21:03.0989 6320 hwpolicy - ok
15:21:03.0992 6320 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:21:03.0993 6320 i8042prt - ok
15:21:03.0998 6320 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:21:04.0000 6320 iaStorV - ok
15:21:04.0009 6320 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:21:04.0015 6320 idsvc - ok
15:21:04.0018 6320 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:21:04.0019 6320 iirsp - ok
15:21:04.0026 6320 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
15:21:04.0032 6320 IKEEXT - ok
15:21:04.0057 6320 [ F2C17D2C3D70C389193D9954E375E5E3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:21:04.0077 6320 IntcAzAudAddService - ok
15:21:04.0081 6320 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
15:21:04.0082 6320 intelide - ok
15:21:04.0085 6320 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
15:21:04.0086 6320 intelppm - ok
15:21:04.0089 6320 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:21:04.0091 6320 IPBusEnum - ok
15:21:04.0094 6320 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:21:04.0095 6320 IpFilterDriver - ok
15:21:04.0101 6320 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:21:04.0105 6320 iphlpsvc - ok
15:21:04.0108 6320 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:21:04.0109 6320 IPMIDRV - ok
15:21:04.0113 6320 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:21:04.0114 6320 IPNAT - ok
15:21:04.0117 6320 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:21:04.0117 6320 IRENUM - ok
15:21:04.0121 6320 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:21:04.0122 6320 isapnp - ok
15:21:04.0127 6320 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:21:04.0129 6320 iScsiPrt - ok
15:21:04.0133 6320 [ 2F03CEB28307983F3B36216D35FFA5AA ] ISODrive C:\Program Files\UltraISO\drivers\ISODrive.sys
15:21:04.0133 6320 ISODrive - ok
15:21:04.0136 6320 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:21:04.0137 6320 kbdclass - ok
15:21:04.0140 6320 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:21:04.0141 6320 kbdhid - ok
15:21:04.0144 6320 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
15:21:04.0145 6320 KeyIso - ok
15:21:04.0149 6320 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
15:21:04.0150 6320 kl1 - ok
15:21:04.0158 6320 [ 654BDF113971B6DFAEA21D5554EBF5F6 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
15:21:04.0161 6320 KLIF - ok
15:21:04.0164 6320 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
15:21:04.0165 6320 KLIM6 - ok
15:21:04.0168 6320 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
15:21:04.0169 6320 klkbdflt - ok
15:21:04.0172 6320 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
15:21:04.0172 6320 klmouflt - ok
15:21:04.0176 6320 [ B20DB17BC4E54B78EAB16D15B058E75B ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
15:21:04.0176 6320 kltdi - ok
15:21:04.0180 6320 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
15:21:04.0181 6320 kneps - ok
15:21:04.0225 6320 [ 7838357FAE49A61BB24FBC3E11133D12 ] KooRaRooMediaServer C:\Program Files\KooRaRoo Media\KooRaRooMediaServer.exe
15:21:04.0253 6320 KooRaRooMediaServer - ok
15:21:04.0259 6320 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:21:04.0260 6320 KSecDD - ok
15:21:04.0263 6320 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:21:04.0265 6320 KSecPkg - ok
15:21:04.0270 6320 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
15:21:04.0273 6320 KtmRm - ok
15:21:04.0277 6320 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
15:21:04.0281 6320 LanmanServer - ok
15:21:04.0284 6320 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:21:04.0287 6320 LanmanWorkstation - ok
15:21:04.0292 6320 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:21:04.0294 6320 LBTServ - ok
15:21:04.0299 6320 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:21:04.0300 6320 LHidFilt - ok
15:21:04.0303 6320 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:21:04.0304 6320 lltdio - ok
15:21:04.0308 6320 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:21:04.0311 6320 lltdsvc - ok
15:21:04.0314 6320 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
15:21:04.0315 6320 lmhosts - ok
15:21:04.0318 6320 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:21:04.0319 6320 LMouFilt - ok
15:21:04.0324 6320 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:21:04.0325 6320 LSI_FC - ok
15:21:04.0328 6320 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:21:04.0329 6320 LSI_SAS - ok
15:21:04.0332 6320 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:21:04.0333 6320 LSI_SAS2 - ok
15:21:04.0337 6320 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:21:04.0338 6320 LSI_SCSI - ok
15:21:04.0341 6320 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
15:21:04.0342 6320 luafv - ok
15:21:04.0345 6320 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:21:04.0345 6320 MBAMProtector - ok
15:21:04.0351 6320 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:21:04.0353 6320 MBAMScheduler - ok
15:21:04.0360 6320 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:21:04.0364 6320 MBAMService - ok
15:21:04.0368 6320 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
15:21:04.0369 6320 megasas - ok
15:21:04.0373 6320 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:21:04.0375 6320 MegaSR - ok
15:21:04.0379 6320 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
15:21:04.0380 6320 MMCSS - ok
15:21:04.0383 6320 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
15:21:04.0384 6320 Modem - ok
15:21:04.0387 6320 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:21:04.0388 6320 monitor - ok
15:21:04.0391 6320 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:21:04.0392 6320 mouclass - ok
15:21:04.0395 6320 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:21:04.0395 6320 mouhid - ok
15:21:04.0399 6320 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:21:04.0400 6320 mountmgr - ok
15:21:04.0403 6320 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
15:21:04.0405 6320 mpio - ok
15:21:04.0408 6320 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:21:04.0408 6320 mpsdrv - ok
15:21:04.0415 6320 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:21:04.0420 6320 MpsSvc - ok
15:21:04.0424 6320 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:21:04.0426 6320 MRxDAV - ok
15:21:04.0429 6320 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:21:04.0431 6320 mrxsmb - ok
15:21:04.0435 6320 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:21:04.0437 6320 mrxsmb10 - ok
15:21:04.0440 6320 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:21:04.0441 6320 mrxsmb20 - ok
15:21:04.0444 6320 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
15:21:04.0445 6320 msahci - ok
15:21:04.0449 6320 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:21:04.0450 6320 msdsm - ok
15:21:04.0453 6320 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
15:21:04.0456 6320 MSDTC - ok
15:21:04.0462 6320 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:21:04.0462 6320 Msfs - ok
15:21:04.0465 6320 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:21:04.0466 6320 mshidkmdf - ok
15:21:04.0469 6320 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:21:04.0469 6320 msisadrv - ok
15:21:04.0473 6320 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:21:04.0475 6320 MSiSCSI - ok
15:21:04.0478 6320 msiserver - ok
15:21:04.0482 6320 [ 3846C05A66A3F5CD1D33E1A323C1762C ] MSI_MSIBIOS_010507 C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
15:21:04.0483 6320 MSI_MSIBIOS_010507 - ok
15:21:04.0486 6320 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:21:04.0486 6320 MSKSSRV - ok
15:21:04.0490 6320 [ ADE6270C1003923E92A9BBBA272133A9 ] msloop C:\Windows\system32\DRIVERS\loop.sys
15:21:04.0490 6320 msloop - ok
15:21:04.0493 6320 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:21:04.0494 6320 MSPCLOCK - ok
15:21:04.0497 6320 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:21:04.0498 6320 MSPQM - ok
15:21:04.0502 6320 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:21:04.0503 6320 MsRPC - ok
15:21:04.0508 6320 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:21:04.0509 6320 mssmbios - ok
15:21:04.0512 6320 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:21:04.0512 6320 MSTEE - ok
15:21:04.0515 6320 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:21:04.0516 6320 MTConfig - ok
15:21:04.0520 6320 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
15:21:04.0520 6320 Mup - ok
15:21:04.0525 6320 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
15:21:04.0529 6320 napagent - ok
15:21:04.0534 6320 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:21:04.0536 6320 NativeWifiP - ok
15:21:04.0542 6320 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
15:21:04.0545 6320 NAUpdate - ok
15:21:04.0553 6320 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:21:04.0558 6320 NDIS - ok
15:21:04.0561 6320 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:21:04.0562 6320 NdisCap - ok
15:21:04.0565 6320 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:21:04.0566 6320 NdisTapi - ok
15:21:04.0569 6320 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:21:04.0569 6320 Ndisuio - ok
15:21:04.0573 6320 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:21:04.0574 6320 NdisWan - ok
15:21:04.0577 6320 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:21:04.0578 6320 NDProxy - ok
15:21:04.0582 6320 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:21:04.0582 6320 NetBIOS - ok
15:21:04.0586 6320 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:21:04.0588 6320 NetBT - ok
15:21:04.0591 6320 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
15:21:04.0592 6320 Netlogon - ok
15:21:04.0597 6320 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
15:21:04.0600 6320 Netman - ok
15:21:04.0604 6320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:21:04.0605 6320 NetMsmqActivator - ok
15:21:04.0608 6320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:21:04.0609 6320 NetPipeActivator - ok
15:21:04.0614 6320 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
15:21:04.0617 6320 netprofm - ok
15:21:04.0621 6320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:21:04.0622 6320 NetTcpActivator - ok
15:21:04.0624 6320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:21:04.0625 6320 NetTcpPortSharing - ok
15:21:04.0629 6320 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:21:04.0630 6320 nfrd960 - ok
15:21:04.0634 6320 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:21:04.0637 6320 NlaSvc - ok
15:21:04.0640 6320 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\Windows\system32\drivers\NPF.sys
15:21:04.0641 6320 NPF - ok
15:21:04.0644 6320 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:21:04.0645 6320 Npfs - ok
15:21:04.0648 6320 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
15:21:04.0650 6320 nsi - ok
15:21:04.0653 6320 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:21:04.0654 6320 nsiproxy - ok
15:21:04.0666 6320 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:21:04.0675 6320 Ntfs - ok
15:21:04.0678 6320 [ CD2166C9511D336A058CDE91778AAA69 ] NTIOLib_1_0_4 C:\Program Files\MSI\Live Update 5\NTIOLib.sys
15:21:04.0679 6320 NTIOLib_1_0_4 - ok
15:21:04.0682 6320 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
15:21:04.0683 6320 Null - ok
15:21:04.0686 6320 [ BAD636EE7FF5BF539854BBA33868EFC2 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
15:21:04.0687 6320 nusb3hub - ok
15:21:04.0691 6320 [ DFAFDC3051E04FFAFDDC4872394C1FC8 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:21:04.0692 6320 nusb3xhc - ok
15:21:04.0696 6320 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:21:04.0697 6320 nvraid - ok
15:21:04.0701 6320 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:21:04.0702 6320 nvstor - ok
15:21:04.0706 6320 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:21:04.0707 6320 nv_agp - ok
15:21:04.0710 6320 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:21:04.0711 6320 ohci1394 - ok
15:21:04.0716 6320 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:21:04.0719 6320 p2pimsvc - ok
15:21:04.0724 6320 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
15:21:04.0728 6320 p2psvc - ok
15:21:04.0732 6320 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
15:21:04.0732 6320 Parport - ok
15:21:04.0736 6320 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:21:04.0737 6320 partmgr - ok
15:21:04.0740 6320 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:21:04.0740 6320 Parvdm - ok
15:21:04.0744 6320 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:21:04.0747 6320 PcaSvc - ok
15:21:04.0751 6320 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
15:21:04.0752 6320 pci - ok
15:21:04.0755 6320 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
15:21:04.0755 6320 pciide - ok
15:21:04.0760 6320 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:21:04.0761 6320 pcmcia - ok
15:21:04.0764 6320 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
15:21:04.0765 6320 pcw - ok
15:21:04.0771 6320 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:21:04.0775 6320 PEAUTH - ok
15:21:04.0785 6320 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:21:04.0792 6320 PeerDistSvc - ok
15:21:04.0812 6320 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
15:21:04.0823 6320 pla - ok
15:21:04.0828 6320 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:21:04.0832 6320 PlugPlay - ok
15:21:04.0835 6320 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:21:04.0837 6320 PNRPAutoReg - ok
15:21:04.0841 6320 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:21:04.0844 6320 PNRPsvc - ok
15:21:04.0849 6320 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:21:04.0852 6320 PolicyAgent - ok
15:21:04.0858 6320 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
15:21:04.0861 6320 Power - ok
15:21:04.0864 6320 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:21:04.0865 6320 PptpMiniport - ok
15:21:04.0868 6320 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
15:21:04.0869 6320 Processor - ok
15:21:04.0873 6320 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
15:21:04.0876 6320 ProfSvc - ok
15:21:04.0879 6320 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:21:04.0881 6320 ProtectedStorage - ok
15:21:04.0884 6320 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:21:04.0885 6320 Psched - ok
15:21:04.0889 6320 [ 9D978F305703ECDF78A27FA1714DE02B ] PSMounter C:\Windows\system32\drivers\psmounter.sys
15:21:04.0889 6320 PSMounter - ok
15:21:04.0892 6320 [ DE21D688823F129B76954BA649195071 ] pssnap C:\Windows\system32\DRIVERS\pssnap.sys
15:21:04.0893 6320 pssnap - ok
15:21:04.0896 6320 [ 3559B247EB77661209012587CC53CFE2 ] PSVolAcc C:\Windows\system32\drivers\PSVolAcc.sys
15:21:04.0897 6320 PSVolAcc - ok
15:21:04.0900 6320 [ 81AC2B3FA0E3B4D7FA03D7463ABE2094 ] pwdrvio C:\Windows\system32\pwdrvio.sys
15:21:04.0902 6320 pwdrvio - ok
15:21:04.0905 6320 [ 2D88214F6B54567EAB0A6C42915AA600 ] pwdspio C:\Windows\system32\pwdspio.sys
15:21:04.0906 6320 pwdspio - ok
15:21:04.0918 6320 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:21:04.0927 6320 ql2300 - ok
15:21:04.0931 6320 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:21:04.0932 6320 ql40xx - ok
15:21:04.0936 6320 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
15:21:04.0939 6320 QWAVE - ok
15:21:04.0942 6320 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:21:04.0943 6320 QWAVEdrv - ok
15:21:04.0946 6320 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:21:04.0946 6320 RasAcd - ok
15:21:04.0950 6320 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:21:04.0951 6320 RasAgileVpn - ok
15:21:04.0955 6320 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
15:21:04.0957 6320 RasAuto - ok
15:21:04.0960 6320 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:21:04.0961 6320 Rasl2tp - ok
15:21:04.0966 6320 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
15:21:04.0970 6320 RasMan - ok
15:21:04.0973 6320 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:21:04.0974 6320 RasPppoe - ok
15:21:04.0978 6320 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:21:04.0979 6320 RasSstp - ok
15:21:04.0983 6320 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:21:04.0985 6320 rdbss - ok
15:21:04.0988 6320 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:21:04.0989 6320 rdpbus - ok
15:21:04.0992 6320 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:21:04.0992 6320 RDPCDD - ok
15:21:04.0998 6320 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:21:05.0000 6320 RDPDR - ok
15:21:05.0003 6320 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:21:05.0003 6320 RDPENCDD - ok
15:21:05.0008 6320 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:21:05.0008 6320 RDPREFMP - ok
15:21:05.0014 6320 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:21:05.0015 6320 RdpVideoMiniport - ok
15:21:05.0019 6320 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:21:05.0020 6320 RDPWD - ok
15:21:05.0025 6320 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:21:05.0026 6320 rdyboost - ok
15:21:05.0031 6320 [ 52C49235DF29F9C57DC577CBCA27E36E ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe
15:21:05.0033 6320 ReflectService.exe - ok
15:21:05.0036 6320 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
15:21:05.0038 6320 RemoteAccess - ok
15:21:05.0042 6320 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:21:05.0044 6320 RemoteRegistry - ok
15:21:05.0048 6320 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
15:21:05.0048 6320 Revoflt - ok
15:21:05.0052 6320 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:21:05.0054 6320 RpcEptMapper - ok
15:21:05.0057 6320 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
15:21:05.0058 6320 RpcLocator - ok
15:21:05.0063 6320 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
15:21:05.0066 6320 RpcSs - ok
15:21:05.0070 6320 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:21:05.0070 6320 rspndr - ok
15:21:05.0075 6320 [ F1ED9FFA59C369E72BC53A7631346F61 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
15:21:05.0076 6320 RSUSBSTOR - ok
15:21:05.0080 6320 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
15:21:05.0081 6320 RTL8167 - ok
15:21:05.0085 6320 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:21:05.0085 6320 s3cap - ok
15:21:05.0088 6320 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
15:21:05.0090 6320 SamSs - ok
15:21:05.0093 6320 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:21:05.0094 6320 sbp2port - ok
15:21:05.0098 6320 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:21:05.0101 6320 SCardSvr - ok
15:21:05.0104 6320 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:21:05.0104 6320 scfilter - ok
15:21:05.0112 6320 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
15:21:05.0119 6320 Schedule - ok
15:21:05.0123 6320 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:21:05.0123 6320 SCPolicySvc - ok
15:21:05.0127 6320 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:21:05.0130 6320 SDRSVC - ok
15:21:05.0133 6320 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:21:05.0134 6320 secdrv - ok
15:21:05.0137 6320 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
15:21:05.0139 6320 seclogon - ok
15:21:05.0142 6320 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
15:21:05.0145 6320 SENS - ok
15:21:05.0148 6320 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:21:05.0150 6320 SensrSvc - ok
15:21:05.0153 6320 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:21:05.0153 6320 Serenum - ok
15:21:05.0157 6320 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:21:05.0158 6320 Serial - ok
15:21:05.0161 6320 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:21:05.0161 6320 sermouse - ok
15:21:05.0170 6320 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
15:21:05.0173 6320 SessionEnv - ok
15:21:05.0176 6320 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:21:05.0176 6320 sffdisk - ok
15:21:05.0180 6320 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:21:05.0180 6320 sffp_mmc - ok
15:21:05.0183 6320 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:21:05.0184 6320 sffp_sd - ok
15:21:05.0187 6320 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:21:05.0188 6320 sfloppy - ok
15:21:05.0193 6320 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:21:05.0196 6320 SharedAccess - ok
15:21:05.0201 6320 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:21:05.0205 6320 ShellHWDetection - ok
15:21:05.0208 6320 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:21:05.0209 6320 sisagp - ok
15:21:05.0212 6320 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:21:05.0213 6320 SiSRaid2 - ok
15:21:05.0217 6320 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:21:05.0218 6320 SiSRaid4 - ok
15:21:05.0221 6320 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:21:05.0222 6320 Smb - ok
15:21:05.0228 6320 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:21:05.0230 6320 SNMPTRAP - ok
15:21:05.0233 6320 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
15:21:05.0234 6320 spldr - ok
15:21:05.0239 6320 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
15:21:05.0243 6320 Spooler - ok
15:21:05.0266 6320 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
15:21:05.0287 6320 sppsvc - ok
15:21:05.0292 6320 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:21:05.0294 6320 sppuinotify - ok
15:21:05.0300 6320 [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd C:\Windows\System32\Drivers\sptd.sys
15:21:05.0303 6320 sptd - ok
15:21:05.0308 6320 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:21:05.0311 6320 srv - ok
15:21:05.0316 6320 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:21:05.0318 6320 srv2 - ok
15:21:05.0322 6320 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:21:05.0323 6320 srvnet - ok
15:21:05.0327 6320 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:21:05.0330 6320 SSDPSRV - ok
15:21:05.0333 6320 [ 4826A1BB55F034B8F0CD8398E389689B ] SshSharedFolderService2 C:\Program Files\SshSharedFoldersSetup\SshSharedFolderService2.exe
15:21:05.0334 6320 SshSharedFolderService2 - ok
15:21:05.0338 6320 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:21:05.0340 6320 SstpSvc - ok
15:21:05.0344 6320 [ FB54E407A112D237B4B8ECABB756319A ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
15:21:05.0345 6320 ssudmdm - ok
15:21:05.0348 6320 Steam Client Service - ok
15:21:05.0352 6320 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:21:05.0353 6320 stexstor - ok
15:21:05.0359 6320 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
15:21:05.0363 6320 StiSvc - ok
15:21:05.0367 6320 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:21:05.0368 6320 storflt - ok
15:21:05.0371 6320 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:21:05.0371 6320 storvsc - ok
15:21:05.0374 6320 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:21:05.0375 6320 swenum - ok
15:21:05.0382 6320 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:21:05.0386 6320 SwitchBoard - ok
15:21:05.0391 6320 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
15:21:05.0395 6320 swprv - ok
15:21:05.0399 6320 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
15:21:05.0400 6320 Synth3dVsc - ok
15:21:05.0410 6320 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
15:21:05.0419 6320 SysMain - ok
15:21:05.0423 6320 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:21:05.0425 6320 TabletInputService - ok
15:21:05.0430 6320 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
15:21:05.0433 6320 TapiSrv - ok
15:21:05.0437 6320 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
15:21:05.0440 6320 TBS - ok
15:21:05.0451 6320 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:21:05.0459 6320 Tcpip - ok
15:21:05.0470 6320 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:21:05.0476 6320 TCPIP6 - ok
15:21:05.0481 6320 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:21:05.0482 6320 tcpipreg - ok
15:21:05.0487 6320 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:21:05.0488 6320 TDPIPE - ok
15:21:05.0491 6320 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:21:05.0491 6320 TDTCP - ok
15:21:05.0495 6320 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:21:05.0496 6320 tdx - ok
15:21:05.0515 6320 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
15:21:05.0533 6320 TeamViewer7 - ok
15:21:05.0537 6320 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:21:05.0538 6320 TermDD - ok
15:21:05.0542 6320 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys
15:21:05.0542 6320 terminpt - ok
15:21:05.0549 6320 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
15:21:05.0554 6320 TermService - ok
15:21:05.0557 6320 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
15:21:05.0560 6320 Themes - ok
15:21:05.0563 6320 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
15:21:05.0564 6320 THREADORDER - ok
15:21:05.0568 6320 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
15:21:05.0571 6320 TrkWks - ok
15:21:05.0575 6320 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:21:05.0576 6320 TrustedInstaller - ok
15:21:05.0581 6320 [ B3350E310FA52CA72155A428AED5670F ] TSKNFA00.SYS C:\Windows\system32\Drivers\TSKNFA00.SYS
15:21:05.0581 6320 TSKNFA00.SYS - ok
15:21:05.0585 6320 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:21:05.0585 6320 tssecsrv - ok
15:21:05.0588 6320 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:21:05.0589 6320 TsUsbFlt - ok
15:21:05.0592 6320 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:21:05.0593 6320 TsUsbGD - ok
15:21:05.0597 6320 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
15:21:05.0598 6320 tsusbhub - ok
15:21:05.0602 6320 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:21:05.0603 6320 tunnel - ok
15:21:05.0606 6320 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:21:05.0607 6320 uagp35 - ok
15:21:05.0611 6320 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:21:05.0613 6320 udfs - ok
15:21:05.0620 6320 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:21:05.0622 6320 UI0Detect - ok
15:21:05.0625 6320 [ D596E6D2793C5B12D6B4180AEF802E7B ] UimBus C:\Windows\system32\DRIVERS\UimBus.sys
15:21:05.0626 6320 UimBus - ok
15:21:05.0632 6320 [ 6B0339DAC02B529CB9FC6C012F78A105 ] Uim_IM C:\Windows\system32\Drivers\Uim_IM.sys
15:21:05.0635 6320 Uim_IM - ok
15:21:05.0640 6320 [ 01679E434C97D78655DC69864FEA06AD ] Uim_Vim C:\Windows\system32\Drivers\Uim_Vim.sys
15:21:05.0642 6320 Uim_Vim - ok
15:21:05.0645 6320 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:21:05.0646 6320 uliagpkx - ok
15:21:05.0650 6320 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:21:05.0650 6320 umbus - ok
15:21:05.0653 6320 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
15:21:05.0654 6320 UmPass - ok
15:21:05.0658 6320 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
15:21:05.0661 6320 UmRdpService - ok
15:21:05.0664 6320 [ 3D571A3CBF127E9555EAD2F8598F425F ] UnsignedThemes C:\Windows\UnsignedThemesSvc.exe
15:21:05.0664 6320 UnsignedThemes - ok
15:21:05.0669 6320 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
15:21:05.0673 6320 upnphost - ok
15:21:05.0677 6320 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:21:05.0678 6320 usbccgp - ok
15:21:05.0681 6320 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:21:05.0682 6320 usbcir - ok
15:21:05.0685 6320 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:21:05.0686 6320 usbehci - ok
15:21:05.0689 6320 [ 56E89C8E05A987A49FFA595428FB9767 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
15:21:05.0690 6320 usbfilter - ok
15:21:05.0695 6320 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:21:05.0697 6320 usbhub - ok
15:21:05.0700 6320 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:21:05.0700 6320 usbohci - ok
15:21:05.0704 6320 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:21:05.0704 6320 usbprint - ok
15:21:05.0708 6320 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:21:05.0709 6320 USBSTOR - ok
15:21:05.0711 6320 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:21:05.0712 6320 usbuhci - ok
15:21:05.0715 6320 [ 628C632710AB55747CB5BCC68716BE21 ] uxpatch C:\Windows\system32\drivers\uxpatch.sys
15:21:05.0716 6320 uxpatch - ok
15:21:05.0719 6320 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
15:21:05.0721 6320 UxSms - ok
15:21:05.0724 6320 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
15:21:05.0726 6320 VaultSvc - ok
15:21:05.0728 6320 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:21:05.0729 6320 vdrvroot - ok
15:21:05.0735 6320 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
15:21:05.0740 6320 vds - ok
15:21:05.0743 6320 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:21:05.0744 6320 vga - ok
15:21:05.0747 6320 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:21:05.0748 6320 VgaSave - ok
15:21:05.0750 6320 VGPU - ok
15:21:05.0755 6320 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:21:05.0757 6320 vhdmp - ok
15:21:05.0760 6320 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:21:05.0761 6320 viaagp - ok
15:21:05.0764 6320 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:21:05.0765 6320 ViaC7 - ok
15:21:05.0768 6320 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
15:21:05.0769 6320 viaide - ok
15:21:05.0773 6320 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:21:05.0774 6320 vmbus - ok
15:21:05.0778 6320 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:21:05.0779 6320 VMBusHID - ok
15:21:05.0782 6320 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:21:05.0783 6320 volmgr - ok
15:21:05.0787 6320 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:21:05.0790 6320 volmgrx - ok
15:21:05.0794 6320 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:21:05.0796 6320 volsnap - ok
15:21:05.0801 6320 [ B26536ADD1D748CDA104D856C979AE79 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
15:21:05.0802 6320 vpcbus - ok
15:21:05.0806 6320 [ A0F7E923A6261760130F22B85DF9040E ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:21:05.0807 6320 vpcnfltr - ok
15:21:05.0810 6320 [ 5F4B55E91CE7E2523C9E1E0ECE858869 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
15:21:05.0811 6320 vpcusb - ok
15:21:05.0816 6320 [ B487191FE18D6863381A1AC55482469A ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
15:21:05.0818 6320 vpcvmm - ok
15:21:05.0822 6320 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:21:05.0823 6320 vsmraid - ok
15:21:05.0833 6320 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
15:21:05.0841 6320 VSS - ok
15:21:05.0845 6320 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:21:05.0845 6320 vwifibus - ok
15:21:05.0850 6320 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
15:21:05.0854 6320 W32Time - ok
15:21:05.0859 6320 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:21:05.0860 6320 WacomPen - ok
15:21:05.0863 6320 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:21:05.0864 6320 WANARP - ok
15:21:05.0867 6320 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:21:05.0867 6320 Wanarpv6 - ok
15:21:05.0879 6320 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:21:05.0888 6320 WatAdminSvc - ok
15:21:05.0899 6320 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
15:21:05.0909 6320 wbengine - ok
15:21:05.0913 6320 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:21:05.0917 6320 WbioSrvc - ok
15:21:05.0921 6320 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:21:05.0925 6320 wcncsvc - ok
15:21:05.0929 6320 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:21:05.0931 6320 WcsPlugInService - ok
15:21:05.0934 6320 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
15:21:05.0935 6320 Wd - ok
15:21:05.0941 6320 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:21:05.0944 6320 Wdf01000 - ok
15:21:05.0947 6320 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:21:05.0950 6320 WdiServiceHost - ok
15:21:05.0952 6320 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:21:05.0955 6320 WdiSystemHost - ok
15:21:05.0959 6320 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
15:21:05.0962 6320 WebClient - ok
15:21:05.0966 6320 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:21:05.0969 6320 Wecsvc - ok
15:21:05.0973 6320 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:21:05.0975 6320 wercplsupport - ok
15:21:05.0979 6320 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
15:21:05.0981 6320 WerSvc - ok
15:21:05.0984 6320 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:21:05.0985 6320 WfpLwf - ok
15:21:05.0988 6320 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:21:05.0988 6320 WIMMount - ok
15:21:05.0996 6320 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:21:06.0000 6320 WinDefend - ok
15:21:06.0005 6320 WinHttpAutoProxySvc - ok
15:21:06.0013 6320 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:21:06.0014 6320 Winmgmt - ok
15:21:06.0025 6320 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
15:21:06.0035 6320 WinRM - ok
15:21:06.0041 6320 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:21:06.0042 6320 WinUsb - ok
15:21:06.0051 6320 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:21:06.0058 6320 Wlansvc - ok
15:21:06.0062 6320 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:21:06.0063 6320 wlcrasvc - ok
15:21:06.0077 6320 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:21:06.0088 6320 wlidsvc - ok
15:21:06.0092 6320 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:21:06.0093 6320 WmiAcpi - ok
15:21:06.0098 6320 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:21:06.0099 6320 wmiApSrv - ok
15:21:06.0109 6320 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:21:06.0116 6320 WMPNetworkSvc - ok
15:21:06.0120 6320 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:21:06.0123 6320 WPCSvc - ok
15:21:06.0126 6320 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:21:06.0129 6320 WPDBusEnum - ok
15:21:06.0132 6320 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:21:06.0132 6320 ws2ifsl - ok
15:21:06.0136 6320 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
15:21:06.0139 6320 wscsvc - ok
15:21:06.0142 6320 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
15:21:06.0142 6320 WSDPrintDevice - ok
15:21:06.0145 6320 [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
15:21:06.0146 6320 WSDScan - ok
15:21:06.0149 6320 WSearch - ok
15:21:06.0166 6320 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:21:06.0180 6320 wuauserv - ok
15:21:06.0184 6320 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:21:06.0186 6320 WudfPf - ok
15:21:06.0189 6320 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:21:06.0191 6320 WUDFRd - ok
15:21:06.0194 6320 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:21:06.0197 6320 wudfsvc - ok
15:21:06.0201 6320 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:21:06.0205 6320 WwanSvc - ok
15:21:06.0208 6320 ================ Scan global ===============================
15:21:06.0211 6320 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:21:06.0214 6320 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
15:21:06.0220 6320 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
15:21:06.0225 6320 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:21:06.0230 6320 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:21:06.0233 6320 [Global] - ok
15:21:06.0234 6320 ================ Scan MBR ==================================
15:21:06.0236 6320 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:21:06.0326 6320 \Device\Harddisk0\DR0 - ok
15:21:06.0345 6320 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:21:06.0417 6320 \Device\Harddisk1\DR1 - ok
15:21:06.0442 6320 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
15:21:06.0536 6320 \Device\Harddisk2\DR2 - ok
15:21:06.0544 6320 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
15:21:06.0634 6320 \Device\Harddisk3\DR3 - ok
15:21:06.0642 6320 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk4\DR4
15:21:06.0923 6320 \Device\Harddisk4\DR4 - ok
15:21:06.0923 6320 ================ Scan VBR ==================================
15:21:06.0926 6320 [ 2BCED31DEEB76054B07B428AC2F954B1 ] \Device\Harddisk0\DR0\Partition1
15:21:06.0927 6320 \Device\Harddisk0\DR0\Partition1 - ok
15:21:06.0929 6320 [ B9636F9D2C17D459370D366ABB7E6C37 ] \Device\Harddisk1\DR1\Partition1
15:21:06.0930 6320 \Device\Harddisk1\DR1\Partition1 - ok
15:21:06.0956 6320 [ E3F21A9911D4298032756C03D61663CA ] \Device\Harddisk2\DR2\Partition1
15:21:06.0958 6320 \Device\Harddisk2\DR2\Partition1 - ok
15:21:06.0960 6320 [ 44848A39F011C4BFED71530DD48AB086 ] \Device\Harddisk3\DR3\Partition1
15:21:06.0961 6320 \Device\Harddisk3\DR3\Partition1 - ok
15:21:06.0964 6320 [ B4E4B2B850C5BA4DA916A03861997890 ] \Device\Harddisk4\DR4\Partition1
15:21:06.0965 6320 \Device\Harddisk4\DR4\Partition1 - ok
15:21:06.0965 6320 ============================================================
15:21:06.0965 6320 Scan finished
15:21:06.0965 6320 ============================================================
15:21:06.0972 8688 Detected object count: 0
15:21:06.0972 8688 Actual detected object count: 0

#4 molitar

molitar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 04 November 2012 - 03:48 PM

aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-04 15:27:29
-----------------------------
15:27:29.449 OS Version: Windows 6.1.7600 Service Pack 1
15:27:29.449 Number of processors: 4 586 0x402
15:27:29.450 ComputerName: ALLEGIANCE UserName: malaac
15:27:29.642 Initialize success
15:29:43.843 AVAST engine defs: 12110400
15:37:16.252 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000067
15:37:16.255 Disk 0 Vendor: WDC_WD20 51.0 Size: 1907729MB BusType: 11
15:37:16.258 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000068
15:37:16.261 Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11
15:37:16.264 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006a
15:37:16.268 Disk 2 Vendor: ST315003 CC1H Size: 1430799MB BusType: 11
15:37:16.272 Disk 3 \Device\Harddisk3\DR3 -> \Device\0000006b
15:37:16.277 Disk 3 Vendor: WDC_WD20 51.0 Size: 1907729MB BusType: 11
15:37:16.280 Disk 4 (boot) \Device\Harddisk4\DR4 -> \Device\0000006c
15:37:16.283 Disk 4 Vendor: KINGSTON 501A Size: 114473MB BusType: 11
15:37:16.288 Disk 4 MBR read successfully
15:37:16.292 Disk 4 MBR scan
15:37:16.297 Disk 4 Windows 7 default MBR code
15:37:16.301 Disk 4 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114471 MB offset 2048
15:37:16.309 Disk 4 scanning sectors +234438656
15:37:16.317 Disk 4 scanning C:\Windows\system32\drivers
15:37:19.170 Service scanning
15:37:26.346 Modules scanning
15:37:28.476 Disk 4 trace - called modules:
15:37:28.483 ntkrlICE.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x889da1e8]<<
15:37:28.490 1 nt!IofCallDriver -> \Device\Harddisk4\DR4[0x89099ac8]
15:37:28.495 3 CLASSPNP.SYS[913bd59e] -> nt!IofCallDriver -> [0x89059c08]
15:37:28.501 \Driver\amd_xata[0x88a29540] -> IRP_MJ_CREATE -> 0x889da1e8
15:37:28.701 AVAST engine scan C:\Windows
15:37:29.444 AVAST engine scan C:\Windows\system32
15:38:27.943 AVAST engine scan C:\Windows\system32\drivers
15:38:32.079 AVAST engine scan C:\Users\malaac
15:39:13.690 AVAST engine scan C:\ProgramData
15:39:44.057 Scan finished successfully
15:47:58.106 Disk 4 MBR has been saved successfully to "C:\MBR.dat"
15:47:58.111 The log file has been saved successfully to "C:\aswMBR.txt"

#5 molitar

molitar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 04 November 2012 - 06:16 PM

eSET report which found where that Mozilla Safe Browsing was hiding.

C:\Program Files\MSIHQ USB Bootable Tool and BIOS Helper\USBMSIHQ.exe probably a variant of Win32/Agent.LZHTOYU trojan cleaned by deleting - quarantined
C:\Users\malaac\AppData\Local\{39D6B3A6-F2CF-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined

That is the report from eSET. I deleted the entire C:\Users\malaac\AppData\Local\{39D6B3A6-F2CF-11E1-8270-B8AC6F996F26} folder as there was still the install.rdf files in it.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 PM

Posted 04 November 2012 - 06:31 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#7 molitar

molitar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 04 November 2012 - 08:52 PM

Mini Toolbox Report:

MiniToolBox by Farbar Version: 23-07-2012
Ran by malaac (administrator) on 04-11-2012 at 20:40:51
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "61.221.217.196 "
"network.proxy.http_port", 3128
"network.proxy.network.proxy.socks_remote_dns", 1
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.1.1 publish=Yes
set interface interface="loopback_0" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Loopback Pseudo-Interface 1" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="Local Area Connection" address=192.168.1.3 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Allegiance
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 6C-62-6D-71-51-E6
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1868:a70a:7034:3ce1%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 191652461
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-28-1E-07-6C-62-6D-71-51-E6
DNS Servers . . . . . . . . . . . : 192.168.1.1
4.2.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:205f:111e:b7a4:3bab(Preferred)
Link-local IPv6 Address . . . . . : fe80::205f:111e:b7a4:3bab%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{4ED4E541-EE13-4C10-A463-34BE894D06C3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4008:806::1003
173.194.37.129
173.194.37.142
173.194.37.132
173.194.37.136
173.194.37.135
173.194.37.128
173.194.37.137
173.194.37.133
173.194.37.131
173.194.37.134
173.194.37.130


Pinging google.com [173.194.37.142] with 32 bytes of data:
Reply from 173.194.37.142: bytes=32 time=16ms TTL=55
Reply from 173.194.37.142: bytes=32 time=16ms TTL=55

Ping statistics for 173.194.37.142:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 16ms, Average = 16ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=188ms TTL=56
Reply from 72.30.38.140: bytes=32 time=86ms TTL=56

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 86ms, Maximum = 188ms, Average = 137ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...6c 62 6d 71 51 e6 ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 266
192.168.1.3 255.255.255.255 On-link 192.168.1.3 266
192.168.1.255 255.255.255.255 On-link 192.168.1.3 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:9d38:6ab8:205f:111e:b7a4:3bab/128
On-link
11 266 fe80::/64 On-link
13 306 fe80::/64 On-link
11 266 fe80::1868:a70a:7034:3ce1/128
On-link
13 306 fe80::205f:111e:b7a4:3bab/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/04/2012 07:32:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: search.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: search.exe, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000f8539
Faulting process id: 0x1828
Faulting application start time: 0xsearch.exe0
Faulting application path: search.exe1
Faulting module path: search.exe2
Report Id: search.exe3

Error: (11/04/2012 02:48:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/04/2012 02:47:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "NScCoreComponents,type="win32",version="5.3.2.0"1".Error in manifest or policy file "NScCoreComponents,type="win32",version="5.3.2.0"2" on line NScCoreComponents,type="win32",version="5.3.2.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is NScCoreComponents,type="win32",version="5.3.2.0".
Definition is NScCoreComponents,type="win32",version="5.3.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/04/2012 02:47:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "NFD,type="win32",version="5.2.0.0"1".Error in manifest or policy file "NFD,type="win32",version="5.2.0.0"2" on line NFD,type="win32",version="5.2.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is NFD,type="win32",version="5.2.0.0".
Definition is NFD,type="win32",version="5.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (11/04/2012 01:00:00 PM) (Source: TermService) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
.


Microsoft Office Sessions:
=========================
Error: (11/04/2012 07:32:28 PM) (Source: Application Error)(User: )
Description: search.exe0.0.0.000000000search.exe0.0.0.000000000c0000005000f8539182801cdbaed012c0f1eC:\Program Files\efs\search.exeC:\Program Files\efs\search.exe469dc277-26e0-11e2-bebd-6c626d7151e6

Error: (11/04/2012 02:48:18 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\eventghost\plugins\mceremote_vista\AlternateMceIrService_x64.exe

Error: (11/04/2012 02:47:36 AM) (Source: SideBySide)(User: )
Description: NScCoreComponents,type="win32",version="5.3.2.0"NScCoreComponents,type="win32",version="5.3.0.0"G:\Program Files\Nero WaveEditor\NMDllHost.exe.ManifestG:\Program Files\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST3

Error: (11/04/2012 02:47:36 AM) (Source: SideBySide)(User: )
Description: NFD,type="win32",version="5.2.0.0"NFD,type="win32",version="5.0.0.0"G:\Program Files\Nero SoundTrax\NMDllHost.exe.ManifestG:\Program Files\Nero SoundTrax\NFD\NFD.MANIFEST3


=========================== Installed Programs ============================

3DMark 11 (Version: 1.0.3)
3DMark Vantage (Version: 1.1.0)
3DMark06 (Version: 1.2.0)
3RVX (Version: 2.5)
ACDSee Pro 3 (Version: 3.0.475)
ACDSee Pro 6 (Version: 6.0.169)
Adobe AIR (Version: 3.2.0.2070)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.62)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader 9.5.2 (Version: 9.5.2)
Adobe Shockwave Player 11.6 (Version: 11.6.7.637)
ADRIFT 5.0 (Version: 5.0.22)
Aegisub 2.1.9 (Version: 2.1.9)
AllToAVI v4 r5394 (Version: v4 r5394)
Altap Salamander 2.52 (Version: 2.52)
AMD Accelerated Video Transcoding (Version: 12.5.100.20928)
AMD APP SDK Runtime (Version: 10.0.1016.4)
AMD Catalyst Install Manager (Version: 8.0.891.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0928.1532.26058)
AMD Media Foundation Decoders (Version: 1.0.70928.1538)
AMD VISION Engine Control Center (Version: 2012.0928.1532.26058)
Anti-Twin (Installation 11/3/2012)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Application Mover (Version: 4.3)
Bandizip (Version: 2.0)
BestSync (Version: 7.0.17)
Beyond Compare Version 3.3.4
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-J825DW (Version: 1.0.19.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0928.1532.26058)
Catalyst Control Center InstallProxy (Version: 2012.0928.1532.26058)
Catalyst Control Center Localization All (Version: 2012.0928.1532.26058)
ccc-utility (Version: 2012.0928.1532.26058)
CCC Help Chinese Standard (Version: 2012.0928.1531.26058)
CCC Help Chinese Traditional (Version: 2012.0928.1531.26058)
CCC Help Czech (Version: 2012.0928.1531.26058)
CCC Help Danish (Version: 2012.0928.1531.26058)
CCC Help Dutch (Version: 2012.0928.1531.26058)
CCC Help English (Version: 2012.0928.1531.26058)
CCC Help Finnish (Version: 2012.0928.1531.26058)
CCC Help French (Version: 2012.0928.1531.26058)
CCC Help German (Version: 2012.0928.1531.26058)
CCC Help Greek (Version: 2012.0928.1531.26058)
CCC Help Hungarian (Version: 2012.0928.1531.26058)
CCC Help Italian (Version: 2012.0928.1531.26058)
CCC Help Japanese (Version: 2012.0928.1531.26058)
CCC Help Korean (Version: 2012.0928.1531.26058)
CCC Help Norwegian (Version: 2012.0928.1531.26058)
CCC Help Polish (Version: 2012.0928.1531.26058)
CCC Help Portuguese (Version: 2012.0928.1531.26058)
CCC Help Russian (Version: 2012.0928.1531.26058)
CCC Help Spanish (Version: 2012.0928.1531.26058)
CCC Help Swedish (Version: 2012.0928.1531.26058)
CCC Help Thai (Version: 2012.0928.1531.26058)
CCC Help Turkish (Version: 2012.0928.1531.26058)
CCleaner (Version: 3.24)
Classic Shell (Version: 3.6.2)
ContentManager (Version: 0.5)
ControlCenter (Version: 1.0.226)
Cregistry Comparison (Version: 4.1.1241)
CrystalDiskInfo 5.0.0 Shizuku Edition (Version: 5.0.0)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.4.0315)
Desktop Restore (Version: 1.6.3)
Device Doctor v2.1 (Version: 2.1)
DirPrint 4.0
DomDomSoft Anime Downloader (remove only)
Dropbox (Version: 1.4.17)
Duplicate Image Finder (Version: 1.0.20)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
DVDFab 8.2.0.8 (29/08/2012) Qt
Dyn Updater (Version: 4.1.10)
EasyBCD 2.2 (Version: 2.2)
Effective File Search 6.7 (Version: 6.7)
Emit version 1.10.1 (Version: 1.10.1)
eReg (Version: 1.20.138.34)
ESET Online Scanner v3
EventGhost 0.4.1.r1544 (Version: 0.4.1.r1544)
Flash Decompiler Trillix (Version: 4.1)
Flash Movie Player 1.5 (Version: 1.5)
Flash Renamer 6.57
Futuremark SystemInfo (Version: 4.8.0)
Google Update Helper (Version: 1.3.21.111)
Hard Disk Sentinel PRO
High-Definition Video Playback (Version: 7.1.12500.33.0)
HyperSnap 7 (Version: 7.18.00)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 21 (Version: 6.0.210)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Mega Codec Pack 9.3.0 (Version: 9.3.0)
Kaspersky Internet Security 2013 (Version: 13.0.1.4190)
KooRaRoo Media (Version: 1.3.1.0)
Logitech Gaming Software (Version: 8.20.74)
Logitech Gaming Software 8.20 (Version: 8.20.74)
Logitech SetPoint 6.32 (Version: 6.32.20)
Macrium Reflect Professional Edition (Version: 5.0.4258)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows Application Compatibility Database
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MiniTool Partition Wizard Server Edition 7.1
mirkes.de Tiny Hexer (Version: 1.8)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
Mozilla Maintenance Service (Version: 12.0)
MSIHQ USB Bootable Tool and BIOS Helper 1.24h 2012
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Nero 10 ClipartPack (Version: 10.2.10000.11.0)
Nero 10 Menu TemplatePack 1 (Version: 10.2.10000.0.0)
Nero 10 Menu TemplatePack 2 (Version: 10.2.10000.0.0)
Nero 10 Menu TemplatePack 3 (Version: 10.2.10000.0.0)
Nero 10 Menu TemplatePack Basic (Version: 10.2.10000.0.0)
Nero 10 Movie ThemePack 1 (Version: 10.2.10000.11.0)
Nero 10 Movie ThemePack 2 (Version: 10.2.10000.12.0)
Nero 10 Movie ThemePack 3 (Version: 10.2.10000.0.0)
Nero 10 Movie ThemePack 4 (Version: 10.2.10000.11.0)
Nero 10 Movie ThemePack Basic (Version: 10.2.10000.0.0)
Nero 10 PiP EffectPack 1 (Version: 10.2.10000.0.0)
Nero 10 Sample ImagePack (Version: 10.2.10000.11.0)
Nero 10 Sample Videos (Version: 10.2.10000.11.0)
Nero 10 Video TransitionPack 1 (Version: 10.2.10000.0.0)
Nero BackItUp 10 (Version: 5.6.10600.6.100)
Nero BackItUp 10 Help (CHM) (Version: 10.2.10800)
Nero Burning ROM 10 (Version: 10.2.10500.7.100)
Nero BurningROM 10 Help (CHM) (Version: 10.2.10600)
Nero BurnRights 10 (Version: 4.2.10300.0.102)
Nero BurnRights 10 Help (CHM) (Version: 10.2.10700)
Nero Control Center 10 (Version: 10.2.0.0.0)
Nero ControlCenter 10 Help (CHM) (Version: 10.2.10600)
Nero Core Components 10 (Version: 2.0.17200.8.0)
Nero CoverDesigner 10 (Version: 5.2.10400.4.100)
Nero CoverDesigner 10 Help (CHM) (Version: 10.2.10600)
Nero DiscCopy Gadget 10 (Version: 3.2.10300.5.100)
Nero DiscCopyGadget 10 Help (CHM) (Version: 10.2.10500)
Nero DiscSpeed 10 (Version: 6.2.10200.0.100)
Nero DiscSpeed 10 Help (CHM) (Version: 10.2.10600)
Nero Dolby Files 10 (Version: 2.0.12001.0.10)
Nero Express 10 (Version: 10.2.10500.7.100)
Nero Express 10 Help (CHM) (Version: 10.2.10700)
Nero InfoTool 10 (Version: 7.2.10200.4.100)
Nero InfoTool 10 Help (CHM) (Version: 10.2.10700)
Nero MediaHub 10 (Version: 1.2.10800.14.100)
Nero MediaHub 10 Help (CHM) (Version: 10.2.10500)
Nero Multimedia Suite 10 Platinum HD (Version: 10.5.10000)
Nero Recode 10 (Version: 4.8.10400.3.100)
Nero Recode 10 Help (CHM) (Version: 10.2.10500)
Nero RescueAgent 10 (Version: 3.2.10300.3.100)
Nero RescueAgent 10 Help (CHM) (Version: 10.2.10700)
Nero SoundTrax 10 (Version: 4.8.10200.1.100)
Nero SoundTrax 10 Help (CHM) (Version: 10.2.10600)
Nero StartSmart 10 (Version: 10.2.10400.5.100)
Nero StartSmart 10 Help (CHM) (Version: 10.2.10700)
Nero Update (Version: 1.0.0018)
Nero Vision 10 (Version: 7.2.14000.4.100)
Nero Vision 10 Help (CHM) (Version: 10.2.10800)
Nero WaveEditor 10 (Version: 5.8.10200.1.100)
Nero WaveEditor 10 Help (CHM) (Version: 10.2.10600)
Newshosting (Version: 1.3.2)
NirSoft OpenedFilesView
NuonSoft Wallpaper Cycler 3.6 (Version: 3.6.0.180)
OpenAL
ownCloud (Version: 1.0.5)
Paragon Partition Manager? 12 Free (Version: 90.00.0003)
PDF Settings CS5 (Version: 10.0)
piaip AppLocale (Version: 1.0.0)
Plus Pack for Acronis True Image Home 2012 (Version: 15.0.6154)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30122)
Remove Empty Directories version 2.2 (Version: 2.2)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
RGSS-RTP Standard (Version: 1.0.0)
RPG MAKER VX Ace RTP (Version: 1.00)
RPG Maker VX RTP (Version: 1.02)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.6.0)
SeaTools for Windows (Version: 1.2.0.6)
ShellFolderFix 1.1.4
SixaxisPairTool 0.2.3 (Version: 0.2.3)
Sothink SWF Decompiler (Version: 7.0)
SshSharedFoldersSetup (Version: 1.0.3)
Steam (Version: 1.0.0.0)
Sub Station Alpha v4.08
SUPER c v2012.build.51 (April 7, 2012) version v2012.build.51 (Version: v2012.build.51)
SUPER ゥ v2012.build.53 (Sep 13, 2012) version v2012.build.53 (Version: v2012.build.53)
Switch Sound File Converter
swMSM (Version: 12.0.0.1)
Symlink Creator (Version: 1.1.1.3)
SymMover
TaskInfo 10.0.0.336 (Version: 10.0.0.336)
TeamViewer 7 (Version: 7.0.12979)
TextPad 6 (Version: 6.1.0)
TortoiseSVN 1.7.9.23248 (32 bit) (Version: 1.7.23248)
UltimateDefrag (Version: 4.0.98.0)
Universal Extractor 1.6.1 (Version: 1.6.1)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
User Profile Hive Cleanup Service (Version: 1.6.30)
UxStyle Core Beta (Version: 0.2.1.1)
VIPdesk Scan Utility (Version: 1.0.0)
Visual BCD (Version: 0.9.3.1)
VLC media player 2.0.3 (Version: 2.0.3)
What's my computer doing 1.xx
WinCatalog 2012 (remove only)
Windows Automated Installation Kit (Version: 2.0.0.0)
Windows Driver Package - EventGhost Deal Extreme USB PC Remote (01/25/2010 1.0.2.0) (Version: 01/25/2010 1.0.2.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinSCP 4.3.9 (Version: 4.3.9)
xy-VSFilter 3.0.0.65 (Version: 3.0.0.65)
いちゃコミュ☆プラス~いちゃいちゃコミュニケーションプラス~ (Version: 1.00.0000)
ニャルプラス
リアルタイム3D”ニャンニャン” (Version: 1.0.0.0)
妹のひとりえっち 1.00
神採りアルケミーマイスター (Version: 1.00.0006)
神採りアルケミーマイスター (Version: 2.00.0019)
神採りアルケミーマイスター Append01 (Version: 1.00.0004)
神採りアルケミーマイスター Append02 (Version: 1.00.0003)
神採りアルケミーマイスター Ver2.00 Update (Version: 2.00.0019)

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 8191.13 MB
Available physical RAM: 5046.39 MB
Total Pagefile: 16380.54 MB
Available Pagefile: 12739.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.88 MB

========================= Partitions: =====================================

2 Drive c: (WINNT) (Fixed) (Total:111.79 GB) (Free:59.16 GB) NTFS
3 Drive d: (Storage1) (Fixed) (Total:1397.26 GB) (Free:521.92 GB) NTFS
4 Drive e: (Storage2) (Fixed) (Total:1863.01 GB) (Free:207.58 GB) NTFS
5 Drive f: (Storage3) (Fixed) (Total:1863.01 GB) (Free:318.19 GB) NTFS
6 Drive g: (Extended) (Fixed) (Total:931.51 GB) (Free:402.43 GB) NTFS

========================= Users: ========================================

User accounts for \\ALLEGIANCE

Administrator malaac molitar
Shared

========================= Restore Points ==================================


**** End of log ****

Edited by molitar, 04 November 2012 - 09:43 PM.


#8 molitar

molitar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 04 November 2012 - 09:12 PM

Lost all my logs from the previous scans due to Junkware didn't realize it would close browser without a warning. But ADWClean found nothing it reported all legit and of course Malwarebytes found nothing as I have that already and ran that before I came here.

Junkware:

# AdwCleaner v2.006 - Logfile created 11/04/2012 at 20:58:41
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : malaac - ALLEGIANCE
# Boot Mode : Normal
# Running from : C:\DOS\00. Cleaners\AdwCleaner\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (en-US)

Profile name : default-1352059547743 [Profil par defaut]
File : C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0ir2d7yn.default-1352059547743\prefs.js

Found : user_pref("CT1060933.1000082.isPlayDisplay", "true");
Found : user_pref("CT1060933.1000082.state", "{\"state\":\"stopped\",\"text\":\"KFOG\",\"description\":\"KFO[...]
Found : user_pref("CT1060933.129677514212584059.APP_WIN_FEATURES", "resizable=no,scrollbars=no,titlebar=no,o[...]
Found : user_pref("CT1060933.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT1060933.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT1060933.FirstTime", "true");
Found : user_pref("CT1060933.FirstTimeFF3", "true");
Found : user_pref("CT1060933.UserID", "UN99129888456406136");
Found : user_pref("CT1060933.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT1060933.autoDisableScopes", -1);
Found : user_pref("CT1060933.autocompletepro_enable", "1");
Found : user_pref("CT1060933.autocompletepro_enable_auto", "1");
Found : user_pref("CT1060933.cbcountry_001", "US");
Found : user_pref("CT1060933.cbfirsttime", "Sat Jun 30 2012 19:31:00 GMT-0400 (Eastern Daylight Time)");
Found : user_pref("CT1060933.defaultSearch", "false");
Found : user_pref("CT1060933.enableAlerts", "false");
Found : user_pref("CT1060933.enableSearchFromAddressBar", "true");
Found : user_pref("CT1060933.firstTimeDialogOpened", "true");
Found : user_pref("CT1060933.fixPageNotFoundError", "true");
Found : user_pref("CT1060933.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT1060933.fixUrls", true);
Found : user_pref("CT1060933.installId", "ConduitNSISIntegration");
Found : user_pref("CT1060933.installType", "ConduitNSISIntegration");
Found : user_pref("CT1060933.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT1060933.isPerformedSmartBarTransition", "true");
Found : user_pref("CT1060933.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT1060933.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.youtube.com%[...]
Found : user_pref("CT1060933.openThankYouPage", "false");
Found : user_pref("CT1060933.openUninstallPage", "true");
Found : user_pref("CT1060933.search.searchAppId", "128280995260143876");
Found : user_pref("CT1060933.search.searchCount", "0");
Found : user_pref("CT1060933.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT1060933.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT1060933.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT1060933.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT1060933.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1341099056440");
Found : user_pref("CT1060933.serviceLayer_services_appTracking_lastUpdate", "1341099057885");
Found : user_pref("CT1060933.serviceLayer_services_appsMetadata_lastUpdate", "1341099316544");
Found : user_pref("CT1060933.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1341099056904");
Found : user_pref("CT1060933.serviceLayer_services_login_10.10.12.5_lastUpdate", "1341099362709");
Found : user_pref("CT1060933.serviceLayer_services_optimizer_lastUpdate", "1341099316995");
Found : user_pref("CT1060933.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1341099057062");
Found : user_pref("CT1060933.serviceLayer_services_searchAPI_lastUpdate", "1341099055703");
Found : user_pref("CT1060933.serviceLayer_services_serviceMap_lastUpdate", "1341099054768");
Found : user_pref("CT1060933.serviceLayer_services_toolbarContextMenu_lastUpdate", "1341099056921");
Found : user_pref("CT1060933.serviceLayer_services_toolbarSettings_lastUpdate", "1341099316413");
Found : user_pref("CT1060933.serviceLayer_services_translation_lastUpdate", "1341099056371");
Found : user_pref("CT1060933.settingsINI", true);
Found : user_pref("CT1060933.shouldFirstTimeDialog", "false");
Found : user_pref("CT1060933.smartbar.CTID", "CT1060933");
Found : user_pref("CT1060933.smartbar.Uninstall", "0");
Found : user_pref("CT1060933.smartbar.isHidden", true);
Found : user_pref("CT1060933.smartbar.toolbarName", "Freecorder ");
Found : user_pref("CT1060933.startPage", "false");
Found : user_pref("CT1060933.toolbarBornServerTime", "1-7-2012");
Found : user_pref("CT1060933.toolbarCurrentServerTime", "1-7-2012");
Found : user_pref("CT1060933.url_history0001", "hxxps://www.google.com:::clickhandler:::1341099076691");

*************************

AdwCleaner[R1].txt - [6908 octets] - [04/11/2012 20:58:41]

########## EOF - C:\AdwCleaner[R1].txt - [6968 octets] ##########


Farbar:

Farbar Service Scanner Version: 04-11-2012
Ran by malaac (administrator) on 04-11-2012 at 20:57:24
Running from "C:\DOS\00. Cleaners\Farbar"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Demand. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-10-14 22:54] - [2012-08-22 12:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-14 22:54] - [2012-06-01 23:36] - 0140288 ____A (Microsoft Corporation) 96C0E38905CFD788313BE8E11DAE3F2F

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

# AdwCleaner v2.006 - Logfile created 11/04/2012 at 21:09:02
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : malaac - ALLEGIANCE
# Boot Mode : Normal
# Running from : C:\DOS\00. Cleaners\AdwCleaner\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\Ask&Record
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (en-US)

Profile name : default-1352059547743 [Profil par defaut]
File : C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0ir2d7yn.default-1352059547743\prefs.js

Found : user_pref("CT1060933.1000082.isPlayDisplay", "true");
Found : user_pref("CT1060933.1000082.state", "{\"state\":\"stopped\",\"text\":\"KFOG\",\"description\":\"KFO[...]
Found : user_pref("CT1060933.129677514212584059.APP_WIN_FEATURES", "resizable=no,scrollbars=no,titlebar=no,o[...]
Found : user_pref("CT1060933.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT1060933.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT1060933.FirstTime", "true");
Found : user_pref("CT1060933.FirstTimeFF3", "true");
Found : user_pref("CT1060933.UserID", "UN99129888456406136");
Found : user_pref("CT1060933.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT1060933.autoDisableScopes", -1);
Found : user_pref("CT1060933.autocompletepro_enable", "1");
Found : user_pref("CT1060933.autocompletepro_enable_auto", "1");
Found : user_pref("CT1060933.cbcountry_001", "US");
Found : user_pref("CT1060933.cbfirsttime", "Sat Jun 30 2012 19:31:00 GMT-0400 (Eastern Daylight Time)");
Found : user_pref("CT1060933.defaultSearch", "false");
Found : user_pref("CT1060933.enableAlerts", "false");
Found : user_pref("CT1060933.enableSearchFromAddressBar", "true");
Found : user_pref("CT1060933.firstTimeDialogOpened", "true");
Found : user_pref("CT1060933.fixPageNotFoundError", "true");
Found : user_pref("CT1060933.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT1060933.fixUrls", true);
Found : user_pref("CT1060933.installId", "ConduitNSISIntegration");
Found : user_pref("CT1060933.installType", "ConduitNSISIntegration");
Found : user_pref("CT1060933.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT1060933.isPerformedSmartBarTransition", "true");
Found : user_pref("CT1060933.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT1060933.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.youtube.com%[...]
Found : user_pref("CT1060933.openThankYouPage", "false");
Found : user_pref("CT1060933.openUninstallPage", "true");
Found : user_pref("CT1060933.search.searchAppId", "128280995260143876");
Found : user_pref("CT1060933.search.searchCount", "0");
Found : user_pref("CT1060933.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT1060933.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT1060933.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT1060933.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT1060933.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1341099056440");
Found : user_pref("CT1060933.serviceLayer_services_appTracking_lastUpdate", "1341099057885");
Found : user_pref("CT1060933.serviceLayer_services_appsMetadata_lastUpdate", "1341099316544");
Found : user_pref("CT1060933.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1341099056904");
Found : user_pref("CT1060933.serviceLayer_services_login_10.10.12.5_lastUpdate", "1341099362709");
Found : user_pref("CT1060933.serviceLayer_services_optimizer_lastUpdate", "1341099316995");
Found : user_pref("CT1060933.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1341099057062");
Found : user_pref("CT1060933.serviceLayer_services_searchAPI_lastUpdate", "1341099055703");
Found : user_pref("CT1060933.serviceLayer_services_serviceMap_lastUpdate", "1341099054768");
Found : user_pref("CT1060933.serviceLayer_services_toolbarContextMenu_lastUpdate", "1341099056921");
Found : user_pref("CT1060933.serviceLayer_services_toolbarSettings_lastUpdate", "1341099316413");
Found : user_pref("CT1060933.serviceLayer_services_translation_lastUpdate", "1341099056371");
Found : user_pref("CT1060933.settingsINI", true);
Found : user_pref("CT1060933.shouldFirstTimeDialog", "false");
Found : user_pref("CT1060933.smartbar.CTID", "CT1060933");
Found : user_pref("CT1060933.smartbar.Uninstall", "0");
Found : user_pref("CT1060933.smartbar.isHidden", true);
Found : user_pref("CT1060933.smartbar.toolbarName", "Freecorder ");
Found : user_pref("CT1060933.startPage", "false");
Found : user_pref("CT1060933.toolbarBornServerTime", "1-7-2012");
Found : user_pref("CT1060933.toolbarCurrentServerTime", "1-7-2012");
Found : user_pref("CT1060933.url_history0001", "hxxps://www.google.com:::clickhandler:::1341099076691");

*************************

AdwCleaner[R2].txt - [6181 octets] - [04/11/2012 21:09:02]

########## EOF - C:\AdwCleaner[R2].txt - [6241 octets] ##########

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 PM

Posted 04 November 2012 - 09:21 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#10 molitar

molitar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 04 November 2012 - 09:41 PM

Farbar:

Farbar Service Scanner Version: 04-11-2012
Ran by malaac (administrator) on 04-11-2012 at 21:38:12
Running from "C:\DOS\00. Cleaners\Farbar"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Demand. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-10-14 22:54] - [2012-08-22 12:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-14 22:54] - [2012-06-01 23:36] - 0140288 ____A (Microsoft Corporation) 96C0E38905CFD788313BE8E11DAE3F2F

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


rkill:

Rkill 2.4.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/04/2012 09:38:52 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Manual

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Disabled

* Windows Update (wuauserv) is not Running.
Startup Type set to: Manual

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:


Program finished at: 11/04/2012 09:38:57 PM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)


Autoruns:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AVP" "Kaspersky Anti-Virus" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
+ "Classic Start Menu" "Classic Start Menu" "IvoSoft" "c:\program files\classic shell\classicstartmenu.exe"
+ "Launch LCore" "Logitech Gaming Framework" "Logitech Inc." "c:\program files\logitech gaming software\lcore.exe"
+ "NUSB3MON" "USB 3.0 Monitor" "Renesas Electronics Corporation" "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
+ "RTHDVCPL" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rthdvcpl.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dyn Updater Tray Icon.lnk" "Dyn Updater Tray Icon" "Dyn, Inc." "c:\program files\dyn updater\dyntray.exe"
+ "PowerMenu.lnk" "PowerMenu" "Thong Nguyen" "c:\program files\powermenu\powermenu.exe"
"C:\Users\malaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "EventGhost.lnk" "EventGhost Automation Tool" "EventGhost Project" "c:\program files\eventghost\eventghost.exe"
+ "FTPRush.lnk" "FTP Rush" "http://www.wftpserver.com" "c:\program files\ftprush\ftprush.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "3RVX" "3RVX" "matt.malensek.net" "c:\program files\3rvx\3rvx.exe"
+ "Icon Remover" "'Safely Remove Hardware' Icon Remover" "IconRemover.com" "c:\program files\icon remover\iconremover.exe"
+ "NuonSoft Wallpaper Cycler" "Wallpaper Cycler" "NuonSoft" "c:\program files\nuonsoft\wallpapercycler3\wallpapercycler.exe"
+ "uTorrent" "µTorrent" "BitTorrent, Inc." "c:\program files\utorrent\utorrent.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
+ "wlpg" "Windows Live Album Download Protocol Handler" "Microsoft Corporation" "c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AABdzCtx" "Bandizip shell menu dll" "Bandisoft.com" "c:\users\malaac\appdata\local\bandizip\bdzshl32.dll"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\malaac\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "TextPad" "TextPad 32-bit shell extension DLL" "Helios Software Solutions" "c:\program files\textpad 6\system\shellext32.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "0HV3Context" "HV3Shell Module" "" "c:\program files\honeyview3\hv3shell32.dll"
+ "AABdzCtx" "Bandizip shell menu dll" "Bandisoft.com" "c:\users\malaac\appdata\local\bandizip\bdzshl32.dll"
+ "BestSyncMenu" "BestSync Shell Extension" " RiseFly Software" "c:\program files\bestsync 2012\bestsyncext.dll"
+ "CirrusShellEx" "Beyond Compare" "Scooter Software" "c:\program files\beyond compare 3\bcshellex.dll"
+ "Kaspersky Anti-Virus" "Windows Shell Extension" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky internet security 2013\shellex.dll"
+ "NBShellHook Class" "Nero BackItUp" "Nero AG" "g:\program files\nero backitup\nbshell.dll"
+ "NeroShellExt Class" "Nero Burning ROM Shell Extension" "Nero AG" "c:\program files\common files\nero\neroshellext\neroshellext.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub32.dll"
+ "WallpaperCycler3ShellIntMenuExt" "WallpaperCycler3ShellInt Module" "NuonSoft" "c:\program files\nuonsoft\wallpapercycler3\wallpapercycler3shellint.dll"
+ "WhoLockMe" "List all the process locking a file." "Bitmind / Pygmy Productions" "c:\dos\wholockme200\wholockme.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub32.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "FileMenuTools" "FileMenu Tools DLL" "LopeSoft - Software desarrollado por Rubén López Hernández" "c:\program files\lopesoft\filemenu tools\filemenutools.dll"
+ "Flash Renamer Helper" "" "RL Vision" "c:\windows\system32\flashrenhelper.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "AABdzCtx" "Bandizip shell menu dll" "Bandisoft.com" "c:\users\malaac\appdata\local\bandizip\bdzshl32.dll"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\malaac\appdata\roaming\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "0HV3Context" "HV3Shell Module" "" "c:\program files\honeyview3\hv3shell32.dll"
+ "AABdzCtx" "Bandizip shell menu dll" "Bandisoft.com" "c:\users\malaac\appdata\local\bandizip\bdzshl32.dll"
+ "BestSyncMenu" "BestSync Shell Extension" " RiseFly Software" "c:\program files\bestsync 2012\bestsyncext.dll"
+ "CirrusShellEx" "Beyond Compare" "Scooter Software" "c:\program files\beyond compare 3\bcshellex.dll"
+ "FileMenuTools" "FileMenu Tools DLL" "LopeSoft - Software desarrollado por Rubén López Hernández" "c:\program files\lopesoft\filemenu tools\filemenutools.dll"
+ "Kaspersky Anti-Virus" "Windows Shell Extension" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky internet security 2013\shellex.dll"
+ "NeroShellExt Class" "Nero Burning ROM Shell Extension" "Nero AG" "c:\program files\common files\nero\neroshellext\neroshellext.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub32.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKCU\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "AABdzCtx" "Bandizip shell menu dll" "Bandisoft.com" "c:\users\malaac\appdata\local\bandizip\bdzshl32.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "AABdzCtx" "Bandizip shell menu dll" "Bandisoft.com" "c:\users\malaac\appdata\local\bandizip\bdzshl32.dll"
+ "BestSyncMenu" "BestSync Shell Extension" " RiseFly Software" "c:\program files\bestsync 2012\bestsyncext.dll"
+ "ClassicCopyExt" "Adds classic Windows Explorer features" "IvoSoft" "c:\program files\classic shell\classicexplorer32.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub32.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub32.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "AltapSalamanderVer252" "Shell Extension for Altap Salamander 2.52" "ALTAP" "c:\program files\altap salamander 2.5\plugins\salamext.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub32.dll"
+ "WinSCPCopyHook" "Drag&Drop shell extension for WinSCP (32-bit)" "Martin Prikryl" "c:\program files\winscp\dragext.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "AABdzCtx" "Bandizip shell menu dll" "Bandisoft.com" "c:\users\malaac\appdata\local\bandizip\bdzshl32.dll"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\malaac\appdata\roaming\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "AABdzCtx" "Bandizip shell menu dll" "Bandisoft.com" "c:\users\malaac\appdata\local\bandizip\bdzshl32.dll"
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
+ "DeskMenu" "Desktop Restore" "Jamie O'Connell" "c:\program files\desktop restore\dkticnsr.dll"
+ "FileMenuTools" "FileMenu Tools DLL" "LopeSoft - Software desarrollado por Rubén López Hernández" "c:\program files\lopesoft\filemenu tools\filemenutools.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub32.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub32.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "CirrusShellEx" "Beyond Compare" "Scooter Software" "c:\program files\beyond compare 3\bcshellex.dll"
+ "FileMenuTools" "FileMenu Tools DLL" "LopeSoft - Software desarrollado por Rubén López Hernández" "c:\program files\lopesoft\filemenu tools\filemenutools.dll"
+ "Kaspersky Anti-Virus" "Windows Shell Extension" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky internet security 2013\shellex.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "NBShellHook Class" "Nero BackItUp" "Nero AG" "g:\program files\nero backitup\nbshell.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub32.dll"
+ "WhoLockMe" "List all the process locking a file." "Bitmind / Pygmy Productions" "c:\dos\wholockme200\wholockme.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "ClassicCopyExt" "Adds classic Windows Explorer features" "IvoSoft" "c:\program files\classic shell\classicexplorer32.dll"
+ "NBShellHook" "Nero BackItUp" "Nero AG" "g:\program files\nero backitup\nbshell.dll"
+ "TortoiseSVN" "TortoiseSVN shell extension client" "http://tortoisesvn.net" "c:\program files\tortoisesvn\bin\tortoisestub32.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "1TortoiseNormal" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "2TortoiseModified" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "3TortoiseConflict" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "4TortoiseLocked" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "5TortoiseReadOnly" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "6TortoiseDeleted" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "7TortoiseAdded" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "8TortoiseIgnored" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "9TortoiseUnversioned" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\malaac\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\malaac\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\malaac\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\malaac\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "ShareOverlay" "Adds classic Windows Explorer features" "IvoSoft" "c:\program files\classic shell\classicexplorer32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "ClassicIE9BHO Class" "Customizations for the title bar and status bar of IE9" "IvoSoft" "c:\program files\classic shell\classicie9dll_32.dll"
+ "Content Blocker Plugin" "Content Blocker Plugin" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll"
+ "ExplorerBHO Class" "Adds classic Windows Explorer features" "IvoSoft" "c:\program files\classic shell\classicexplorer32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Safe Money Plugin" "Safe Money Plugin" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll"
+ "URL Advisor Plugin" "URL Advisor Plugin" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll"
+ "Virtual Keyboard Plugin" "Virtual Keyboard Plugin" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Classic Explorer Bar" "Adds classic Windows Explorer features" "IvoSoft" "c:\program files\classic shell\classicexplorer32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Classic IE9 Settings" "Classic IE9" "IvoSoft" "c:\program files\classic shell\classicie9_32.exe"
+ "URLs check" "URL Advisor Plugin" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll"
+ "Virtual Keyboard" "Virtual Keyboard Plugin" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll"
"Task Scheduler" "" "" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe"
+ "\GoogleUpdateTaskMachineCore" "" "" "File not found: C:\Program Files\Google\Update\GoogleUpdate.exe"
+ "\GoogleUpdateTaskMachineUA" "" "" "File not found: C:\Program Files\Google\Update\GoogleUpdate.exe"
+ "\Launch HTC Sync Loader" "" "" "File not found: C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\My Backup Monthly xml" "Macrium Reflect Disk Imaging and Backup" "Paramount Software UK Ltd" "c:\program files\macrium\reflect\reflect.exe"
+ "\My Backup Weekly xml" "Macrium Reflect Disk Imaging and Backup" "Paramount Software UK Ltd" "c:\program files\macrium\reflect\reflect.exe"
+ "\MyBackup" "" "" "File not found: C:\Program Files\DeltaCopy\MyBackup.dcp"
+ "\OS Drive Backup Monthly xml" "Macrium Reflect Disk Imaging and Backup" "Paramount Software UK Ltd" "c:\program files\macrium\reflect\reflect.exe"
+ "\OS Drive Backup Weekly xml" "Macrium Reflect Disk Imaging and Backup" "Paramount Software UK Ltd" "c:\program files\macrium\reflect\reflect.exe"
+ "\OS Recovery Backup Monthly xml" "Macrium Reflect Disk Imaging and Backup" "Paramount Software UK Ltd" "c:\program files\macrium\reflect\reflect.exe"
+ "\OS Recovery Backup Weekly xml" "Macrium Reflect Disk Imaging and Backup" "Paramount Software UK Ltd" "c:\program files\macrium\reflect\reflect.exe"
+ "\Paragon Archive name arc_170612001811664" "" "" "File not found: C:\Program Files\Paragon Software\Backup and Recovery 11 Home\program\scripts.exe"
+ "\Your File Updater" "" "" "File not found: C:\Program Files\YourFileDownloader\YourFileUpdater.exe"
+ "\{0B81304C-071B-448E-AA90-261D024435CB}" "3DMark 11 GUI" "Futuremark Corporation" "c:\program files\futuremark\3dmark11\bin\x86\3dmark11.exe"
+ "\{48EDE254-248C-4F04-854A-E7CB041FAB52}" "" "" "File not found: C:\Downloads\CF_UNINST.EXE"
+ "\{491299F6-6372-40A4-9482-741E7D5BDAE2}" "Razor 1911 Steam Installer" "Install.exe" "c:\downloaded\02. games\00. other\skrm\install.exe"
+ "\{50D59686-087B-4AE3-B782-0E84BDB95790}" "" "" "File not found: C:\Downloaded\02. Games\01. Anime\Dokidoki Little Landlady\dokidokiりとる大家さん.exe"
+ "\{56CAB3DA-5771-47F1-8300-946671D13D24}" "Razor 1911 Steam Installer" "Install.exe" "c:\downloaded\02. games\00. other\skrm\install.exe"
+ "\{5F23EC86-9176-4C19-8FB3-251A9BF09ADE}" "" "" "File not found: C:\Windows\system32\TweakUI.exe"
+ "\{931DCF3C-7427-4F23-AC8C-8ABDBAA797B3}" "" "" "File not found: C:\Downloaded\02. Games\01. Anime\Amazon Kara\Amazon Kara.exe"
+ "\{BBA56266-932F-4077-B338-1DE711487ECA}" "" "" "File not found: C:\Downloaded\02. Games\01. Anime\Raped!\Raped!.exe"
+ "\{DCE263BE-02AF-4FF2-8607-91FB3C86AD11}" "" "" "File not found: C:\4G-patch\4GB-7600.RTM.x86.-13.06.2010_-_JeweLz\4GB-7600.RTM.x86.-13.06.2010_-_JeweLz.exe"
+ "\{F91F2B1E-0A99-49EA-96B3-AB6F2D1C50E2}" "" "" "File not found: C:\Windows\system32\TweakUI.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "AMD FUEL Service" "Provides FUEL Functionality" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AVP" "Provides computer protection against viruses, dangerous software, network attacks, internet fraud and spam." "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
+ "BestSyncSvc" "To synchronize file with folders, FTP server, network drive." "RiseFly Software" "c:\program files\bestsync 2012\bestsyncsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "BrYNSvc" "BrYNCSvc" "Brother Industries, Ltd." "c:\program files\browny02\brynsvc.exe"
+ "Dyn Updater" "Synchronizes DNS records from Dyn.com with this computer's global IP address." "Dyn, Inc." "c:\program files\dyn updater\dynupsvc.exe"
+ "Futuremark SystemInfo Service" "Futuremark SystemInfo Service" "Futuremark Corporation" "c:\program files\common files\futuremark shared\futuremark systeminfo\fmsisvc.exe"
+ "KooRaRooMediaServer" "KooRaRoo Media Server works with your UPnP and DLNA devices." "Programming Sunrise" "c:\program files\kooraroo media\kooraroomediaserver.exe"
+ "LBTServ" "Logitech Bluetooth Service" "Logitech, Inc." "c:\program files\common files\logishrd\bluetooth\lbtserv.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "NAUpdate" "Provides access to Nero application updates and manages Nero applications." "Nero AG" "c:\program files\nero\update\nasvc.exe"
+ "ReflectService.exe" "Reflect Service - Enables mounting of images" "" "c:\program files\macrium\reflect\reflectservice.exe"
+ "SshSharedFolderService2" "SshSharedFolderService" "IIC Internet LLC" "c:\program files\sshsharedfolderssetup\sshsharedfolderservice2.exe"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files\common files\steam\steamservice.exe"
+ "SwitchBoard" "SwitchBoard Server (32 bit)" "Adobe Systems Incorporated" "c:\program files\common files\adobe\switchboard\switchboard.exe"
+ "UnsignedThemes" "Enables the use of unsigned themes." "The Within Network, LLC" "c:\windows\unsignedthemessvc.exe"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amd_sata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amd_sata.sys"
+ "amd_xata" "Stor Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amd_xata.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "AODDriver4.01" "AMD OverDrive Service Driver" "Advanced Micro Devices" "c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys"
+ "AODDriver4.2" "AMD OverDrive Service Driver" "Advanced Micro Devices" "c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AtiHDAudioService" "AMD High Definition Audio Function Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\atihdw73.sys"
+ "AtiHdmiService" "ATI High Definition Audio Function Driver" "ATI Technologies, Inc." "c:\windows\system32\drivers\atihdmi.sys"
+ "AtiPcie" "AMD PCIE Filter Driver for ATI PCIE chipset" "Advanced Micro Devices Inc." "c:\windows\system32\drivers\atipcie.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "dg_ssudbus" "SAMSUNG USB Composite Device Driver (MSS Ver.3)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudbus.sys"
+ "dtsoftbus01" "DAEMON Tools Virtual Bus Driver" "DT Soft Ltd" "c:\windows\system32\drivers\dtsoftbus01.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "FARMNTIO" "" "" "c:\windows\system32\drivers\farmntio.sys"
+ "FsUsbExDisk" "" "" "c:\windows\system32\fsusbexdisk.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "hotcore3" "A part of Paragon System Utilities" "Paragon Software Group" "c:\windows\system32\drivers\hotcore3.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "HTCAND32" "ADB Interface" "HTC, Corporation" "c:\windows\system32\drivers\androidusb.sys"
+ "HWiNFO32" "HWiNFO32 Kernel Driver" "REALiX™" "c:\program files\hwinfo32\hwinfo32.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "ISODrive" "ISO DVD/CD-ROM Device Driver" "EZB Systems, Inc." "c:\program files\ultraiso\drivers\isodrive.sys"
+ "kl1" "Kaspersky Unified Driver" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\kl1.sys"
+ "KLIF" "Kaspersky Lab Interceptor and Filter" "Kaspersky Lab" "c:\windows\system32\drivers\klif.sys"
+ "KLIM6" "Kaspersky Anti-Virus NDIS 6 Filter" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\klim6.sys"
+ "klkbdflt" "Kaspersky Lab Keyboard Class Filter" "Kaspersky Lab" "c:\windows\system32\drivers\klkbdflt.sys"
+ "klmouflt" "Kaspersky Lab Mouse Class Filter" "Kaspersky Lab" "c:\windows\system32\drivers\klmouflt.sys"
+ "kltdi" "Network filtering component" "Kaspersky Lab" "c:\windows\system32\drivers\kltdi.sys"
+ "kneps" "KNEPS Power" "Kaspersky Lab" "c:\windows\system32\drivers\kneps.sys"
+ "LHidFilt" "Logitech HID Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lhidfilt.sys"
+ "LMouFilt" "Logitech Mouse Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lmoufilt.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MSI_MSIBIOS_010507" "Description string for Msibios driver" "Your Corporation" "c:\program files\msi\live update 5\msibios32_100507.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "NPF" "npf.sys (NT5/6 x86) Kernel Driver" "CACE Technologies, Inc." "c:\windows\system32\drivers\npf.sys"
+ "NTIOLib_1_0_4" "NTIOLib" "MSI" "c:\program files\msi\live update 5\ntiolib.sys"
+ "nusb3hub" "USB 3.0 Hub Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3hub.sys"
+ "nusb3xhc" "USB 3.0 Host Controller Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3xhc.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PSMounter" "Macrium Reflect Image Explorer Service. Allows images and backups to be accessed by Windows Explorer" "Macrium Software" "c:\windows\system32\drivers\psmounter.sys"
+ "pssnap" "Backup image protection" "Macrium Software" "c:\windows\system32\drivers\pssnap.sys"
+ "PSVolAcc" "PSVolAcc mini-filter driver" "Paramount Software UK Ltd" "c:\windows\system32\drivers\psvolacc.sys"
+ "pwdrvio" "" "" "c:\windows\system32\pwdrvio.sys"
+ "pwdspio" "" "" "c:\windows\system32\pwdspio.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "Revoflt" "Revo Uninstaller Filter driver" "VS Revo Group" "c:\windows\system32\drivers\revoflt.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "RTL8167" "Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver " "Realtek Corporation " "c:\windows\system32\drivers\rt86win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "sptd" "SCSI Pass Through Direct Host" "Duplex Secure Ltd." "c:\windows\system32\drivers\sptd.sys"
+ "ssudmdm" "SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudmdm.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "TSKNFA00.SYS" "TSKNFA00 Kernel Driver" "Igor Arsenin" "c:\windows\system32\drivers\tsknfa00.sys"
+ "Uim_IM" "Image Mounter" "Paragon" "c:\windows\system32\drivers\uim_im.sys"
+ "Uim_Vim" "Image Mounter plugin" "Paragon" "c:\windows\system32\drivers\uim_vim.sys"
+ "UimBus" "Image Mounter SCSI Port Driver" "Windows ® 2000 DDK provider" "c:\windows\system32\drivers\uimbus.sys"
+ "usbfilter" "AMD USB Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\usbfilter.sys"
+ "uxpatch" "" "" "c:\windows\system32\drivers\uxpatch.sys"
+ "VGPU" "" "" "File not found: System32\drivers\rdvgkmd.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3acm" "AC-3 ACM Codec" "fccHandler" "c:\windows\system32\ac3acm.acm"
+ "msacm.l3acm" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecp.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "VIDC.FFDS" "ffdshow VFW" "" "c:\windows\system32\ff_vfw.dll"
+ "vidc.i420" "Helix I420 YUV Codec" "www.helixcommunity.org" "c:\windows\system32\i420vfw.dll"
+ "VIDC.LAGS" "Lagarith" " " "c:\windows\system32\lagarith.dll"
+ "VIDC.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "vidc.yv12" "Helix YV12 YUV Codec" "www.helixcommunity.org" "c:\windows\system32\yv12vfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "aac_parser" "Direct show parser filter for ADTS" "" "c:\windows\system32\aac_parser.ax"
+ "AC3File" "" "" "c:\program files\k-lite codec pack\filters\ac3file.ax"
+ "AC3Filter" "ac3filter" "" "c:\windows\system32\ac3dx.ax"
+ "ACDEncodeQT" "ACD QuickTime Encoder" "ACD Systems" "c:\program files\common files\acd systems\video\acdencodeqt.ax"
+ "ACDFX Filter" "ACDFX DirectShow Transform Filter" "ACD Systems" "c:\program files\common files\acd systems\acdfx.ax"
+ "AMD MJPEG Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "AsyncEx" "VisioForge AsyncEx Filter" "VisioForge" "c:\users\malaac\appdata\roaming\windsolutions\copytransmanager\copytransmanager.ax"
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Ticker" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "CoreAAC Audio Decoder" "CoreAAC" "" "c:\windows\system32\coreaac.ax"
+ "CoreAVC Video Decoder" "CoreAVC DirectShow Video Decoder" "CoreCodec" "c:\windows\system32\avcdx.ax"
+ "DC-Bass Source" "BASS based DirectShow™ Audio Decoder" "http://www.dsp-worx.de" "c:\program files\k-lite codec pack\filters\dcbass\dcbasssourcemod.ax"
+ "Dirac Source" "Dirac Splitter" "Gabest" "c:\windows\system32\diracsplitter.ax"
+ "Dirac Splitter" "Dirac Splitter" "Gabest" "c:\windows\system32\diracsplitter.ax"
+ "Dirac Video Decoder" "Dirac Splitter" "Gabest" "c:\windows\system32\diracsplitter.ax"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\filters\ffdshow\ffdshow.ax"
+ "FLV Source" "FLV Splitter" "Gabest" "c:\windows\system32\flvdx.dll"
+ "FLV Splitter" "FLV Splitter" "Gabest" "c:\windows\system32\flvdx.dll"
+ "FLV Video Decoder" "FLV Splitter" "Gabest" "c:\windows\system32\flvdx.dll"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "LAV Audio Decoder" "LAV Audio Decoder - DirectShow Audio Decoder" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavaudio.ax"
+ "LAV Splitter" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavsplitter.ax"
+ "LAV Splitter Source" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavsplitter.ax"
+ "LAV Video Decoder" "LAV Video Decoder - DirectShow Video Decoder" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavvideo.ax"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madVR" "madshi's D3D9 based video renderer" "madshi.net" "c:\program files\k-lite codec pack\filters\madvr\madvr.ax"
+ "MainConcept MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG" "c:\program files\acd systems\acdsee pro\3.0\mcesmpeg.ax"
+ "MMACE Deinterlace" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MPC - Matroska Source" "" "" "c:\windows\system32\matroskadx.ax"
+ "MPC - Matroska Splitter" "" "" "c:\windows\system32\matroskadx.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "RadLight Speex Decoder" "RadLight Speex Decoder" "" "c:\windows\system32\rlspeexdec.ax"
+ "RadLight Theora Decoder" "RadLight Theora Decoder" "RadLight, LLC" "c:\windows\system32\rltheoradec.ax"
+ "RadLight Vorbis Decoder" "RLVorbisDec.ax" "RadLight" "c:\windows\system32\rlvorbisdec.ax"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediadx.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediadx.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediadx.ax"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediadx.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "c:\program files\k-lite codec pack\filters\vp7dec.ax"
+ "TAK SourceFilter" "" "" "c:\windows\system32\takdsdecoder.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "LBTWlgn" "Logitech Bluetooth Service" "Logitech, Inc." "c:\program files\common files\logishrd\bluetooth\lbtwlgn.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"

Edited by molitar, 04 November 2012 - 09:42 PM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 PM

Posted 04 November 2012 - 09:43 PM

Any current issues?

press Windows+R key and type

services.msc and click ok

Right click on windows firewall-start the service

#12 molitar

molitar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 04 November 2012 - 09:52 PM

No other issue.. I just had that browser hijack. Not running Windows firewall as I have KIS 2013 installed with it's own firewall so no use in running double firewalls. I did some searches on Google and appears the redirects are now gone.

Thanks

Edited by molitar, 04 November 2012 - 09:52 PM.


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 PM

Posted 04 November 2012 - 09:53 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users