Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI moneypak virus (and redirect virus)


  • Please log in to reply
19 replies to this topic

#1 AliceOrchestral

AliceOrchestral

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:17 PM

Posted 16 November 2012 - 05:22 PM

I'm only able to run my laptop in safe mode (and safe mode with networking) because the FBI moneypak virus doesn't allow me to do anything when I run my laptop normally (however I also have a redirect virus that still affects me either way). I just want these viruses gone.
Any help would be appreciated, thanks!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:17 PM

Posted 16 November 2012 - 05:34 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 AliceOrchestral

AliceOrchestral
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:17 PM

Posted 16 November 2012 - 07:57 PM

17:40:33.0645 2984 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:40:33.0950 2984 ============================================================
17:40:33.0950 2984 Current date / time: 2012/11/16 17:40:33.0950
17:40:33.0950 2984 SystemInfo:
17:40:33.0950 2984
17:40:33.0950 2984 OS Version: 6.1.7601 ServicePack: 1.0
17:40:33.0950 2984 Product type: Workstation
17:40:33.0950 2984 ComputerName: JEAN-PC
17:40:33.0950 2984 UserName: Jean
17:40:33.0950 2984 Windows directory: C:\windows
17:40:33.0950 2984 System windows directory: C:\windows
17:40:33.0950 2984 Running under WOW64
17:40:33.0950 2984 Processor architecture: Intel x64
17:40:33.0950 2984 Number of processors: 4
17:40:33.0950 2984 Page size: 0x1000
17:40:33.0950 2984 Boot type: Safe boot with network
17:40:33.0950 2984 ============================================================
17:40:34.0430 2984 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:40:34.0430 2984 ============================================================
17:40:34.0430 2984 \Device\Harddisk0\DR0:
17:40:34.0430 2984 MBR partitions:
17:40:34.0430 2984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x4892C000
17:40:34.0430 2984 ============================================================
17:40:34.0480 2984 C: <-> \Device\Harddisk0\DR0\Partition1
17:40:34.0480 2984 ============================================================
17:40:34.0480 2984 Initialize success
17:40:34.0480 2984 ============================================================
17:41:29.0606 0592 ============================================================
17:41:29.0606 0592 Scan started
17:41:29.0606 0592 Mode: Manual; TDLFS;
17:41:29.0606 0592 ============================================================
17:41:31.0821 0592 ================ Scan services =============================
17:41:32.0180 0592 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:41:32.0180 0592 1394ohci - ok
17:41:32.0227 0592 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
17:41:32.0242 0592 ACPI - ok
17:41:32.0289 0592 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:41:32.0289 0592 AcpiPmi - ok
17:41:32.0455 0592 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:41:32.0455 0592 AdobeARMservice - ok
17:41:32.0575 0592 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:41:32.0585 0592 AdobeFlashPlayerUpdateSvc - ok
17:41:32.0625 0592 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
17:41:32.0635 0592 adp94xx - ok
17:41:32.0665 0592 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
17:41:32.0675 0592 adpahci - ok
17:41:32.0705 0592 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
17:41:32.0705 0592 adpu320 - ok
17:41:32.0735 0592 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:41:32.0735 0592 AeLookupSvc - ok
17:41:32.0785 0592 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
17:41:32.0795 0592 AFD - ok
17:41:32.0825 0592 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
17:41:32.0825 0592 agp440 - ok
17:41:32.0865 0592 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
17:41:32.0865 0592 ALG - ok
17:41:32.0905 0592 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
17:41:32.0905 0592 aliide - ok
17:41:32.0925 0592 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
17:41:32.0925 0592 amdide - ok
17:41:32.0945 0592 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
17:41:32.0945 0592 AmdK8 - ok
17:41:32.0945 0592 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
17:41:32.0945 0592 AmdPPM - ok
17:41:32.0985 0592 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
17:41:32.0985 0592 amdsata - ok
17:41:33.0025 0592 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
17:41:33.0025 0592 amdsbs - ok
17:41:33.0045 0592 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
17:41:33.0045 0592 amdxata - ok
17:41:33.0105 0592 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:41:33.0105 0592 AntiVirSchedulerService - ok
17:41:33.0125 0592 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:41:33.0125 0592 AntiVirService - ok
17:41:33.0165 0592 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
17:41:33.0165 0592 AppID - ok
17:41:33.0185 0592 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:41:33.0185 0592 AppIDSvc - ok
17:41:33.0205 0592 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
17:41:33.0205 0592 Appinfo - ok
17:41:33.0315 0592 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:41:33.0315 0592 Apple Mobile Device - ok
17:41:33.0335 0592 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
17:41:33.0335 0592 arc - ok
17:41:33.0355 0592 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
17:41:33.0355 0592 arcsas - ok
17:41:33.0455 0592 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:41:33.0455 0592 aspnet_state - ok
17:41:33.0475 0592 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:41:33.0485 0592 AsyncMac - ok
17:41:33.0515 0592 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
17:41:33.0515 0592 atapi - ok
17:41:33.0575 0592 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:41:33.0575 0592 AudioEndpointBuilder - ok
17:41:33.0585 0592 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
17:41:33.0595 0592 AudioSrv - ok
17:41:33.0765 0592 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
17:41:33.0875 0592 AVGIDSAgent - ok
17:41:33.0935 0592 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys
17:41:33.0935 0592 AVGIDSDriver - ok
17:41:33.0955 0592 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfiltera.sys
17:41:33.0955 0592 AVGIDSFilter - ok
17:41:34.0005 0592 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys
17:41:34.0005 0592 AVGIDSHA - ok
17:41:34.0065 0592 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
17:41:34.0065 0592 Avgldx64 - ok
17:41:34.0095 0592 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
17:41:34.0095 0592 Avgmfx64 - ok
17:41:34.0125 0592 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
17:41:34.0125 0592 avgntflt - ok
17:41:34.0175 0592 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
17:41:34.0175 0592 Avgrkx64 - ok
17:41:34.0225 0592 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys
17:41:34.0235 0592 Avgtdia - ok
17:41:34.0275 0592 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:41:34.0275 0592 avgwd - ok
17:41:34.0305 0592 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
17:41:34.0315 0592 avipbb - ok
17:41:34.0315 0592 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
17:41:34.0315 0592 avkmgr - ok
17:41:34.0355 0592 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
17:41:34.0355 0592 AxInstSV - ok
17:41:34.0415 0592 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
17:41:34.0415 0592 b06bdrv - ok
17:41:34.0445 0592 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
17:41:34.0445 0592 b57nd60a - ok
17:41:34.0475 0592 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
17:41:34.0475 0592 BDESVC - ok
17:41:34.0505 0592 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
17:41:34.0505 0592 Beep - ok
17:41:34.0545 0592 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
17:41:34.0555 0592 BFE - ok
17:41:34.0755 0592 [ 1D757A7E020C577C4259A755F21B7152 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
17:41:34.0765 0592 BHDrvx64 - ok
17:41:34.0815 0592 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
17:41:34.0815 0592 blbdrive - ok
17:41:34.0945 0592 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:41:34.0945 0592 Bonjour Service - ok
17:41:34.0995 0592 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:41:34.0995 0592 bowser - ok
17:41:35.0045 0592 [ 3DCB409BCBD02AB0675682F8E42A410F ] bpenum C:\windows\system32\DRIVERS\bpenum.sys
17:41:35.0045 0592 bpenum - ok
17:41:35.0065 0592 [ 6C66EEF6669B14DF4F426990A1CA5112 ] bpmp C:\windows\system32\DRIVERS\bpmp.sys
17:41:35.0065 0592 bpmp - ok
17:41:35.0085 0592 [ 2EE68405BBADE51CBE1C973FF3A1A400 ] bpusb C:\windows\system32\Drivers\bpusb.sys
17:41:35.0095 0592 bpusb - ok
17:41:35.0125 0592 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
17:41:35.0125 0592 BrFiltLo - ok
17:41:35.0135 0592 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
17:41:35.0135 0592 BrFiltUp - ok
17:41:35.0155 0592 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
17:41:35.0155 0592 Browser - ok
17:41:35.0175 0592 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:41:35.0185 0592 Brserid - ok
17:41:35.0195 0592 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:41:35.0195 0592 BrSerWdm - ok
17:41:35.0215 0592 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:41:35.0215 0592 BrUsbMdm - ok
17:41:35.0235 0592 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:41:35.0235 0592 BrUsbSer - ok
17:41:35.0255 0592 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
17:41:35.0255 0592 BTHMODEM - ok
17:41:35.0295 0592 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
17:41:35.0295 0592 bthserv - ok
17:41:35.0315 0592 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:41:35.0315 0592 cdfs - ok
17:41:35.0345 0592 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
17:41:35.0345 0592 cdrom - ok
17:41:35.0395 0592 [ A965B206921C55F2D1481789D609B711 ] CeKbFilter C:\windows\system32\DRIVERS\CeKbFilter.sys
17:41:35.0395 0592 CeKbFilter - ok
17:41:35.0435 0592 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
17:41:35.0435 0592 CertPropSvc - ok
17:41:35.0475 0592 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
17:41:35.0475 0592 circlass - ok
17:41:35.0515 0592 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
17:41:35.0525 0592 CLFS - ok
17:41:35.0605 0592 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:41:35.0605 0592 clr_optimization_v2.0.50727_32 - ok
17:41:35.0635 0592 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:41:35.0635 0592 clr_optimization_v2.0.50727_64 - ok
17:41:35.0735 0592 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:41:35.0755 0592 clr_optimization_v4.0.30319_32 - ok
17:41:35.0795 0592 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:41:35.0795 0592 clr_optimization_v4.0.30319_64 - ok
17:41:35.0815 0592 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
17:41:35.0815 0592 CmBatt - ok
17:41:35.0825 0592 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
17:41:35.0825 0592 cmdide - ok
17:41:35.0865 0592 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
17:41:35.0875 0592 CNG - ok
17:41:35.0915 0592 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
17:41:35.0915 0592 Compbatt - ok
17:41:35.0935 0592 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
17:41:35.0935 0592 CompositeBus - ok
17:41:35.0945 0592 COMSysApp - ok
17:41:35.0975 0592 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
17:41:35.0975 0592 crcdisk - ok
17:41:36.0035 0592 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
17:41:36.0035 0592 CryptSvc - ok
17:41:36.0075 0592 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
17:41:36.0085 0592 DcomLaunch - ok
17:41:36.0125 0592 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
17:41:36.0125 0592 defragsvc - ok
17:41:36.0145 0592 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:41:36.0145 0592 DfsC - ok
17:41:36.0175 0592 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
17:41:36.0185 0592 Dhcp - ok
17:41:36.0205 0592 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
17:41:36.0215 0592 discache - ok
17:41:36.0245 0592 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
17:41:36.0245 0592 Disk - ok
17:41:36.0275 0592 dlcq_device - ok
17:41:36.0345 0592 [ EC9D64CC2DD8A4C6D11550F364890DB1 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
17:41:36.0345 0592 DMAgent - ok
17:41:36.0375 0592 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
17:41:36.0375 0592 Dnscache - ok
17:41:36.0405 0592 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
17:41:36.0415 0592 dot3svc - ok
17:41:36.0435 0592 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
17:41:36.0435 0592 DPS - ok
17:41:36.0475 0592 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:41:36.0475 0592 drmkaud - ok
17:41:36.0515 0592 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:41:36.0525 0592 DXGKrnl - ok
17:41:36.0595 0592 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
17:41:36.0785 0592 EapHost - ok
17:41:37.0185 0592 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
17:41:37.0245 0592 ebdrv - ok
17:41:37.0305 0592 [ 5CCF1BE80930AEB1CDEBF561666325E8 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:41:37.0315 0592 eeCtrl - ok
17:41:37.0355 0592 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
17:41:37.0355 0592 EFS - ok
17:41:37.0405 0592 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:41:37.0415 0592 ehRecvr - ok
17:41:37.0455 0592 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
17:41:37.0455 0592 ehSched - ok
17:41:37.0495 0592 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
17:41:37.0495 0592 elxstor - ok
17:41:37.0555 0592 [ 7A898E4A744621711BE7E7B796C69876 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:41:37.0555 0592 EraserUtilRebootDrv - ok
17:41:37.0565 0592 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
17:41:37.0575 0592 ErrDev - ok
17:41:37.0625 0592 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
17:41:37.0625 0592 EventSystem - ok
17:41:37.0715 0592 [ 7EE9F35BC1DD0CE1A4976032F9AC5162 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:41:37.0735 0592 EvtEng - ok
17:41:37.0755 0592 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
17:41:37.0765 0592 exfat - ok
17:41:37.0775 0592 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
17:41:37.0785 0592 fastfat - ok
17:41:37.0835 0592 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
17:41:37.0835 0592 Fax - ok
17:41:37.0875 0592 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
17:41:37.0875 0592 fdc - ok
17:41:37.0915 0592 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
17:41:37.0925 0592 fdPHost - ok
17:41:37.0935 0592 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
17:41:37.0935 0592 FDResPub - ok
17:41:37.0945 0592 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:41:37.0945 0592 FileInfo - ok
17:41:37.0965 0592 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:41:37.0965 0592 Filetrace - ok
17:41:38.0005 0592 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
17:41:38.0015 0592 flpydisk - ok
17:41:38.0035 0592 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:41:38.0045 0592 FltMgr - ok
17:41:38.0085 0592 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
17:41:38.0105 0592 FontCache - ok
17:41:38.0145 0592 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:41:38.0155 0592 FontCache3.0.0.0 - ok
17:41:38.0175 0592 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:41:38.0175 0592 FsDepends - ok
17:41:38.0205 0592 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:41:38.0205 0592 Fs_Rec - ok
17:41:38.0235 0592 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:41:38.0235 0592 fvevol - ok
17:41:38.0265 0592 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
17:41:38.0265 0592 gagp30kx - ok
17:41:38.0305 0592 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:41:38.0305 0592 GEARAspiWDM - ok
17:41:38.0355 0592 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
17:41:38.0355 0592 gpsvc - ok
17:41:38.0415 0592 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:41:38.0425 0592 gupdate - ok
17:41:38.0465 0592 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:41:38.0465 0592 gupdatem - ok
17:41:38.0825 0592 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:41:38.0835 0592 gusvc - ok
17:41:38.0865 0592 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:41:38.0865 0592 hcw85cir - ok
17:41:38.0895 0592 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:41:38.0905 0592 HdAudAddService - ok
17:41:38.0925 0592 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
17:41:38.0925 0592 HDAudBus - ok
17:41:38.0955 0592 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
17:41:38.0955 0592 HidBatt - ok
17:41:38.0965 0592 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
17:41:38.0965 0592 HidBth - ok
17:41:38.0975 0592 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
17:41:38.0975 0592 HidIr - ok
17:41:38.0995 0592 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
17:41:38.0995 0592 hidserv - ok
17:41:39.0045 0592 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
17:41:39.0045 0592 HidUsb - ok
17:41:39.0065 0592 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
17:41:39.0065 0592 hkmsvc - ok
17:41:39.0095 0592 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:41:39.0095 0592 HomeGroupListener - ok
17:41:39.0125 0592 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:41:39.0125 0592 HomeGroupProvider - ok
17:41:39.0145 0592 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:41:39.0145 0592 HpSAMD - ok
17:41:39.0175 0592 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:41:39.0185 0592 HTTP - ok
17:41:39.0205 0592 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:41:39.0205 0592 hwpolicy - ok
17:41:39.0255 0592 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
17:41:39.0255 0592 i8042prt - ok
17:41:39.0305 0592 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
17:41:39.0305 0592 iaStor - ok
17:41:39.0345 0592 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:41:39.0345 0592 iaStorV - ok
17:41:39.0395 0592 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:41:39.0405 0592 idsvc - ok
17:41:39.0475 0592 [ 0B97F1A640AD3D159A7B5D2164C42E50 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120113.002\IDSvia64.sys
17:41:39.0485 0592 IDSVia64 - ok
17:41:39.0715 0592 [ 370C2A8629B30F910F740387795DDC6F ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
17:41:39.0935 0592 igfx - ok
17:41:39.0965 0592 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
17:41:39.0965 0592 iirsp - ok
17:41:40.0005 0592 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
17:41:40.0015 0592 IKEEXT - ok
17:41:40.0105 0592 [ AC9AAFD18E4D52084C4AA8A38795B7E4 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
17:41:40.0135 0592 IntcAzAudAddService - ok
17:41:40.0185 0592 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
17:41:40.0185 0592 IntcDAud - ok
17:41:40.0195 0592 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
17:41:40.0195 0592 intelide - ok
17:41:40.0245 0592 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:41:40.0245 0592 intelppm - ok
17:41:40.0275 0592 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:41:40.0275 0592 IPBusEnum - ok
17:41:40.0285 0592 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:41:40.0285 0592 IpFilterDriver - ok
17:41:40.0305 0592 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:41:40.0305 0592 IPMIDRV - ok
17:41:40.0315 0592 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:41:40.0315 0592 IPNAT - ok
17:41:40.0375 0592 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:41:40.0391 0592 iPod Service - ok
17:41:40.0422 0592 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
17:41:40.0422 0592 IRENUM - ok
17:41:40.0437 0592 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
17:41:40.0437 0592 isapnp - ok
17:41:40.0469 0592 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:41:40.0469 0592 iScsiPrt - ok
17:41:40.0500 0592 [ 0B44199365A69696109AB9A5855E0841 ] JMCR C:\windows\system32\DRIVERS\jmcr.sys
17:41:40.0547 0592 JMCR - ok
17:41:40.0874 0592 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
17:41:40.0874 0592 kbdclass - ok
17:41:40.0890 0592 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
17:41:40.0890 0592 kbdhid - ok
17:41:40.0905 0592 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
17:41:40.0905 0592 KeyIso - ok
17:41:40.0952 0592 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:41:40.0952 0592 KSecDD - ok
17:41:40.0968 0592 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:41:40.0968 0592 KSecPkg - ok
17:41:40.0999 0592 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
17:41:40.0999 0592 ksthunk - ok
17:41:41.0030 0592 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
17:41:41.0030 0592 KtmRm - ok
17:41:41.0077 0592 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
17:41:41.0077 0592 LanmanServer - ok
17:41:41.0093 0592 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:41:41.0108 0592 LanmanWorkstation - ok
17:41:41.0124 0592 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:41:41.0124 0592 lltdio - ok
17:41:41.0155 0592 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
17:41:41.0171 0592 lltdsvc - ok
17:41:41.0186 0592 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
17:41:41.0186 0592 lmhosts - ok
17:41:41.0233 0592 [ 50C7CE53EF461870410355F1F2E7D515 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:41:41.0233 0592 LMS - ok
17:41:41.0264 0592 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys
17:41:41.0280 0592 LPCFilter - ok
17:41:41.0311 0592 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
17:41:41.0311 0592 LSI_FC - ok
17:41:41.0327 0592 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
17:41:41.0327 0592 LSI_SAS - ok
17:41:41.0342 0592 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
17:41:41.0342 0592 LSI_SAS2 - ok
17:41:41.0358 0592 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
17:41:41.0358 0592 LSI_SCSI - ok
17:41:41.0389 0592 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
17:41:41.0389 0592 luafv - ok
17:41:41.0467 0592 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
17:41:41.0467 0592 MBAMProtector - ok
17:41:41.0545 0592 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:41:41.0545 0592 MBAMScheduler - ok
17:41:41.0616 0592 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:41:41.0616 0592 MBAMService - ok
17:41:41.0646 0592 MCSTRM - ok
17:41:41.0666 0592 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:41:41.0676 0592 Mcx2Svc - ok
17:41:41.0686 0592 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
17:41:41.0686 0592 megasas - ok
17:41:41.0706 0592 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
17:41:41.0716 0592 MegaSR - ok
17:41:41.0746 0592 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
17:41:41.0746 0592 MEIx64 - ok
17:41:41.0766 0592 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
17:41:41.0766 0592 MMCSS - ok
17:41:41.0786 0592 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
17:41:41.0786 0592 Modem - ok
17:41:41.0816 0592 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:41:41.0816 0592 monitor - ok
17:41:41.0846 0592 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:41:41.0846 0592 mouclass - ok
17:41:41.0866 0592 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
17:41:41.0876 0592 mouhid - ok
17:41:41.0886 0592 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:41:41.0886 0592 mountmgr - ok
17:41:41.0976 0592 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:41:41.0976 0592 MozillaMaintenance - ok
17:41:42.0126 0592 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
17:41:42.0126 0592 MpFilter - ok
17:41:42.0196 0592 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
17:41:42.0196 0592 mpio - ok
17:41:42.0216 0592 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:41:42.0216 0592 mpsdrv - ok
17:41:42.0246 0592 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
17:41:42.0256 0592 MpsSvc - ok
17:41:42.0286 0592 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:41:42.0296 0592 MRxDAV - ok
17:41:42.0316 0592 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:41:42.0316 0592 mrxsmb - ok
17:41:42.0336 0592 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:41:42.0336 0592 mrxsmb10 - ok
17:41:42.0346 0592 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:41:42.0356 0592 mrxsmb20 - ok
17:41:42.0376 0592 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
17:41:42.0376 0592 msahci - ok
17:41:42.0406 0592 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:41:42.0406 0592 msdsm - ok
17:41:42.0426 0592 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
17:41:42.0426 0592 MSDTC - ok
17:41:42.0446 0592 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
17:41:42.0446 0592 Msfs - ok
17:41:42.0476 0592 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:41:42.0476 0592 mshidkmdf - ok
17:41:42.0486 0592 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:41:42.0486 0592 msisadrv - ok
17:41:42.0806 0592 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:41:42.0806 0592 MSiSCSI - ok
17:41:42.0806 0592 msiserver - ok
17:41:42.0836 0592 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:41:42.0836 0592 MSKSSRV - ok
17:41:42.0866 0592 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:41:42.0866 0592 MSPCLOCK - ok
17:41:42.0886 0592 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:41:42.0886 0592 MSPQM - ok
17:41:42.0906 0592 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:41:42.0916 0592 MsRPC - ok
17:41:42.0926 0592 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
17:41:42.0926 0592 mssmbios - ok
17:41:42.0966 0592 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:41:42.0966 0592 MSTEE - ok
17:41:42.0976 0592 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
17:41:42.0976 0592 MTConfig - ok
17:41:42.0996 0592 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
17:41:42.0996 0592 Mup - ok
17:41:43.0036 0592 [ 0CF5580F27918FFD2E165ECAFA734103 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
17:41:43.0036 0592 MyWiFiDHCPDNS - ok
17:41:43.0066 0592 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
17:41:43.0066 0592 napagent - ok
17:41:43.0106 0592 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:41:43.0106 0592 NativeWifiP - ok
17:41:43.0196 0592 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120116.002\ENG64.SYS
17:41:43.0206 0592 NAVENG - ok
17:41:43.0286 0592 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120116.002\EX64.SYS
17:41:43.0306 0592 NAVEX15 - ok
17:41:43.0346 0592 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
17:41:43.0356 0592 NDIS - ok
17:41:43.0376 0592 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:41:43.0376 0592 NdisCap - ok
17:41:43.0406 0592 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:41:43.0406 0592 NdisTapi - ok
17:41:43.0436 0592 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:41:43.0436 0592 Ndisuio - ok
17:41:43.0446 0592 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:41:43.0446 0592 NdisWan - ok
17:41:43.0456 0592 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:41:43.0456 0592 NDProxy - ok
17:41:43.0486 0592 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:41:43.0486 0592 NetBIOS - ok
17:41:43.0506 0592 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:41:43.0506 0592 NetBT - ok
17:41:43.0516 0592 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
17:41:43.0516 0592 Netlogon - ok
17:41:43.0546 0592 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
17:41:43.0556 0592 Netman - ok
17:41:43.0586 0592 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:41:43.0586 0592 NetMsmqActivator - ok
17:41:43.0596 0592 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:41:43.0596 0592 NetPipeActivator - ok
17:41:43.0626 0592 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
17:41:43.0626 0592 netprofm - ok
17:41:43.0656 0592 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:41:43.0656 0592 NetTcpActivator - ok
17:41:43.0656 0592 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:41:43.0656 0592 NetTcpPortSharing - ok
17:41:43.0826 0592 [ B9C587BDAA61A689883439D5AE6FE7F3 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
17:41:43.0976 0592 NETwNs64 - ok
17:41:44.0006 0592 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
17:41:44.0006 0592 nfrd960 - ok
17:41:44.0046 0592 ngbaioch - ok
17:41:44.0136 0592 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
17:41:44.0136 0592 NIS - ok
17:41:44.0176 0592 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
17:41:44.0176 0592 NisDrv - ok
17:41:44.0256 0592 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:41:44.0256 0592 NisSrv - ok
17:41:44.0286 0592 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
17:41:44.0286 0592 NlaSvc - ok
17:41:44.0306 0592 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
17:41:44.0306 0592 Npfs - ok
17:41:44.0326 0592 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
17:41:44.0336 0592 nsi - ok
17:41:44.0346 0592 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:41:44.0346 0592 nsiproxy - ok
17:41:44.0406 0592 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:41:44.0426 0592 Ntfs - ok
17:41:44.0456 0592 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
17:41:44.0456 0592 Null - ok
17:41:44.0496 0592 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
17:41:44.0496 0592 nusb3hub - ok
17:41:44.0756 0592 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
17:41:44.0756 0592 nusb3xhc - ok
17:41:44.0796 0592 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
17:41:44.0796 0592 nvraid - ok
17:41:44.0816 0592 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
17:41:44.0826 0592 nvstor - ok
17:41:44.0836 0592 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:41:44.0836 0592 nv_agp - ok
17:41:44.0936 0592 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:41:44.0946 0592 odserv - ok
17:41:44.0956 0592 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:41:44.0956 0592 ohci1394 - ok
17:41:44.0996 0592 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:41:44.0996 0592 ose - ok
17:41:45.0026 0592 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:41:45.0026 0592 p2pimsvc - ok
17:41:45.0046 0592 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
17:41:45.0056 0592 p2psvc - ok
17:41:45.0076 0592 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
17:41:45.0076 0592 Parport - ok
17:41:45.0106 0592 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
17:41:45.0106 0592 partmgr - ok
17:41:45.0136 0592 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
17:41:45.0136 0592 PcaSvc - ok
17:41:45.0166 0592 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
17:41:45.0166 0592 pci - ok
17:41:45.0176 0592 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
17:41:45.0176 0592 pciide - ok
17:41:45.0196 0592 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
17:41:45.0196 0592 pcmcia - ok
17:41:45.0216 0592 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
17:41:45.0216 0592 pcw - ok
17:41:45.0246 0592 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:41:45.0246 0592 PEAUTH - ok
17:41:45.0316 0592 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
17:41:45.0316 0592 PerfHost - ok
17:41:45.0372 0592 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
17:41:45.0372 0592 PGEffect - ok
17:41:45.0419 0592 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
17:41:45.0434 0592 pla - ok
17:41:45.0481 0592 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:41:45.0481 0592 PlugPlay - ok
17:41:45.0497 0592 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:41:45.0512 0592 PNRPAutoReg - ok
17:41:45.0528 0592 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:41:45.0528 0592 PNRPsvc - ok
17:41:45.0559 0592 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:41:45.0559 0592 PolicyAgent - ok
17:41:45.0590 0592 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
17:41:45.0590 0592 Power - ok
17:41:45.0637 0592 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:41:45.0637 0592 PptpMiniport - ok
17:41:45.0653 0592 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
17:41:45.0653 0592 Processor - ok
17:41:45.0699 0592 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
17:41:45.0699 0592 ProfSvc - ok
17:41:45.0699 0592 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
17:41:45.0699 0592 ProtectedStorage - ok
17:41:45.0731 0592 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:41:45.0731 0592 Psched - ok
17:41:45.0777 0592 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
17:41:45.0793 0592 ql2300 - ok
17:41:45.0824 0592 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
17:41:45.0824 0592 ql40xx - ok
17:41:45.0855 0592 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
17:41:45.0855 0592 QWAVE - ok
17:41:45.0871 0592 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:41:45.0871 0592 QWAVEdrv - ok
17:41:45.0887 0592 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:41:45.0887 0592 RasAcd - ok
17:41:45.0918 0592 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:41:45.0918 0592 RasAgileVpn - ok
17:41:45.0949 0592 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
17:41:45.0949 0592 RasAuto - ok
17:41:45.0980 0592 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:41:45.0980 0592 Rasl2tp - ok
17:41:45.0996 0592 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
17:41:46.0011 0592 RasMan - ok
17:41:46.0011 0592 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:41:46.0011 0592 RasPppoe - ok
17:41:46.0043 0592 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:41:46.0043 0592 RasSstp - ok
17:41:46.0074 0592 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:41:46.0089 0592 rdbss - ok
17:41:46.0089 0592 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
17:41:46.0089 0592 rdpbus - ok
17:41:46.0105 0592 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:41:46.0121 0592 RDPCDD - ok
17:41:46.0152 0592 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:41:46.0152 0592 RDPENCDD - ok
17:41:46.0152 0592 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:41:46.0152 0592 RDPREFMP - ok
17:41:46.0183 0592 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:41:46.0183 0592 RDPWD - ok
17:41:46.0214 0592 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:41:46.0214 0592 rdyboost - ok
17:41:46.0292 0592 [ AA9FD849C028CCB441A78061B57DB734 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:41:46.0292 0592 RegSrvc - ok
17:41:46.0323 0592 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
17:41:46.0323 0592 RemoteAccess - ok
17:41:46.0355 0592 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:41:46.0355 0592 RemoteRegistry - ok
17:41:46.0370 0592 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:41:46.0386 0592 RpcEptMapper - ok
17:41:46.0401 0592 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
17:41:46.0401 0592 RpcLocator - ok
17:41:46.0433 0592 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
17:41:46.0433 0592 RpcSs - ok
17:41:46.0464 0592 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:41:46.0464 0592 rspndr - ok
17:41:46.0573 0592 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
17:41:46.0573 0592 RTL8167 - ok
17:41:46.0760 0592 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
17:41:46.0760 0592 SamSs - ok
17:41:46.0854 0592 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:41:46.0869 0592 sbp2port - ok
17:41:47.0025 0592 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
17:41:47.0025 0592 SCardSvr - ok
17:41:47.0181 0592 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:41:47.0181 0592 scfilter - ok
17:41:47.0275 0592 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
17:41:47.0291 0592 Schedule - ok
17:41:47.0462 0592 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
17:41:47.0462 0592 SCPolicySvc - ok
17:41:47.0525 0592 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\DRIVERS\sdbus.sys
17:41:47.0525 0592 sdbus - ok
17:41:47.0790 0592 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:41:47.0790 0592 SDRSVC - ok
17:41:47.0993 0592 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:41:47.0993 0592 secdrv - ok
17:41:48.0024 0592 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
17:41:48.0024 0592 seclogon - ok
17:41:48.0039 0592 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
17:41:48.0055 0592 SENS - ok
17:41:48.0117 0592 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
17:41:48.0117 0592 SensrSvc - ok
17:41:48.0164 0592 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
17:41:48.0164 0592 Serenum - ok
17:41:48.0195 0592 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
17:41:48.0195 0592 Serial - ok
17:41:48.0242 0592 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
17:41:48.0242 0592 sermouse - ok
17:41:48.0305 0592 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
17:41:48.0305 0592 SessionEnv - ok
17:41:48.0351 0592 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:41:48.0351 0592 sffdisk - ok
17:41:48.0398 0592 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:41:48.0398 0592 sffp_mmc - ok
17:41:48.0461 0592 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:41:48.0461 0592 sffp_sd - ok
17:41:48.0507 0592 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
17:41:48.0507 0592 sfloppy - ok
17:41:48.0695 0592 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:41:48.0695 0592 ShellHWDetection - ok
17:41:48.0897 0592 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
17:41:48.0897 0592 SiSRaid2 - ok
17:41:49.0022 0592 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
17:41:49.0022 0592 SiSRaid4 - ok
17:41:49.0381 0592 [ 8C5477EB1C03CA76CD8EB66A610A9E90 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:41:49.0381 0592 SkypeUpdate - ok
17:41:49.0662 0592 [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\windows\system32\Drivers\SmartDefragDriver.sys
17:41:49.0662 0592 SmartDefragDriver - ok
17:41:49.0818 0592 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
17:41:49.0818 0592 Smb - ok
17:41:49.0958 0592 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:41:49.0958 0592 SNMPTRAP - ok
17:41:50.0005 0592 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
17:41:50.0005 0592 spldr - ok
17:41:50.0052 0592 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
17:41:50.0067 0592 Spooler - ok
17:41:50.0145 0592 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
17:41:50.0208 0592 sppsvc - ok
17:41:50.0239 0592 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
17:41:50.0239 0592 sppuinotify - ok
17:41:50.0348 0592 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
17:41:50.0364 0592 SRTSP - ok
17:41:50.0411 0592 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
17:41:50.0411 0592 SRTSPX - ok
17:41:50.0489 0592 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
17:41:50.0504 0592 srv - ok
17:41:50.0769 0592 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:41:50.0769 0592 srv2 - ok
17:41:50.0832 0592 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:41:50.0832 0592 srvnet - ok
17:41:51.0035 0592 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:41:51.0035 0592 SSDPSRV - ok
17:41:51.0159 0592 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
17:41:51.0175 0592 SstpSvc - ok
17:41:51.0362 0592 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
17:41:51.0362 0592 stexstor - ok
17:41:51.0674 0592 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
17:41:51.0690 0592 stisvc - ok
17:41:51.0705 0592 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
17:41:51.0705 0592 swenum - ok
17:41:51.0752 0592 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
17:41:51.0752 0592 swprv - ok
17:41:51.0799 0592 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
17:41:51.0799 0592 SymDS - ok
17:41:51.0877 0592 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
17:41:51.0877 0592 SymEFA - ok
17:41:52.0002 0592 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
17:41:52.0002 0592 SymEvent - ok
17:41:52.0033 0592 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
17:41:52.0033 0592 SymIRON - ok
17:41:52.0064 0592 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
17:41:52.0064 0592 SymNetS - ok
17:41:52.0127 0592 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
17:41:52.0142 0592 SynTP - ok
17:41:52.0189 0592 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
17:41:52.0205 0592 SysMain - ok
17:41:52.0220 0592 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
17:41:52.0236 0592 TabletInputService - ok
17:41:52.0251 0592 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
17:41:52.0251 0592 TapiSrv - ok
17:41:52.0267 0592 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
17:41:52.0267 0592 TBS - ok
17:41:52.0329 0592 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:41:52.0345 0592 Tcpip - ok
17:41:52.0407 0592 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:41:52.0423 0592 TCPIP6 - ok
17:41:52.0439 0592 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:41:52.0439 0592 tcpipreg - ok
17:41:52.0470 0592 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
17:41:52.0470 0592 tdcmdpst - ok
17:41:52.0501 0592 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:41:52.0501 0592 TDPIPE - ok
17:41:52.0688 0592 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:41:52.0688 0592 TDTCP - ok
17:41:52.0813 0592 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:41:52.0813 0592 tdx - ok
17:41:52.0860 0592 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
17:41:52.0875 0592 TermDD - ok
17:41:53.0281 0592 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
17:41:53.0297 0592 TermService - ok
17:41:53.0312 0592 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
17:41:53.0312 0592 Themes - ok
17:41:53.0562 0592 [ C013F6ACAA9761F571BD28DADA7C157D ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
17:41:53.0562 0592 Thpdrv - ok
17:41:53.0640 0592 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
17:41:53.0640 0592 Thpevm - ok
17:41:53.0671 0592 [ 9B032A63A0553A2D872815C64A0288BE ] Thpsrv C:\windows\system32\ThpSrv.exe
17:41:53.0687 0592 Thpsrv - ok
17:41:53.0749 0592 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
17:41:53.0749 0592 THREADORDER - ok
17:41:53.0874 0592 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
17:41:53.0874 0592 TMachInfo - ok
17:41:53.0967 0592 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
17:41:53.0967 0592 TODDSrv - ok
17:41:54.0045 0592 [ CDC97FA5C42B07FB0D4600E17C32F582 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
17:41:54.0045 0592 TosCoSrv - ok
17:41:54.0108 0592 [ D33D5588576B04FC489DCCC66E98F546 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
17:41:54.0108 0592 TOSHIBA eco Utility Service - ok
17:41:54.0155 0592 [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
17:41:54.0170 0592 TOSHIBA HDD SSD Alert Service - ok
17:41:54.0201 0592 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
17:41:54.0217 0592 tos_sps64 - ok
17:41:54.0248 0592 [ D65C6B0C070534336B72005391B6168A ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
17:41:54.0264 0592 TPCHSrv - ok
17:41:54.0295 0592 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
17:41:54.0295 0592 TrkWks - ok
17:41:54.0342 0592 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:41:54.0342 0592 TrustedInstaller - ok
17:41:54.0357 0592 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:41:54.0373 0592 tssecsrv - ok
17:41:54.0404 0592 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:41:54.0404 0592 TsUsbFlt - ok
17:41:54.0420 0592 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
17:41:54.0420 0592 TsUsbGD - ok
17:41:54.0435 0592 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:41:54.0451 0592 tunnel - ok
17:41:54.0482 0592 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
17:41:54.0482 0592 TVALZ - ok
17:41:54.0529 0592 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
17:41:54.0529 0592 TVALZFL - ok
17:41:54.0591 0592 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
17:41:54.0607 0592 uagp35 - ok
17:41:54.0794 0592 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:41:54.0810 0592 udfs - ok
17:41:54.0950 0592 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
17:41:54.0950 0592 UI0Detect - ok
17:41:55.0028 0592 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:41:55.0028 0592 uliagpkx - ok
17:41:55.0153 0592 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
17:41:55.0153 0592 umbus - ok
17:41:55.0247 0592 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
17:41:55.0247 0592 UmPass - ok
17:41:55.0512 0592 [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:41:55.0621 0592 UNS - ok
17:41:55.0652 0592 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
17:41:55.0652 0592 upnphost - ok
17:41:55.0730 0592 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
17:41:55.0730 0592 USBAAPL64 - ok
17:41:55.0855 0592 [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus C:\windows\system32\DRIVERS\lgx64bus.sys
17:41:55.0855 0592 usbbus - ok
17:41:55.0886 0592 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:41:55.0886 0592 usbccgp - ok
17:41:55.0902 0592 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
17:41:55.0902 0592 usbcir - ok
17:41:55.0933 0592 [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag C:\windows\system32\DRIVERS\lgx64diag.sys
17:41:55.0933 0592 UsbDiag - ok
17:41:55.0964 0592 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
17:41:55.0964 0592 usbehci - ok
17:41:55.0996 0592 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:41:55.0996 0592 usbhub - ok
17:41:56.0027 0592 [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem C:\windows\system32\DRIVERS\lgx64modem.sys
17:41:56.0042 0592 USBModem - ok
17:41:56.0058 0592 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
17:41:56.0058 0592 usbohci - ok
17:41:56.0089 0592 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
17:41:56.0089 0592 usbprint - ok
17:41:56.0136 0592 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
17:41:56.0136 0592 usbscan - ok
17:41:56.0152 0592 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:41:56.0167 0592 USBSTOR - ok
17:41:56.0167 0592 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
17:41:56.0183 0592 usbuhci - ok
17:41:56.0214 0592 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
17:41:56.0214 0592 usbvideo - ok
17:41:56.0245 0592 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
17:41:56.0245 0592 UxSms - ok
17:41:56.0245 0592 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
17:41:56.0245 0592 VaultSvc - ok
17:41:56.0276 0592 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:41:56.0276 0592 vdrvroot - ok
17:41:56.0292 0592 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
17:41:56.0308 0592 vds - ok
17:41:56.0339 0592 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:41:56.0339 0592 vga - ok
17:41:56.0354 0592 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
17:41:56.0354 0592 VgaSave - ok
17:41:56.0370 0592 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:41:56.0370 0592 vhdmp - ok
17:41:56.0386 0592 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
17:41:56.0386 0592 viaide - ok
17:41:56.0417 0592 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:41:56.0417 0592 volmgr - ok
17:41:56.0432 0592 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:41:56.0432 0592 volmgrx - ok
17:41:56.0448 0592 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
17:41:56.0448 0592 volsnap - ok
17:41:56.0464 0592 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
17:41:56.0479 0592 vsmraid - ok
17:41:56.0776 0592 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
17:41:56.0791 0592 VSS - ok
17:41:56.0854 0592 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:41:56.0854 0592 vwifibus - ok
17:41:56.0978 0592 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:41:56.0978 0592 vwififlt - ok
17:41:57.0134 0592 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
17:41:57.0150 0592 vwifimp - ok
17:41:57.0290 0592 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
17:41:57.0306 0592 W32Time - ok
17:41:57.0322 0592 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
17:41:57.0337 0592 WacomPen - ok
17:41:57.0415 0592 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:41:57.0415 0592 WANARP - ok
17:41:57.0431 0592 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:41:57.0431 0592 Wanarpv6 - ok
17:41:57.0509 0592 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
17:41:57.0524 0592 WatAdminSvc - ok
17:41:57.0602 0592 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
17:41:57.0618 0592 wbengine - ok
17:41:57.0649 0592 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:41:57.0665 0592 WbioSrvc - ok
17:41:57.0680 0592 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
17:41:57.0696 0592 wcncsvc - ok
17:41:57.0753 0592 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:41:57.0763 0592 WcsPlugInService - ok
17:41:57.0813 0592 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
17:41:57.0813 0592 Wd - ok
17:41:57.0833 0592 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:41:57.0833 0592 Wdf01000 - ok
17:41:57.0853 0592 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
17:41:57.0853 0592 WdiServiceHost - ok
17:41:57.0853 0592 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
17:41:57.0853 0592 WdiSystemHost - ok
17:41:57.0883 0592 [ 5E1640435DD54D00451156CA5340B109 ] wdkmd C:\windows\system32\DRIVERS\WDKMD.sys
17:41:57.0883 0592 wdkmd - ok
17:41:57.0913 0592 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
17:41:57.0923 0592 WebClient - ok
17:41:57.0933 0592 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
17:41:57.0933 0592 Wecsvc - ok
17:41:57.0943 0592 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
17:41:57.0953 0592 wercplsupport - ok
17:41:57.0983 0592 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
17:41:57.0983 0592 WerSvc - ok
17:41:58.0013 0592 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
17:41:58.0013 0592 WfpLwf - ok
17:41:58.0083 0592 [ 64DE79BF805724F0606FE7B3B2F13784 ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
17:41:58.0093 0592 WiMAXAppSrv - ok
17:41:58.0113 0592 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
17:41:58.0113 0592 WIMMount - ok
17:41:58.0133 0592 WinHttpAutoProxySvc - ok
17:41:58.0203 0592 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
17:41:58.0203 0592 Winmgmt - ok
17:41:58.0253 0592 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
17:41:58.0283 0592 WinRM - ok
17:41:58.0333 0592 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
17:41:58.0333 0592 WinUsb - ok
17:41:58.0373 0592 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
17:41:58.0383 0592 Wlansvc - ok
17:41:58.0433 0592 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:41:58.0433 0592 wlcrasvc - ok
17:41:58.0513 0592 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:41:58.0543 0592 wlidsvc - ok
17:41:58.0633 0592 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
17:41:58.0633 0592 WmiAcpi - ok
17:41:58.0953 0592 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
17:41:58.0953 0592 wmiApSrv - ok
17:41:58.0983 0592 WMPNetworkSvc - ok
17:41:59.0043 0592 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
17:41:59.0043 0592 WPCSvc - ok
17:41:59.0073 0592 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
17:41:59.0083 0592 WPDBusEnum - ok
17:41:59.0193 0592 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
17:41:59.0193 0592 ws2ifsl - ok
17:41:59.0223 0592 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
17:41:59.0223 0592 wscsvc - ok
17:41:59.0233 0592 WSearch - ok
17:41:59.0273 0592 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
17:41:59.0273 0592 WudfPf - ok
17:41:59.0323 0592 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
17:41:59.0323 0592 WUDFRd - ok
17:41:59.0343 0592 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
17:41:59.0343 0592 wudfsvc - ok
17:41:59.0353 0592 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
17:41:59.0353 0592 WwanSvc - ok
17:41:59.0383 0592 ================ Scan global ===============================
17:41:59.0403 0592 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
17:41:59.0423 0592 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
17:41:59.0433 0592 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
17:41:59.0453 0592 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
17:41:59.0483 0592 [ 014A9CB92514E27C0107614DF764BC06 ] C:\windows\system32\services.exe
17:41:59.0493 0592 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
17:41:59.0493 0592 C:\windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
17:41:59.0493 0592 ================ Scan MBR ==================================
17:41:59.0503 0592 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
17:41:59.0823 0592 \Device\Harddisk0\DR0 - ok
17:41:59.0823 0592 ================ Scan VBR ==================================
17:41:59.0853 0592 [ E920AEA737FD2A6994E32745ED31703C ] \Device\Harddisk0\DR0\Partition1
17:41:59.0853 0592 \Device\Harddisk0\DR0\Partition1 - ok
17:41:59.0853 0592 ============================================================
17:41:59.0853 0592 Scan finished
17:41:59.0853 0592 ============================================================
17:41:59.0863 2140 Detected object count: 1
17:41:59.0863 2140 Actual detected object count: 1
17:47:24.0527 2140 C:\windows\system32\services.exe - copied to quarantine
17:47:25.0619 2140 C:\windows\assembly\GAC_32\desktop.ini - copied to quarantine
17:47:25.0635 2140 C:\windows\assembly\GAC_64\desktop.ini - copied to quarantine
17:47:25.0729 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\@ - copied to quarantine
17:47:25.0744 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\00000004.@ - copied to quarantine
17:47:25.0744 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\1afb2d56 - copied to quarantine
17:47:25.0744 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\201d3dde - copied to quarantine
17:47:25.0744 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\55490ac4 - copied to quarantine
17:47:25.0744 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\00000004.@ - copied to quarantine
17:47:25.0744 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\00000008.@ - copied to quarantine
17:47:25.0744 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\000000cb.@ - copied to quarantine
17:47:25.0744 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\80000000.@ - copied to quarantine
17:47:25.0744 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\80000032.@ - copied to quarantine
17:47:25.0744 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\80000064.@ - copied to quarantine
17:47:25.0885 2140 C:\Users\Jean\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\@ - copied to quarantine
17:47:31.0141 2140 Backup copy found, using it..
17:47:31.0181 2140 C:\windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
17:47:31.0181 2140 C:\windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
17:47:31.0201 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\@ - will be deleted on reboot
17:47:31.0211 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\00000004.@ - will be deleted on reboot
17:47:31.0211 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\00000008.@ - will be deleted on reboot
17:47:31.0211 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\000000cb.@ - will be deleted on reboot
17:47:31.0211 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\80000000.@ - will be deleted on reboot
17:47:31.0211 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\80000032.@ - will be deleted on reboot
17:47:31.0211 2140 C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\80000064.@ - will be deleted on reboot
17:47:31.0211 2140 C:\Users\Jean\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\@ - will be deleted on reboot
17:47:31.0211 2140 C:\windows\system32\services.exe - will be cured on reboot
17:47:31.0211 2140 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure
17:47:54.0771 0760 Deinitialize success

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-16 17:51:08
-----------------------------
17:51:08.332 OS Version: Windows x64 6.1.7601 Service Pack 1
17:51:08.332 Number of processors: 4 586 0x2A07
17:51:08.332 ComputerName: JEAN-PC UserName: Jean
17:51:09.720 Initialize success
17:51:22.060 AVAST engine defs: 12111600
17:51:33.620 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:51:33.620 Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3
17:51:33.620 Disk 0 MBR read successfully
17:51:33.635 Disk 0 MBR scan
17:51:33.635 Disk 0 Windows VISTA default MBR code
17:51:33.635 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
17:51:33.651 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 594520 MB offset 3074048
17:51:33.682 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14459 MB offset 1220651008
17:51:33.713 Disk 0 scanning C:\windows\system32\drivers
17:51:43.572 Service scanning
17:52:15.116 Modules scanning
17:52:15.116 Disk 0 trace - called modules:
17:52:15.147 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
17:52:15.163 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b15060]
17:52:15.163 3 CLASSPNP.SYS[fffff8800199143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8006b14060]
17:52:15.163 5 thpdrv.sys[fffff88001de2cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005d58050]
17:52:16.551 AVAST engine scan C:\windows
17:52:20.045 AVAST engine scan C:\windows\system32
17:55:00.460 AVAST engine scan C:\windows\system32\drivers
17:55:12.067 AVAST engine scan C:\Users\Jean
18:14:07.530 AVAST engine scan C:\ProgramData
18:17:03.046 Scan finished successfully
18:18:23.995 Disk 0 MBR has been saved successfully to "C:\Users\Jean\Documents\MBR.dat"
18:18:23.995 The log file has been saved successfully to "C:\Users\Jean\Documents\aswMBR.txt"

#4 AliceOrchestral

AliceOrchestral
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:17 PM

Posted 16 November 2012 - 08:00 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-16 17:51:08
-----------------------------
17:51:08.332 OS Version: Windows x64 6.1.7601 Service Pack 1
17:51:08.332 Number of processors: 4 586 0x2A07
17:51:08.332 ComputerName: JEAN-PC UserName: Jean
17:51:09.720 Initialize success
17:51:22.060 AVAST engine defs: 12111600
17:51:33.620 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:51:33.620 Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3
17:51:33.620 Disk 0 MBR read successfully
17:51:33.635 Disk 0 MBR scan
17:51:33.635 Disk 0 Windows VISTA default MBR code
17:51:33.635 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
17:51:33.651 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 594520 MB offset 3074048
17:51:33.682 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14459 MB offset 1220651008
17:51:33.713 Disk 0 scanning C:\windows\system32\drivers
17:51:43.572 Service scanning
17:52:15.116 Modules scanning
17:52:15.116 Disk 0 trace - called modules:
17:52:15.147 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
17:52:15.163 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b15060]
17:52:15.163 3 CLASSPNP.SYS[fffff8800199143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8006b14060]
17:52:15.163 5 thpdrv.sys[fffff88001de2cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005d58050]
17:52:16.551 AVAST engine scan C:\windows
17:52:20.045 AVAST engine scan C:\windows\system32
17:55:00.460 AVAST engine scan C:\windows\system32\drivers
17:55:12.067 AVAST engine scan C:\Users\Jean
18:14:07.530 AVAST engine scan C:\ProgramData
18:17:03.046 Scan finished successfully
18:18:23.995 Disk 0 MBR has been saved successfully to "C:\Users\Jean\Documents\MBR.dat"
18:18:23.995 The log file has been saved successfully to "C:\Users\Jean\Documents\aswMBR.txt"

C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan deleted - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.AD trojan deleted - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0007.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0008.dta Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0009.dta Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0010.dta Win64/Sirefef.AW trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0011.dta probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0012.dta a variant of Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Default\aaggdegddfgedhgfgfdjdadcdedbgeda\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Default\aaggdegddfgedhgfgfdjdadcdedbgeda\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Jean\Documents\Documents from other computer unorganized\Downloads\Audacity_971.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Users\Jean\Documents\Documents from other computer unorganized\Downloads\BestVideoDownloaderSetup(1).exe multiple threats cleaned by deleting - quarantined
C:\Users\Jean\Documents\Documents from other computer unorganized\Downloads\BestVideoDownloaderSetup.exe multiple threats cleaned by deleting - quarantined
C:\Users\Jean\Downloads\defragsetup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Jean\Downloads\YouTubeDownloaderSetup35.exe probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

#5 AliceOrchestral

AliceOrchestral
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:17 PM

Posted 16 November 2012 - 08:04 PM

C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan deleted - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.AD trojan deleted - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0007.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0008.dta Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0009.dta Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0010.dta Win64/Sirefef.AW trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0011.dta probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.11.2012_17.40.33\zasubsys0000\zafs0000\tsk0012.dta a variant of Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Default\aaggdegddfgedhgfgfdjdadcdedbgeda\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Default\aaggdegddfgedhgfgfdjdadcdedbgeda\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Jean\Documents\Documents from other computer unorganized\Downloads\Audacity_971.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Users\Jean\Documents\Documents from other computer unorganized\Downloads\BestVideoDownloaderSetup(1).exe multiple threats cleaned by deleting - quarantined
C:\Users\Jean\Documents\Documents from other computer unorganized\Downloads\BestVideoDownloaderSetup.exe multiple threats cleaned by deleting - quarantined
C:\Users\Jean\Downloads\defragsetup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Jean\Downloads\YouTubeDownloaderSetup35.exe probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:17 PM

Posted 16 November 2012 - 09:18 PM

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

#7 AliceOrchestral

AliceOrchestral
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:17 PM

Posted 16 November 2012 - 10:33 PM

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "DLCQCATS" "Timer DLL" "" "c:\windows\system32\spool\drivers\x64\3\dlcqtime.dll"
+ "dlcqmon.exe" "Device Monitor" "" "c:\program files (x86)\dell photo aio printer 966\dlcqmon.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "HSON" "HotStartOn" "TOSHIBA Corporation" "c:\program files\toshiba\tbs\hson.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "IntelWireless" "Intel® PROSet/Wireless Framework" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\ifrmewrk.exe"
+ "IntelWirelessWiMAX" "Intel® PROSet/Wireless WiMAX Connection Utility" "Intel® Corporation" "c:\program files\intel\wimax\bin\wimaxcu.exe"
+ "MemoryCardManager" "Memory Card Manager Executable" "" "c:\program files (x86)\dell photo aio printer 966\memcard.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "RtHDVBg" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "TCrdMain" "TOSHIBA Flash Cards Main Module" "TOSHIBA Corporation" "c:\program files\toshiba\flashcards\tcrdmain.exe"
+ "Teco" "TOSHIBA eco Utility" "TOSHIBA Corporation" "c:\program files\toshiba\teco\teco.exe"
+ "ThpSrv" "TOSHIBA HDD Protection Service" "TOSHIBA Corporation" "c:\windows\system32\thpsrv.exe"
+ "TosNC" "Message Center" "TOSHIBA Corporation" "c:\program files\toshiba\bulletinboard\tosnccore.exe"
+ "TosReelTimeMonitor" "Monitor of TOSHIBA ReelTime" "TOSHIBA Corporation" "c:\program files\toshiba\reeltime\tosreeltimemonitor.exe"
+ "TosSENotify" "" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe"
+ "TosVolRegulator" " Toshiba Volume Regulator" "TOSHIBA Corporation" "c:\program files\toshiba\tosvolregulator\tosvolregulator.exe"
+ "TosWaitSrv" "" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\toswaitsrv.exe"
+ "TPwrMain" "TOSHIBA Power Saver" "TOSHIBA Corporation" "c:\program files\toshiba\power saver\tpwrmain.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgtray.exe"
+ "avgnt" "Avira System Tray Tool" "Avira Operations GmbH & Co. KG" "c:\program files (x86)\avira\antivir desktop\avgnt.exe"
+ "FaxCenterServer" "Fax Man Server" "" "c:\program files (x86)\dell pc fax\fm3032.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "KeNotify" "KeNotify MFC Application" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\utilities\kenotify.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "SVPWUTIL" "SVPWUTIL Application" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\utilities\svpwutil.exe"
+ "ToshibaServiceStation" "TOSHIBA Service Station" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\toshibaservicestation.exe"
+ "TSleepSrv" "TOSHIBA Sleep Service" "TOSHIBA" "c:\program files (x86)\toshiba\toshiba sleep utility\tsleepsrv.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "6E61AAE9-007A-417B-BB9A-2FC25B2986A8" "" "" "File not found: start"
"C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "EvernoteClipper.lnk" "Evernote Clipper" "Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041" "c:\program files (x86)\evernote\evernote\evernoteclipper.exe"
+ "Facebook Messenger.lnk" "Facebook Messenger" "Facebook" "c:\users\jean\appdata\local\facebook\messenger\2.1.4651.0\facebookmessenger.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "com.apple.dav.bookmarks.daemon" "BookmarkDAV_client.exe" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\bookmarkdav_client.exe"
+ "Facebook Update" "Facebook Installer" "Facebook Inc." "c:\users\jean\appdata\local\facebook\update\facebookupdate.exe"
+ "iCloudServices" "iCloud" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\icloudservices.exe"
+ "Media Finder" "" "" "File not found: C:\Program Files (x86)\Media Finder\MF.exe"
+ "MobileDocuments" "" "" "File not found: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
+ "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
+ "Xvid" "" "" "c:\program files (x86)\xvid\checkupdate.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgppa.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgsea.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "PhotoStreamsExt" "" "" "c:\program files\common files\apple\internet services\shellstreams64.dll"
+ "Shell Extension for Malware scanning" "Avira Shell Extension Library 64-bit" "Avira Operations GmbH & Co. KG" "c:\program files (x86)\avira\antivir desktop\shlext64.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\18.7.2.3\navshext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgse.dll"
+ "PhotoStreamsExt" "ShellStreams.dll" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\shellstreams.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgsea.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "Shell Extension for Malware scanning" "Avira Shell Extension Library 64-bit" "Avira Operations GmbH & Co. KG" "c:\program files (x86)\avira\antivir desktop\shlext64.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\18.7.2.3\navshext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgse.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgssiea.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg64.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiex.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgssie.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\5.7.7725.1624\swg.dll"
+ "IMVU Inc Toolbar" "Conduit Toolbar" "Conduit Ltd." "c:\program files (x86)\imvu_inc\prxtbimvu.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Symantec Intrusion Prevention" "IPS Browser Helper DLL" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\18.7.2.3\ips\ipsbho.dll"
+ "Symantec NCO BHO" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\18.7.2.3\coieplg.dll"
+ "TOSHIBA Media Controller Plug-in" "TOSHIBA Media Controller Plug-in " "<TOSHIBA>" "c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "IMVU Inc Toolbar" "Conduit Toolbar" "Conduit Ltd." "c:\program files (x86)\imvu_inc\prxtbimvu.dll"
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\18.7.2.3\coieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "Add to Evernote 4" "" "" "File not found: C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiex.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AntiVirSchedulerService" "Service to schedule Avira Free Antivirus jobs and updates." "Avira Operations GmbH & Co. KG" "c:\program files (x86)\avira\antivir desktop\sched.exe"
+ "AntiVirService" "Offers permanent protection against viruses and malware with the Avira search engine." "Avira Operations GmbH & Co. KG" "c:\program files (x86)\avira\antivir desktop\avguard.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgwdsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "dlcq_device" "Printer Communication System" " " "c:\windows\system32\dlcqcoms.exe"
+ "DMAgent" "Red Bend Device Management Service for Intel® PROSet/Wireless WiMAX Software." "Red Bend Ltd." "c:\program files\intel\wimax\bin\dmagent.exe"
+ "EvtEng" "Manages the event trace messages for all the Intel® PROSet/Wireless Software components." "Intel® Corporation" "c:\program files\intel\wifi\bin\evteng.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "MyWiFiDHCPDNS" "Wireless PAN DHCP and DNS Server" "" "c:\program files\intel\wifi\bin\pandhcpdns.exe"
+ "NIS" "Norton Internet Security" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\18.7.2.3\ccsvchst.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "RegSrvc" "Provides registry access to all Intel® PROSet/Wireless Software components" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "Thpsrv" "TOSHIBA HDD Protection Service" "TOSHIBA Corporation" "c:\windows\system32\thpsrv.exe"
+ "TMachInfo" "TOSHIBA Machine Information Service" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe"
+ "TODDSrv" "TDCSrv Application" "TOSHIBA Corporation" "c:\windows\system32\toddsrv.exe"
+ "TosCoSrv" "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped." "TOSHIBA Corporation" "c:\program files\toshiba\power saver\toscosrv.exe"
+ "TOSHIBA eco Utility Service" "TOSHIBA eco Utility Service" "TOSHIBA Corporation" "c:\program files\toshiba\teco\tecoservice.exe"
+ "TOSHIBA HDD SSD Alert Service" "TOSHIBA HDD SSD Alert" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe"
+ "TPCHSrv" "TOSHIBA PC Health Monitor" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\tpchsrv.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WiMAXAppSrv" "WiMAX SDK Service for Intel® PROSet/Wireless WiMAX Software" "Intel® Corporation" "c:\program files\intel\wimax\bin\appsrv.exe"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "aswMBR" "" "" "File not found: C:\Users\Jean\AppData\Local\Temp\aswMBR.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdrivera.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfiltera.sys"
+ "AVGIDSHA" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsha.sys"
+ "Avgldx64" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx64.sys"
+ "Avgmfx64" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx64.sys"
+ "avgntflt" "Avira mini-filter driver" "Avira GmbH" "c:\windows\system32\drivers\avgntflt.sys"
+ "Avgrkx64" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx64.sys"
+ "Avgtdia" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdia.sys"
+ "avipbb" "Avira Security Enhancement Driver" "Avira GmbH" "c:\windows\system32\drivers\avipbb.sys"
+ "avkmgr" "Avira Manager Driver" "Avira GmbH" "c:\windows\system32\drivers\avkmgr.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BHDrvx64" "SONAR Engine Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20111223.001\bhdrvx64.sys"
+ "bpenum" "Intel® WiMax Link 5050 Series Enumerator" "Intel Corporation" "c:\windows\system32\drivers\bpenum.sys"
+ "bpmp" "Intel® WiMax Link 5050 Series Driver" "Intel Corporation" "c:\windows\system32\drivers\bpmp.sys"
+ "bpusb" "Intel® WiMax Link 5050 Series Function Driver" "Intel Corporation" "c:\windows\system32\drivers\bpusb.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "CeKbFilter" "Toshiba Flash Cards Support Driver" "Compal Electronics, INC." "c:\windows\system32\drivers\cekbfilter.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "IDSVia64" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20120113.002\idsvia64.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "JMCR" "JMicron PCIe Flash Media Controller Driver" "JMicron Technology Corporation" "c:\windows\system32\drivers\jmcr.sys"
+ "LPCFilter" "LPCFilter" "COMPAL ELECTRONIC INC." "c:\windows\system32\drivers\lpcfilter.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "MCSTRM" "" "" "File not found: C:\windows\System32\Drivers\MCSTRM.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20120116.002\eng64.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20120116.002\ex64.sys"
+ "NETwNs64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netwns64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "ngbaioch" "" "" "File not found: C:\windows\system32\drivers\ngbaioch.sys"
+ "nusb3hub" "USB 3.0 Hub Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3hub.sys"
+ "nusb3xhc" "USB 3.0 Host Controller Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3xhc.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PGEffect" "TOSHIBA Universal Camera Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\pgeffect.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SmartDefragDriver" "File driver of SmartDefrag" "" "c:\windows\system32\drivers\smartdefragdriver.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1207020.003\srtsp64.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1207020.003\srtspx64.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SymDS" "Symantec Data Store" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1207020.003\symds64.sys"
+ "SymEFA" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1207020.003\symefa64.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys"
+ "SymIRON" "Iron Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1207020.003\ironx64.sys"
+ "SymNetS" "Network Security Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1207020.003\symnets.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "tdcmdpst" "TOSHIBA ODD Writing Driver for x64." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys"
+ "Thpdrv" "TOSHIBA HDD Protection Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\thpdrv.sys"
+ "Thpevm" "TOSHIBA HDD Protection - Shock Sensor Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\thpevm.sys"
+ "tos_sps64" "tos_sps64" "TOSHIBA Corporation" "c:\windows\system32\drivers\tos_sps64.sys"
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys"
+ "TVALZFL" "TOSHIBA TVALZ Filter Driver for x64" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalzfl.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "usbbus" "LG CDMA USB Multi function Driver" "LG Electronics Inc." "c:\windows\system32\drivers\lgx64bus.sys"
+ "UsbDiag" "LGE CDMA USB Serial Port" "LG Electronics Inc." "c:\windows\system32\drivers\lgx64diag.sys"
+ "USBModem" "LGE CDMA Modem Support" "LG Electronics Inc." "c:\windows\system32\drivers\lgx64modem.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "wdkmd" "Intel Wireless Display Solution" "Intel Corporation" "c:\windows\system32\drivers\wdkmd.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecp.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.XVID" "" "" "c:\windows\syswow64\xvidvfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll"
+ "SFVCaptureFilter" "SmartFaceVCapt" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcapt.dll"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "DivX for Blizzard Decoder Filter" "DivX ™ Decoder Filter" "DivXNetworks, Inc." "c:\program files (x86)\warcraft iii\blizzard.ax"
+ "DS Video Buffer Filter" "WiDiAgent.dll COM object." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\dsbuffer_video.ax"
+ "Image Effects" "TimeStam Dynamic Link Library" "TOSHIBA CORPORATION." "c:\program files (x86)\toshiba\toshiba web camera application\pgtimefilter.dll"
+ "Intel® Media SDK AAC Encoder" "Intel® Media SDK AAC Encoder" "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\imc_aac_enc_ds.dll"
+ "Intel® Media SDK MPEG-2 Muxer" "Intel® Media SDK MPEG-2 Muxer" "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\imc_mp2_mux_ds.dll"
+ "Intel® Mux Renderer" "Intel® TS Mux / Network Renderer" "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\intelmux.dll"
+ "Intel® Network Filter" "" "" "c:\program files (x86)\common files\intel corporation\widiagent\intelnet.dll"
+ "Intel®WiDi H264 encoder" "" "" "c:\program files (x86)\common files\intel corporation\widiagent\h264_enc_filter.dll"
+ "MainConcept AAC Encoder" "AAC audio encoder filter" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mc_enc_aac_ds.ax"
+ "MainConcept MPEG Multiplexer-Plus" "MPEG Multiplexer-Plus DS Filter" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mcmpeg2mux.ax"
+ "MainConcept Network Renderer" "Network Renderer" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mc_net_renderer_ds.ax"
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prdmowrapper.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "TOSHIBA AAC Decoder" "TOSHIBA AAC Audio Decoder" "TOSHIBA Corporation" "c:\program files (x86)\common files\toshiba shared\tosrawaacdecoder.ax"
+ "TOSHIBA Audio Back Switcher" "" "" "c:\program files (x86)\toshiba\toshiba video player\tosaudiobackswitcher.ax"
+ "TOSHIBA Audio Decoder DVD" "TOSHIBA Audio Decoder DVD" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba video player\tosauddecl.ax"
+ "TOSHIBA Audio Front Switcher" "" "" "c:\program files (x86)\toshiba\toshiba video player\tosaudiofrontswitcher.ax"
+ "TOSHIBA Audio Rate Converter" "TOSHIBA Audio Rate Converter" "TOSHIBA Corporation" "c:\program files (x86)\common files\toshiba shared\tosarc.ax"
+ "TOSHIBA DualMono" "TOSHIBA DualMono" "TOSHIBA Corporation" "c:\program files (x86)\common files\toshiba shared\tosdualmono.ax"
+ "TOSHIBA DVD Navigator" "TOSHIBA DVD Navigator" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba video player\tdvdnavi.ax"
+ "TOSHIBA DVD VR Navigator" "TOSHIBA DVD Player" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba video player\tvrnavi.ax"
+ "TOSHIBA MP4 Navigator" "" "" "c:\program files (x86)\common files\toshiba shared\mp4navifilter.ax"
+ "TOSHIBA MP4-SD Navigator" "" "" "c:\program files (x86)\common files\toshiba shared\mp4navifilter.ax"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\tprogmon.ax"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\twavconv.ax"
+ "WD Audio Filter" "WiDi Audio Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdaudiofilter.dll"
+ "WDSource Filter" "WiDi Video Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdsourcefilter.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\syswow64\xvid.ax"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "SmartFaceVCP" "SmartFaceVCP" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcp.dll"
+ "tosWirelessLANIndicatorCP" "Credential Provider Dll for TOSHIBA Wireless LAN Indicator" "TOSHIBA CORPORATION" "c:\windows\system32\toswirelesslanindicatorcp.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Dell 966 Port" "Printer Communication System" " " "c:\windows\system32\dlcqlmpm.dll"
+ "Dell Print-2-Fax Port" "" "" "c:\windows\system32\dlprmon.dll"
"C:\Users\Jean\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "CPU Meter" "See the current computer CPU and system memory (RAM)." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\Gadget.xml"
+ "Currency" "Convert from one currency to another." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\Gadget.xml"
+ "MaxxAudio" "Waves MaxxAudio Gadget for Toshiba" "Waves Audio Ltd." "C:\Program Files\Windows Sidebar\Shared Gadgets\MaxxAudio.Gadget\Gadget.xml"
+ "Power Consumption Meter" "This gadget shows you the current status of the power consumption of your PC." "TOSHIBA Corporation" "C:\Program Files\Windows Sidebar\Shared Gadgets\Power Consumption Meter Eco.Gadget\Gadget.xml"
+ "Weather" "See what the weather looks like around the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\Gadget.xml"




Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.16.11

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Jean :: JEAN-PC [administrator]

11/16/2012 9:28:56 PM
mbam-log-2012-11-16 (21-28-56).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 419791
Time elapsed: 43 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Jean\AppData\Local\SysWow64\msoft32.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Users\Jean\AppData\Local\Temp\n4mMxkc.exe (Trojan.Ransom) -> Quarantined and deleted successfully.

(end)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:17 PM

Posted 17 November 2012 - 05:30 AM

You should be able to reboot into normal mode now,reboot the PC

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#9 AliceOrchestral

AliceOrchestral
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:17 PM

Posted 17 November 2012 - 11:12 AM

It won't boot in normal mode properly. My computer has a blank purple screen with two things.
One is a C:\Windows\System32\cmd.exe and the other is an
Open File - Security Warning
Name: ...\6E61AAE9-007A-417B-BB9A-2FC25B2986AB.exe
Publisher: Kaspersky Lab
Type: Application
From: C:\Users\Jean\AppData\Local\Temp\6E61AAE9-0...
So should I click run, cancel, x it out, or none of the above?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:17 PM

Posted 17 November 2012 - 12:11 PM

So should I click run, cancel, x it out, or none of the above?


Cancel them

#11 AliceOrchestral

AliceOrchestral
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:17 PM

Posted 17 November 2012 - 05:15 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.16.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jean :: JEAN-PC [administrator]

11/17/2012 2:20:49 PM
mbam-log-2012-11-17 (14-20-49).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 421872
Time elapsed: 1 hour(s), 54 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Jean (administrator) on 17-11-2012 at 16:28:17
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http_port", 54020
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 6150 = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
Intel® Centrino® WiMAX 6150 = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jean-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6150
Physical Address. . . . . . . . . : 64-D4-DA-5D-5F-72
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 40-25-C2-52-B8-F9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 40-25-C2-52-B8-F9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : B8-70-F4-C6-19-A6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.nj.comcast.net.
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 6150
Physical Address. . . . . . . . . : 40-25-C2-52-B8-F8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c448:e27:c27:dcc4%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, November 17, 2012 2:15:44 PM
Lease Expires . . . . . . . . . . : Sunday, November 18, 2012 2:15:44 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 239084994
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-C8-F1-B7-40-25-C2-52-B8-F8
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.nj.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A3298853-595B-4FF8-BF37-ED10ECBC9B0D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{1DB1DEB4-F573-4899-81E6-2D74DDAD82D2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4FC185B9-14FC-4966-82C2-46283215563F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6E219710-3F91-4CB3-9992-B6F96630D1C0}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 2607:f8b0:4006:803::1000
173.194.43.4
173.194.43.8
173.194.43.6
173.194.43.5
173.194.43.0
173.194.43.7
173.194.43.2
173.194.43.14
173.194.43.3
173.194.43.1
173.194.43.9


Pinging google.com [74.125.226.193] with 32 bytes of data:
Reply from 74.125.226.193: bytes=32 time=13ms TTL=55
Reply from 74.125.226.193: bytes=32 time=13ms TTL=55

Ping statistics for 74.125.226.193:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 13ms, Average = 13ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=89ms TTL=48
Reply from 72.30.38.140: bytes=32 time=95ms TTL=48

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 89ms, Maximum = 95ms, Average = 92ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...64 d4 da 5d 5f 72 ......Intel® Centrino® WiMAX 6150
15...40 25 c2 52 b8 f9 ......Microsoft Virtual WiFi Miniport Adapter #2
14...40 25 c2 52 b8 f9 ......Microsoft Virtual WiFi Miniport Adapter
12...b8 70 f4 c6 19 a6 ......Realtek PCIe FE Family Controller
11...40 25 c2 52 b8 f8 ......Intel® Centrino® Wireless-N 6150
1...........................Software Loopback Interface 1
34...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
32...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
33...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.100 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.100 281
192.168.2.100 255.255.255.255 On-link 192.168.2.100 281
192.168.2.255 255.255.255.255 On-link 192.168.2.100 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.100 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.100 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::c448:e27:c27:dcc4/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/17/2012 02:15:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2012 10:16:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2012 10:11:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 58001

Error: (11/17/2012 10:11:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 58001

Error: (11/17/2012 10:11:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/17/2012 10:09:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (11/17/2012 10:09:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584

Error: (11/17/2012 10:09:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/17/2012 10:04:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2012 09:56:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/17/2012 02:16:55 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (11/17/2012 02:16:55 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (11/17/2012 02:15:42 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (11/17/2012 02:15:41 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (11/17/2012 02:15:40 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (11/17/2012 10:15:29 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (11/17/2012 10:15:28 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\System32\IWMSSvc.dll
Error Code: 21

Error: (11/17/2012 10:15:25 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/17/2012 10:15:25 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/17/2012 10:15:23 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1735.41615)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Alice Madness Returns (Version: 1.0.0.0)
Anki
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.3.13 (Unicode)
AVG 2012 (Version: 12.0.1901)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2629)
AVG 2012 (Version: 2012.0.2221)
Avira Free Antivirus (Version: 12.1.9.1236)
Best Buy pc app (Version: 3.2.0.0)
Best Buy pc app (Version: 3.2.420.5)
BitTorrent (Version: 7.6.1)
Bonjour (Version: 3.0.0.10)
D3DX10 (Version: 15.4.2368.0902)
DC Universe Online Live
Dell PC Fax
Dell Photo AIO Printer 966
Drop
ESET Online Scanner v3
Evernote v. 4.5.7 (Version: 4.5.7.7146)
EverQuest II
Facebook Messenger 2.1.4651.0 (Version: 2.1.4651.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Finale NotePad 2007 (Version: 12.0.13)
Finale NotePad 2011 (Version: 2011..r2.1)
Google Chrome (Version: 23.0.1271.64)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
iCloud (Version: 2.0.2.187)
IMVU Avatar Chat Software
IMVU Inc Toolbar (Version: 6.8.2.0)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2353)
Intel® PROSet/Wireless WiFi Software (Version: 14.0.2000)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
Intel® Wireless Display
Intel® Wireless Display (Version: 2.0.29.0)
Intel® PROSet/Wireless WiMAX Software (Version: 6.02.1000)
iTunes (Version: 10.7.0.21)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 31 (Version: 6.0.310)
JavaFX 2.1.1 (Version: 2.1.1)
JMicron Flash Media Controller Driver (Version: 1.0.57.2)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
LAME v3.98.3 for Audacity
Legends of Norrath
LEGO Island 2
LG USB Modem driver
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Mendeley Desktop 1.6 (Version: 1.6)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mobipocket Reader 6.2 (Version: 6.2.608)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Norton Internet Security (Version: 18.7.2.3)
Origin (Version: 8.5.2.23)
PaintTool SAI Ver.1
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Print to Fax (Version: 1.00)
QuickTime (Version: 7.73.80.64)
Realtek Ethernet Controller Driver (Version: 7.38.113.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6305)
REAPER (x64)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
Sibelius Scorch (Firefox, Opera, Netscape only) (Version: 6.2.0)
Skype™ 5.8 (Version: 5.8.158)
Smart Defrag 2 (Version: 2.2)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
The Battle for Middle-earth ™ II
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 4.02.02)
Toshiba Book Place (Version: 3.0.9490)
TOSHIBA Bulletin Board (Version: 1.6.08.64)
TOSHIBA Disc Creator (Version: 2.1.0.7 for x64)
TOSHIBA eco Utility (Version: 1.2.24.64)
TOSHIBA Face Recognition (Version: 3.1.9.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.12C)
TOSHIBA Hardware Setup (Version: 1.63.1.34C)
TOSHIBA HDD Protection (Version: 2.2.1.12)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.8)
TOSHIBA Media Controller (Version: 1.0.86.2)
TOSHIBA Media Controller Plug-in (Version: 1.0.6.1)
TOSHIBA PC Health Monitor (Version: 1.7.5.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.3.5109)
TOSHIBA ReelTime (Version: 1.7.17.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.0)
TOSHIBA Service Station (Version: 2.2.9)
TOSHIBA Sleep Utility (Version: 1.4.2.7)
TOSHIBA Supervisor Password (Version: 1.63.51.2C)
TOSHIBA Value Added Package (Version: 1.5.4.64)
TOSHIBA VIDEO PLAYER (Version: 4.00.6.08-A)
TOSHIBA Web Camera Application (Version: 2.0.0.19)
TOSHIBA Wireless Display Monitor (Version: 1.0.1)
TOSHIBA Wireless LAN Indicator (Version: 1.0.3)
ToshibaRegistration (Version: 1.0.4)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver (Version: 1.0.52.2C)
V CAST Music with Rhapsody
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Warcraft III: All Products
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Xvid Video Codec (Version: 1.3.2)
YouTube Downloader 3.5
Zoo Tycoon: Complete Collection

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 6050.69 MB
Available physical RAM: 3027.02 MB
Total Pagefile: 12099.57 MB
Available Pagefile: 8684.93 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.65 MB

========================= Partitions: =====================================

1 Drive c: (Hard drive) (Fixed) (Total:580.59 GB) (Free:448.36 GB) NTFS

========================= Users: ========================================

User accounts for \\JEAN-PC

Administrator Guest Jean

========================= Restore Points ==================================


**** End of log ****

#12 AliceOrchestral

AliceOrchestral
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:17 PM

Posted 17 November 2012 - 05:17 PM

Farbar Service Scanner Version: 09-11-2012
Ran by Jean (administrator) on 17-11-2012 at 16:33:57
Running from "C:\Users\Jean\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#13 AliceOrchestral

AliceOrchestral
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:17 PM

Posted 17 November 2012 - 05:20 PM

# AdwCleaner v2.007 - Logfile created 11/17/2012 at 16:39:10
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jean - JEAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Jean\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\6fw9c5hq.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\6fw9c5hq.default\searchplugins\search.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\IMVU_Inc
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Users\Jean\AppData\Local\Conduit
Folder Deleted : C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Folder Deleted : C:\Users\Jean\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jean\AppData\LocalLow\IMVU_Inc
Folder Deleted : C:\Users\Jean\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Jean\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\6fw9c5hq.default\ConduitCommon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\IMVU_Inc
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\IMVU_Inc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FDB9B13-78A3-4D5A-9CFC-469C6AE4AFFF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4BE8C64B-8561-4336-B533-2FBB303CC192}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMVU_Inc Toolbar
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{90B49673-5506-483E-B92B-CA0265BD9CA8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\6fw9c5hq.default\prefs.js

Deleted : user_pref("CT2612669..clientLogIsEnabled", true);
Deleted : user_pref("CT2612669..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2612669..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2612669.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2612669.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2612669.BrowserCompStateIsOpen_129482420034282070", true);
Deleted : user_pref("CT2612669.BrowserCompStateIsOpen_129683190780749804", true);
Deleted : user_pref("CT2612669.CTID", "CT2612669");
Deleted : user_pref("CT2612669.CurrentServerDate", "4-1-2012");
Deleted : user_pref("CT2612669.DSInstall", false);
Deleted : user_pref("CT2612669.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2612669.DialogsGetterLastCheckTime", "Tue Jan 03 2012 20:37:06 GMT-0500 (Eastern Standa[...]
Deleted : user_pref("CT2612669.DownloadReferralCookieData", "");
Deleted : user_pref("CT2612669.FeedLastCount129206864782289142", 20);
Deleted : user_pref("CT2612669.FeedPollDate129206864782914144", "Tue Jan 03 2012 20:37:06 GMT-0500 (Eastern St[...]
Deleted : user_pref("CT2612669.FeedTTL129206864782914144", 40);
Deleted : user_pref("CT2612669.FirstServerDate", "4-1-2012");
Deleted : user_pref("CT2612669.FirstTime", true);
Deleted : user_pref("CT2612669.FirstTimeFF3", true);
Deleted : user_pref("CT2612669.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2612669.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2612669.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2612669.HPInstall", false);
Deleted : user_pref("CT2612669.HasUserGlobalKeys", true);
Deleted : user_pref("CT2612669.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2612669.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT2612669.Initialize", true);
Deleted : user_pref("CT2612669.InitializeCommonPrefs", true);
Deleted : user_pref("CT2612669.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2612669.InstallationId", "ConduitNSISIntegration");
Deleted : user_pref("CT2612669.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT2612669.InstalledDate", "Tue Jan 03 2012 20:37:06 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT2612669.IsAlertDBUpdated", true);
Deleted : user_pref("CT2612669.IsGrouping", false);
Deleted : user_pref("CT2612669.IsInitSetupIni", true);
Deleted : user_pref("CT2612669.IsMulticommunity", false);
Deleted : user_pref("CT2612669.IsOpenThankYouPage", false);
Deleted : user_pref("CT2612669.IsOpenUninstallPage", true);
Deleted : user_pref("CT2612669.LanguagePackLastCheckTime", "Tue Jan 03 2012 20:37:07 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("CT2612669.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2612669.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2612669.LastLogin_3.8.1.0", "Tue Jan 03 2012 20:37:07 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2612669.LatestVersion", "3.8.1.0");
Deleted : user_pref("CT2612669.Locale", "en");
Deleted : user_pref("CT2612669.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2612669.MCDetectTooltipShow", false);
Deleted : user_pref("CT2612669.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2612669.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2612669.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT2612669.OriginalFirstVersion", "3.8.1.0");
Deleted : user_pref("CT2612669.SearchCaption", "IMVU Inc Customized Web Search");
Deleted : user_pref("CT2612669.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2612669.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2612669.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Deleted : user_pref("CT2612669.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2612669.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2612669.SearchInNewTabLastCheckTime", "Tue Jan 03 2012 20:37:07 GMT-0500 (Eastern Stand[...]
Deleted : user_pref("CT2612669.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2612669.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2612669.SearchProtectorEnabled", false);
Deleted : user_pref("CT2612669.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2612669.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2612669.ServiceMapLastCheckTime", "Tue Jan 03 2012 20:37:05 GMT-0500 (Eastern Standard [...]
Deleted : user_pref("CT2612669.SettingsLastCheckTime", "Tue Jan 03 2012 20:37:05 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT2612669.SettingsLastUpdate", "1325062543");
Deleted : user_pref("CT2612669.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2612669&SearchSource=13");
Deleted : user_pref("CT2612669.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2612669.ThirdPartyComponentsLastCheck", "Tue Jan 03 2012 20:37:05 GMT-0500 (Eastern Sta[...]
Deleted : user_pref("CT2612669.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2612669.ToolbarDisabled", true);
Deleted : user_pref("CT2612669.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2612669.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2612669");
Deleted : user_pref("CT2612669.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2612669.UserID", "UN72304441648250426");
Deleted : user_pref("CT2612669.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2612669.alertChannelId", "1005466");
Deleted : user_pref("CT2612669.approveUntrustedApps", true);
Deleted : user_pref("CT2612669.autoDisableScopes", -1);
Deleted : user_pref("CT2612669.backendstorage.2612669a129684723478947121000000paramsgk0", "7B22757064617465526[...]
Deleted : user_pref("CT2612669.backendstorage.cbfirsttime", "547565204A616E20303320323031322032303A33373A31302[...]
Deleted : user_pref("CT2612669.backendstorage.facebook_mode", "32");
Deleted : user_pref("CT2612669.backendstorage.facebook_user_locale", "656E");
Deleted : user_pref("CT2612669.backendstorage.shoppingapp.gk.exipres", "53756E204A616E20303820323031322032303A[...]
Deleted : user_pref("CT2612669.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Deleted : user_pref("CT2612669.components.129174085518698803", false);
Deleted : user_pref("CT2612669.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2612669.globalFirstTimeInfoLastCheckTime", "Tue Jan 03 2012 20:37:06 GMT-0500 (Eastern [...]
Deleted : user_pref("CT2612669.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2612669.initDone", true);
Deleted : user_pref("CT2612669.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2612669.myStuffEnabled", true);
Deleted : user_pref("CT2612669.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2612669.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2612669.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2612669.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2612669.revertSettingsEnabled", false);
Deleted : user_pref("CT2612669.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2612669.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2612669.testingCtid", "");
Deleted : user_pref("CT2612669.toolbarAppMetaDataLastCheckTime", "Tue Jan 03 2012 20:37:06 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2612669.toolbarContextMenuLastCheckTime", "Tue Jan 03 2012 20:37:07 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2612669.usagesFlag", 2);
Deleted : user_pref("CT2790392..clientLogIsEnabled", false);
Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2790392.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2790392.BrowserCompStateIsOpen_129633547190125290", true);
Deleted : user_pref("CT2790392.CTID", "CT2790392");
Deleted : user_pref("CT2790392.CurrentServerDate", "10-10-2012");
Deleted : user_pref("CT2790392.DSInstall", true);
Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2790392.DialogsGetterLastCheckTime", "Wed Oct 10 2012 16:47:32 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");
Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Wed Oct 10 2012 16:47:32 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 227);
Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Wed Oct 10 2012 16:47:32 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Wed Oct 10 2012 16:47:32 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Wed Oct 10 2012 16:47:32 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Wed Oct 10 2012 16:47:32 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Wed Oct 10 2012 16:47:33 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Wed Oct 10 2012 16:47:33 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Wed Oct 10 2012 16:47:33 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Wed Oct 10 2012 16:47:33 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Wed Oct 10 2012 16:47:33 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Wed Oct 10 2012 16:47:33 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Wed Oct 10 2012 16:47:33 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);
Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);
Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);
Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);
Deleted : user_pref("CT2790392.FirstServerDate", "10-10-2012");
Deleted : user_pref("CT2790392.FirstTime", true);
Deleted : user_pref("CT2790392.FirstTimeFF3", true);
Deleted : user_pref("CT2790392.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2790392.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2790392.HPInstall", false);
Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);
Deleted : user_pref("CT2790392.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2790392.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT2790392.Initialize", true);
Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);
Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2790392.InstallationType", "Unknown");
Deleted : user_pref("CT2790392.InstalledDate", "Wed Oct 10 2012 16:47:34 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2790392.IsGrouping", false);
Deleted : user_pref("CT2790392.IsInitSetupIni", true);
Deleted : user_pref("CT2790392.IsMulticommunity", false);
Deleted : user_pref("CT2790392.IsOpenThankYouPage", true);
Deleted : user_pref("CT2790392.IsOpenUninstallPage", true);
Deleted : user_pref("CT2790392.IsProtectorsInit", true);
Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Wed Oct 10 2012 16:47:34 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2790392.LastLogin_3.15.1.0", "Wed Oct 10 2012 16:47:35 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2790392.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2790392.Locale", "en");
Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2790392.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2790392.OriginalFirstVersion", "3.15.1.0");
Deleted : user_pref("CT2790392.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2790392.SearchCaption", "BitTorrentBar Customized Web Search");
Deleted : user_pref("CT2790392.SearchEngineBeforeUnload", "BitTorrentBar Customized Web Search");
Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT279[...]
Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Wed Oct 10 2012 16:47:35 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2790392.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2790392.SearchProtectorEnabled", true);
Deleted : user_pref("CT2790392.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2790392.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Wed Oct 10 2012 16:47:30 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Wed Oct 10 2012 16:47:31 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2790392.SettingsLastUpdate", "1349287948");
Deleted : user_pref("CT2790392.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13");
Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Wed Oct 10 2012 16:47:30 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2790392.ToolbarDisabled", true);
Deleted : user_pref("CT2790392.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");
Deleted : user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2790392.UserID", "UN63432615025848284");
Deleted : user_pref("CT2790392.ValidationData_Toolbar", 0);
Deleted : user_pref("CT2790392.WeatherNetwork", "");
Deleted : user_pref("CT2790392.WeatherPollDate", "Wed Oct 10 2012 16:47:34 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2790392.WeatherUnit", "F");
Deleted : user_pref("CT2790392.alertChannelId", "1182482");
Deleted : user_pref("CT2790392.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT2790392.backendstorage.cbfirsttime", "576564204F637420313020323031322031363A34373A33372[...]
Deleted : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Wed Oct 10 2012 16:47:32 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2790392.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2790392.initDone", true);
Deleted : user_pref("CT2790392.isAppTrackingManagerOn", false);
Deleted : user_pref("CT2790392.myStuffEnabled", true);
Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2790392.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2790392.revertSettingsEnabled", false);
Deleted : user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2790392.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2790392.testingCtid", "");
Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Wed Oct 10 2012 16:47:32 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Wed Oct 10 2012 16:47:34 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2790392.usagesFlag", 1);
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "BitTorrentBar Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2612669/CT2612669[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1005466/1001181/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2612669", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2612669",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4e9[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20566976.xml", "\"6538394d7f226c1ea51[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jean\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2612669,CT2790392");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2612669,CT2790392");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2612669,CT2790392");
Deleted : user_pref("CommunityToolbar.globalUserId", "542666df-e9cb-4edf-999f-c691d94f4aa8");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2790392");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Oct 10 2012 16:47:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Oct 10 2012 16:47:34 GMT-040[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Oct 10 2012 16:47:30 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "8111e5f2-e04a-4fbf-ba6f-5685925afbfc");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("CommunityToolbar.twitter.user_20566976.LastCheckTime", "Tue Jan 03 2012 20:37:09 GMT-0500[...]
Deleted : user_pref("browser.search.defaultthis.engineName", "BitTorrentBar Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&Sea[...]
Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{D4DD63FA-01E4-46a7-B6B1-EDA[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [27545 octets] - [17/11/2012 16:39:10]

########## EOF - C:\AdwCleaner[S1].txt - [27606 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.1.9 (11.17.2012)
OS: Windows 7 Home Premium x64
Ran by Jean on Sat 11/17/2012 at 16:53:26.99
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\sweetim"



~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Jean\appdata\local\best buy pc app"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Jean\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
Successfully deleted: [Tracur] C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\6fw9c5hq.default\extensions\nxempqnpir@nxempqnpir.org.xpi



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/17/2012 at 16:59:28.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:17 PM

Posted 17 November 2012 - 05:21 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#15 AliceOrchestral

AliceOrchestral
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:17 PM

Posted 17 November 2012 - 06:03 PM

Farbar Service Scanner Version: 09-11-2012
Ran by Jean (administrator) on 17-11-2012 at 17:47:20
Running from "C:\Users\Jean\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****






Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/17/2012 05:53:03 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\windows\system32\ThpSrv.exe (PID: 1268) [WD-HEUR]
* C:\Windows\System32\ThpSrv.exe (PID: 4856) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Jean\Desktop\rkill\rkill-11-17-2012-05-53-08.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!

* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
* HKCU\SOFTWARE\Classes\exefile has been deleted!


Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
* C:\Users\Jean\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\ [ZA Dir]
* C:\Users\Jean\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\ [ZA Dir]
* C:\Users\Jean\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\ [ZA Dir]
* C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\ [ZA Dir]
* C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\ [ZA Dir]
* C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\00000004.@ [ZA File]
* C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\1afb2d56 [ZA File]
* C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\201d3dde [ZA File]
* C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\55490ac4 [ZA File]
* C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\ [ZA Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

Program finished at: 11/17/2012 05:53:31 PM
Execution time: 0 hours(s), 0 minute(s), and 27 seconds(s)





"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "DLCQCATS" "Timer DLL" "" "c:\windows\system32\spool\drivers\x64\3\dlcqtime.dll"
+ "dlcqmon.exe" "Device Monitor" "" "c:\program files (x86)\dell photo aio printer 966\dlcqmon.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "HSON" "HotStartOn" "TOSHIBA Corporation" "c:\program files\toshiba\tbs\hson.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "IntelWireless" "Intel® PROSet/Wireless Framework" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\ifrmewrk.exe"
+ "IntelWirelessWiMAX" "Intel® PROSet/Wireless WiMAX Connection Utility" "Intel® Corporation" "c:\program files\intel\wimax\bin\wimaxcu.exe"
+ "MemoryCardManager" "Memory Card Manager Executable" "" "c:\program files (x86)\dell photo aio printer 966\memcard.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "RtHDVBg" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "TCrdMain" "TOSHIBA Flash Cards Main Module" "TOSHIBA Corporation" "c:\program files\toshiba\flashcards\tcrdmain.exe"
+ "Teco" "TOSHIBA eco Utility" "TOSHIBA Corporation" "c:\program files\toshiba\teco\teco.exe"
+ "ThpSrv" "TOSHIBA HDD Protection Service" "TOSHIBA Corporation" "c:\windows\system32\thpsrv.exe"
+ "TosNC" "Message Center" "TOSHIBA Corporation" "c:\program files\toshiba\bulletinboard\tosnccore.exe"
+ "TosReelTimeMonitor" "Monitor of TOSHIBA ReelTime" "TOSHIBA Corporation" "c:\program files\toshiba\reeltime\tosreeltimemonitor.exe"
+ "TosSENotify" "" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe"
+ "TosVolRegulator" " Toshiba Volume Regulator" "TOSHIBA Corporation" "c:\program files\toshiba\tosvolregulator\tosvolregulator.exe"
+ "TosWaitSrv" "" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\toswaitsrv.exe"
+ "TPwrMain" "TOSHIBA Power Saver" "TOSHIBA Corporation" "c:\program files\toshiba\power saver\tpwrmain.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgtray.exe"
+ "avgnt" "Avira System Tray Tool" "Avira Operations GmbH & Co. KG" "c:\program files (x86)\avira\antivir desktop\avgnt.exe"
+ "FaxCenterServer" "Fax Man Server" "" "c:\program files (x86)\dell pc fax\fm3032.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "KeNotify" "KeNotify MFC Application" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\utilities\kenotify.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "SVPWUTIL" "SVPWUTIL Application" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\utilities\svpwutil.exe"
+ "ToshibaServiceStation" "TOSHIBA Service Station" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\toshibaservicestation.exe"
+ "TSleepSrv" "TOSHIBA Sleep Service" "TOSHIBA" "c:\program files (x86)\toshiba\toshiba sleep utility\tsleepsrv.exe"
"C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "EvernoteClipper.lnk" "Evernote Clipper" "Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041" "c:\program files (x86)\evernote\evernote\evernoteclipper.exe"
+ "Facebook Messenger.lnk" "Facebook Messenger" "Facebook" "c:\users\jean\appdata\local\facebook\messenger\2.1.4651.0\facebookmessenger.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "com.apple.dav.bookmarks.daemon" "BookmarkDAV_client.exe" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\bookmarkdav_client.exe"
+ "Facebook Update" "Facebook Installer" "Facebook Inc." "c:\users\jean\appdata\local\facebook\update\facebookupdate.exe"
+ "iCloudServices" "iCloud" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\icloudservices.exe"
+ "MobileDocuments" "" "" "File not found: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
+ "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
+ "Xvid" "" "" "c:\program files (x86)\xvid\checkupdate.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgppa.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgsea.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "PhotoStreamsExt" "" "" "c:\program files\common files\apple\internet services\shellstreams64.dll"
+ "Shell Extension for Malware scanning" "Avira Shell Extension Library 64-bit" "Avira Operations GmbH & Co. KG" "c:\program files (x86)\avira\antivir desktop\shlext64.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\18.7.2.3\navshext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgse.dll"
+ "PhotoStreamsExt" "ShellStreams.dll" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\shellstreams.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgsea.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "Shell Extension for Malware scanning" "Avira Shell Extension Library 64-bit" "Avira Operations GmbH & Co. KG" "c:\program files (x86)\avira\antivir desktop\shlext64.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\18.7.2.3\navshext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgse.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgssiea.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg64.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiex.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgssie.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\5.7.7725.1624\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Symantec Intrusion Prevention" "IPS Browser Helper DLL" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\18.7.2.3\ips\ipsbho.dll"
+ "Symantec NCO BHO" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\18.7.2.3\coieplg.dll"
+ "TOSHIBA Media Controller Plug-in" "TOSHIBA Media Controller Plug-in " "<TOSHIBA>" "c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\18.7.2.3\coieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "Add to Evernote 4" "" "" "File not found: C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiex.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\FacebookUpdateTaskUserS-1-5-21-3551208218-956494801-2025492898-1001Core" "Facebook Installer" "Facebook Inc." "c:\users\jean\appdata\local\facebook\update\facebookupdate.exe"
+ "\FacebookUpdateTaskUserS-1-5-21-3551208218-956494801-2025492898-1001UA" "Facebook Installer" "Facebook Inc." "c:\users\jean\appdata\local\facebook\update\facebookupdate.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\SmartDefrag_Startup" "Smart Defrag v2" "IObit" "c:\program files (x86)\iobit\smart defrag 2\smartdefrag.exe"
+ "\Symantec\Norton Error Analyzer 18.7.2.3" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\18.7.2.3\symerr.exe"
+ "\TOSHIBA Wireless Display Monitor" "Wireless Display Monitor" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\widimon\widimon.exe"
+ "\{0DDB566B-6838-437D-B49C-A100002125A2}" "LaunchPad (GameLauncher)" "Sony Online Entertainment, LLC" "c:\users\public\sony online entertainment\installed games\everquest ii\launchpad.exe"
+ "\{2D8854A7-8D78-4971-AE94-C82492DD9633}" "LaunchPad (GameLauncher)" "Sony Online Entertainment, LLC" "c:\users\public\sony online entertainment\installed games\everquest ii\launchpad.exe"
+ "\{43554986-22AE-4BA2-9A90-807331FF55E9}" "LaunchPad (GameLauncher)" "Sony Online Entertainment, LLC" "c:\users\public\sony online entertainment\installed games\everquest ii\launchpad.exe"
+ "\{494C470C-A28E-4C29-92D0-8DA826DD138B}" "Firefox" "Mozilla Corporation" "c:\program files (x86)\mozilla firefox\firefox.exe"
+ "\{A06EC661-835E-4149-9A0E-EBDAFC233D5B}" "Firefox" "Mozilla Corporation" "c:\program files (x86)\mozilla firefox\firefox.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AntiVirSchedulerService" "Service to schedule Avira Free Antivirus jobs and updates." "Avira Operations GmbH & Co. KG" "c:\program files (x86)\avira\antivir desktop\sched.exe"
+ "AntiVirService" "Offers permanent protection against viruses and malware with the Avira search engine." "Avira Operations GmbH & Co. KG" "c:\program files (x86)\avira\antivir desktop\avguard.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgwdsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "dlcq_device" "Printer Communication System" " " "c:\windows\system32\dlcqcoms.exe"
+ "DMAgent" "Red Bend Device Management Service for Intel® PROSet/Wireless WiMAX Software." "Red Bend Ltd." "c:\program files\intel\wimax\bin\dmagent.exe"
+ "EvtEng" "Manages the event trace messages for all the Intel® PROSet/Wireless Software components." "Intel® Corporation" "c:\program files\intel\wifi\bin\evteng.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "MyWiFiDHCPDNS" "Wireless PAN DHCP and DNS Server" "" "c:\program files\intel\wifi\bin\pandhcpdns.exe"
+ "NIS" "Norton Internet Security" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\18.7.2.3\ccsvchst.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "RegSrvc" "Provides registry access to all Intel® PROSet/Wireless Software components" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "Thpsrv" "TOSHIBA HDD Protection Service" "TOSHIBA Corporation" "c:\windows\system32\thpsrv.exe"
+ "TMachInfo" "TOSHIBA Machine Information Service" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe"
+ "TODDSrv" "TDCSrv Application" "TOSHIBA Corporation" "c:\windows\system32\toddsrv.exe"
+ "TosCoSrv" "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped." "TOSHIBA Corporation" "c:\program files\toshiba\power saver\toscosrv.exe"
+ "TOSHIBA eco Utility Service" "TOSHIBA eco Utility Service" "TOSHIBA Corporation" "c:\program files\toshiba\teco\tecoservice.exe"
+ "TOSHIBA HDD SSD Alert Service" "TOSHIBA HDD SSD Alert" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe"
+ "TPCHSrv" "TOSHIBA PC Health Monitor" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\tpchsrv.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WiMAXAppSrv" "WiMAX SDK Service for Intel® PROSet/Wireless WiMAX Software" "Intel® Corporation" "c:\program files\intel\wimax\bin\appsrv.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdrivera.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfiltera.sys"
+ "AVGIDSHA" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsha.sys"
+ "Avgldx64" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx64.sys"
+ "Avgmfx64" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx64.sys"
+ "avgntflt" "Avira mini-filter driver" "Avira GmbH" "c:\windows\system32\drivers\avgntflt.sys"
+ "Avgrkx64" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx64.sys"
+ "Avgtdia" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdia.sys"
+ "avipbb" "Avira Security Enhancement Driver" "Avira GmbH" "c:\windows\system32\drivers\avipbb.sys"
+ "avkmgr" "Avira Manager Driver" "Avira GmbH" "c:\windows\system32\drivers\avkmgr.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BHDrvx64" "SONAR Engine Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20111223.001\bhdrvx64.sys"
+ "bpenum" "Intel® WiMax Link 5050 Series Enumerator" "Intel Corporation" "c:\windows\system32\drivers\bpenum.sys"
+ "bpmp" "Intel® WiMax Link 5050 Series Driver" "Intel Corporation" "c:\windows\system32\drivers\bpmp.sys"
+ "bpusb" "Intel® WiMax Link 5050 Series Function Driver" "Intel Corporation" "c:\windows\system32\drivers\bpusb.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "CeKbFilter" "Toshiba Flash Cards Support Driver" "Compal Electronics, INC." "c:\windows\system32\drivers\cekbfilter.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "IDSVia64" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20120113.002\idsvia64.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "JMCR" "JMicron PCIe Flash Media Controller Driver" "JMicron Technology Corporation" "c:\windows\system32\drivers\jmcr.sys"
+ "LPCFilter" "LPCFilter" "COMPAL ELECTRONIC INC." "c:\windows\system32\drivers\lpcfilter.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "MCSTRM" "" "" "File not found: C:\windows\System32\Drivers\MCSTRM.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20120116.002\eng64.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20120116.002\ex64.sys"
+ "NETwNs64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netwns64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "ngbaioch" "" "" "File not found: C:\windows\system32\drivers\ngbaioch.sys"
+ "nusb3hub" "USB 3.0 Hub Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3hub.sys"
+ "nusb3xhc" "USB 3.0 Host Controller Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3xhc.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PGEffect" "TOSHIBA Universal Camera Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\pgeffect.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SmartDefragDriver" "File driver of SmartDefrag" "" "c:\windows\system32\drivers\smartdefragdriver.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1207020.003\srtsp64.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1207020.003\srtspx64.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SymDS" "Symantec Data Store" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1207020.003\symds64.sys"
+ "SymEFA" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1207020.003\symefa64.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys"
+ "SymIRON" "Iron Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1207020.003\ironx64.sys"
+ "SymNetS" "Network Security Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1207020.003\symnets.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "tdcmdpst" "TOSHIBA ODD Writing Driver for x64." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys"
+ "Thpdrv" "TOSHIBA HDD Protection Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\thpdrv.sys"
+ "Thpevm" "TOSHIBA HDD Protection - Shock Sensor Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\thpevm.sys"
+ "tos_sps64" "tos_sps64" "TOSHIBA Corporation" "c:\windows\system32\drivers\tos_sps64.sys"
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys"
+ "TVALZFL" "TOSHIBA TVALZ Filter Driver for x64" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalzfl.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "usbbus" "LG CDMA USB Multi function Driver" "LG Electronics Inc." "c:\windows\system32\drivers\lgx64bus.sys"
+ "UsbDiag" "LGE CDMA USB Serial Port" "LG Electronics Inc." "c:\windows\system32\drivers\lgx64diag.sys"
+ "USBModem" "LGE CDMA Modem Support" "LG Electronics Inc." "c:\windows\system32\drivers\lgx64modem.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "wdkmd" "Intel Wireless Display Solution" "Intel Corporation" "c:\windows\system32\drivers\wdkmd.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecp.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.XVID" "" "" "c:\windows\syswow64\xvidvfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll"
+ "SFVCaptureFilter" "SmartFaceVCapt" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcapt.dll"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "DivX for Blizzard Decoder Filter" "DivX ™ Decoder Filter" "DivXNetworks, Inc." "c:\program files (x86)\warcraft iii\blizzard.ax"
+ "DS Video Buffer Filter" "WiDiAgent.dll COM object." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\dsbuffer_video.ax"
+ "Image Effects" "TimeStam Dynamic Link Library" "TOSHIBA CORPORATION." "c:\program files (x86)\toshiba\toshiba web camera application\pgtimefilter.dll"
+ "Intel® Media SDK AAC Encoder" "Intel® Media SDK AAC Encoder" "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\imc_aac_enc_ds.dll"
+ "Intel® Media SDK MPEG-2 Muxer" "Intel® Media SDK MPEG-2 Muxer" "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\imc_mp2_mux_ds.dll"
+ "Intel® Mux Renderer" "Intel® TS Mux / Network Renderer" "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\intelmux.dll"
+ "Intel® Network Filter" "" "" "c:\program files (x86)\common files\intel corporation\widiagent\intelnet.dll"
+ "Intel®WiDi H264 encoder" "" "" "c:\program files (x86)\common files\intel corporation\widiagent\h264_enc_filter.dll"
+ "MainConcept AAC Encoder" "AAC audio encoder filter" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mc_enc_aac_ds.ax"
+ "MainConcept MPEG Multiplexer-Plus" "MPEG Multiplexer-Plus DS Filter" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mcmpeg2mux.ax"
+ "MainConcept Network Renderer" "Network Renderer" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mc_net_renderer_ds.ax"
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prdmowrapper.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "TOSHIBA AAC Decoder" "TOSHIBA AAC Audio Decoder" "TOSHIBA Corporation" "c:\program files (x86)\common files\toshiba shared\tosrawaacdecoder.ax"
+ "TOSHIBA Audio Back Switcher" "" "" "c:\program files (x86)\toshiba\toshiba video player\tosaudiobackswitcher.ax"
+ "TOSHIBA Audio Decoder DVD" "TOSHIBA Audio Decoder DVD" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba video player\tosauddecl.ax"
+ "TOSHIBA Audio Front Switcher" "" "" "c:\program files (x86)\toshiba\toshiba video player\tosaudiofrontswitcher.ax"
+ "TOSHIBA Audio Rate Converter" "TOSHIBA Audio Rate Converter" "TOSHIBA Corporation" "c:\program files (x86)\common files\toshiba shared\tosarc.ax"
+ "TOSHIBA DualMono" "TOSHIBA DualMono" "TOSHIBA Corporation" "c:\program files (x86)\common files\toshiba shared\tosdualmono.ax"
+ "TOSHIBA DVD Navigator" "TOSHIBA DVD Navigator" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba video player\tdvdnavi.ax"
+ "TOSHIBA DVD VR Navigator" "TOSHIBA DVD Player" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba video player\tvrnavi.ax"
+ "TOSHIBA MP4 Navigator" "" "" "c:\program files (x86)\common files\toshiba shared\mp4navifilter.ax"
+ "TOSHIBA MP4-SD Navigator" "" "" "c:\program files (x86)\common files\toshiba shared\mp4navifilter.ax"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\tprogmon.ax"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\twavconv.ax"
+ "WD Audio Filter" "WiDi Audio Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdaudiofilter.dll"
+ "WDSource Filter" "WiDi Video Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdsourcefilter.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\syswow64\xvid.ax"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "SmartFaceVCP" "SmartFaceVCP" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcp.dll"
+ "tosWirelessLANIndicatorCP" "Credential Provider Dll for TOSHIBA Wireless LAN Indicator" "TOSHIBA CORPORATION" "c:\windows\system32\toswirelesslanindicatorcp.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Dell 966 Port" "Printer Communication System" " " "c:\windows\system32\dlcqlmpm.dll"
+ "Dell Print-2-Fax Port" "" "" "c:\windows\system32\dlprmon.dll"
"C:\Users\Jean\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "CPU Meter" "See the current computer CPU and system memory (RAM)." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\Gadget.xml"
+ "Currency" "Convert from one currency to another." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\Gadget.xml"
+ "MaxxAudio" "Waves MaxxAudio Gadget for Toshiba" "Waves Audio Ltd." "C:\Program Files\Windows Sidebar\Shared Gadgets\MaxxAudio.Gadget\Gadget.xml"
+ "Power Consumption Meter" "This gadget shows you the current status of the power consumption of your PC." "TOSHIBA Corporation" "C:\Program Files\Windows Sidebar\Shared Gadgets\Power Consumption Meter Eco.Gadget\Gadget.xml"
+ "Weather" "See what the weather looks like around the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\Gadget.xml"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users