Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser embedded ads


  • Please log in to reply
9 replies to this topic

#1 Amy Bennett

Amy Bennett

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 30 November 2012 - 10:52 AM

Our laptop has been having ads in the browser. They're not pop-ups though, they are actually embedded into the page. We've run MBAM and it's not helping.

The laptop is Windows Vista
We use Google Chrome 23.0.1271.91

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:51 AM

Posted 30 November 2012 - 12:29 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Amy Bennett

Amy Bennett
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 30 November 2012 - 03:51 PM

TDSSKiller:

13:44:08.0691 3800 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:44:08.0935 3800 ============================================================
13:44:08.0936 3800 Current date / time: 2012/11/30 13:44:08.0935
13:44:08.0936 3800 SystemInfo:
13:44:08.0936 3800
13:44:08.0936 3800 OS Version: 6.0.6002 ServicePack: 2.0
13:44:08.0936 3800 Product type: Workstation
13:44:08.0936 3800 ComputerName: SCOTT-LAPTOP
13:44:08.0936 3800 UserName: Scott
13:44:08.0936 3800 Windows directory: C:\Windows
13:44:08.0936 3800 System windows directory: C:\Windows
13:44:08.0936 3800 Running under WOW64
13:44:08.0936 3800 Processor architecture: Intel x64
13:44:08.0936 3800 Number of processors: 2
13:44:08.0936 3800 Page size: 0x1000
13:44:08.0936 3800 Boot type: Normal boot
13:44:08.0936 3800 ============================================================
13:44:09.0978 3800 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:44:09.0987 3800 ============================================================
13:44:09.0987 3800 \Device\Harddisk0\DR0:
13:44:09.0987 3800 MBR partitions:
13:44:09.0987 3800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4B000, BlocksNum 0x1E00000
13:44:09.0987 3800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E4B000, BlocksNum 0x3853A800
13:44:09.0987 3800 ============================================================
13:44:10.0024 3800 C: <-> \Device\Harddisk0\DR0\Partition2
13:44:10.0075 3800 D: <-> \Device\Harddisk0\DR0\Partition1
13:44:10.0075 3800 ============================================================
13:44:10.0075 3800 Initialize success
13:44:10.0075 3800 ============================================================
13:44:37.0305 3744 ============================================================
13:44:37.0305 3744 Scan started
13:44:37.0305 3744 Mode: Manual; TDLFS;
13:44:37.0305 3744 ============================================================
13:44:37.0593 3744 ================ Scan system memory ========================
13:44:37.0593 3744 System memory - ok
13:44:37.0593 3744 ================ Scan services =============================
13:44:37.0759 3744 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:44:37.0761 3744 ACPI - ok
13:44:37.0882 3744 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:44:37.0886 3744 AdobeFlashPlayerUpdateSvc - ok
13:44:37.0950 3744 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:44:37.0953 3744 adp94xx - ok
13:44:37.0997 3744 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:44:37.0999 3744 adpahci - ok
13:44:38.0012 3744 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:44:38.0013 3744 adpu160m - ok
13:44:38.0030 3744 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:44:38.0032 3744 adpu320 - ok
13:44:38.0071 3744 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:44:38.0073 3744 AeLookupSvc - ok
13:44:38.0166 3744 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
13:44:38.0169 3744 AESTFilters - ok
13:44:38.0223 3744 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
13:44:38.0229 3744 AFD - ok
13:44:38.0328 3744 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:44:38.0329 3744 agp440 - ok
13:44:38.0376 3744 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:44:38.0377 3744 aic78xx - ok
13:44:38.0404 3744 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
13:44:38.0405 3744 ALG - ok
13:44:38.0426 3744 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
13:44:38.0426 3744 aliide - ok
13:44:38.0469 3744 [ 9E28E3302025160F9CCC7272CEE0BE16 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:44:38.0472 3744 AMD External Events Utility - ok
13:44:38.0493 3744 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
13:44:38.0493 3744 amdide - ok
13:44:38.0513 3744 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:44:38.0513 3744 AmdK8 - ok
13:44:38.0554 3744 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
13:44:38.0555 3744 Appinfo - ok
13:44:38.0666 3744 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:44:38.0667 3744 Apple Mobile Device - ok
13:44:38.0708 3744 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
13:44:38.0709 3744 arc - ok
13:44:38.0736 3744 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:44:38.0737 3744 arcsas - ok
13:44:38.0757 3744 ASPI32 - ok
13:44:38.0772 3744 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:44:38.0772 3744 AsyncMac - ok
13:44:38.0796 3744 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
13:44:38.0796 3744 atapi - ok
13:44:38.0837 3744 [ 08FA104F07B243508ECD8D59007D2B2F ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
13:44:38.0838 3744 AtiHdmiService - ok
13:44:38.0952 3744 [ 4BA27D602D5B74375E4D2F9622C9B114 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:44:38.0989 3744 atikmdag - ok
13:44:39.0048 3744 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:44:39.0055 3744 AudioEndpointBuilder - ok
13:44:39.0081 3744 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:44:39.0085 3744 AudioSrv - ok
13:44:39.0157 3744 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:44:39.0161 3744 BBSvc - ok
13:44:39.0206 3744 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:44:39.0212 3744 BBUpdate - ok
13:44:39.0240 3744 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
13:44:39.0249 3744 BFE - ok
13:44:39.0303 3744 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
13:44:39.0324 3744 BITS - ok
13:44:39.0361 3744 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:44:39.0361 3744 blbdrive - ok
13:44:39.0441 3744 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:44:39.0447 3744 Bonjour Service - ok
13:44:39.0478 3744 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:44:39.0479 3744 bowser - ok
13:44:39.0504 3744 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:44:39.0504 3744 BrFiltLo - ok
13:44:39.0515 3744 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:44:39.0515 3744 BrFiltUp - ok
13:44:39.0546 3744 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
13:44:39.0548 3744 Browser - ok
13:44:39.0576 3744 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
13:44:39.0577 3744 Brserid - ok
13:44:39.0601 3744 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:44:39.0602 3744 BrSerWdm - ok
13:44:39.0617 3744 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:44:39.0617 3744 BrUsbMdm - ok
13:44:39.0640 3744 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:44:39.0640 3744 BrUsbSer - ok
13:44:39.0674 3744 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
13:44:39.0674 3744 BthEnum - ok
13:44:39.0702 3744 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:44:39.0702 3744 BTHMODEM - ok
13:44:39.0750 3744 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:44:39.0751 3744 BthPan - ok
13:44:39.0801 3744 [ E1466882252FF51EDDE48C3F7EDA2591 ] BthPort C:\Windows\system32\Drivers\BTHport.sys
13:44:39.0804 3744 BthPort - ok
13:44:39.0834 3744 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll
13:44:39.0835 3744 BthServ - ok
13:44:39.0857 3744 [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
13:44:39.0857 3744 BTHUSB - ok
13:44:39.0929 3744 [ 319C67F7D157EAAC519DCC5F29E929D0 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
13:44:39.0930 3744 btwaudio - ok
13:44:39.0951 3744 [ 0B79273C8C2846D28AAB936E7A2DBAAD ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
13:44:39.0952 3744 btwavdt - ok
13:44:40.0019 3744 [ 6C32A638EE80FD832418CE78E516FFA1 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
13:44:40.0041 3744 btwdins - ok
13:44:40.0100 3744 [ FDA1B5124E07003C3D0D279E5050485E ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
13:44:40.0101 3744 btwl2cap - ok
13:44:40.0115 3744 [ 47216D8B5F4042E6D0736BFA2E57B5DF ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
13:44:40.0116 3744 btwrchid - ok
13:44:40.0147 3744 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:44:40.0148 3744 cdfs - ok
13:44:40.0179 3744 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:44:40.0179 3744 cdrom - ok
13:44:40.0202 3744 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
13:44:40.0203 3744 CertPropSvc - ok
13:44:40.0221 3744 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:44:40.0222 3744 circlass - ok
13:44:40.0250 3744 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
13:44:40.0256 3744 CLFS - ok
13:44:40.0334 3744 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:44:40.0336 3744 clr_optimization_v2.0.50727_32 - ok
13:44:40.0381 3744 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:44:40.0383 3744 clr_optimization_v2.0.50727_64 - ok
13:44:40.0474 3744 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:44:40.0476 3744 clr_optimization_v4.0.30319_32 - ok
13:44:40.0522 3744 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:44:40.0524 3744 clr_optimization_v4.0.30319_64 - ok
13:44:40.0567 3744 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:44:40.0567 3744 CmBatt - ok
13:44:40.0604 3744 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:44:40.0605 3744 cmdide - ok
13:44:40.0643 3744 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:44:40.0644 3744 Compbatt - ok
13:44:40.0649 3744 COMSysApp - ok
13:44:40.0843 3744 cpuz132 - ok
13:44:40.0977 3744 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:44:40.0978 3744 crcdisk - ok
13:44:41.0023 3744 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:44:41.0025 3744 CryptSvc - ok
13:44:41.0048 3744 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
13:44:41.0049 3744 ctxusbm - ok
13:44:41.0097 3744 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
13:44:41.0120 3744 DcomLaunch - ok
13:44:41.0147 3744 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:44:41.0148 3744 DfsC - ok
13:44:41.0242 3744 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
13:44:41.0326 3744 DFSR - ok
13:44:41.0380 3744 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:44:41.0385 3744 Dhcp - ok
13:44:41.0424 3744 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
13:44:41.0425 3744 disk - ok
13:44:41.0467 3744 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:44:41.0469 3744 Dnscache - ok
13:44:41.0556 3744 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
13:44:41.0560 3744 DockLoginService - ok
13:44:41.0590 3744 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
13:44:41.0597 3744 dot3svc - ok
13:44:41.0621 3744 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
13:44:41.0626 3744 DPS - ok
13:44:41.0669 3744 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:44:41.0670 3744 drmkaud - ok
13:44:41.0710 3744 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:44:41.0714 3744 DXGKrnl - ok
13:44:41.0786 3744 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
13:44:41.0788 3744 e1express - ok
13:44:41.0834 3744 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
13:44:41.0835 3744 E1G60 - ok
13:44:41.0858 3744 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
13:44:41.0859 3744 EapHost - ok
13:44:41.0897 3744 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
13:44:41.0898 3744 Ecache - ok
13:44:41.0929 3744 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:44:41.0934 3744 ehRecvr - ok
13:44:41.0955 3744 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
13:44:41.0957 3744 ehSched - ok
13:44:41.0979 3744 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
13:44:41.0980 3744 ehstart - ok
13:44:42.0029 3744 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:44:42.0031 3744 elxstor - ok
13:44:42.0064 3744 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:44:42.0070 3744 EMDMgmt - ok
13:44:42.0086 3744 [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:44:42.0087 3744 ErrDev - ok
13:44:42.0132 3744 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
13:44:42.0137 3744 EventSystem - ok
13:44:42.0206 3744 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
13:44:42.0207 3744 exfat - ok
13:44:42.0252 3744 [ E7F412035B832013FA32F412246C5BFF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
13:44:42.0254 3744 FACAP - ok
13:44:42.0396 3744 [ 4CD1D92DBF3BF28D43CFB98DFB91B7AB ] FAService C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
13:44:42.0414 3744 FAService - ok
13:44:42.0473 3744 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:44:42.0475 3744 fastfat - ok
13:44:42.0513 3744 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:44:42.0514 3744 fdc - ok
13:44:42.0550 3744 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
13:44:42.0552 3744 fdPHost - ok
13:44:42.0560 3744 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
13:44:42.0561 3744 FDResPub - ok
13:44:42.0568 3744 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:44:42.0569 3744 FileInfo - ok
13:44:42.0591 3744 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:44:42.0591 3744 Filetrace - ok
13:44:42.0669 3744 [ 7A7F1D1C598C5C8B21CEAAAB892B9FB8 ] FlipShare Service C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
13:44:42.0691 3744 FlipShare Service - ok
13:44:42.0722 3744 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:44:42.0723 3744 flpydisk - ok
13:44:42.0764 3744 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:44:42.0766 3744 FltMgr - ok
13:44:42.0846 3744 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
13:44:42.0887 3744 FontCache - ok
13:44:42.0971 3744 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:44:42.0972 3744 FontCache3.0.0.0 - ok
13:44:43.0006 3744 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:44:43.0006 3744 Fs_Rec - ok
13:44:43.0035 3744 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:44:43.0036 3744 gagp30kx - ok
13:44:43.0058 3744 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:44:43.0059 3744 GEARAspiWDM - ok
13:44:43.0110 3744 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
13:44:43.0111 3744 GoToAssist - ok
13:44:43.0152 3744 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
13:44:43.0174 3744 gpsvc - ok
13:44:43.0287 3744 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:44:43.0289 3744 gupdate - ok
13:44:43.0302 3744 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:44:43.0303 3744 gupdatem - ok
13:44:43.0344 3744 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:44:43.0349 3744 HDAudBus - ok
13:44:43.0401 3744 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:44:43.0402 3744 HidBth - ok
13:44:43.0437 3744 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:44:43.0438 3744 HidIr - ok
13:44:43.0459 3744 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
13:44:43.0460 3744 hidserv - ok
13:44:43.0487 3744 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:44:43.0487 3744 HidUsb - ok
13:44:43.0503 3744 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
13:44:43.0505 3744 hkmsvc - ok
13:44:43.0540 3744 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:44:43.0541 3744 HpCISSs - ok
13:44:43.0585 3744 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:44:43.0588 3744 HTTP - ok
13:44:43.0617 3744 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:44:43.0618 3744 i2omp - ok
13:44:43.0643 3744 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:44:43.0644 3744 i8042prt - ok
13:44:43.0669 3744 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:44:43.0672 3744 iaStorV - ok
13:44:43.0755 3744 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:44:43.0756 3744 IDriverT - ok
13:44:43.0822 3744 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:44:43.0844 3744 idsvc - ok
13:44:43.0882 3744 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:44:43.0883 3744 iirsp - ok
13:44:43.0933 3744 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
13:44:43.0955 3744 IKEEXT - ok
13:44:43.0989 3744 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
13:44:43.0990 3744 intelide - ok
13:44:44.0016 3744 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:44:44.0017 3744 intelppm - ok
13:44:44.0034 3744 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:44:44.0036 3744 IPBusEnum - ok
13:44:44.0069 3744 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:44:44.0070 3744 IpFilterDriver - ok
13:44:44.0096 3744 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:44:44.0100 3744 iphlpsvc - ok
13:44:44.0104 3744 IpInIp - ok
13:44:44.0121 3744 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:44:44.0121 3744 IPMIDRV - ok
13:44:44.0150 3744 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:44:44.0151 3744 IPNAT - ok
13:44:44.0187 3744 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:44:44.0206 3744 iPod Service - ok
13:44:44.0260 3744 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:44:44.0261 3744 IRENUM - ok
13:44:44.0295 3744 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:44:44.0296 3744 isapnp - ok
13:44:44.0325 3744 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:44:44.0327 3744 iScsiPrt - ok
13:44:44.0354 3744 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:44:44.0355 3744 iteatapi - ok
13:44:44.0401 3744 [ 5FEF11C18EC25CDCB27E6C8680690B69 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
13:44:44.0402 3744 itecir - ok
13:44:44.0434 3744 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:44:44.0435 3744 iteraid - ok
13:44:44.0475 3744 [ EB5C7891B9E6E4A1A4428F2160B12B53 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
13:44:44.0476 3744 k57nd60a - ok
13:44:44.0493 3744 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:44:44.0494 3744 kbdclass - ok
13:44:44.0521 3744 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:44:44.0521 3744 kbdhid - ok
13:44:44.0543 3744 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
13:44:44.0544 3744 KeyIso - ok
13:44:44.0584 3744 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:44:44.0587 3744 KSecDD - ok
13:44:44.0604 3744 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:44:44.0605 3744 ksthunk - ok
13:44:44.0636 3744 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
13:44:44.0642 3744 KtmRm - ok
13:44:44.0672 3744 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:44:44.0676 3744 LanmanServer - ok
13:44:44.0696 3744 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:44:44.0700 3744 LanmanWorkstation - ok
13:44:44.0727 3744 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:44:44.0728 3744 lltdio - ok
13:44:44.0767 3744 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:44:44.0774 3744 lltdsvc - ok
13:44:44.0793 3744 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:44:44.0795 3744 lmhosts - ok
13:44:44.0814 3744 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:44:44.0815 3744 LSI_FC - ok
13:44:44.0834 3744 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:44:44.0835 3744 LSI_SAS - ok
13:44:44.0844 3744 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:44:44.0846 3744 LSI_SCSI - ok
13:44:44.0867 3744 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
13:44:44.0869 3744 luafv - ok
13:44:44.0898 3744 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:44:44.0901 3744 Mcx2Svc - ok
13:44:44.0927 3744 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
13:44:44.0928 3744 megasas - ok
13:44:44.0963 3744 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
13:44:44.0967 3744 MegaSR - ok
13:44:45.0048 3744 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:44:45.0050 3744 Microsoft Office Groove Audit Service - ok
13:44:45.0069 3744 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
13:44:45.0071 3744 MMCSS - ok
13:44:45.0099 3744 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
13:44:45.0099 3744 Modem - ok
13:44:45.0129 3744 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:44:45.0130 3744 monitor - ok
13:44:45.0187 3744 [ 36AC4DECEAE4226A5B5DD038C49658E1 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
13:44:45.0192 3744 MotoHelper - ok
13:44:45.0214 3744 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:44:45.0216 3744 mouclass - ok
13:44:45.0242 3744 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:44:45.0243 3744 mouhid - ok
13:44:45.0266 3744 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:44:45.0270 3744 MountMgr - ok
13:44:45.0353 3744 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:44:45.0356 3744 MozillaMaintenance - ok
13:44:45.0388 3744 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
13:44:45.0390 3744 mpio - ok
13:44:45.0406 3744 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:44:45.0407 3744 mpsdrv - ok
13:44:45.0452 3744 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
13:44:45.0475 3744 MpsSvc - ok
13:44:45.0524 3744 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:44:45.0525 3744 Mraid35x - ok
13:44:45.0549 3744 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:44:45.0550 3744 MRxDAV - ok
13:44:45.0582 3744 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:44:45.0583 3744 mrxsmb - ok
13:44:45.0608 3744 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:44:45.0609 3744 mrxsmb10 - ok
13:44:45.0622 3744 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:44:45.0623 3744 mrxsmb20 - ok
13:44:45.0646 3744 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
13:44:45.0647 3744 msahci - ok
13:44:45.0669 3744 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:44:45.0669 3744 msdsm - ok
13:44:45.0693 3744 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
13:44:45.0695 3744 MSDTC - ok
13:44:45.0730 3744 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:44:45.0731 3744 Msfs - ok
13:44:45.0754 3744 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:44:45.0755 3744 msisadrv - ok
13:44:45.0782 3744 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:44:45.0785 3744 MSiSCSI - ok
13:44:45.0788 3744 msiserver - ok
13:44:45.0836 3744 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:44:45.0836 3744 MSKSSRV - ok
13:44:45.0873 3744 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:44:45.0873 3744 MSPCLOCK - ok
13:44:45.0888 3744 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:44:45.0889 3744 MSPQM - ok
13:44:45.0935 3744 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:44:45.0937 3744 MsRPC - ok
13:44:45.0949 3744 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:44:45.0949 3744 mssmbios - ok
13:44:45.0972 3744 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:44:45.0973 3744 MSTEE - ok
13:44:45.0998 3744 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
13:44:45.0999 3744 Mup - ok
13:44:46.0031 3744 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
13:44:46.0037 3744 napagent - ok
13:44:46.0087 3744 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:44:46.0088 3744 NativeWifiP - ok
13:44:46.0144 3744 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:44:46.0148 3744 NDIS - ok
13:44:46.0172 3744 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:44:46.0172 3744 NdisTapi - ok
13:44:46.0189 3744 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:44:46.0189 3744 Ndisuio - ok
13:44:46.0227 3744 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:44:46.0229 3744 NdisWan - ok
13:44:46.0235 3744 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:44:46.0236 3744 NDProxy - ok
13:44:46.0249 3744 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:44:46.0250 3744 NetBIOS - ok
13:44:46.0288 3744 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:44:46.0290 3744 netbt - ok
13:44:46.0332 3744 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
13:44:46.0333 3744 Netlogon - ok
13:44:46.0356 3744 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
13:44:46.0364 3744 Netman - ok
13:44:46.0400 3744 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
13:44:46.0405 3744 netprofm - ok
13:44:46.0469 3744 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:44:46.0471 3744 NetTcpPortSharing - ok
13:44:46.0600 3744 [ F17EDA58C8C5B1A4F873B322729168FF ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
13:44:46.0626 3744 NETw5v64 - ok
13:44:46.0662 3744 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:44:46.0663 3744 nfrd960 - ok
13:44:46.0690 3744 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
13:44:46.0693 3744 NlaSvc - ok
13:44:46.0723 3744 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:44:46.0724 3744 Npfs - ok
13:44:46.0740 3744 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
13:44:46.0742 3744 nsi - ok
13:44:46.0755 3744 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:44:46.0756 3744 nsiproxy - ok
13:44:46.0810 3744 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:44:46.0819 3744 Ntfs - ok
13:44:46.0831 3744 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
13:44:46.0832 3744 Null - ok
13:44:46.0847 3744 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:44:46.0848 3744 nvraid - ok
13:44:46.0870 3744 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:44:46.0871 3744 nvstor - ok
13:44:46.0887 3744 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:44:46.0888 3744 nv_agp - ok
13:44:46.0892 3744 NwlnkFlt - ok
13:44:46.0896 3744 NwlnkFwd - ok
13:44:46.0935 3744 [ D09CC91E92FD1FF81AF3A14BE2CBB20D ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
13:44:46.0936 3744 OA001Ufd - ok
13:44:46.0956 3744 [ A42CB6914AD67E1584E807CE53F1E62C ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
13:44:46.0958 3744 OA001Vid - ok
13:44:47.0026 3744 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:44:47.0034 3744 odserv - ok
13:44:47.0078 3744 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:44:47.0079 3744 ohci1394 - ok
13:44:47.0103 3744 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:44:47.0106 3744 ose - ok
13:44:47.0150 3744 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:44:47.0178 3744 p2pimsvc - ok
13:44:47.0233 3744 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
13:44:47.0247 3744 p2psvc - ok
13:44:47.0290 3744 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
13:44:47.0292 3744 Parport - ok
13:44:47.0332 3744 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:44:47.0334 3744 partmgr - ok
13:44:47.0360 3744 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
13:44:47.0365 3744 PcaSvc - ok
13:44:47.0388 3744 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
13:44:47.0391 3744 pci - ok
13:44:47.0412 3744 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
13:44:47.0413 3744 pciide - ok
13:44:47.0457 3744 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:44:47.0460 3744 pcmcia - ok
13:44:47.0519 3744 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:44:47.0529 3744 PEAUTH - ok
13:44:47.0623 3744 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:44:47.0627 3744 PerfHost - ok
13:44:47.0692 3744 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
13:44:47.0760 3744 pla - ok
13:44:47.0775 3744 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:44:47.0780 3744 PlugPlay - ok
13:44:47.0815 3744 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:44:47.0820 3744 PNRPAutoReg - ok
13:44:47.0843 3744 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:44:47.0848 3744 PNRPsvc - ok
13:44:47.0882 3744 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:44:47.0891 3744 PolicyAgent - ok
13:44:47.0917 3744 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:44:47.0918 3744 PptpMiniport - ok
13:44:47.0943 3744 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
13:44:47.0943 3744 Processor - ok
13:44:47.0967 3744 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
13:44:47.0971 3744 ProfSvc - ok
13:44:47.0987 3744 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
13:44:47.0988 3744 ProtectedStorage - ok
13:44:48.0022 3744 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:44:48.0023 3744 PSched - ok
13:44:48.0058 3744 [ 46851BC18322DA70F3F2299A1007C479 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
13:44:48.0058 3744 PxHlpa64 - ok
13:44:48.0089 3744 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:44:48.0096 3744 ql2300 - ok
13:44:48.0107 3744 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:44:48.0108 3744 ql40xx - ok
13:44:48.0118 3744 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
13:44:48.0123 3744 QWAVE - ok
13:44:48.0128 3744 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:44:48.0128 3744 QWAVEdrv - ok
13:44:48.0262 3744 [ 4BA27D602D5B74375E4D2F9622C9B114 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
13:44:48.0290 3744 R300 - ok
13:44:48.0307 3744 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:44:48.0308 3744 RasAcd - ok
13:44:48.0323 3744 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
13:44:48.0326 3744 RasAuto - ok
13:44:48.0358 3744 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:44:48.0359 3744 Rasl2tp - ok
13:44:48.0377 3744 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
13:44:48.0383 3744 RasMan - ok
13:44:48.0401 3744 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:44:48.0401 3744 RasPppoe - ok
13:44:48.0414 3744 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:44:48.0414 3744 RasSstp - ok
13:44:48.0443 3744 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:44:48.0445 3744 rdbss - ok
13:44:48.0465 3744 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:44:48.0465 3744 RDPCDD - ok
13:44:48.0499 3744 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:44:48.0501 3744 rdpdr - ok
13:44:48.0505 3744 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:44:48.0506 3744 RDPENCDD - ok
13:44:48.0549 3744 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:44:48.0551 3744 RDPWD - ok
13:44:48.0570 3744 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:44:48.0573 3744 RemoteAccess - ok
13:44:48.0593 3744 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:44:48.0598 3744 RemoteRegistry - ok
13:44:48.0641 3744 [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:44:48.0643 3744 RFCOMM - ok
13:44:48.0675 3744 [ D13D70FAC45FC1DF69F88559B1F72F0A ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
13:44:48.0676 3744 rimmptsk - ok
13:44:48.0695 3744 [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
13:44:48.0696 3744 rimsptsk - ok
13:44:48.0703 3744 RimUsb - ok
13:44:48.0753 3744 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
13:44:48.0753 3744 RimVSerPort - ok
13:44:48.0777 3744 [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
13:44:48.0778 3744 rismxdp - ok
13:44:48.0804 3744 [ CF1EEE81FD32238FC51ADCA9F2266B7D ] RLDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\livecamv.sys
13:44:48.0805 3744 RLDesignVirtualAudioCableWdm - ok
13:44:48.0840 3744 [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
13:44:48.0840 3744 ROOTMODEM - ok
13:44:48.0863 3744 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
13:44:48.0865 3744 RpcLocator - ok
13:44:48.0898 3744 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
13:44:48.0905 3744 RpcSs - ok
13:44:48.0931 3744 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:44:48.0932 3744 rspndr - ok
13:44:48.0943 3744 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
13:44:48.0944 3744 SamSs - ok
13:44:48.0964 3744 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:44:48.0965 3744 sbp2port - ok
13:44:48.0997 3744 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:44:49.0002 3744 SCardSvr - ok
13:44:49.0035 3744 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
13:44:49.0058 3744 Schedule - ok
13:44:49.0101 3744 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:44:49.0102 3744 SCPolicySvc - ok
13:44:49.0135 3744 [ BE100BC2BE2513314C717BB2C4CFFF10 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
13:44:49.0136 3744 sdbus - ok
13:44:49.0153 3744 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:44:49.0157 3744 SDRSVC - ok
13:44:49.0170 3744 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:44:49.0171 3744 secdrv - ok
13:44:49.0187 3744 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
13:44:49.0190 3744 seclogon - ok
13:44:49.0195 3744 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
13:44:49.0199 3744 SENS - ok
13:44:49.0214 3744 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
13:44:49.0215 3744 Serenum - ok
13:44:49.0240 3744 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
13:44:49.0241 3744 Serial - ok
13:44:49.0262 3744 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:44:49.0263 3744 sermouse - ok
13:44:49.0290 3744 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
13:44:49.0295 3744 SessionEnv - ok
13:44:49.0323 3744 [ 3A19C899BCF0EA24CFEC2038E6A489DB ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
13:44:49.0324 3744 sffdisk - ok
13:44:49.0348 3744 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:44:49.0350 3744 sffp_mmc - ok
13:44:49.0370 3744 [ FDCA63A2EEE528585EB66CEAC183EC22 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
13:44:49.0370 3744 sffp_sd - ok
13:44:49.0397 3744 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:44:49.0397 3744 sfloppy - ok
13:44:49.0425 3744 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:44:49.0465 3744 SharedAccess - ok
13:44:49.0617 3744 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:44:49.0648 3744 ShellHWDetection - ok
13:44:49.0666 3744 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:44:49.0667 3744 SiSRaid2 - ok
13:44:49.0679 3744 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:44:49.0680 3744 SiSRaid4 - ok
13:44:49.0726 3744 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:44:49.0728 3744 SkypeUpdate - ok
13:44:49.0800 3744 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
13:44:49.0856 3744 slsvc - ok
13:44:49.0875 3744 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:44:49.0877 3744 SLUINotify - ok
13:44:49.0902 3744 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:44:49.0903 3744 Smb - ok
13:44:49.0930 3744 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:44:49.0932 3744 SNMPTRAP - ok
13:44:49.0952 3744 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
13:44:49.0953 3744 spldr - ok
13:44:49.0972 3744 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
13:44:49.0978 3744 Spooler - ok
13:44:50.0011 3744 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
13:44:50.0015 3744 srv - ok
13:44:50.0031 3744 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:44:50.0032 3744 srv2 - ok
13:44:50.0041 3744 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:44:50.0043 3744 srvnet - ok
13:44:50.0050 3744 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:44:50.0055 3744 SSDPSRV - ok
13:44:50.0092 3744 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:44:50.0096 3744 SstpSvc - ok
13:44:50.0177 3744 [ C5DF63AE2693C9B6B01B4A2E6C1C64AC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
13:44:50.0181 3744 STacSV - ok
13:44:50.0222 3744 [ BA16447226ABFD342E130D2F24F73D32 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
13:44:50.0225 3744 STHDA - ok
13:44:50.0267 3744 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
13:44:50.0289 3744 stisvc - ok
13:44:50.0353 3744 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:44:50.0355 3744 stllssvr - ok
13:44:50.0388 3744 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:44:50.0389 3744 swenum - ok
13:44:50.0412 3744 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
13:44:50.0422 3744 swprv - ok
13:44:50.0459 3744 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:44:50.0460 3744 Symc8xx - ok
13:44:50.0473 3744 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:44:50.0474 3744 Sym_hi - ok
13:44:50.0487 3744 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:44:50.0488 3744 Sym_u3 - ok
13:44:50.0511 3744 [ 79A93EC9D224B1F43C0E2F023D61DCA3 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:44:50.0513 3744 SynTP - ok
13:44:50.0555 3744 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
13:44:50.0577 3744 SysMain - ok
13:44:50.0588 3744 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:44:50.0592 3744 TabletInputService - ok
13:44:50.0616 3744 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:44:50.0623 3744 TapiSrv - ok
13:44:50.0629 3744 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
13:44:50.0631 3744 TBS - ok
13:44:50.0684 3744 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:44:50.0694 3744 Tcpip - ok
13:44:50.0750 3744 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:44:50.0761 3744 Tcpip6 - ok
13:44:50.0789 3744 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:44:50.0789 3744 tcpipreg - ok
13:44:50.0814 3744 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:44:50.0815 3744 TDPIPE - ok
13:44:50.0837 3744 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:44:50.0838 3744 TDTCP - ok
13:44:50.0879 3744 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:44:50.0880 3744 tdx - ok
13:44:50.0896 3744 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:44:50.0897 3744 TermDD - ok
13:44:50.0944 3744 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
13:44:50.0964 3744 TermService - ok
13:44:50.0978 3744 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
13:44:50.0982 3744 Themes - ok
13:44:51.0002 3744 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
13:44:51.0003 3744 THREADORDER - ok
13:44:51.0022 3744 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
13:44:51.0026 3744 TrkWks - ok
13:44:51.0062 3744 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:44:51.0064 3744 TrustedInstaller - ok
13:44:51.0095 3744 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:44:51.0096 3744 tssecsrv - ok
13:44:51.0121 3744 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:44:51.0121 3744 tunmp - ok
13:44:51.0155 3744 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:44:51.0156 3744 tunnel - ok
13:44:51.0181 3744 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:44:51.0182 3744 uagp35 - ok
13:44:51.0237 3744 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:44:51.0240 3744 udfs - ok
13:44:51.0251 3744 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:44:51.0254 3744 UI0Detect - ok
13:44:51.0289 3744 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:44:51.0290 3744 uliagpkx - ok
13:44:51.0317 3744 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:44:51.0319 3744 uliahci - ok
13:44:51.0342 3744 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:44:51.0343 3744 UlSata - ok
13:44:51.0360 3744 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:44:51.0362 3744 ulsata2 - ok
13:44:51.0373 3744 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:44:51.0374 3744 umbus - ok
13:44:51.0396 3744 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
13:44:51.0403 3744 upnphost - ok
13:44:51.0501 3744 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:44:51.0502 3744 USBAAPL64 - ok
13:44:51.0544 3744 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:44:51.0545 3744 usbaudio - ok
13:44:51.0585 3744 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:44:51.0586 3744 usbccgp - ok
13:44:51.0608 3744 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:44:51.0609 3744 usbcir - ok
13:44:51.0634 3744 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:44:51.0635 3744 usbehci - ok
13:44:51.0658 3744 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:44:51.0660 3744 usbhub - ok
13:44:51.0687 3744 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:44:51.0689 3744 usbohci - ok
13:44:51.0726 3744 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:44:51.0727 3744 usbprint - ok
13:44:51.0754 3744 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:44:51.0756 3744 usbscan - ok
13:44:51.0787 3744 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:44:51.0788 3744 USBSTOR - ok
13:44:51.0817 3744 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:44:51.0817 3744 usbuhci - ok
13:44:51.0847 3744 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
13:44:51.0849 3744 UxSms - ok
13:44:51.0880 3744 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
13:44:51.0887 3744 vds - ok
13:44:51.0905 3744 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:44:51.0906 3744 vga - ok
13:44:51.0926 3744 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:44:51.0927 3744 VgaSave - ok
13:44:51.0948 3744 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
13:44:51.0949 3744 viaide - ok
13:44:51.0984 3744 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:44:51.0985 3744 volmgr - ok
13:44:52.0017 3744 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:44:52.0019 3744 volmgrx - ok
13:44:52.0036 3744 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:44:52.0038 3744 volsnap - ok
13:44:52.0055 3744 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:44:52.0056 3744 vsmraid - ok
13:44:52.0093 3744 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
13:44:52.0126 3744 VSS - ok
13:44:52.0144 3744 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
13:44:52.0150 3744 W32Time - ok
13:44:52.0178 3744 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:44:52.0178 3744 WacomPen - ok
13:44:52.0213 3744 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:44:52.0214 3744 Wanarp - ok
13:44:52.0217 3744 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:44:52.0218 3744 Wanarpv6 - ok
13:44:52.0247 3744 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:44:52.0256 3744 wcncsvc - ok
13:44:52.0267 3744 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:44:52.0269 3744 WcsPlugInService - ok
13:44:52.0297 3744 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
13:44:52.0298 3744 Wd - ok
13:44:52.0341 3744 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:44:52.0345 3744 Wdf01000 - ok
13:44:52.0350 3744 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:44:52.0352 3744 WdiServiceHost - ok
13:44:52.0357 3744 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:44:52.0359 3744 WdiSystemHost - ok
13:44:52.0365 3744 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
13:44:52.0371 3744 WebClient - ok
13:44:52.0409 3744 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:44:52.0414 3744 Wecsvc - ok
13:44:52.0420 3744 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:44:52.0424 3744 wercplsupport - ok
13:44:52.0430 3744 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
13:44:52.0434 3744 WerSvc - ok
13:44:52.0442 3744 WinDefend - ok
13:44:52.0448 3744 WinHttpAutoProxySvc - ok
13:44:52.0522 3744 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:44:52.0526 3744 Winmgmt - ok
13:44:52.0592 3744 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
13:44:52.0636 3744 WinRM - ok
13:44:52.0667 3744 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:44:52.0680 3744 Wlansvc - ok
13:44:52.0708 3744 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:44:52.0709 3744 WmiAcpi - ok
13:44:52.0748 3744 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:44:52.0752 3744 wmiApSrv - ok
13:44:52.0778 3744 WMPNetworkSvc - ok
13:44:52.0801 3744 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:44:52.0806 3744 WPCSvc - ok
13:44:52.0822 3744 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:44:52.0826 3744 WPDBusEnum - ok
13:44:52.0859 3744 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:44:52.0860 3744 WpdUsb - ok
13:44:52.0956 3744 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:44:52.0990 3744 WPFFontCache_v0400 - ok
13:44:53.0024 3744 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:44:53.0025 3744 ws2ifsl - ok
13:44:53.0047 3744 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
13:44:53.0050 3744 wscsvc - ok
13:44:53.0054 3744 WSearch - ok
13:44:53.0138 3744 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:44:53.0193 3744 wuauserv - ok
13:44:53.0231 3744 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:44:53.0232 3744 WUDFRd - ok
13:44:53.0249 3744 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:44:53.0252 3744 wudfsvc - ok
13:44:53.0274 3744 ================ Scan global ===============================
13:44:53.0293 3744 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
13:44:53.0325 3744 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
13:44:53.0354 3744 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
13:44:53.0393 3744 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
13:44:53.0415 3744 [Global] - ok
13:44:53.0416 3744 ================ Scan MBR ==================================
13:44:53.0452 3744 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:44:53.0798 3744 \Device\Harddisk0\DR0 - ok
13:44:53.0799 3744 ================ Scan VBR ==================================
13:44:53.0823 3744 [ 66416716161E82E4DED96B90B497641A ] \Device\Harddisk0\DR0\Partition1
13:44:53.0824 3744 \Device\Harddisk0\DR0\Partition1 - ok
13:44:53.0827 3744 [ DCC46B497BE63AC624C559AE53B532F2 ] \Device\Harddisk0\DR0\Partition2
13:44:53.0828 3744 \Device\Harddisk0\DR0\Partition2 - ok
13:44:53.0829 3744 ============================================================
13:44:53.0829 3744 Scan finished
13:44:53.0829 3744 ============================================================
13:44:53.0837 4736 Detected object count: 0
13:44:53.0837 4736 Actual detected object count: 0
13:45:02.0188 0776 Deinitialize success


asw:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-30 14:25:38
-----------------------------
14:25:38.923 OS Version: Windows x64 6.0.6002 Service Pack 2
14:25:38.923 Number of processors: 2 586 0x170A
14:25:38.938 ComputerName: SCOTT-LAPTOP UserName: Scott
14:25:41.325 Initialize success
14:25:55.069 AVAST engine defs: 12113000
14:25:56.239 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:25:56.239 Disk 0 Vendor: WDC_WD5000BEVT-75ZAT0 01.01A01 Size: 476940MB BusType: 3
14:25:56.254 Disk 0 MBR read successfully
14:25:56.254 Disk 0 MBR scan
14:25:56.286 Disk 0 Windows VISTA default MBR code
14:25:56.301 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 149 MB offset 63
14:25:56.317 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 307200
14:25:56.332 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461429 MB offset 31764480
14:25:56.348 Disk 0 scanning C:\Windows\system32\drivers
14:26:05.739 Service scanning
14:26:26.222 Modules scanning
14:26:26.222 Disk 0 trace - called modules:
14:26:26.253 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:26:26.253 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004deb060]
14:26:26.269 3 CLASSPNP.SYS[fffffa6000fd0c33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b81940]
14:26:28.921 AVAST engine scan C:\Windows
14:26:33.227 AVAST engine scan C:\Windows\system32
14:30:23.422 AVAST engine scan C:\Windows\system32\drivers
14:30:36.900 AVAST engine scan C:\Users\Scott
14:49:21.652 File: C:\Users\Scott\Documents\Lap Top\Google Updater.exe **INFECTED** Win32:Malware-gen
15:07:12.224 AVAST engine scan C:\ProgramData
15:10:16.571 Scan finished successfully
15:40:25.449 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat"
15:40:25.449 The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt"


eset:
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e2a97cc7340c914d9466ae49ca424240
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-30 06:45:57
# local_time=2012-11-30 01:45:57 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 56 0 190899863 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e2a97cc7340c914d9466ae49ca424240
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-30 06:48:14
# local_time=2012-11-30 01:48:14 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 56 0 190900000 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
esets_scanner_update returned -1 esets_gle=53251

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:51 AM

Posted 30 November 2012 - 05:28 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 Amy Bennett

Amy Bennett
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 30 November 2012 - 08:42 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.30.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Scott :: SCOTT-LAPTOP [administrator]

11/30/2012 5:46:36 PM
mbam-log-2012-11-30 (17-46-36).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 448595
Time elapsed: 1 hour(s), 9 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{0e32fcd4-7f06-4768-9f2b-869dc2ffffae} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKCR\TypeLib\{af25082c-7883-4ac5-9d15-784f3cfc78df} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKCR\Interface\{7906EEF8-33D6-442A-A07A-11A9A5701935} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKCR\GuffinsInstaller.Start.1 (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKCR\GuffinsInstaller.Start (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E32FCD4-7F06-4768-9F2B-869DC2FFFFAE} (PUP.FunWebProducts) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\GuffinsEI\Installr\1.bin\u4EZSETP.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.

(end)


MiniToolBox by Farbar Version: 25-11-2012
Ran by Scott (administrator) on 30-11-2012 at 20:40:22
Running from "C:\Users\Scott\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Scott-Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-24-2B-FB-A4-33
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-22-FB-4C-AA-7A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c8fc:a87e:d45:e322%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, November 30, 2012 8:31:32 PM
Lease Expires . . . . . . . . . . : Friday, November 30, 2012 9:31:32 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 201335547
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-03-C4-82-00-22-19-EC-1A-AC
DNS Servers . . . . . . . . . . . : 208.104.244.45
208.104.2.36
208.104.2.85
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-22-19-EC-1A-AC
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1EB01BD6-381A-4E54-A0B1-E8CCB52F5B84}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:203c:305e:3f57:fffc(Preferred)
Link-local IPv6 Address . . . . . : fe80::203c:305e:3f57:fffc%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1801E0EC-8352-4FDE-B370-5B4414A0178E}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2DD4DCBB-FB6D-4763-B4A3-ECA537321164}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: ns1.comporium.net
Address: 208.104.244.45

Name: google.com
Addresses: 2607:f8b0:4004:800::1001
74.125.228.7
74.125.228.8
74.125.228.9
74.125.228.14
74.125.228.0
74.125.228.1
74.125.228.2
74.125.228.3
74.125.228.4
74.125.228.5
74.125.228.6



Pinging google.com [74.125.228.6] with 32 bytes of data:

Reply from 74.125.228.6: bytes=32 time=33ms TTL=54

Reply from 74.125.228.6: bytes=32 time=53ms TTL=54



Ping statistics for 74.125.228.6:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 53ms, Average = 43ms

Server: ns1.comporium.net
Address: 208.104.244.45

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=160ms TTL=47

Reply from 98.138.253.109: bytes=32 time=199ms TTL=46



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 160ms, Maximum = 199ms, Average = 179ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
14 ...00 24 2b fb a4 33 ...... Bluetooth Device (Personal Area Network)
12 ...00 22 fb 4c aa 7a ...... Intel® WiFi Link 5100 AGN
11 ...00 22 19 ec 1a ac ...... Broadcom NetLink ™ Gigabit Ethernet
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.{1EB01BD6-381A-4E54-A0B1-E8CCB52F5B84}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
16 ...00 00 00 00 00 00 00 e0 isatap.{1801E0EC-8352-4FDE-B370-5B4414A0178E}
26 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
18 ...00 00 00 00 00 00 00 e0 isatap.{2DD4DCBB-FB6D-4763-B4A3-ECA537321164}
19 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.3 281
192.168.0.3 255.255.255.255 On-link 192.168.0.3 281
192.168.0.255 255.255.255.255 On-link 192.168.0.3 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.3 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.3 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:9d38:953c:203c:305e:3f57:fffc/128
On-link
12 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::203c:305e:3f57:fffc/128
On-link
12 281 fe80::c8fc:a87e:d45:e322/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [44032] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/14/2012 06:48:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/13/2012 09:25:26 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 225 seconds with 60 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2012-11-30 18:56:04.984
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.

Date: 2012-11-30 18:56:04.844
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.

Date: 2012-11-30 18:56:04.652
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.

Date: 2012-11-30 18:56:04.510
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.

Date: 2012-11-30 18:56:04.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.

Date: 2012-11-30 18:56:04.223
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.

Date: 2012-11-30 18:55:37.732
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-30 18:55:37.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-30 18:55:37.412
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-30 18:55:37.276
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Apple Mobile Device Support (Version: 6.0.0.59)
Bonjour (Version: 3.0.0.10)
ccc-utility64 (Version: 2009.0422.2238.38828)
Dell Dock (Version: 1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 12.0.1.0)
Dropbox (Version: 1.4.7)
Facebook Plug-In
FastAccess (Version: 2.2.13.1)
Free Realms
GameXN GO
iCloud (Version: 1.1.0.40)
Integrated Webcam Driver (1.05.02.1227) (Version: 1.05.02.1227)
iTunes (Version: 10.7.0.21)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
MobileMe Control Panel (Version: 3.1.8.0)
Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1)
Move Media Player
Quickset (Version: 9.2.13)
Spotify (Version: 0.8.5.1333.g822e0de8)
Torch (Version: 2.0.0.1705)
Verizon Wireless Download Manager 2.2.7-SNAPSHOT-r10935 (Version: 2.2.7-SNAPSHOT-r10935)
WIDCOMM Bluetooth Software 6.1.0.4402 (Version: 6.1.0.4402)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 4089.95 MB
Available physical RAM: 2289.72 MB
Total Pagefile: 8355.18 MB
Available Pagefile: 6280.55 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.7 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:450.61 GB) (Free:307.73 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.42 GB) NTFS

========================= Users: ========================================

User accounts for \\SCOTT-LAPTOP

Administrator Guest Scott

========================= Restore Points ==================================

29-11-2012 22:44:40 Scheduled Checkpoint
30-11-2012 18:12:40 Scheduled Checkpoint

**** End of log ****


Farbar Service Scanner Version: 09-11-2012
Ran by Scott (administrator) on 30-11-2012 at 20:29:17
Running from "C:\Users\Scott\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-12-04 13:42] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 17:05] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-08 14:35] - [2012-03-30 07:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-12 14:07] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-12-04 13:42] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-12-04 13:41] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-12-04 13:42] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-12-04 13:41] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-12-04 13:42] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-12-04 13:43] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-12-04 13:42] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-10-10 05:46] - [2012-06-01 19:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-12-04 13:43] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

# AdwCleaner v2.010 - Logfile created 11/30/2012 at 20:30:02
# Updated 29/11/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Scott - SCOTT-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Scott\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\ConduitEngine
Deleted on reboot : C:\Program Files (x86)\PageRage
Deleted on reboot : C:\Program Files (x86)\Swag_Bucks
Deleted on reboot : C:\Users\Scott\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Scott\AppData\LocalLow\ConduitEngine
Deleted on reboot : C:\Users\Scott\AppData\LocalLow\FunWebProducts
Deleted on reboot : C:\Users\Scott\AppData\LocalLow\MyWebSearch
Deleted on reboot : C:\Users\Scott\AppData\LocalLow\PageRage
Deleted on reboot : C:\Users\Scott\AppData\LocalLow\Swag_Bucks
Deleted on reboot : C:\Users\Scott\AppData\LocalLow\Toolbar4
File Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tsvqro7u.default\searchplugins\my-web-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\PageRage
Key Deleted : HKCU\Software\AppDataLow\Software\Swag_Bucks
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PageRage Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Swag_Bucks Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9565115D-C7D6-46D3-BD63-B67B481A4368}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9565115D-C7D6-46D3-BD63-B67B481A4368}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87321327-CB25-451A-9F8A-16B6B8585E24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3340B4F-DB0E-4385-97DC-894668191DBE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\PageRage
Key Deleted : HKLM\Software\Swag_Bucks
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{87321327-CB25-451A-9F8A-16B6B8585E24}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9565115D-C7D6-46D3-BD63-B67B481A4368}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3340B4F-DB0E-4385-97DC-894668191DBE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2DCE7040-1006-4D69-BF78-42163BF3DC2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C61A2C05-7E26-4BC0-B635-8C823517B0DA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9565115D-C7D6-46D3-BD63-B67B481A4368}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PageRage Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Swag_Bucks Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9565115D-C7D6-46D3-BD63-B67B481A4368}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9565115D-C7D6-46D3-BD63-B67B481A4368}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{9565115D-C7D6-46D3-BD63-B67B481A4368}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9565115D-C7D6-46D3-BD63-B67B481A4368}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tsvqro7u.default\prefs.js

C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tsvqro7u.default\user.js ... Deleted !

Deleted : user_pref("CT2418376.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2418376.CTID", "CT2418376");
Deleted : user_pref("CT2418376.CurrentServerDate", "28-10-2010");
Deleted : user_pref("CT2418376.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2418376.DownloadReferralCookieData", "");
Deleted : user_pref("CT2418376.ExternalComponentPollDate5694225620172914022", "Thu Oct 28 2010 16:16:13 GMT-04[...]
Deleted : user_pref("CT2418376.FirstServerDate", "28-10-2010");
Deleted : user_pref("CT2418376.FirstTime", true);
Deleted : user_pref("CT2418376.FirstTimeFF3", true);
Deleted : user_pref("CT2418376.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2418376.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2418376.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2418376.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2418376.Initialize", true);
Deleted : user_pref("CT2418376.InitializeCommonPrefs", true);
Deleted : user_pref("CT2418376.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2418376.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2418376.InstalledDate", "Thu Oct 28 2010 16:16:13 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2418376.IsGrouping", false);
Deleted : user_pref("CT2418376.IsMulticommunity", false);
Deleted : user_pref("CT2418376.IsOpenThankYouPage", false);
Deleted : user_pref("CT2418376.IsOpenUninstallPage", true);
Deleted : user_pref("CT2418376.LanguagePackLastCheckTime", "Thu Oct 28 2010 16:16:13 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2418376.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2418376.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2418376.LastLogin_2.7.2.0", "Thu Oct 28 2010 16:16:13 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2418376.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT2418376.Locale", "en");
Deleted : user_pref("CT2418376.LoginCache", 4);
Deleted : user_pref("CT2418376.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2418376.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2418376.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2418376.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2418376.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2418376.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT241[...]
Deleted : user_pref("CT2418376.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2418376.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2418376.SearchInNewTabLastCheckTime", "Thu Oct 28 2010 16:16:13 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2418376.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2418376.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2418376.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2418376.SettingsLastCheckTime", "Thu Oct 28 2010 16:16:12 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2418376.SettingsLastUpdate", "1288215817");
Deleted : user_pref("CT2418376.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2418376.ThirdPartyComponentsLastCheck", "Thu Oct 28 2010 16:16:12 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2418376.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2418376.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2418376.UserID", "UN15938688022161549");
Deleted : user_pref("CT2418376.alertChannelId", "812740");
Deleted : user_pref("CT2418376.clientLogIsEnabled", true);
Deleted : user_pref("CT2418376.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2418376.myStuffEnabled", true);
Deleted : user_pref("CT2418376.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2418376.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2418376.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2418376.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2418376.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2418376");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2418376");
Deleted : user_pref("browser.search.defaultenginename", "My Web Search");
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.recentlyClosed", "{\"list\":[{\"url\":\"hxxp://s[...]
Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=C159E047[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [18748 octets] - [30/11/2012 20:30:02]

########## EOF - C:\AdwCleaner[S1].txt - [18809 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.7.0 (11.30.2012:3)
OS: Windows ™ Vista Home Premium x64
Ran by Scott on Fri 11/30/2012 at 20:33:50.29
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\Spotify Web Helper
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{8660e5b3-6c41-44de-8503-98d99bbecd41}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons.com couponbar"



~~~ FireFox

Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{1c43baf1-00c2-40a8-a09e-f84cfd79546d}
Successfully deleted the following from C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\tsvqro7u.default\prefs.js

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1249682318988},\"{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Coupons.com CouponBar\\\\firefox\\\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\\\\Coupons.com.xpi\",\"mtime\":1327598326000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1351784440543},\"{AB2CE124-6272-4b12-94A9-7303C7397BD1}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\",\"mtime\":1351784427220}}},{\"name\":\"winreg-app-user\",\"addons\":{\"moveplayer@movenetworks.com\":{\"descriptor\":\"C:\\\\Users\\\\Scott\\\\AppData\\\\Roaming\\\\Move Networks\",\"mtime\":1258051342981}}},{\"name\":\"app-profile\",\"addons\":{\"{000F1EA4-5E08-4564-A29B-29076F63A37A}\":{\"descriptor\":\"C:\\\\Users\\\\Scott\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tsvqro7u.default\\\\extensions\\\\{000F1EA4-5E08-4564-A29B-29076F63A37A}\",\"mtime\":1338852151181},\"{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\":{\"descriptor\":\"C:\\\\Users\\\\Scott\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tsvqro7u.default\\\\extensions\\\\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\",\"mtime\":1317835739670},\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\Users\\\\Scott\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tsvqro7u.default\\\\extensions\\\\{20a82645-c095-46ed-80e3-08825760534b}\",\"mtime\":1272561490793}}}]");
user_pref("extensions.toolbar.mindspark._u4Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._u4Members_.installation.installDate", "2012051219");
user_pref("extensions.toolbar.mindspark._u4Members_.installation.partnerId", "YJxdm004CVus");
user_pref("extensions.toolbar.mindspark._u4Members_.installation.partnerSubId", "");
user_pref("extensions.toolbar.mindspark._u4Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._u4Members_.installation.toolbarId", "C159E047-7810-412E-BCF1-7932E6F0D810");
user_pref("extensions.toolbar.mindspark._u4Members_.lastActivePing", "1336864047714");
user_pref("extensions.toolbar.mindspark._u4Members_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._u4Members_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._u4Members_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._u4Members_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._u4Members_.searchHistory", "register");
user_pref("extensions.toolbar.mindspark._u4Members_.weather.location", "29730");
user_pref("extensions.toolbar.mindspark.lastInstalled", "guffins@mindspark.com");
user_pref("extentions.y2layers.installId", "056c3e9a-4e9e-4a0c-b74e-aca77723f250");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/30/2012 at 20:38:18.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:51 AM

Posted 30 November 2012 - 08:53 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 Amy Bennett

Amy Bennett
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 30 November 2012 - 09:03 PM

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/30/2012 09:01:41 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Scott\Desktop\rkill\rkill-11-30-2012-09-01-46.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 11/30/2012 09:01:58 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)



"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "DownloadManagerService" "MP3 Download Manager service utility" "Verizon Wireless" "c:\program files\verizon wireless\dist\servicerunner.exe"
+ "QuickSet" "QuickSet" "Dell Inc." "c:\program files\dell\quickset\quickset.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpenh.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray64.exe"
+ "Windows Defender" "Windows Defender User Interface" "Microsoft Corporation" "c:\program files\windows defender\msascui.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "AppleSyncNotifier" "AppleSyncNotifier" "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applesyncnotifier.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "ConnectionCenter" "Citrix online plug-in Connection Center" "Citrix Systems, Inc." "c:\program files (x86)\citrix\ica client\concentr.exe"
+ "Dell Webcam Central" "Dell Webcam Central Application" "Creative Technology Ltd." "c:\program files (x86)\dell webcam\dell webcam central\webcamdell.exe"
+ "FATrayAlert" "FATrayMon" "Sensible Vision " "c:\program files (x86)\sensible vision\fast access\fatraymon.exe"
+ "FLMOFFICE4DMOUSE" "" "" "c:\program files (x86)\browser mouse\mouse32a.exe"
+ "GrooveMonitor" "GrooveMonitor Utility" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\groovemonitor.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "Microsoft Default Manager" "Microsoft Default Manager" "Microsoft Corporation" "c:\program files (x86)\microsoft\search enhancement pack\default manager\defmgr.exe"
+ "PDVDDXSrv" "CyberLink PowerDVD Resident Program" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Bluetooth.lnk" "Bluetooth Tray Application" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\bttray.exe"
"C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "" "" "c:\users\scott\appdata\roaming\microsoft\windows\start menu\programs\startup\dropbox.lnk"
+ "OneNote 2007 Screen Clipper and Launcher.lnk" "Microsoft Office OneNote Quick Launcher" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onenotem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Facebook Update" "Facebook Installer" "Facebook Inc." "c:\users\scott\appdata\local\facebook\update\facebookupdate.exe"
+ "GameXN GO" "Game Organizer" "EasyBits Software AS" "c:\programdata\gamexn\gamexngo.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\users\scott\appdata\local\google\update\googleupdate.exe"
+ "HLBackupScheduler" "" "" "c:\program files\backup assistant plus\v cast backup scheduler.exe"
+ "ISUSPM" "Macrovision Software Manager" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\updateservice\isuspm.exe"
+ "MobileDocuments" "ubd.exe" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\ubd.exe"
+ "msnmsgr" "Windows Live Messenger" "Microsoft Corporation" "c:\program files (x86)\windows live\messenger\msnmsgr.exe"
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" ""
+ "BTW Setup Wizard" "BtWizard Module" "Broadcom Corporation." "c:\windows\system32\btwizard.dll"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\scott\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "TextPad" "TextPad 64-bit shell extension DLL" "Helios Software Solutions" "c:\program files (x86)\textpad 5\system\shellext64.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll"
+ "SnagItMainShellExt" "Snagit Shell Extension DLL" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\dllx64\snagitshellext64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "SnagItMainShellExt" "Snagit Shell Extension DLL" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\snagitshellext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\scott\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll"
+ "SnagItMainShellExt" "Snagit Shell Extension DLL" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\dllx64\snagitshellext64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SnagItMainShellExt" "Snagit Shell Extension DLL" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\snagitshellext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files (x86)\filezilla ftp client\fzshellext_64.dll"
+ "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\windows\system32\btncopy.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files (x86)\filezilla ftp client\fzshellext.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\scott\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "AudibleShlExt Class" "AudibleExt Module" "Audible, Inc." "c:\program files (x86)\audible\bin\audibleext.dll"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\scott\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\scott\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\scott\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\scott\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\scott\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\scott\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\scott\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "SnagIt Toolbar Loader" "Snagit Browser Helper Object for Internet Explorer" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\dllx64\snagitbho64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bingext.dll"
+ "FAIESSOHelper Class" "FAIESSO Application" "Sensible Vision " "c:\program files (x86)\sensible vision\fast access\faiesso.dll"
+ "Groove GFS Browser Helper" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Skype Plug-In" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "SnagIt Toolbar Loader" "Snagit Browser Helper Object for Internet Explorer" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\snagitbho.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Snagit" "Snagit Add-in for Internet Explorer" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\dllx64\snagitieaddin64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bingext.dll"
+ "Snagit" "Snagit Add-in for Internet Explorer" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\snagitieaddin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
+ "Skype Plug-In" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\FacebookUpdateTaskUserS-1-5-21-922297805-385431342-3395357313-1000Core" "Facebook Installer" "Facebook Inc." "c:\users\scott\appdata\local\facebook\update\facebookupdate.exe"
+ "\FacebookUpdateTaskUserS-1-5-21-922297805-385431342-3395357313-1000UA" "Facebook Installer" "Facebook Inc." "c:\users\scott\appdata\local\facebook\update\facebookupdate.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-922297805-385431342-3395357313-1000Core" "Google Installer" "Google Inc." "c:\users\scott\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-922297805-385431342-3395357313-1000UA" "Google Installer" "Google Inc." "c:\users\scott\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Windows Defender Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\MotoHelper MUM" "MotoHelperUpdate" "" "c:\program files (x86)\motorola\motohelper\motohelperupdate.exe"
+ "\MotoHelper Routing" "MotoHelperUpdate" "" "c:\program files (x86)\motorola\motohelper\motohelperupdate.exe"
+ "\MotoHelper Update" "MotoHelperUpdate" "" "c:\program files (x86)\motorola\motohelper\motohelperupdate.exe"
+ "\Norton Security Scan for Scott" "Norton Security Scan" "Symantec Corporation" "c:\program files (x86)\norton security scan\engine\2.7.0.52\nss.exe"
+ "\{B4060762-EF9E-477C-8278-B9B17781467A}" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AESTFilters" "Andrea filters APO access service (64-bit)" "Andrea Electronics Corporation" "c:\windows\system32\driverstore\filerepository\stwrt64.inf_15f4e438\aestsr64.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bbsvc.exe"
+ "BBUpdate" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files (x86)\microsoft\bingbar\seaport.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "btwdins" "Handles installation and removal of Bluetooth devices." "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\bin\btwdins.exe"
+ "DockLoginService" "Dock Login Service" "Stardock Corporation" "c:\program files\dell\delldock\docklogin.exe"
+ "FAService" "FAService" "Sensible Vision " "c:\program files (x86)\sensible vision\fast access\faservice.exe"
+ "FlipShare Service" "FlipShare Service" "" "c:\program files (x86)\flip video\flipshare\flipshareservice.exe"
+ "GoToAssist" "Citrix GoToAssist provides remote help to this PC." "Citrix Online, a division of Citrix Systems, Inc." "c:\program files (x86)\citrix\gotoassist\514\g2aservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\1050\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveauditservice.exe"
+ "MotoHelper" "MotoHelper Service" "" "c:\program files (x86)\motorola\motohelper\motohelperservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\windows\system32\driverstore\filerepository\stwrt64.inf_15f4e438\stacsv64.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files (x86)\common files\surething shared\stllssvr.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ASPI32" "" "" "File not found: C:\Windows\System32\Drivers\ASPI32.sys"
+ "AtiHdmiService" "Ati High Definition Audio Function Driver" "ATI Research Inc." "c:\windows\system32\drivers\atihdmi.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "btwaudio" "Bluetooth Audio Device" "Broadcom Corporation." "c:\windows\system32\drivers\btwaudio.sys"
+ "btwavdt" "Broadcom Bluetooth AVDT Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwavdt.sys"
+ "btwl2cap" "Broadcom Bluetooth L2CAP Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwl2cap.sys"
+ "btwrchid" "Bluetooth Remote Control HID Minidriver" "Broadcom Corporation." "c:\windows\system32\drivers\btwrchid.sys"
+ "cpuz132" "" "" "File not found: C:\Users\Scott\AppData\Local\Temp\cpuz132\cpuz132_x64.sys"
+ "ctxusbm" "Citrix USB Filter Driver" "Citrix Systems, Inc." "c:\windows\system32\drivers\ctxusbm.sys"
+ "e1express" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1e6032e.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g6032e.sys"
+ "FACAP" "faCap WebCam Capture" "Sensible Vision " "c:\windows\system32\drivers\facap.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "itecir" "ITE Consumer IR Driver for eHome" "ITE Tech. Inc. " "c:\windows\system32\drivers\itecir.sys"
+ "k57nd60a" "Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\k57nd60a.sys"
+ "NETw5v64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v64.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "OA001Ufd" "Provides a software interface to control effects of Integrated Webcam." "Creative Technology Ltd." "c:\windows\system32\drivers\oa001ufd.sys"
+ "OA001Vid" "Provides a software interface to control Integrated Webcam." "Creative Technology Ltd." "c:\windows\system32\drivers\oa001vid.sys"
+ "PxHlpa64" "Px Engine Device Driver for 64-bit Windows" "Sonic Solutions" "c:\windows\system32\drivers\pxhlpa64.sys"
+ "R300" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "rimmptsk" "RICOH MMC Driver" "REDC" "c:\windows\system32\drivers\rimmpx64.sys"
+ "rimsptsk" "RICOH MS Driver" "REDC" "c:\windows\system32\drivers\rimspx64.sys"
+ "RimUsb" "" "" "File not found: System32\Drivers\RimUsb_AMD64.sys"
+ "RimVSerPort" "RIM Virtual Serial Driver" "Research in Motion Ltd" "c:\windows\system32\drivers\rimserial_amd64.sys"
+ "rismxdp" "RICOH xD SM Driver" "REDC" "c:\windows\system32\drivers\rixdpx64.sys"
+ "RLDesignVirtualAudioCableWdm" "" "" "c:\windows\system32\drivers\livecamv.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt64.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "msacm.lameacm" "Lame MP3 codec engine" "http://www.mp3dev.org/" "c:\windows\syswow64\lameacm.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "VIDC.FFDS" "" "" "c:\windows\syswow64\ff_vfw.dll"
+ "vidc.XVID" "" "" "c:\windows\syswow64\xvid.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "LAME Audio Encoder" "LAME Audio Encoder" "" "c:\program files\backup assistant plus\lame.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Audible Words Codec" "Audible Audio Files DirectShow Source Filter" "Audible, Inc." "c:\windows\syswow64\awrdscdc.ax"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\client\wavdest.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Tzan Filter" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cltzan.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "Flip Video Decoder" "FlipDSVideoDecoder" "MyCompanyName" "c:\program files (x86)\flip video\flipshare\flipdsvideodecoder.ax"
+ "Flip Video Decoder Mpeg4" "FlipDSVideoDecoder" "MyCompanyName" "c:\program files (x86)\flip video\flipshare\flipdsmpeg4decoder.ax"
+ "LAME Audio Encoder" "LAME Audio Encoder" "" "c:\program files\backup assistant plus\lame.ax"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MPC - MP4 Source" "MP4 Splitter" "Gabest" "c:\program files\backup assistant plus\mp4splitter.ax"
+ "MPC - MP4 Splitter" "MP4 Splitter" "Gabest" "c:\program files\backup assistant plus\mp4splitter.ax"
+ "MPC - MPEG4 Video Source" "MP4 Splitter" "Gabest" "c:\program files\backup assistant plus\mp4splitter.ax"
+ "MPC - MPEG4 Video Splitter" "MP4 Splitter" "Gabest" "c:\program files\backup assistant plus\mp4splitter.ax"
+ "PDFrameGrabFilter" "FrameGrabFilter" "" "c:\program files (x86)\flip video\flipshare\framegrabfilter.ax"
+ "PDT IPP AAC Encoder" "" "" "c:\program files (x86)\flip video\flipshare\ipp6_0_aacencoder.ax"
+ "PDT IPP H264 Encoder" "IPPH264Encoder" "" "c:\program files (x86)\flip video\flipshare\ipph264encoder.ax"
+ "PDT IPP MP4 Muxer" "IPPMP4Muxer" "" "c:\program files (x86)\flip video\flipshare\ippmp4muxer.ax"
+ "PDT IPP MP4 Splitter" "IPPMp4Splitter" "" "c:\program files (x86)\flip video\flipshare\ippmp4splitter.ax"
+ "PDT IPP MPEG Audio Decoder" "IPPMPEGAudioDecoder" "" "c:\program files (x86)\flip video\flipshare\ippmpegaudiodecoder.ax"
+ "PDT Resize and Letterbox Filter" "PurpleComposite" "" "c:\program files (x86)\flip video\flipshare\purplecomposite.ax"
+ "PNG Source" "" "" "c:\program files\backup assistant plus\pngsource.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "XviD MPEG-4 Video Decoder" "" "" "c:\windows\syswow64\xvid.ax"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "FACredProv" "FACredProv Application" "Sensible Vision " "c:\windows\system32\facredprov.dll"
+ "FACredProv2" "FACredProv2 Application" "Sensible Vision " "c:\windows\system32\facredprov2.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" "" "" ""
+ "FACredProvFilter" "FACredProv Application" "Sensible Vision " "c:\windows\system32\facredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "GoToAssist" "" "" "File not found: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Epson Inbox Language Monitor" "EPSON Printer Driver" "SEIKO EPSON CORPORATION" "c:\windows\system32\ep0slm00.dll"
+ "SUGO3 Langmon" "Language Monitor for Status Monitor" "" "c:\windows\system32\sugo3l6.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
+ "FAPassSync" "" "" "File not found: FAPassSync"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:51 AM

Posted 30 November 2012 - 09:08 PM

Current issues?

#9 Amy Bennett

Amy Bennett
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 30 November 2012 - 09:21 PM

Looks clean to me! Thank you!!!

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:51 AM

Posted 30 November 2012 - 10:29 PM

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users