Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infamous 0x80070424


  • Please log in to reply
11 replies to this topic

#1 F F

F F

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 12 December 2012 - 08:43 PM

Mod Edit:Moved from WIN7 to Am I INfected~~ boopme

Hello!

I was trying to activate Windows Firewall through the Windows Security Center earlier tonight and ran into this error message. I did some research and found some other topics on this forum discussing this issue and since I am now faced with it also, I have posted it here and will include information that might possibly aid in the resolution of this problem.

I have an ASUS laptop with an Intel duel core i7-2640M 2.8 ghz, 8 gb of ram, 673 gb hard drive over a 279 gb C drive and 394 gb D drive

I use Firefox primarily as my internet browser, though, I also have Google Chrome and Internet Explorer installed.

I use AVG and Malwarebytes primarily, both free editions and at one point had Avast!, though, it is no longer on my computer.

Within the past year this computer has been infected with the FBI Moneypak ransomware and a magnificent piece of malware that, once it had infected my computer, sent download links for the same malware to everyone on my Skype contacts list. Those were the two most noticeable ones to me, other brush ups were quickly resolved, I'm pretty sure, by AVG before any harm was done.

AVG just finished scanning my entire computer and found nothing, Malwarebytes is still in the process but has found one object of interest that I cannot view.


I tried searching my computer for "services.msc" but it did not bring up what I was looking for.

When I ran the troubleshooter from Windows Security Center about why I could not alter the status of the firewall, it brought up nothing, so I turned to the magical world of the internet and here I am!

I consider myself a real newbie when it comes to the nitty-gritty with computers and problem resolution on this scale, any help is greatly appreciated! Thanks!!

Edited by boopme, 12 December 2012 - 10:25 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:34 PM

Posted 13 December 2012 - 01:57 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 F F

F F
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 14 December 2012 - 11:30 PM

TDSS Log Report:


19:22:27.0750 7064 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:22:28.0706 7064 ============================================================
19:22:28.0706 7064 Current date / time: 2012/12/14 19:22:28.0706
19:22:28.0706 7064 SystemInfo:
19:22:28.0706 7064
19:22:28.0706 7064 OS Version: 6.1.7601 ServicePack: 1.0
19:22:28.0706 7064 Product type: Workstation
19:22:28.0706 7064 ComputerName: FERAL
19:22:28.0706 7064 UserName: V
19:22:28.0707 7064 Windows directory: C:\Windows
19:22:28.0707 7064 System windows directory: C:\Windows
19:22:28.0707 7064 Running under WOW64
19:22:28.0707 7064 Processor architecture: Intel x64
19:22:28.0707 7064 Number of processors: 4
19:22:28.0707 7064 Page size: 0x1000
19:22:28.0707 7064 Boot type: Normal boot
19:22:28.0707 7064 ============================================================
19:22:29.0211 7064 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:22:29.0214 7064 ============================================================
19:22:29.0214 7064 \Device\Harddisk0\DR0:
19:22:29.0215 7064 MBR partitions:
19:22:29.0215 7064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x22EE8800
19:22:29.0215 7064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x260E9000, BlocksNum 0x3145C800
19:22:29.0215 7064 ============================================================
19:22:29.0229 7064 C: <-> \Device\Harddisk0\DR0\Partition1
19:22:29.0260 7064 D: <-> \Device\Harddisk0\DR0\Partition2
19:22:29.0260 7064 ============================================================
19:22:29.0260 7064 Initialize success
19:22:29.0260 7064 ============================================================
19:22:36.0132 3068 ============================================================
19:22:36.0132 3068 Scan started
19:22:36.0132 3068 Mode: Manual;
19:22:36.0132 3068 ============================================================
19:22:37.0224 3068 ================ Scan system memory ========================
19:22:37.0224 3068 System memory - ok
19:22:37.0226 3068 ================ Scan services =============================
19:22:37.0518 3068 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:22:37.0536 3068 1394ohci - ok
19:22:37.0575 3068 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:22:37.0581 3068 ACPI - ok
19:22:37.0600 3068 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:22:37.0602 3068 AcpiPmi - ok
19:22:37.0719 3068 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:22:37.0721 3068 AdobeARMservice - ok
19:22:37.0865 3068 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:22:37.0868 3068 AdobeFlashPlayerUpdateSvc - ok
19:22:37.0926 3068 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:22:37.0932 3068 adp94xx - ok
19:22:37.0976 3068 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:22:37.0980 3068 adpahci - ok
19:22:37.0983 3068 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:22:37.0986 3068 adpu320 - ok
19:22:38.0018 3068 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:22:38.0019 3068 AeLookupSvc - ok
19:22:38.0061 3068 [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent C:\Windows\system32\FBAgent.exe
19:22:38.0065 3068 AFBAgent - ok
19:22:38.0119 3068 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:22:38.0125 3068 AFD - ok
19:22:38.0168 3068 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:22:38.0190 3068 agp440 - ok
19:22:38.0228 3068 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:22:38.0230 3068 ALG - ok
19:22:38.0259 3068 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:22:38.0261 3068 aliide - ok
19:22:38.0268 3068 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:22:38.0269 3068 amdide - ok
19:22:38.0294 3068 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:22:38.0296 3068 AmdK8 - ok
19:22:38.0300 3068 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:22:38.0301 3068 AmdPPM - ok
19:22:38.0319 3068 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:22:38.0321 3068 amdsata - ok
19:22:38.0333 3068 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:22:38.0337 3068 amdsbs - ok
19:22:38.0359 3068 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:22:38.0361 3068 amdxata - ok
19:22:38.0397 3068 [ 8C290FD44F687C1799B55823FFCF553D ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
19:22:38.0425 3068 AMPPAL - ok
19:22:38.0459 3068 [ 8C290FD44F687C1799B55823FFCF553D ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
19:22:38.0462 3068 AMPPALP - ok
19:22:38.0568 3068 [ 4977534658CDBCD8F376BA276A115F66 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
19:22:38.0579 3068 AMPPALR3 - ok
19:22:38.0629 3068 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
19:22:38.0683 3068 AmUStor - ok
19:22:38.0723 3068 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:22:38.0725 3068 AppID - ok
19:22:38.0756 3068 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:22:38.0758 3068 AppIDSvc - ok
19:22:38.0781 3068 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:22:38.0782 3068 Appinfo - ok
19:22:38.0883 3068 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:22:38.0884 3068 Apple Mobile Device - ok
19:22:38.0903 3068 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:22:38.0905 3068 arc - ok
19:22:38.0929 3068 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:22:38.0932 3068 arcsas - ok
19:22:39.0013 3068 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
19:22:39.0015 3068 ASLDRService - ok
19:22:39.0040 3068 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:22:39.0042 3068 ASMMAP64 - ok
19:22:39.0155 3068 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:22:39.0157 3068 aspnet_state - ok
19:22:39.0215 3068 [ A7E7AE771A2FCDBD5F28910A38D9A82C ] assd C:\Windows\system32\drivers\assd.sys
19:22:39.0217 3068 assd - ok
19:22:39.0246 3068 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:22:39.0248 3068 AsyncMac - ok
19:22:39.0296 3068 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:22:39.0298 3068 atapi - ok
19:22:39.0362 3068 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:22:39.0377 3068 athr - ok
19:22:39.0398 3068 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
19:22:39.0400 3068 ATKGFNEXSrv - ok
19:22:39.0441 3068 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
19:22:39.0448 3068 ATKWMIACPIIO - ok
19:22:39.0485 3068 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:22:39.0492 3068 AudioEndpointBuilder - ok
19:22:39.0501 3068 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:22:39.0504 3068 AudioSrv - ok
19:22:39.0845 3068 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
19:22:39.0956 3068 AVGIDSAgent - ok
19:22:40.0009 3068 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
19:22:40.0020 3068 AVGIDSDriver - ok
19:22:40.0069 3068 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
19:22:40.0071 3068 AVGIDSHA - ok
19:22:40.0094 3068 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
19:22:40.0099 3068 Avgldx64 - ok
19:22:40.0143 3068 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
19:22:40.0147 3068 Avgloga - ok
19:22:40.0164 3068 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
19:22:40.0166 3068 Avgmfx64 - ok
19:22:40.0188 3068 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
19:22:40.0189 3068 Avgrkx64 - ok
19:22:40.0214 3068 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
19:22:40.0217 3068 Avgtdia - ok
19:22:40.0250 3068 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
19:22:40.0252 3068 avgwd - ok
19:22:40.0289 3068 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:22:40.0292 3068 AxInstSV - ok
19:22:40.0344 3068 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:22:40.0351 3068 b06bdrv - ok
19:22:40.0395 3068 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:22:40.0400 3068 b57nd60a - ok
19:22:40.0447 3068 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:22:40.0450 3068 BDESVC - ok
19:22:40.0464 3068 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:22:40.0466 3068 Beep - ok
19:22:40.0514 3068 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:22:40.0524 3068 BITS - ok
19:22:40.0566 3068 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:22:40.0568 3068 blbdrive - ok
19:22:40.0699 3068 [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
19:22:40.0708 3068 Bluetooth Device Monitor - ok
19:22:40.0754 3068 [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
19:22:40.0766 3068 Bluetooth Media Service - ok
19:22:40.0821 3068 [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
19:22:40.0831 3068 Bluetooth OBEX Service - ok
19:22:40.0894 3068 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:22:40.0899 3068 Bonjour Service - ok
19:22:40.0923 3068 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:22:40.0926 3068 bowser - ok
19:22:40.0962 3068 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:22:40.0964 3068 BrFiltLo - ok
19:22:40.0968 3068 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:22:40.0969 3068 BrFiltUp - ok
19:22:41.0000 3068 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:22:41.0002 3068 Browser - ok
19:22:41.0017 3068 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:22:41.0021 3068 Brserid - ok
19:22:41.0024 3068 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:22:41.0026 3068 BrSerWdm - ok
19:22:41.0029 3068 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:22:41.0035 3068 BrUsbMdm - ok
19:22:41.0038 3068 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:22:41.0040 3068 BrUsbSer - ok
19:22:41.0086 3068 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:22:41.0087 3068 BthEnum - ok
19:22:41.0107 3068 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:22:41.0109 3068 BTHMODEM - ok
19:22:41.0143 3068 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:22:41.0145 3068 BthPan - ok
19:22:41.0175 3068 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:22:41.0181 3068 BTHPORT - ok
19:22:41.0223 3068 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:22:41.0224 3068 bthserv - ok
19:22:41.0268 3068 [ 377AD2480462A72371BA7322352D19EC ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
19:22:41.0270 3068 BTHSSecurityMgr - ok
19:22:41.0305 3068 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:22:41.0310 3068 BTHUSB - ok
19:22:41.0340 3068 [ 270FBA230E78E25726D065A924589A72 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
19:22:41.0342 3068 btmaux - ok
19:22:41.0395 3068 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
19:22:41.0414 3068 btmhsf - ok
19:22:41.0477 3068 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:22:41.0479 3068 cdfs - ok
19:22:41.0569 3068 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:22:41.0572 3068 cdrom - ok
19:22:41.0630 3068 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:22:41.0632 3068 CertPropSvc - ok
19:22:41.0645 3068 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:22:41.0646 3068 circlass - ok
19:22:41.0679 3068 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:22:41.0683 3068 CLFS - ok
19:22:41.0757 3068 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:22:41.0775 3068 clr_optimization_v2.0.50727_32 - ok
19:22:41.0809 3068 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:22:41.0811 3068 clr_optimization_v2.0.50727_64 - ok
19:22:41.0918 3068 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:22:41.0921 3068 clr_optimization_v4.0.30319_32 - ok
19:22:41.0948 3068 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:22:41.0950 3068 clr_optimization_v4.0.30319_64 - ok
19:22:41.0969 3068 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:22:41.0971 3068 CmBatt - ok
19:22:41.0992 3068 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:22:41.0994 3068 cmdide - ok
19:22:42.0027 3068 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:22:42.0032 3068 CNG - ok
19:22:42.0069 3068 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:22:42.0070 3068 Compbatt - ok
19:22:42.0101 3068 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:22:42.0102 3068 CompositeBus - ok
19:22:42.0113 3068 COMSysApp - ok
19:22:42.0208 3068 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:22:42.0212 3068 cphs - ok
19:22:42.0240 3068 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:22:42.0242 3068 crcdisk - ok
19:22:42.0292 3068 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:22:42.0303 3068 CryptSvc - ok
19:22:42.0359 3068 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:22:42.0364 3068 DcomLaunch - ok
19:22:42.0400 3068 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:22:42.0404 3068 defragsvc - ok
19:22:42.0424 3068 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:22:42.0427 3068 DfsC - ok
19:22:42.0465 3068 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:22:42.0470 3068 Dhcp - ok
19:22:42.0507 3068 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:22:42.0509 3068 discache - ok
19:22:42.0534 3068 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:22:42.0535 3068 Disk - ok
19:22:42.0572 3068 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:22:42.0574 3068 Dnscache - ok
19:22:42.0595 3068 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:22:42.0599 3068 dot3svc - ok
19:22:42.0646 3068 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:22:42.0648 3068 DPS - ok
19:22:42.0696 3068 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:22:42.0697 3068 drmkaud - ok
19:22:42.0767 3068 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:22:42.0776 3068 DXGKrnl - ok
19:22:42.0820 3068 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:22:42.0821 3068 EapHost - ok
19:22:42.0904 3068 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:22:42.0934 3068 ebdrv - ok
19:22:42.0965 3068 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:22:42.0966 3068 EFS - ok
19:22:43.0029 3068 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:22:43.0036 3068 ehRecvr - ok
19:22:43.0045 3068 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:22:43.0048 3068 ehSched - ok
19:22:43.0099 3068 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:22:43.0105 3068 elxstor - ok
19:22:43.0108 3068 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:22:43.0110 3068 ErrDev - ok
19:22:43.0139 3068 [ 5B042AA9CEBDAB5B61E747DDCEBFF51B ] ETD C:\Windows\system32\DRIVERS\ETD.sys
19:22:43.0187 3068 ETD - ok
19:22:43.0217 3068 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:22:43.0221 3068 EventSystem - ok
19:22:43.0349 3068 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:22:43.0363 3068 EvtEng - ok
19:22:43.0410 3068 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:22:43.0413 3068 exfat - ok
19:22:43.0451 3068 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:22:43.0458 3068 fastfat - ok
19:22:43.0501 3068 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:22:43.0508 3068 Fax - ok
19:22:43.0535 3068 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:22:43.0539 3068 fdc - ok
19:22:43.0569 3068 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:22:43.0570 3068 fdPHost - ok
19:22:43.0593 3068 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:22:43.0594 3068 FDResPub - ok
19:22:43.0622 3068 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:22:43.0624 3068 FileInfo - ok
19:22:43.0634 3068 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:22:43.0636 3068 Filetrace - ok
19:22:43.0659 3068 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:22:43.0662 3068 flpydisk - ok
19:22:43.0681 3068 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:22:43.0685 3068 FltMgr - ok
19:22:43.0704 3068 [ 7DE8A770487FC4B5E3A168AD97E1D370 ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
19:22:43.0707 3068 FLxHCIc - ok
19:22:43.0740 3068 [ 2D54A3319FC955029E4B371CDC088FF4 ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
19:22:43.0742 3068 FLxHCIh - ok
19:22:43.0777 3068 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:22:43.0787 3068 FontCache - ok
19:22:43.0842 3068 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:22:43.0844 3068 FontCache3.0.0.0 - ok
19:22:43.0872 3068 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:22:43.0874 3068 FsDepends - ok
19:22:43.0914 3068 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:22:43.0916 3068 fssfltr - ok
19:22:44.0019 3068 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:22:44.0047 3068 fsssvc - ok
19:22:44.0064 3068 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:22:44.0065 3068 Fs_Rec - ok
19:22:44.0093 3068 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:22:44.0096 3068 fvevol - ok
19:22:44.0131 3068 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:22:44.0133 3068 gagp30kx - ok
19:22:44.0168 3068 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:22:44.0170 3068 GEARAspiWDM - ok
19:22:44.0196 3068 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:22:44.0203 3068 gpsvc - ok
19:22:44.0286 3068 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:22:44.0289 3068 gupdate - ok
19:22:44.0292 3068 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:22:44.0293 3068 gupdatem - ok
19:22:44.0333 3068 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:22:44.0334 3068 hcw85cir - ok
19:22:44.0374 3068 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:22:44.0378 3068 HdAudAddService - ok
19:22:44.0429 3068 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:22:44.0431 3068 HDAudBus - ok
19:22:44.0448 3068 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:22:44.0449 3068 HidBatt - ok
19:22:44.0469 3068 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:22:44.0471 3068 HidBth - ok
19:22:44.0496 3068 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:22:44.0498 3068 HidIr - ok
19:22:44.0520 3068 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:22:44.0523 3068 hidserv - ok
19:22:44.0552 3068 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:22:44.0552 3068 HidUsb - ok
19:22:44.0587 3068 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:22:44.0589 3068 hkmsvc - ok
19:22:44.0603 3068 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:22:44.0608 3068 HomeGroupListener - ok
19:22:44.0634 3068 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:22:44.0637 3068 HomeGroupProvider - ok
19:22:44.0673 3068 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:22:44.0675 3068 HpSAMD - ok
19:22:44.0701 3068 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:22:44.0710 3068 HTTP - ok
19:22:44.0715 3068 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:22:44.0716 3068 hwpolicy - ok
19:22:44.0741 3068 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:22:44.0743 3068 i8042prt - ok
19:22:44.0777 3068 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:22:44.0779 3068 iaStor - ok
19:22:44.0797 3068 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:22:44.0801 3068 iaStorV - ok
19:22:44.0830 3068 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
19:22:44.0832 3068 iBtFltCoex - ok
19:22:44.0903 3068 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:22:44.0924 3068 IDriverT - ok
19:22:44.0972 3068 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:22:44.0980 3068 idsvc - ok
19:22:45.0215 3068 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:22:45.0427 3068 igfx - ok
19:22:45.0463 3068 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:22:45.0464 3068 iirsp - ok
19:22:45.0510 3068 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:22:45.0518 3068 IKEEXT - ok
19:22:45.0575 3068 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
19:22:45.0588 3068 intaud_WaveExtensible - ok
19:22:45.0668 3068 [ 5205DE9BD47F633E06EF3EF3DE11EF99 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:22:45.0696 3068 IntcAzAudAddService - ok
19:22:45.0740 3068 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:22:45.0753 3068 IntcDAud - ok
19:22:45.0774 3068 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:22:45.0776 3068 intelide - ok
19:22:45.0795 3068 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:22:45.0797 3068 intelppm - ok
19:22:45.0825 3068 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:22:45.0828 3068 IPBusEnum - ok
19:22:45.0853 3068 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:22:45.0855 3068 IpFilterDriver - ok
19:22:45.0886 3068 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:22:45.0888 3068 IPMIDRV - ok
19:22:45.0901 3068 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:22:45.0903 3068 IPNAT - ok
19:22:45.0986 3068 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:22:45.0989 3068 iPod Service - ok
19:22:46.0031 3068 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:22:46.0033 3068 IRENUM - ok
19:22:46.0055 3068 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:22:46.0057 3068 isapnp - ok
19:22:46.0084 3068 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:22:46.0087 3068 iScsiPrt - ok
19:22:46.0114 3068 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
19:22:46.0122 3068 iwdbus - ok
19:22:46.0140 3068 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:22:46.0145 3068 kbdclass - ok
19:22:46.0169 3068 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:22:46.0171 3068 kbdhid - ok
19:22:46.0210 3068 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
19:22:46.0212 3068 kbfiltr - ok
19:22:46.0243 3068 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:22:46.0244 3068 KeyIso - ok
19:22:46.0272 3068 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:22:46.0274 3068 KSecDD - ok
19:22:46.0293 3068 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:22:46.0296 3068 KSecPkg - ok
19:22:46.0323 3068 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:22:46.0326 3068 ksthunk - ok
19:22:46.0361 3068 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:22:46.0366 3068 KtmRm - ok
19:22:46.0409 3068 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
19:22:46.0411 3068 L1C - ok
19:22:46.0451 3068 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:22:46.0454 3068 LanmanServer - ok
19:22:46.0511 3068 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:22:46.0513 3068 LanmanWorkstation - ok
19:22:46.0548 3068 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:22:46.0550 3068 lltdio - ok
19:22:46.0592 3068 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:22:46.0596 3068 lltdsvc - ok
19:22:46.0607 3068 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:22:46.0608 3068 lmhosts - ok
19:22:46.0631 3068 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:22:46.0633 3068 LSI_FC - ok
19:22:46.0649 3068 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:22:46.0651 3068 LSI_SAS - ok
19:22:46.0656 3068 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:22:46.0659 3068 LSI_SAS2 - ok
19:22:46.0675 3068 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:22:46.0677 3068 LSI_SCSI - ok
19:22:46.0709 3068 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:22:46.0710 3068 luafv - ok
19:22:46.0747 3068 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:22:46.0748 3068 MBAMProtector - ok
19:22:46.0795 3068 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:22:46.0799 3068 MBAMScheduler - ok
19:22:46.0813 3068 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:22:46.0819 3068 MBAMService - ok
19:22:46.0849 3068 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:22:46.0851 3068 Mcx2Svc - ok
19:22:46.0857 3068 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:22:46.0860 3068 megasas - ok
19:22:46.0891 3068 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:22:46.0895 3068 MegaSR - ok
19:22:46.0926 3068 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:22:46.0928 3068 MEIx64 - ok
19:22:46.0946 3068 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:22:46.0947 3068 MMCSS - ok
19:22:46.0959 3068 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:22:46.0961 3068 Modem - ok
19:22:46.0987 3068 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:22:46.0988 3068 monitor - ok
19:22:47.0014 3068 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:22:47.0016 3068 mouclass - ok
19:22:47.0041 3068 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:22:47.0042 3068 mouhid - ok
19:22:47.0068 3068 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:22:47.0070 3068 mountmgr - ok
19:22:47.0134 3068 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:22:47.0136 3068 MozillaMaintenance - ok
19:22:47.0163 3068 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:22:47.0166 3068 mpio - ok
19:22:47.0178 3068 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:22:47.0180 3068 mpsdrv - ok
19:22:47.0183 3068 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:22:47.0186 3068 MRxDAV - ok
19:22:47.0202 3068 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:22:47.0206 3068 mrxsmb - ok
19:22:47.0227 3068 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:22:47.0231 3068 mrxsmb10 - ok
19:22:47.0247 3068 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:22:47.0249 3068 mrxsmb20 - ok
19:22:47.0262 3068 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:22:47.0263 3068 msahci - ok
19:22:47.0288 3068 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:22:47.0290 3068 msdsm - ok
19:22:47.0323 3068 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:22:47.0328 3068 MSDTC - ok
19:22:47.0365 3068 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:22:47.0367 3068 Msfs - ok
19:22:47.0377 3068 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:22:47.0379 3068 mshidkmdf - ok
19:22:47.0394 3068 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:22:47.0395 3068 msisadrv - ok
19:22:47.0421 3068 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:22:47.0424 3068 MSiSCSI - ok
19:22:47.0427 3068 msiserver - ok
19:22:47.0442 3068 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:22:47.0445 3068 MSKSSRV - ok
19:22:47.0482 3068 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:22:47.0483 3068 MSPCLOCK - ok
19:22:47.0499 3068 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:22:47.0500 3068 MSPQM - ok
19:22:47.0515 3068 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:22:47.0520 3068 MsRPC - ok
19:22:47.0535 3068 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:22:47.0536 3068 mssmbios - ok
19:22:47.0553 3068 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:22:47.0554 3068 MSTEE - ok
19:22:47.0562 3068 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:22:47.0564 3068 MTConfig - ok
19:22:47.0574 3068 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:22:47.0576 3068 Mup - ok
19:22:47.0615 3068 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:22:47.0619 3068 MyWiFiDHCPDNS - ok
19:22:47.0652 3068 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:22:47.0657 3068 napagent - ok
19:22:47.0698 3068 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:22:47.0702 3068 NativeWifiP - ok
19:22:47.0744 3068 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:22:47.0751 3068 NDIS - ok
19:22:47.0785 3068 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:22:47.0786 3068 NdisCap - ok
19:22:47.0801 3068 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:22:47.0805 3068 NdisTapi - ok
19:22:47.0824 3068 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:22:47.0826 3068 Ndisuio - ok
19:22:47.0843 3068 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:22:47.0846 3068 NdisWan - ok
19:22:47.0870 3068 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:22:47.0872 3068 NDProxy - ok
19:22:47.0904 3068 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:22:47.0905 3068 NetBIOS - ok
19:22:47.0921 3068 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:22:47.0924 3068 NetBT - ok
19:22:47.0932 3068 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:22:47.0933 3068 Netlogon - ok
19:22:47.0958 3068 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:22:47.0962 3068 Netman - ok
19:22:48.0039 3068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:22:48.0041 3068 NetMsmqActivator - ok
19:22:48.0045 3068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:22:48.0046 3068 NetPipeActivator - ok
19:22:48.0086 3068 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:22:48.0091 3068 netprofm - ok
19:22:48.0106 3068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:22:48.0107 3068 NetTcpActivator - ok
19:22:48.0111 3068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:22:48.0113 3068 NetTcpPortSharing - ok
19:22:48.0283 3068 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
19:22:48.0439 3068 NETwNs64 - ok
19:22:48.0493 3068 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:22:48.0495 3068 nfrd960 - ok
19:22:48.0536 3068 [ 0ECAAFE210CD89D14992A53300FEBF45 ] NIWinCDEmu C:\Windows\system32\DRIVERS\NIWinCDEmu.sys
19:22:48.0538 3068 NIWinCDEmu - ok
19:22:48.0579 3068 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:22:48.0583 3068 NlaSvc - ok
19:22:48.0611 3068 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:22:48.0613 3068 Npfs - ok
19:22:48.0631 3068 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:22:48.0632 3068 nsi - ok
19:22:48.0653 3068 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:22:48.0656 3068 nsiproxy - ok
19:22:48.0713 3068 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:22:48.0730 3068 Ntfs - ok
19:22:48.0762 3068 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:22:48.0763 3068 Null - ok
19:22:48.0786 3068 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:22:48.0789 3068 nvraid - ok
19:22:48.0792 3068 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:22:48.0795 3068 nvstor - ok
19:22:48.0813 3068 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:22:48.0816 3068 nv_agp - ok
19:22:48.0830 3068 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:22:48.0833 3068 ohci1394 - ok
19:22:48.0883 3068 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:22:48.0901 3068 ose - ok
19:22:49.0077 3068 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:22:49.0175 3068 osppsvc - ok
19:22:49.0237 3068 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:22:49.0241 3068 p2pimsvc - ok
19:22:49.0282 3068 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:22:49.0288 3068 p2psvc - ok
19:22:49.0334 3068 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:22:49.0336 3068 Parport - ok
19:22:49.0362 3068 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:22:49.0378 3068 partmgr - ok
19:22:49.0404 3068 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:22:49.0407 3068 PcaSvc - ok
19:22:49.0430 3068 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:22:49.0433 3068 pci - ok
19:22:49.0453 3068 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:22:49.0454 3068 pciide - ok
19:22:49.0482 3068 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:22:49.0485 3068 pcmcia - ok
19:22:49.0503 3068 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:22:49.0505 3068 pcw - ok
19:22:49.0535 3068 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:22:49.0541 3068 PEAUTH - ok
19:22:49.0611 3068 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:22:49.0616 3068 PerfHost - ok
19:22:49.0669 3068 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:22:49.0682 3068 pla - ok
19:22:49.0733 3068 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:22:49.0739 3068 PlugPlay - ok
19:22:49.0753 3068 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:22:49.0755 3068 PNRPAutoReg - ok
19:22:49.0792 3068 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:22:49.0794 3068 PNRPsvc - ok
19:22:49.0822 3068 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:22:49.0828 3068 PolicyAgent - ok
19:22:49.0861 3068 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:22:49.0864 3068 Power - ok
19:22:49.0903 3068 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:22:49.0905 3068 PptpMiniport - ok
19:22:49.0942 3068 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:22:49.0943 3068 Processor - ok
19:22:49.0983 3068 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:22:49.0986 3068 ProfSvc - ok
19:22:49.0999 3068 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:22:50.0000 3068 ProtectedStorage - ok
19:22:50.0031 3068 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:22:50.0032 3068 Psched - ok
19:22:50.0065 3068 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:22:50.0067 3068 PxHlpa64 - ok
19:22:50.0129 3068 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:22:50.0143 3068 ql2300 - ok
19:22:50.0163 3068 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:22:50.0202 3068 ql40xx - ok
19:22:50.0243 3068 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:22:50.0247 3068 QWAVE - ok
19:22:50.0270 3068 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:22:50.0272 3068 QWAVEdrv - ok
19:22:50.0293 3068 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:22:50.0295 3068 RasAcd - ok
19:22:50.0334 3068 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:22:50.0336 3068 RasAgileVpn - ok
19:22:50.0382 3068 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:22:50.0385 3068 RasAuto - ok
19:22:50.0415 3068 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:22:50.0417 3068 Rasl2tp - ok
19:22:50.0445 3068 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:22:50.0450 3068 RasMan - ok
19:22:50.0487 3068 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:22:50.0489 3068 RasPppoe - ok
19:22:50.0512 3068 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:22:50.0514 3068 RasSstp - ok
19:22:50.0547 3068 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:22:50.0553 3068 rdbss - ok
19:22:50.0566 3068 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:22:50.0568 3068 rdpbus - ok
19:22:50.0582 3068 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:22:50.0584 3068 RDPCDD - ok
19:22:50.0592 3068 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:22:50.0593 3068 RDPENCDD - ok
19:22:50.0615 3068 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:22:50.0617 3068 RDPREFMP - ok
19:22:50.0650 3068 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:22:50.0683 3068 RDPWD - ok
19:22:50.0717 3068 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:22:50.0721 3068 rdyboost - ok
19:22:50.0798 3068 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:22:50.0806 3068 RegSrvc - ok
19:22:50.0844 3068 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:22:50.0847 3068 RemoteAccess - ok
19:22:50.0886 3068 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:22:50.0890 3068 RemoteRegistry - ok
19:22:50.0960 3068 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:22:50.0963 3068 RFCOMM - ok
19:22:51.0000 3068 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:22:51.0002 3068 RpcEptMapper - ok
19:22:51.0030 3068 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:22:51.0034 3068 RpcLocator - ok
19:22:51.0081 3068 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:22:51.0084 3068 RpcSs - ok
19:22:51.0154 3068 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:22:51.0158 3068 rspndr - ok
19:22:51.0188 3068 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:22:51.0188 3068 SamSs - ok
19:22:51.0222 3068 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:22:51.0224 3068 sbp2port - ok
19:22:51.0254 3068 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:22:51.0258 3068 SCardSvr - ok
19:22:51.0296 3068 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:22:51.0297 3068 scfilter - ok
19:22:51.0369 3068 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:22:51.0380 3068 Schedule - ok
19:22:51.0409 3068 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:22:51.0409 3068 SCPolicySvc - ok
19:22:51.0445 3068 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:22:51.0448 3068 SDRSVC - ok
19:22:51.0489 3068 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:22:51.0490 3068 secdrv - ok
19:22:51.0501 3068 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:22:51.0503 3068 seclogon - ok
19:22:51.0520 3068 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:22:51.0521 3068 SENS - ok
19:22:51.0533 3068 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:22:51.0536 3068 SensrSvc - ok
19:22:51.0559 3068 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:22:51.0560 3068 Serenum - ok
19:22:51.0600 3068 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:22:51.0602 3068 Serial - ok
19:22:51.0605 3068 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:22:51.0607 3068 sermouse - ok
19:22:51.0639 3068 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:22:51.0641 3068 SessionEnv - ok
19:22:51.0644 3068 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:22:51.0645 3068 sffdisk - ok
19:22:51.0664 3068 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:22:51.0666 3068 sffp_mmc - ok
19:22:51.0669 3068 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:22:51.0671 3068 sffp_sd - ok
19:22:51.0674 3068 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:22:51.0677 3068 sfloppy - ok
19:22:51.0698 3068 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:22:51.0704 3068 ShellHWDetection - ok
19:22:51.0757 3068 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
19:22:51.0760 3068 SiSGbeLH - ok
19:22:51.0777 3068 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:22:51.0780 3068 SiSRaid2 - ok
19:22:51.0785 3068 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:22:51.0788 3068 SiSRaid4 - ok
19:22:51.0962 3068 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:22:52.0017 3068 Skype C2C Service - ok
19:22:52.0075 3068 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:22:52.0077 3068 SkypeUpdate - ok
19:22:52.0126 3068 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:22:52.0127 3068 Smb - ok
19:22:52.0162 3068 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:22:52.0164 3068 SNMPTRAP - ok
19:22:52.0182 3068 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:22:52.0183 3068 spldr - ok
19:22:52.0225 3068 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:22:52.0228 3068 Spooler - ok
19:22:52.0309 3068 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:22:52.0340 3068 sppsvc - ok
19:22:52.0367 3068 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:22:52.0369 3068 sppuinotify - ok
19:22:52.0382 3068 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:22:52.0387 3068 srv - ok
19:22:52.0420 3068 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:22:52.0434 3068 srv2 - ok
19:22:52.0446 3068 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:22:52.0449 3068 srvnet - ok
19:22:52.0480 3068 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:22:52.0483 3068 SSDPSRV - ok
19:22:52.0500 3068 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:22:52.0504 3068 SstpSvc - ok
19:22:52.0538 3068 Steam Client Service - ok
19:22:52.0547 3068 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:22:52.0552 3068 stexstor - ok
19:22:52.0591 3068 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:22:52.0597 3068 stisvc - ok
19:22:52.0624 3068 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:22:52.0625 3068 swenum - ok
19:22:52.0652 3068 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:22:52.0658 3068 swprv - ok
19:22:52.0698 3068 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:22:52.0714 3068 SysMain - ok
19:22:52.0738 3068 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:22:52.0741 3068 TabletInputService - ok
19:22:52.0769 3068 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:22:52.0773 3068 TapiSrv - ok
19:22:52.0787 3068 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:22:52.0788 3068 TBS - ok
19:22:52.0847 3068 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:22:52.0910 3068 Tcpip - ok
19:22:52.0943 3068 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:22:52.0951 3068 TCPIP6 - ok
19:22:52.0976 3068 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:22:52.0978 3068 tcpipreg - ok
19:22:53.0004 3068 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:22:53.0006 3068 TDPIPE - ok
19:22:53.0041 3068 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:22:53.0056 3068 TDTCP - ok
19:22:53.0075 3068 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:22:53.0092 3068 tdx - ok
19:22:53.0126 3068 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:22:53.0127 3068 TermDD - ok
19:22:53.0176 3068 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:22:53.0183 3068 TermService - ok
19:22:53.0203 3068 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:22:53.0206 3068 Themes - ok
19:22:53.0235 3068 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:22:53.0236 3068 THREADORDER - ok
19:22:53.0265 3068 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
19:22:53.0267 3068 TPM - ok
19:22:53.0301 3068 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:22:53.0303 3068 TrkWks - ok
19:22:53.0361 3068 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:22:53.0364 3068 TrustedInstaller - ok
19:22:53.0390 3068 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:22:53.0391 3068 tssecsrv - ok
19:22:53.0420 3068 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:22:53.0425 3068 TsUsbFlt - ok
19:22:53.0448 3068 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:22:53.0450 3068 TsUsbGD - ok
19:22:53.0481 3068 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:22:53.0484 3068 tunnel - ok
19:22:53.0508 3068 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
19:22:53.0541 3068 TurboB - ok
19:22:53.0598 3068 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:22:53.0600 3068 TurboBoost - ok
19:22:53.0639 3068 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:22:53.0641 3068 uagp35 - ok
19:22:53.0681 3068 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:22:53.0692 3068 udfs - ok
19:22:53.0716 3068 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:22:53.0725 3068 UI0Detect - ok
19:22:53.0738 3068 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:22:53.0740 3068 uliagpkx - ok
19:22:53.0761 3068 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:22:53.0763 3068 umbus - ok
19:22:53.0790 3068 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:22:53.0791 3068 UmPass - ok
19:22:53.0809 3068 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:22:53.0815 3068 upnphost - ok
19:22:53.0849 3068 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:22:53.0850 3068 USBAAPL64 - ok
19:22:53.0913 3068 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:22:53.0934 3068 usbaudio - ok
19:22:53.0963 3068 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:22:53.0965 3068 usbccgp - ok
19:22:53.0992 3068 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:22:53.0994 3068 usbcir - ok
19:22:54.0003 3068 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:22:54.0005 3068 usbehci - ok
19:22:54.0033 3068 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:22:54.0037 3068 usbhub - ok
19:22:54.0152 3068 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:22:54.0154 3068 usbohci - ok
19:22:54.0177 3068 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:22:54.0179 3068 usbprint - ok
19:22:54.0222 3068 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:22:54.0238 3068 usbscan - ok
19:22:54.0271 3068 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:22:54.0273 3068 USBSTOR - ok
19:22:54.0299 3068 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:22:54.0301 3068 usbuhci - ok
19:22:54.0329 3068 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:22:54.0332 3068 usbvideo - ok
19:22:54.0368 3068 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:22:54.0370 3068 UxSms - ok
19:22:54.0388 3068 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:22:54.0389 3068 VaultSvc - ok
19:22:54.0419 3068 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:22:54.0421 3068 vdrvroot - ok
19:22:54.0447 3068 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:22:54.0455 3068 vds - ok
19:22:54.0473 3068 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:22:54.0474 3068 vga - ok
19:22:54.0501 3068 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:22:54.0503 3068 VgaSave - ok
19:22:54.0524 3068 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:22:54.0527 3068 vhdmp - ok
19:22:54.0546 3068 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:22:54.0547 3068 viaide - ok
19:22:54.0563 3068 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:22:54.0565 3068 volmgr - ok
19:22:54.0601 3068 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:22:54.0605 3068 volmgrx - ok
19:22:54.0626 3068 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:22:54.0630 3068 volsnap - ok
19:22:54.0661 3068 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:22:54.0664 3068 vsmraid - ok
19:22:54.0732 3068 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:22:54.0746 3068 VSS - ok
19:22:54.0800 3068 [ E72B7F6AD60EC55B2BBEF6C6202CDE2A ] VSTWinDriver6 C:\Windows\system32\drivers\VSTwindrvr6.sys
19:22:54.0804 3068 VSTWinDriver6 - ok
19:22:54.0817 3068 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:22:54.0818 3068 vwifibus - ok
19:22:54.0828 3068 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:22:54.0830 3068 vwififlt - ok
19:22:54.0843 3068 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:22:54.0844 3068 vwifimp - ok
19:22:54.0895 3068 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:22:54.0900 3068 W32Time - ok
19:22:54.0928 3068 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:22:54.0930 3068 WacomPen - ok
19:22:54.0959 3068 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:22:54.0961 3068 WANARP - ok
19:22:54.0969 3068 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:22:54.0969 3068 Wanarpv6 - ok
19:22:55.0035 3068 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:22:55.0055 3068 WatAdminSvc - ok
19:22:55.0104 3068 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:22:55.0118 3068 wbengine - ok
19:22:55.0128 3068 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:22:55.0132 3068 WbioSrvc - ok
19:22:55.0145 3068 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:22:55.0150 3068 wcncsvc - ok
19:22:55.0170 3068 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:22:55.0172 3068 WcsPlugInService - ok
19:22:55.0186 3068 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:22:55.0188 3068 Wd - ok
19:22:55.0220 3068 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:22:55.0228 3068 Wdf01000 - ok
19:22:55.0244 3068 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:22:55.0247 3068 WdiServiceHost - ok
19:22:55.0250 3068 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:22:55.0252 3068 WdiSystemHost - ok
19:22:55.0283 3068 [ 63CE387483E74A0BD79EE4E5EBA1FD2E ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
19:22:55.0291 3068 wdkmd - ok
19:22:55.0323 3068 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:22:55.0329 3068 WebClient - ok
19:22:55.0348 3068 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:22:55.0353 3068 Wecsvc - ok
19:22:55.0366 3068 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:22:55.0368 3068 wercplsupport - ok
19:22:55.0384 3068 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:22:55.0387 3068 WerSvc - ok
19:22:55.0427 3068 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:22:55.0428 3068 WfpLwf - ok
19:22:55.0490 3068 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:22:55.0494 3068 WimFltr - ok
19:22:55.0519 3068 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:22:55.0521 3068 WIMMount - ok
19:22:55.0534 3068 WinHttpAutoProxySvc - ok
19:22:55.0589 3068 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:22:55.0592 3068 Winmgmt - ok
19:22:55.0643 3068 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:22:55.0661 3068 WinRM - ok
19:22:55.0725 3068 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:22:55.0727 3068 WinUsb - ok
19:22:55.0768 3068 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:22:55.0776 3068 Wlansvc - ok
19:22:55.0825 3068 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:22:55.0827 3068 wlcrasvc - ok
19:22:55.0914 3068 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:22:55.0934 3068 wlidsvc - ok
19:22:55.0969 3068 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:22:55.0970 3068 WmiAcpi - ok
19:22:55.0995 3068 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:22:56.0028 3068 wmiApSrv - ok
19:22:56.0083 3068 WMPNetworkSvc - ok
19:22:56.0142 3068 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:22:56.0147 3068 WPCSvc - ok
19:22:56.0200 3068 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:22:56.0203 3068 WPDBusEnum - ok
19:22:56.0237 3068 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:22:56.0238 3068 ws2ifsl - ok
19:22:56.0299 3068 WSearch - ok
19:22:56.0445 3068 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:22:56.0611 3068 wuauserv - ok
19:22:56.0649 3068 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:22:56.0687 3068 WudfPf - ok
19:22:56.0736 3068 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:22:56.0739 3068 WUDFRd - ok
19:22:56.0783 3068 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:22:56.0785 3068 wudfsvc - ok
19:22:56.0817 3068 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:22:56.0825 3068 WwanSvc - ok
19:22:56.0851 3068 ================ Scan global ===============================
19:22:56.0878 3068 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:22:56.0956 3068 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:22:56.0963 3068 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:22:57.0016 3068 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:22:57.0056 3068 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:22:57.0059 3068 [Global] - ok
19:22:57.0059 3068 ================ Scan MBR ==================================
19:22:57.0081 3068 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:22:57.0326 3068 \Device\Harddisk0\DR0 - ok
19:22:57.0326 3068 ================ Scan VBR ==================================
19:22:57.0335 3068 [ 6529203816F6377A41EB33FC3D756331 ] \Device\Harddisk0\DR0\Partition1
19:22:57.0338 3068 \Device\Harddisk0\DR0\Partition1 - ok
19:22:57.0354 3068 [ C5B1AA57CC7528A7000420D2B2321BD7 ] \Device\Harddisk0\DR0\Partition2
19:22:57.0356 3068 \Device\Harddisk0\DR0\Partition2 - ok
19:22:57.0356 3068 ============================================================
19:22:57.0356 3068 Scan finished
19:22:57.0356 3068 ============================================================
19:22:57.0366 6096 Detected object count: 0
19:22:57.0366 6096 Actual detected object count: 0









aswMBR Log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-14 19:22:56
-----------------------------
19:22:56.374 OS Version: Windows x64 6.1.7601 Service Pack 1
19:22:56.374 Number of processors: 4 586 0x2A07
19:22:56.374 ComputerName: FERAL UserName: V
19:22:57.609 Initialize success
19:33:59.975 AVAST engine defs: 12121400
19:47:21.189 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:47:21.191 Disk 0 Vendor: TOSHIBA_ GN00 Size: 715404MB BusType: 3
19:47:21.216 Disk 0 MBR read successfully
19:47:21.218 Disk 0 MBR scan
19:47:21.222 Disk 0 Windows 7 default MBR code
19:47:21.257 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
19:47:21.281 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286161 MB offset 52430848
19:47:21.311 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 403641 MB offset 638488576
19:47:21.408 Disk 0 scanning C:\Windows\system32\drivers
19:47:37.344 Service scanning
19:48:40.047 Modules scanning
19:48:40.052 Disk 0 trace - called modules:
19:48:40.080 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys
19:48:40.084 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e73060]
19:48:40.088 3 CLASSPNP.SYS[fffff88001b7743f] -> nt!IofCallDriver -> [0xfffffa8007bb6e40]
19:48:40.091 5 ACPI.sys[fffff88000d4c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007bb7050]
19:48:41.220 AVAST engine scan C:\Windows
19:48:45.742 AVAST engine scan C:\Windows\system32
19:56:25.123 AVAST engine scan C:\Windows\system32\drivers
19:56:46.222 AVAST engine scan C:\Users\V
20:01:30.187 Disk 0 MBR has been saved successfully to "D:\Feral FurE\MBR.dat"
20:01:30.194 The log file has been saved successfully to "D:\Feral FurE\aswMBR Log 12-14-12.txt"







ESET Log:

It completed but did not provide me with the ability to generate a report. Despite not being able to produce a report, no threats were found.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:34 PM

Posted 15 December 2012 - 10:17 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#5 F F

F F
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 15 December 2012 - 10:55 PM

After restarting my computer following the Services Repair, a window appeared saying "ACCMON | Failed to prepare Critical File! Chameleon Engine out of service!"

Here are all of the log reports:





MBAM:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.16.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
V :: FERAL [administrator]

Protection: Enabled

12/15/2012 8:49:54 PM
mbam-log-2012-12-15 (20-49-54).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 455318
Time elapsed: 58 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)















Minitoolbox:

MiniToolBox by Farbar Version: 25-11-2012
Ran by V (administrator) on 15-12-2012 at 19:44:50
Running from "D:\Feral FurE\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 1030 = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Wireless Network Connection 3" address=192.168.16.2 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Feral
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : br.br.cox.net

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 4C-80-93-3D-FE-B5
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 4C-80-93-3D-FE-B5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : br.br.cox.net
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1030
Physical Address. . . . . . . . . : 4C-80-93-3D-FE-B4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5c2b:2eec:136b:c0ba%14(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, December 15, 2012 10:33:00 AM
Lease Expires . . . . . . . . . . : Sunday, December 16, 2012 6:34:46 PM
Default Gateway . . . . . . . . . : 10.0.1.1
DHCP Server . . . . . . . . . . . : 10.0.1.1
DHCPv6 IAID . . . . . . . . . . . : 357335187
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-AA-20-AB-C8-60-00-17-52-BF
DNS Servers . . . . . . . . . . . : 10.0.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : C8-60-00-17-52-BF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 4C-80-93-3D-FE-B8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8D9BF123-A7CB-42C9-9A40-4069712E0C1D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A99D35F1-4BAD-4652-9561-941A4A2E2352}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0540F4C5-EC5B-4D27-8B06-188138ACF9D7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9E1029DF-399D-4AD6-9E53-815BEE1D801C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7DF0374F-9CA2-4767-B813-BF73E3BF773B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 10.0.1.1

Name: google.com
Addresses: 2001:4860:4002:802::1004
74.125.227.39
74.125.227.40
74.125.227.41
74.125.227.46
74.125.227.32
74.125.227.33
74.125.227.34
74.125.227.35
74.125.227.36
74.125.227.37
74.125.227.38


Pinging google.com [74.125.227.39] with 32 bytes of data:
Reply from 74.125.227.39: bytes=32 time=413ms TTL=55
Reply from 74.125.227.39: bytes=32 time=401ms TTL=55

Ping statistics for 74.125.227.39:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 401ms, Maximum = 413ms, Average = 407ms
Server: UnKnown
Address: 10.0.1.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=60ms TTL=52
Reply from 98.138.253.109: bytes=32 time=61ms TTL=52

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 60ms, Maximum = 61ms, Average = 60ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...4c 80 93 3d fe b5 ......Microsoft Virtual WiFi Miniport Adapter #2
15...4c 80 93 3d fe b5 ......Microsoft Virtual WiFi Miniport Adapter
14...4c 80 93 3d fe b4 ......Intel® Centrino® Wireless-N 1030
13...c8 60 00 17 52 bf ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
12...4c 80 93 3d fe b8 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.1.1 10.0.1.4 25
10.0.1.0 255.255.255.0 On-link 10.0.1.4 281
10.0.1.4 255.255.255.255 On-link 10.0.1.4 281
10.0.1.255 255.255.255.255 On-link 10.0.1.4 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.1.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.1.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
14 281 fe80::/64 On-link
14 281 fe80::5c2b:2eec:136b:c0ba/128
On-link
1 306 ff00::/8 On-link
14 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/15/2012 05:05:21 PM) (Source: ESENT) (User: )
Description: Windows (5020) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (12/15/2012 05:05:21 PM) (Source: ESENT) (User: )
Description: Windows (5020) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/15/2012 02:48:40 PM) (Source: Microsoft-Windows-RestartManager) (User: FERAL)
Description: Application or service 'VirtualDJ' could not be shut down.

Error: (12/15/2012 02:28:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3167

Error: (12/15/2012 02:28:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3167

Error: (12/15/2012 02:28:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/15/2012 02:28:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (12/15/2012 02:28:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028

Error: (12/15/2012 02:28:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/15/2012 02:28:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014


System errors:
=============
Error: (12/15/2012 02:29:48 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (12/15/2012 02:29:48 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (12/15/2012 10:34:25 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (12/15/2012 10:34:25 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (12/15/2012 10:32:39 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (12/15/2012 10:32:37 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (12/15/2012 10:32:37 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (12/15/2012 10:32:36 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (12/15/2012 10:32:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (12/14/2012 05:54:58 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (12/15/2012 05:05:21 PM) (Source: ESENT)(User: )
Description: Windows5020Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032

Error: (12/15/2012 05:05:21 PM) (Source: ESENT)(User: )
Description: Windows5020Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (12/15/2012 02:48:40 PM) (Source: Microsoft-Windows-RestartManager)(User: FERAL)
Description: 1C:\Program Files (x86)\VirtualDJ\virtualdj_home.exeVirtualDJ0111756560

Error: (12/15/2012 02:28:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3167

Error: (12/15/2012 02:28:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3167

Error: (12/15/2012 02:28:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/15/2012 02:28:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (12/15/2012 02:28:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028

Error: (12/15/2012 02:28:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/15/2012 02:28:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014


=========================== Installed Programs ============================

??????? Windows Live Mesh ActiveX ??(????) (Version: 15.4.5722.2)
??????? Windows Live Mesh ActiveX ??? (Version: 15.4.5722.2)
µTorrent (Version: 3.1.3)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (Version: 3.3.0.3650)
Adobe Audition CS6 (Version: 5.0)
Adobe Download Assistant (Version: 1.2)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Help Manager (Version: 4.0.244)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AirPort (Version: 5.6.1.2)
Alcor Micro USB Card Reader (Version: 1.7.17.25416)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ASIO4ALL (Version: 2.10)
ASUS AI Recovery (Version: 1.0.14)
ASUS FancyStart (Version: 1.0.8)
ASUS Live Update (Version: 2.5.9)
ASUS Secure Delete (Version: 1.00.0006)
ASUS SmartLogon (Version: 1.0.0011)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0033)
ASUS U Series ScreenSaver (Version: 1.0.0002)
ASUS WebStorage (Version: 3.0.108.222)
AsusVibe2.0 (Version: 2.0.7.142)
ATK Package (Version: 1.0.0008)
Audacity 1.3.14 (Unicode)
AVG 2013 (Version: 13.0.2637)
AVG 2013 (Version: 13.0.2805)
AVG 2013 (Version: 2013.0.2805)
AVS Image Converter 2.1.2.169
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
bl (Version: 1.0.0)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-J430W (Version: 1.0.10.0)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)
Control ActiveX de Windows Live Mesh para conexiones remotas (Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (Version: 15.4.5722.2)
Cool Edit Pro 2.1
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESET Online Scanner v3
ETDWare PS/2-X64 8.0.5.0_WHQL (Version: 8.0.5.0)
Fast Boot (Version: 1.0.10)
FL Studio 10
Freecorder 5 (Version: 5.11)
Freecorder Toolbar (Version: 6.8.9.0)
Fresco Logic USB3.0 Host Controller (Version: 3.0.119.1)
G-Force (Version: 4.3.2)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 23.0.1271.97)
Google Update Helper (Version: 1.3.21.123)
IL Download Manager
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Processor Graphics (Version: 8.15.10.2291)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (Version: 1.0.0.0142)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.1.0.0537)
Intel® PROSet/Wireless WiFi Software (Version: 14.01.1000)
Intel® Turbo Boost Technology Monitor (Version: 1.0.400.4)
Intel® WiDi (Version: 2.1.35.0)
Intel® Wireless Display
ITCH (Version: 2.1.0)
iTunes (Version: 11.0.1.12)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 31 (64-bit) (Version: 6.0.310)
Java™ 6 Update 31 (Version: 6.0.310)
JavaFX 2.1.1 (Version: 2.1.1)
join.me (Version: 1.6.0.170)
Junk Mail filter update (Version: 15.4.3502.0922)
LAME v3.99.3 (for Windows)
Logger Pro 3 (Version: 5.0)
Logger Pro 3.8.2 (Version: 5.0)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Native Instruments Abbey Road 60s Drums Vintage (Version: 1.1.0.002)
Native Instruments Guitar Rig 5 (Version: 5.0.2.2476)
Native Instruments Guitar Rig Elements for Maschine (Version: 1.0.0.001)
Native Instruments Guitar Rig Factory Selection for Maschine (Version: 1.0.0.001)
Native Instruments Komplete 8 Players (Version: 8.0.0.003)
Native Instruments Komplete Elements Mk2 (Version: 8.0.0.003)
Native Instruments Kontakt 5 (Version: 5.0.2.5641)
Native Instruments Kontakt Elements Selection R2 (Version: 1.1.0.003)
Native Instruments Kontakt Factory Selection (Version: 1.2.0.004)
Native Instruments Reaktor 5 (Version: 5.6.1.11150)
Native Instruments Reaktor Elements Selection (Version: 1.1.0.003)
Native Instruments Reaktor Factory Selection (Version: 1.1.0.002)
Native Instruments Reaktor Spark R2 (Version: 1.1.0.004)
Native Instruments Service Center (Version: 2.2.6.676)
Ohm Force - Ohmicide VST
ph (Version: 1.0.0)
PreSonus Studio One 2 x64 (Version: 2.0.7.19233)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 6.0.1.6428)
SceneSwitch (Version: 1.0.6)
SketchUp 8 (Version: 3.0.15158)
Skype Click to Call (Version: 6.4.11328)
Skype™ 6.0 (Version: 6.0.126)
Sonic Focus (Version: 1.0.0.4)
Steam (Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VirtualDJ Home FREE (Version: 7.3)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WhiteCap (Version: 5.7.1)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinFlash (Version: 2.31.1)
Wireless Console 3 (Version: 3.0.21)

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 8102.76 MB
Available physical RAM: 3962.63 MB
Total Pagefile: 16203.71 MB
Available Pagefile: 12091.45 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.07 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:166.85 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:217.82 GB) NTFS
3 Drive e: (Komplete Elements Mk2) (CDROM) (Total:4.27 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\FERAL

Administrator Guest V

========================= Restore Points ==================================

28-11-2012 03:26:20 Windows Update
06-12-2012 01:23:40 Scheduled Checkpoint
12-12-2012 20:55:20 Installed AVG 2013
12-12-2012 20:55:55 Installed AVG 2013
13-12-2012 00:17:39 Windows Update
15-12-2012 20:45:36 Installed VirtualDJ Home FREE

**** End of log ****


















Farbar (first report, pre-service-repair):

Farbar Service Scanner Version: 10-12-2012
Ran by V (administrator) on 15-12-2012 at 19:45:31
Running from "D:\Feral FurE\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




















Adware Cleaner:

# AdwCleaner v2.100 - Logfile created 12/15/2012 at 20:37:28
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : V - FERAL
# Boot Mode : Normal
# Running from : D:\Feral FurE\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\4ntns7hp.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Freecorder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
Folder Deleted : C:\Users\V\AppData\Local\Temp\CT2704262
Folder Deleted : C:\Users\V\AppData\LocalLow\Freecorder
Folder Deleted : C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\4ntns7hp.default\ConduitCommon
Folder Deleted : C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\4ntns7hp.default\CT2704262
Folder Deleted : C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\4ntns7hp.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
Folder Deleted : C:\Users\V\Documents\Freecorder

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Key Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8BCBB80A-B672-40A4-801A-09CCED744C4C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA645746-6D5F-444A-959D-E914D5E97A00}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\4ntns7hp.default\prefs.js

Deleted : user_pref("CT1060933.1000082.state", "{\"state\":\"stopped\",\"text\":\"KFOG\",\"description\":\"KFO[...]
Deleted : user_pref("CT1060933.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT1060933.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT1060933.NotificationsToShow_15651", "[{\"id\":\"15317\",\"channelId\":\"15651\",\"title[...]
Deleted : user_pref("CT1060933.embeddedsData", "[{\"appId\":\"128280995260143876\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT1060933.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1060933.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT1060933.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT1060933.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1060933.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT1060933.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT1060933.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT1060933.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT1060933_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT2704262..clientLogIsEnabled", false);
Deleted : user_pref("CT2704262..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2704262..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2704262.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2704262.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2704262.BrowserCompStateIsOpen_129738587603157113", true);
Deleted : user_pref("CT2704262.BrowserCompStateIsOpen_129738587703159675", true);
Deleted : user_pref("CT2704262.BrowserCompStateIsOpen_129869134590348979", true);
Deleted : user_pref("CT2704262.CT2704262", "CT2704262");
Deleted : user_pref("CT2704262.CurrentServerDate", "16-12-2012");
Deleted : user_pref("CT2704262.DSInstall", true);
Deleted : user_pref("CT2704262.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2704262.DialogsGetterLastCheckTime", "Sat Dec 15 2012 20:00:51 GMT-0600 (Central Standa[...]
Deleted : user_pref("CT2704262.DownloadReferralCookieData", "");
Deleted : user_pref("CT2704262.FirstServerDate", "16-12-2012");
Deleted : user_pref("CT2704262.FirstTime", true);
Deleted : user_pref("CT2704262.FirstTimeFF3", true);
Deleted : user_pref("CT2704262.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2704262.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2704262.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2704262.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2704262.HPInstall", true);
Deleted : user_pref("CT2704262.HasUserGlobalKeys", true);
Deleted : user_pref("CT2704262.Initialize", true);
Deleted : user_pref("CT2704262.InitializeCommonPrefs", true);
Deleted : user_pref("CT2704262.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2704262.InstallationType", "Unknown");
Deleted : user_pref("CT2704262.InstalledDate", "Sat Dec 15 2012 20:01:05 GMT-0600 (Central Standard Time)");
Deleted : user_pref("CT2704262.IsGrouping", false);
Deleted : user_pref("CT2704262.IsInitSetupIni", true);
Deleted : user_pref("CT2704262.IsMulticommunity", false);
Deleted : user_pref("CT2704262.IsOpenThankYouPage", true);
Deleted : user_pref("CT2704262.IsOpenUninstallPage", true);
Deleted : user_pref("CT2704262.LanguagePackLastCheckTime", "Sat Dec 15 2012 20:00:51 GMT-0600 (Central Standar[...]
Deleted : user_pref("CT2704262.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2704262.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2704262.LastLogin_3.16.0.3", "Sat Dec 15 2012 20:01:11 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT2704262.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT2704262.Locale", "en");
Deleted : user_pref("CT2704262.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2704262.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2704262.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2704262.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2704262.OriginalFirstVersion", "3.16.0.3");
Deleted : user_pref("CT2704262.SavedHomepage", "google.com");
Deleted : user_pref("CT2704262.SearchCaption", "FreeSoundRecorder Customized Web Search");
Deleted : user_pref("CT2704262.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2704262.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT270[...]
Deleted : user_pref("CT2704262.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2704262.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2704262.SearchInNewTabLastCheckTime", "Sat Dec 15 2012 20:01:11 GMT-0600 (Central Stand[...]
Deleted : user_pref("CT2704262.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2704262.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2704262.ServiceMapLastCheckTime", "Sat Dec 15 2012 20:00:50 GMT-0600 (Central Standard [...]
Deleted : user_pref("CT2704262.SettingsLastCheckTime", "Sat Dec 15 2012 20:00:50 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT2704262.SettingsLastUpdate", "1355522960");
Deleted : user_pref("CT2704262.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2704262&SearchSource=13");
Deleted : user_pref("CT2704262.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2704262.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2704262");
Deleted : user_pref("CT2704262.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2704262.UserID", "UN53285370110367492");
Deleted : user_pref("CT2704262.alertChannelId", "1096603");
Deleted : user_pref("CT2704262.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2704262.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2704262.initDone", true);
Deleted : user_pref("CT2704262.myStuffEnabled", true);
Deleted : user_pref("CT2704262.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2704262.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2704262.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2704262.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2704262.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2704262.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2704262.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2704262.testingCtid", "");
Deleted : user_pref("CT2704262.toolbarAppMetaDataLastCheckTime", "Sat Dec 15 2012 20:00:51 GMT-0600 (Central S[...]
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2704262&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "FreeSoundRecorder Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2704262/CT2704262[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2704262", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2704262",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"9aa[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"c51cf1094577d711918a[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/14293310.xml", "\"d442921a4241052ebf9[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"3d9df3b046c020db18f[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"d81bee6d988e4d9792b[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"34337a59352fb8adf19[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"68a22f5888c86081315[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/428333.xml", "\"bb8dacdc9805cc119610d[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"8d502e7318c0e7a41b192[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\V\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2704262");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2704262");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2704262");
Deleted : user_pref("CommunityToolbar.globalUserId", "d0667266-ce9b-4c03-9d9a-48784c8f67bc");
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2704262");
Deleted : user_pref("CommunityToolbar.originalHomepage", "google.com");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("browser.search.defaultthis.engineName", "FreeSoundRecorder Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&Sea[...]
Deleted : user_pref("browser.search.selectedEngine", "FreeSoundRecorder Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2704262&SearchSource=13");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=2&q=[...]

-\\ Google Chrome v23.0.1271.97

File : C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [14255 octets] - [15/12/2012 20:37:28]

########## EOF - C:\AdwCleaner[S2].txt - [14316 octets] ##########





















Junkware Removal:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.1.6 (12.15.2012:2)
OS: Windows 7 Home Premium x64
Ran by V on Sat 12/15/2012 at 19:46:33.57
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\freecorder
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\nctaudiocdgrabber2.dll
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\V\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\V\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\V\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\V\AppData\Roaming\mozilla\firefox\profiles\4ntns7hp.default\conduitcommon
Successfully deleted: [Folder] C:\Users\V\AppData\Roaming\mozilla\firefox\profiles\4ntns7hp.default\smartbar
Successfully deleted: [Folder] C:\Users\V\AppData\Roaming\mozilla\firefox\profiles\4ntns7hp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Successfully deleted the following from C:\Users\V\AppData\Roaming\mozilla\firefox\profiles\4ntns7hp.default\prefs.js

user_pref("CT1060933.1000082.isPlayDisplay", "true");
user_pref("CT1060933.1000082.state", "{\"state\":\"stopped\",\"text\":\"KFOG\",\"description\":\"KFOG\",\"url\":\"http://live.cumulusstreaming.com/KFOG-FM\"}");
user_pref("CT1060933.129677514212584059.APP_WIN_FEATURES", "resizable=no,scrollbars=no,titlebar=no,openposition=alignment:B,savelocation=0,closebutton=1,saveresizedsize=0");
user_pref("CT1060933.129686665230467549.APP_WIN_FEATURES", "resizable=no,hscroll=no,vscroll=no,savelocation=no,saveresizedsize=no,closebutton=no,openposition=center");
user_pref("CT1060933.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT1060933.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1060933.FirstTime", "true");
user_pref("CT1060933.FirstTimeFF3", "true");
user_pref("CT1060933.LoginRevertSettingsEnabled", false);
user_pref("CT1060933.NotificationsToShow_15651", "[{\"id\":\"15317\",\"channelId\":\"15651\",\"title\":\"Freecorder Player Update\",\"imageurl\":\"http://alert.storage.conduit
user_pref("CT1060933.PrintItGreenStatus", "true");
user_pref("CT1060933.RevertSettingsEnabled", true);
user_pref("CT1060933.UserID", "UN39024642538398390");
user_pref("CT1060933.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT1060933.autoDisableScopes", -1);
user_pref("CT1060933.autocompletepro_enable", "1");
user_pref("CT1060933.autocompletepro_enable_auto", "0");
user_pref("CT1060933.cbcountry_001", "US");
user_pref("CT1060933.cbfirsttime", "Fri Jun 15 2012 22:44:13 GMT-0500 (Central Daylight Time)");
user_pref("CT1060933.defaultSearch", "false");
user_pref("CT1060933.embeddedsData", "[{\"appId\":\"128280995260143876\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT1060933.enableAlerts", "false");
user_pref("CT1060933.enableSearchFromAddressBar", "true");
user_pref("CT1060933.firstTimeDialogOpened", "true");
user_pref("CT1060933.fixPageNotFoundError", "false");
user_pref("CT1060933.fixPageNotFoundErrorInHidden", "true");
user_pref("CT1060933.fixUrls", true);
user_pref("CT1060933.installId", "ConduitNSISIntegration");
user_pref("CT1060933.installType", "ConduitNSISIntegration");
user_pref("CT1060933.isCheckedStartAsHidden", true);
user_pref("CT1060933.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1060933.isFirstTimeToolbarLoading", "false");
user_pref("CT1060933.isNewTabEnabled", false);
user_pref("CT1060933.isPerformedSmartBarTransition", "true");
user_pref("CT1060933.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT1060933.keyword", false);
user_pref("CT1060933.migrateAppsAndComponents", true);
user_pref("CT1060933.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"http%3A%2F%2Fwww.biology-online.org%2Fbiology-forum%2Fabout459.html\",\"EB_MAIN_
user_pref("CT1060933.openThankYouPage", "false");
user_pref("CT1060933.openUninstallPage", "true");
user_pref("CT1060933.search.searchAppId", "128280995260143876");
user_pref("CT1060933.search.searchCount", "0");
user_pref("CT1060933.searchInNewTabEnabled", "false");
user_pref("CT1060933.searchInNewTabEnabledInHidden", "true");
user_pref("CT1060933.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1060933.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT1060933.sendUsageEnabled", "false");
user_pref("CT1060933.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT1060933.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1060933\"}");
user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://Freecorder.Media-Toolbar.com//xpi\"}");
user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Freecorder\"}");
user_pref("CT1060933.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1060933.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT1060933.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1355106678590");
user_pref("CT1060933.serviceLayer_services_appTracking_lastUpdate", "1353432610095");
user_pref("CT1060933.serviceLayer_services_appsMetadata_lastUpdate", "1355535782039");
user_pref("CT1060933.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1354408710445");
user_pref("CT1060933.serviceLayer_services_login_10.10.10.4_lastUpdate", "1342414888391");
user_pref("CT1060933.serviceLayer_services_login_10.10.2.10_lastUpdate", "1340048794491");
user_pref("CT1060933.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345586424003");
user_pref("CT1060933.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352685636323");
user_pref("CT1060933.serviceLayer_services_login_10.13.40.15_lastUpdate", "1355590866239");
user_pref("CT1060933.serviceLayer_services_optimizer_lastUpdate", "1352646280359");
user_pref("CT1060933.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1354408710495");
user_pref("CT1060933.serviceLayer_services_searchAPI_lastUpdate", "1355535782063");
user_pref("CT1060933.serviceLayer_services_serviceMap_lastUpdate", "1355535780104");
user_pref("CT1060933.serviceLayer_services_toolbarContextMenu_lastUpdate", "1354408710472");
user_pref("CT1060933.serviceLayer_services_toolbarSettings_lastUpdate", "1355590866025");
user_pref("CT1060933.serviceLayer_services_translation_lastUpdate", "1355535780306");
user_pref("CT1060933.settingsINI", true);
user_pref("CT1060933.shouldFirstTimeDialog", "false");
user_pref("CT1060933.smartbar.CTID", "CT1060933");
user_pref("CT1060933.smartbar.Uninstall", "0");
user_pref("CT1060933.smartbar.isHidden", false);
user_pref("CT1060933.smartbar.toolbarName", "Freecorder ");
user_pref("CT1060933.startPage", "userChanged");
user_pref("CT1060933.toolbarBornServerTime", "16-6-2012");
user_pref("CT1060933.toolbarCurrentServerTime", "15-12-2012");
user_pref("CT1060933.upgradeFromClearSBVersion", true);
user_pref("CT1060933_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1355601461274,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("CT2704262..clientLogIsEnabled", false);
user_pref("CT2704262..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2704262..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2704262.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2704262.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT2704262.BrowserCompStateIsOpen_129738587603157113", true);
user_pref("CT2704262.BrowserCompStateIsOpen_129738587703159675", true);
user_pref("CT2704262.BrowserCompStateIsOpen_129869134590348979", true);
user_pref("CT2704262.CTID", "CT2704262");
user_pref("CT2704262.CurrentServerDate", "15-12-2012");
user_pref("CT2704262.DSInstall", false);
user_pref("CT2704262.DialogsAlignMode", "LTR");
user_pref("CT2704262.DialogsGetterLastCheckTime", "Fri Dec 14 2012 10:48:33 GMT-0600 (Central Standard Time)");
user_pref("CT2704262.DownloadReferralCookieData", "");
user_pref("CT2704262.FeedLastCount129531287796537552", 160);
user_pref("CT2704262.FeedPollDate129531287797162554", "Sun Jun 17 2012 13:34:39 GMT-0500 (Central Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162555", "Sun Jun 17 2012 13:34:39 GMT-0500 (Central Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162556", "Sun Jun 17 2012 13:34:39 GMT-0500 (Central Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162557", "Sun Jun 17 2012 13:34:39 GMT-0500 (Central Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162558", "Sun Jun 17 2012 13:34:39 GMT-0500 (Central Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162559", "Sun Jun 17 2012 13:34:39 GMT-0500 (Central Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162560", "Sun Jun 17 2012 13:34:39 GMT-0500 (Central Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162561", "Sun Jun 17 2012 13:34:39 GMT-0500 (Central Daylight Time)");
user_pref("CT2704262.FeedTTL129531287797162554", 40);
user_pref("CT2704262.FeedTTL129531287797162555", 40);
user_pref("CT2704262.FeedTTL129531287797162556", 40);
user_pref("CT2704262.FeedTTL129531287797162557", 40);
user_pref("CT2704262.FeedTTL129531287797162558", 40);
user_pref("CT2704262.FeedTTL129531287797162559", 40);
user_pref("CT2704262.FeedTTL129531287797162560", 40);
user_pref("CT2704262.FeedTTL129531287797162561", 40);
user_pref("CT2704262.FirstServerDate", "17-6-2012");
user_pref("CT2704262.FirstTime", true);
user_pref("CT2704262.FirstTimeFF3", true);
user_pref("CT2704262.FirstTimeHiddenVer", true);
user_pref("CT2704262.FixPageNotFoundErrors", true);
user_pref("CT2704262.GroupingServerCheckInterval", 1440);
user_pref("CT2704262.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT2704262.HPInstall", false);
user_pref("CT2704262.HasUserGlobalKeys", true);
user_pref("CT2704262.HomePageProtectorEnabled", false);
user_pref("CT2704262.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
user_pref("CT2704262.Initialize", true);
user_pref("CT2704262.InitializeCommonPrefs", true);
user_pref("CT2704262.InstallationAndCookieDataSentCount", 3);
user_pref("CT2704262.InstallationId", "ConduitNSISIntegration");
user_pref("CT2704262.InstallationType", "ConduitNSISIntegration");
user_pref("CT2704262.InstalledDate", "Sun Jun 17 2012 13:34:34 GMT-0500 (Central Daylight Time)");
user_pref("CT2704262.InvalidateCache", false);
user_pref("CT2704262.IsAlertDBUpdated", true);
user_pref("CT2704262.IsGrouping", false);
user_pref("CT2704262.IsInitSetupIni", true);
user_pref("CT2704262.IsMulticommunity", false);
user_pref("CT2704262.IsOpenThankYouPage", false);
user_pref("CT2704262.IsOpenUninstallPage", true);
user_pref("CT2704262.LanguagePackLastCheckTime", "Fri Dec 14 2012 19:42:58 GMT-0600 (Central Standard Time)");
user_pref("CT2704262.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2704262.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT2704262.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:59:13 GMT-0500 (Central Daylight Time)");
user_pref("CT2704262.LastLogin_3.14.1.0", "Tue Aug 21 2012 16:58:24 GMT-0500 (Central Daylight Time)");
user_pref("CT2704262.LastLogin_3.15.1.0", "Tue Nov 06 2012 21:11:14 GMT-0600 (Central Standard Time)");
user_pref("CT2704262.LastLogin_3.16.0.3", "Sat Dec 15 2012 10:59:06 GMT-0600 (Central Standard Time)");
user_pref("CT2704262.LatestVersion", "3.16.0.3");
user_pref("CT2704262.Locale", "en");
user_pref("CT2704262.MCDetectTooltipHeight", "83");
user_pref("CT2704262.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2704262.MCDetectTooltipWidth", "295");
user_pref("CT2704262.MyStuffEnabledAtInstallation", true);
user_pref("CT2704262.OriginalFirstVersion", "3.13.0.6");
user_pref("CT2704262.RadioIsPodcast", false);
user_pref("CT2704262.RadioLastCheckTime", "Sun Jun 17 2012 13:34:39 GMT-0500 (Central Daylight Time)");
user_pref("CT2704262.RadioLastUpdateIPServer", "3");
user_pref("CT2704262.RadioLastUpdateServer", "129242955136270000");
user_pref("CT2704262.RadioMediaID", "21037024");
user_pref("CT2704262.RadioMediaType", "Media Player");
user_pref("CT2704262.RadioMenuSelectedID", "EBRadioMenu_CT270426221037024");
user_pref("CT2704262.RadioShrinkedFromSetup", false);
user_pref("CT2704262.RadioStationName", "California%20Rock");
user_pref("CT2704262.RadioStationURL", "http://feedlive.net/california.asx");
user_pref("CT2704262.SearchCaption", "FreeSoundRecorder Customized Web Search");
user_pref("CT2704262.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
user_pref("CT2704262.SearchFromAddressBarIsInit", true);
user_pref("CT2704262.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=2&q=");
user_pref("CT2704262.SearchInNewTabEnabled", true);
user_pref("CT2704262.SearchInNewTabIntervalMM", 1440);
user_pref("CT2704262.SearchInNewTabLastCheckTime", "Fri Dec 14 2012 19:42:53 GMT-0600 (Central Standard Time)");
user_pref("CT2704262.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2704262.SearchInNewTabUserEnabled", false);
user_pref("CT2704262.SearchProtectorEnabled", false);
user_pref("CT2704262.SearchProtectorToolbarDisabled", false);
user_pref("CT2704262.SendProtectorDataViaLogin", true);
user_pref("CT2704262.ServiceMapLastCheckTime", "Fri Dec 14 2012 20:43:20 GMT-0600 (Central Standard Time)");
user_pref("CT2704262.SettingsLastCheckTime", "Sat Dec 15 2012 10:59:05 GMT-0600 (Central Standard Time)");
user_pref("CT2704262.SettingsLastUpdate", "1354706882");
user_pref("CT2704262.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2704262&SearchSource=13");
user_pref("CT2704262.ThirdPartyComponentsInterval", 504);
user_pref("CT2704262.ThirdPartyComponentsLastCheck", "Sun Jun 17 2012 13:34:32 GMT-0500 (Central Daylight Time)");
user_pref("CT2704262.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT2704262.ToolbarShrinkedFromSetup", false);
user_pref("CT2704262.TrusteLinkUrl", "http://trust.conduit.com/CT2704262");
user_pref("CT2704262.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2704262.UserID", "UN06496515395782498");
user_pref("CT2704262.alertChannelId", "1096603");
user_pref("CT2704262.autoDisableScopes", -1);
user_pref("CT2704262.backendstorage.2704262a129531303481232105000000paramsgk0", "7B2275706461746552657154696D65223A313335313836343833303536392C227570646174655265737054696D6522
user_pref("CT2704262.backendstorage.cbcountry_001", "5553");
user_pref("CT2704262.backendstorage.cbfirsttime", "53756E204A756E20313720323031322031333A33343A343620474D542D30353030202843656E7472616C204461796C696768742054696D6529");
user_pref("CT2704262.backendstorage.rss_pub_config", "7B2273657474696E6773223A7B2269636F6E223A22687474703A2F2F73746F726167652E636F6E647569742E636F6D2F36322F3237302F43543237303
user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat0", "2535422537422532327479706525323225334125323272737325323225324325323276657273696F6E25323225334
user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat1", "2535422537422532327479706525323225334125323272737325323225324325323276657273696F6E25323225334
user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat2", "2535422537422532327479706525323225334125323272737325323225324325323276657273696F6E25323225334
user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat3", "2535422537422532327479706525323225334125323272737325323225324325323276657273696F6E25323225334
user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000embeddedversion", "322E352E30");
user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000feedsobj", "2537422532326368616E6E656C7325323225334125374225323269642532322533412532326368616E6E656C7
user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000lastreporttime", "3133353138363438363035393220");
user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000newfeeds", "6E65774665656473");
user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000readitemsarr", "253742253232687474702533412532462532467777772E6E7974696D65732E636F6D25324632303132253
user_pref("CT2704262.backendstorage.shoppingapp.gk.exipres", "467269204A756E20323220323031322031333A33343A343520474D542D30353030202843656E7472616C204461796C696768742054696D652
user_pref("CT2704262.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
user_pref("CT2704262.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2704262.globalFirstTimeInfoLastCheckTime", "Sun Jun 17 2012 13:34:35 GMT-0500 (Central Daylight Time)");
user_pref("CT2704262.homepageProtectorEnableByLogin", true);
user_pref("CT2704262.initDone", true);
user_pref("CT2704262.isAppTrackingManagerOn", true);
user_pref("CT2704262.isFirstRadioInstallation", false);
user_pref("CT2704262.myStuffEnabled", true);
user_pref("CT2704262.myStuffPublihserMinWidth", 400);
user_pref("CT2704262.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2704262.myStuffServiceIntervalMM", 1440);
user_pref("CT2704262.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2704262.navigateToUrlOnSearch", false);
user_pref("CT2704262.revertSettingsEnabled", false);
user_pref("CT2704262.searchProtectorDialogDelayInSec", 10);
user_pref("CT2704262.searchProtectorEnableByLogin", true);
user_pref("CT2704262.testingCtid", "");
user_pref("CT2704262.toolbarAppMetaDataLastCheckTime", "Fri Dec 14 2012 20:43:20 GMT-0600 (Central Standard Time)");
user_pref("CT2704262.toolbarContextMenuLastCheckTime", "Sun Jun 17 2012 13:34:40 GMT-0500 (Central Daylight Time)");
user_pref("CT2704262.usagesFlag", 2);
user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2704262/CT2704262", "\"589beef7652a72d707873681f966e7033\"");
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2704262", "\"1342439859\"");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:155b\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:1563\"");
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2704262", "\"f1c77625c0e9bd1c80a2fd6901845fa9\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en", "\"9aaf687c3772c3286bc9e68834fa0061\"");
user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/1344951.xml", "\"c51cf1094577d711918a861fef8907d3\"");
user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/14293310.xml", "\"d442921a4241052ebf947f0fb4e23a0f\"");
user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/16887175.xml", "\"3d9df3b046c020db18ffdc33a33a5afa\"");
user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/17151925.xml", "\"d81bee6d988e4d9792b8b431d8e3ad08\"");
user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/20536157.xml", "\"34337a59352fb8adf1998d2738850216\"");
user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/30261067.xml", "\"68a22f5888c860813152cf16787ecf05\"");
user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/428333.xml", "\"bb8dacdc9805cc119610d42cb1cb3bc8\"");
user_pref("CommunityToolbar.ETag.http://twitter.com/users/show/816653.xml", "\"8d502e7318c0e7a41b1929953eca4b15\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\V\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\4ntns7hp.default\\conduitCommon\\modules\\3.13.0.6");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.ToolbarsList", "CT2704262");
user_pref("CommunityToolbar.ToolbarsList2", "CT2704262");
user_pref("CommunityToolbar.ToolbarsList4", "CT2704262");
user_pref("CommunityToolbar.globalUserId", "63f0ac5c-8370-452c-b19a-5eea87486d34");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2704262");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jun 17 2012 13:34:40 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.alertEnabled", false);
user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jun 17 2012 13:34:33 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "9de7aa02-2d24-48b2-9aec-4b98b61bde8e");
user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Sun Jun 17 2012 13:34:38 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Sun Jun 17 2012 13:34:38 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Sun Jun 17 2012 13:34:38 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Sun Jun 17 2012 13:34:38 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Sun Jun 17 2012 13:34:38 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Sun Jun 17 2012 13:34:38 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Sun Jun 17 2012 13:34:38 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Sun Jun 17 2012 13:34:38 GMT-0500 (Central Daylight Time)");
user_pref("Smartbar.keywordURLSelectedCTID", "");
user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=2&q=");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/15/2012 at 19:55:00.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
























Farbar (second report, post service-repair):


Farbar Service Scanner Version: 10-12-2012
Ran by V (administrator) on 15-12-2012 at 20:21:16
Running from "D:\Feral FurE\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




















RKILL:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/15/2012 08:18:07 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\V\Desktop\rkill\rkill-12-15-2012-08-18-12.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$3c42eb883e76c42fe757e3ec8d556822\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$3c42eb883e76c42fe757e3ec8d556822\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$3c42eb883e76c42fe757e3ec8d556822\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$3c42eb883e76c42fe757e3ec8d556822\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-870282343-3749005249-4056677417-1000\$3c42eb883e76c42fe757e3ec8d556822\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-870282343-3749005249-4056677417-1000\$3c42eb883e76c42fe757e3ec8d556822\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-870282343-3749005249-4056677417-1000\$3c42eb883e76c42fe757e3ec8d556822\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-870282343-3749005249-4056677417-1000\$3c42eb883e76c42fe757e3ec8d556822\U\ [ZA Dir]

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]

* iphlpsvc [Missing ImagePath]
* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/15/2012 08:19:10 PM
Execution time: 0 hours(s), 1 minute(s), and 2 seconds(s)



















Autoruns:


"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AdobeAAMUpdater-1.0" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"
+ "AmIcoSinglun64" "Single LUN Icon Utility for VID 058F PID 6366" "Alcor Micro Corp." "c:\program files (x86)\amicosinglun\amicosinglun64.exe"
+ "BTMTrayAgent" "Bluetooth Shell Extension" "Intel Corporation" "c:\program files (x86)\intel\bluetooth\btmshell.dll"
+ "ETDCtrl" "ETD Control Center" "ELAN Microelectronics Corp." "c:\program files\elantech\etdctrl.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "IntelPAN" "Intel® PROSet/Wireless Framework" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\ifrmewrk.exe"
+ "IntelTBRunOnce" "" "" "c:\program files\intel\turboboost\runtbgadgetonce.vbs"
+ "Logitech Download Assistant" "Logitech Download Assistant" "Logitech, Inc." "c:\windows\system32\logilda.dll"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "RtHDVBg" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "AirPort Base Station Agent" "AirPort Base Station Agent" "Apple Inc." "c:\program files (x86)\airport\apagent.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "ASUSPRP" "ASUS Product Register Program" "ASUSTek Computer Inc." "c:\program files (x86)\asus\aprp\aprp.exe"
+ "ASUSWebStorage" "AsusWebStorage" "ecareme" "c:\program files (x86)\asus\asus webstorage\3.0.108.222\asuswspanel.exe"
+ "ATKMEDIA" "ATK Media" "ASUS" "c:\program files (x86)\asus\atk package\atk media\dmedia.exe"
+ "ATKOSD2" "ATKOSD2" "ASUS" "c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe"
+ "AVG_UI" "AVG User Interface" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgui.exe"
+ "FLxHCIm" "Fresco Logic" "Windows ® Win 7 DDK provider" "c:\program files\fresco logic inc\fresco logic usb3.0 host controller\host\flxhcim.exe"
+ "Freecorder FLV Service" "FLV Service for Freecorder" "Applian Technologies, Inc." "c:\program files (x86)\freecorder\flvsrvc.exe"
+ "HControlUser" "HControlUser" "ASUS" "c:\program files (x86)\asus\atk package\atk hotkey\hcontroluser.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "SonicMasterTray" "ASUS_MATray.exe" "Virage Logic Corporation / Sonic Focus" "c:\program files (x86)\asus\sonic focus\sonicfocustray.exe"
+ "StopDefragment" "" "" "File not found: Install\StopDefragment.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "Wireless Console 3" "Wireless Console 3" "ASUS" "c:\program files (x86)\asus\wireless console 3\wcourier.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "Malwarebytes Anti-Malware" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "AsusVibeLauncher.lnk" "AsusVibe Application" "ASUSTeK Computer Inc." "c:\program files (x86)\asus\asusvibe\asusvibelauncher.exe"
+ "FancyStart daemon.lnk" "" "" "c:\windows\installer\{2b81872b-a054-48da-be3b-fa5c164c303a}\_c4a2fc3e3722966204fdd8.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Anmama" "" "" "File not found: C:\Users\V\AppData\Roaming\Anmama.exe"
+ "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "Steam" "Steam" "Valve Corporation" "c:\program files (x86)\steam\steam.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "" "" "File not found: C:\Program Files (x86)\AVG\AVG2012\avgppa.dll"
+ "skype-ie-addon-data" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgsea.dll"
+ "BTMSentToExt" "Bluetooth Shell Extension" "Intel Corporation" "c:\program files (x86)\intel\bluetooth\btmshell.dll"
+ "DataSanitizerShellExtObj" "TODO: <File description>" "TODO: <Company name>" "c:\program files (x86)\common files\asus\secure delete\asus secure delete shellext.dll"
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll"
+ "ShellConverter" "AVSShellConverter ActiveX DLL" "Online Media Technologies Ltd." "c:\program files (x86)\common files\avsmedia\activex\avsshellconverter64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgse.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "DataSanitizerShellExtObj" "TODO: <File description>" "TODO: <Company name>" "c:\program files (x86)\common files\asus\secure delete\asus secure delete shellext.dll"
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgsea.dll"
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgse.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "AsusWSShellExt_B" "AsusWSShellExt64" "eCareme Technologies, Inc." "c:\program files (x86)\asus\asus webstorage\3.0.108.222\asuswsshellext64.dll"
+ "AsusWSShellExt_O" "AsusWSShellExt64" "eCareme Technologies, Inc." "c:\program files (x86)\asus\asus webstorage\3.0.108.222\asuswsshellext64.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "AVG Safe Search" "" "" "File not found: C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "Skype add-on for Internet Explorer" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Safe Search" "" "" "File not found: C:\Program Files (x86)\AVG\AVG2012\avgssie.dll"
+ "Freecorder Toolbar" "Conduit Toolbar" "Conduit Ltd." "c:\program files (x86)\freecorder\prxtbfree.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Freecorder Toolbar" "Conduit Toolbar" "Conduit Ltd." "c:\program files (x86)\freecorder\prxtbfree.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll"
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\ATKOSD2" "ATKOSD2" "ASUS" "c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "\{179CE0E1-C800-4C7C-A301-B6545BA201D3}" "VirtualDJ" "Atomix Productions" "c:\program files (x86)\virtualdj\virtualdj_home.exe"
+ "\{686ACDC4-3F51-4716-8072-DB66E3EAD4BA}" "VirtualDJ" "Atomix Productions" "c:\program files (x86)\virtualdj\virtualdj_home.exe"
+ "\{6A460466-4690-4C5A-B701-C1B0F04D63E6}" "VirtualDJ" "Atomix Productions" "c:\program files (x86)\virtualdj\virtualdj_home.exe"
+ "\{88148B5A-6559-4D1E-8BD0-59F62C256E88}" "VirtualDJ" "Atomix Productions" "c:\program files (x86)\virtualdj\virtualdj_home.exe"
+ "\{95014616-5A19-4919-B451-D51C7366047F}" "VirtualDJ" "Atomix Productions" "c:\program files (x86)\virtualdj\virtualdj_home.exe"
+ "\{A0BBD297-6E87-4948-9AF1-4943A0C5BAFF}" "VirtualDJ" "Atomix Productions" "c:\program files (x86)\virtualdj\virtualdj_home.exe"
+ "\{A675782C-F209-495F-B8BB-CE56F204C01A}" "VirtualDJ" "Atomix Productions" "c:\program files (x86)\virtualdj\virtualdj_home.exe"
+ "\{D261E118-8FAC-44CA-A390-D82190247217}" "VirtualDJ" "Atomix Productions" "c:\program files (x86)\virtualdj\virtualdj_home.exe"
+ "\{D94B49C2-0F0E-47B3-B53C-16873E6F626A}" "VirtualDJ" "Atomix Productions" "c:\program files (x86)\virtualdj\virtualdj_home.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AFBAgent" "ASUS FastBoot" "ASUSTeK Computer Inc." "c:\windows\system32\fbagent.exe"
+ "AMPPALR3" "Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter" "Intel Corporation" "c:\program files\intel\bluetoothhs\bthsamppalservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "ASLDRService" "ASLDR Service" "ASUS" "c:\program files (x86)\asus\atk package\atk hotkey\asldrsrv.exe"
+ "ATKGFNEXSrv" "GFNEXSrv" "ASUS" "c:\program files (x86)\asus\atk package\atkgfnex\gfnexsrv.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgwdsvc.exe"
+ "Bluetooth Device Monitor" "A process to monitor Bluetooth radio state and configure Bluetooth remote folders." "Intel Corporation" "c:\program files (x86)\intel\bluetooth\devmonsrv.exe"
+ "Bluetooth Media Service" "Provides Bluetooth Media Profiles support" "Intel Corporation" "c:\program files (x86)\intel\bluetooth\mediasrv.exe"
+ "Bluetooth OBEX Service" "Provides Bluetooth File Transfer Protocol support." "Intel Corporation" "c:\program files (x86)\intel\bluetooth\obexsrv.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "BTHSSecurityMgr" "Manages the 802.1x security between two Bluetooth® High Speed connections." "Intel® Corporation" "c:\program files\intel\bluetoothhs\bthssecuritymgr.exe"
+ "cphs" "Intel® Content Protection HECI Service - enables communication with the Content Protection FW" "Intel Corporation" "c:\windows\syswow64\intelcphecisvc.exe"
+ "EvtEng" "Manages the event trace messages for all the Intel® PROSet/Wireless Software components." "Intel® Corporation" "c:\program files\intel\wifi\bin\evteng.exe"
+ "fsssvc" "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work." "Microsoft Corporation" "c:\program files (x86)\windows live\family safety\fsssvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\1050\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "MyWiFiDHCPDNS" "Wireless PAN DHCP and DNS Server" "" "c:\program files\intel\wifi\bin\pandhcpdns.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "RegSrvc" "Provides registry access to all Intel® PROSet/Wireless Software components" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"
+ "Skype C2C Service" "Skype Click to Call Update Service" "Skype Technologies S.A." "c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe"
+ "TurboBoost" "Intel® Turbo Boost Technology Monitor" "Intel® Corporation" "c:\program files\intel\turboboost\turboboost.exe"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "AMPPAL" "Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\amppal.sys"
+ "AMPPALP" "Intel® Centrino® Bluetooth 3.0 + High Speed Protocol" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\amppal.sys"
+ "AmUStor" "Alocr Micro USB Mass Storage Driver" "Alcor Micro, Corp." "c:\windows\system32\drivers\amustor.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "ASMMAP64" "Memory mapping Driver" "ASUS" "c:\program files (x86)\asus\atk package\atkgfnex\asmmap64.sys"
+ "assd" "ASUS Image Toolkit Disk Monitor Driver" "ASUS Corporation" "c:\windows\system32\drivers\assd.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "ATKWMIACPIIO" "ATK WMIACPI Utility" "ASUS" "c:\program files (x86)\asus\atk package\atk wmiacpi\atkwmiacpi64.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdrivera.sys"
+ "AVGIDSHA" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsha.sys"
+ "Avgldx64" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx64.sys"
+ "Avgloga" "AVG Logging Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgloga.sys"
+ "Avgmfx64" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx64.sys"
+ "Avgrkx64" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx64.sys"
+ "Avgtdia" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdia.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "btmaux" "Bluetooth Auxiliary Driver" "Intel Corporation" "c:\windows\system32\drivers\btmaux.sys"
+ "btmhsf" "Bluetooth HighSpeed Filter Driver" "Intel Corporation" "c:\windows\system32\drivers\btmhsf.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "ETD" "ETD Kernel Center" "ELAN Microelectronics Corp." "c:\windows\system32\drivers\etd.sys"
+ "FLxHCIc" "xHCI Bus Driver" "Fresco Logic" "c:\windows\system32\drivers\flxhcic.sys"
+ "FLxHCIh" "xHCI Hub Driver" "Fresco Logic" "c:\windows\system32\drivers\flxhcih.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iBtFltCoex" "Intel® Centrino® Wireless (Bluetooth Adapter) Driver" "Intel Corporation" "c:\windows\system32\drivers\ibtfltcoex.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "intaud_WaveExtensible" "Intel® WiDi Solution" "Intel Corporation" "c:\windows\system32\drivers\intelaud.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "iwdbus" "Intel® WiDi Solution" "Intel Corporation" "c:\windows\system32\drivers\iwdbus.sys"
+ "kbfiltr" "Keyboard Filter Driver" " " "c:\windows\system32\drivers\kbfiltr.sys"
+ "L1C" "Atheros L1c PCI-E Gigabit Ethernet Controller" "Atheros Communications, Inc." "c:\windows\system32\drivers\l1c62x64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "NETwNs64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netwns64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "NIWinCDEmu" "" "" "c:\windows\system32\drivers\niwincdemu.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PxHlpa64" "Px Engine Device Driver for 64-bit Windows" "Rovi Corporation" "c:\windows\system32\drivers\pxhlpa64.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSGbeLH" "NDIS 6.0 Miniport Driver for SiS191/SiS190 Ethernet Device" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisg664.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "TurboB" "Turbo Boost UI Monitor driver" "" "c:\windows\system32\drivers\turbob.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "VSTWinDriver6" "WinDriver Device Driver 9.21" "Jungo" "c:\windows\system32\drivers\vstwindrvr6.sys"
+ "wdkmd" "Intel® WiDi Solution" "Intel Corporation" "c:\windows\system32\drivers\wdkmd.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "msacm.vorbis" "Ogg Vorbis CODEC for MSACM" "HMS http://hp.vector.co.jp/authors/VA012897/" "c:\windows\syswow64\vorbis.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "IL FL Studio DXi" "" "Image-Line" "c:\program files (x86)\image-line\fl studio 10\system\plugin\dxi\fl studio dxi.dll"
+ "IL Multi FL Studio DXi" "" "Image-Line" "c:\program files (x86)\image-line\fl studio 10\system\plugin\dxi\fl studio dxi (multi).dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ASUS Color Preview Filter" "ASUS Color Preview Filter" "ASUSTek" "c:\program files (x86)\asus\splendid\rgbtran.ax"
+ "Color Convert" "ASUS Color Preview Filter" "ASUSTek" "c:\program files (x86)\asus\splendid\rgbtran.ax"
+ "VDP Renderer" "VDP Filter" "Intel Corporation" "c:\program files (x86)\intel\bluetooth\vdpsnka.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ASUS Color Convert" "ASUS Color Preview Filter" "ASUSTek" "c:\program files (x86)\asus\splendid\rgbtran.ax"
+ "ASUS Color Preview Filter" "ASUS Color Preview Filter" "ASUSTek" "c:\program files (x86)\asus\splendid\rgbtran.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "DS Video Buffer Filter" "WiDiAgent.dll COM object." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\dsbuffer_video.ax"
+ "Intel® Mux Renderer" "Intel® TS Mux / Network Renderer" "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\intelmux.dll"
+ "Intel®WiDi H264 encoder" "" "" "c:\program files (x86)\common files\intel corporation\widiagent\h264_enc_filter.dll"
+ "Logon Effects" "SmartLogon Filter" "ASUS" "c:\program files (x86)\asus\smartlogon\face_filter.ax"
+ "MainConcept AAC Encoder" "AAC audio encoder filter" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mc_enc_aac_ds.ax"
+ "RDS Smart Tee" "" "" "c:\program files (x86)\common files\vernier software\videocapture\rdssmarttee.ax"
+ "RDS Video Buffer Renderer" "" "" "c:\program files (x86)\common files\vernier software\videocapture\rdsvideobufferrenderer.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "VDP Renderer" "VDP Filter" "Intel Corporation" "c:\program files (x86)\intel\bluetooth\vdpsnk.dll"
+ "Video Memory Render Filter" "" "" "c:\program files (x86)\image-line\fl studio 10\plugins\fruity\effects\zgameeditor visualizer\videomemoryrenderfilter.ax"
+ "WD Audio Filter" "WiDi Audio Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdaudiofilter.dll"
+ "WD Secure Source Filter" "Intel® WiDi Secure Video Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdsecuresourcefilter.dll"
+ "WDSource Filter" "WiDi Video Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdsourcefilter.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "FaceCredentialProvider64" "SmartLogon Dynamic Link Library" "ASUS" "c:\program files (x86)\asus\smartlogon\system\facecredentialprovider64.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"C:\Users\V\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "" "" "" "C:\Program Files\Windows Sidebar\Shared Gadgets\TurboBoostUi.Gadget"
+ "CPU Meter" "See the current computer CPU and system memory (RAM)." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\Gadget.xml"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:34 PM

Posted 18 December 2012 - 02:36 AM

Now run RKILL given in previous instructions and post the new log

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log

Edited by narenxp, 23 December 2012 - 09:56 PM.


#7 F F

F F
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 19 December 2012 - 01:49 PM

RKILL Log:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/19/2012 05:00:15 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]

* iphlpsvc [Missing ImagePath]
* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/19/2012 05:00:19 PM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)






Farbar Log:
Farbar Service Scanner Version: 10-12-2012
Ran by V (administrator) on 19-12-2012 at 17:03:23
Running from "D:\Feral FurE\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by F F, 19 December 2012 - 06:04 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:34 PM

Posted 21 December 2012 - 03:35 AM

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Reset file permissions
Register system files
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the new FSS log

#9 F F

F F
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 21 December 2012 - 05:13 PM

Farbar Service Scanner Version: 10-12-2012
Ran by V (administrator) on 21-12-2012 at 16:12:39
Running from "D:\Feral FurE\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



I can now access Windows Firewall and turn it on/off, but I cannot access Windows Defender. When I try and change its state, it says: "The specified service does not exist as an installed service. (Error code: 0x80070424)"

Edited by F F, 21 December 2012 - 05:28 PM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:34 PM

Posted 23 December 2012 - 09:59 PM

Download

Windefend
iphlpsvc

Launch it and click YES

Restart the PC.Windows defender should work now

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#11 F F

F F
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 24 December 2012 - 03:37 PM

I installed both of the registry keys linked following restart, I still cannot access Windows Defender. When I click to open it up from Control Panel, it responds saying it is turned off. When I click to turn it on it goes unresponsive showing the loading spinny wheel icon but nothing happens.

If you may please, mist Narenxp, assist me with this new problem, it would be much appreciated! Thanks for all of your help!

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:34 PM

Posted 25 December 2012 - 12:39 AM

Windows defender is useless.AVG is disabling your windows defender from turning on.Most of the security softwares would disable windows defender.

Happy christmas and safe surfing




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users