Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus


  • Please log in to reply
49 replies to this topic

#1 catbad

catbad

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 31 January 2013 - 02:16 PM

Apparently I have the dreaded redirect virus. I have tried malewarebytes, adaware, Norton power eraser and mcaffee virus scan and they all come up empty. I ran adwcleaner and here is the log but still getting redirected mostly to an IP or to Beesq, please help :

# AdwCleaner v2.109 - Logfile created 01/31/2013 at 13:48:50
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : cmccaleb - BRITTENBOCA050
# Boot Mode : Normal
# Running from : C:\Users\cmccaleb.NATIONWIDE\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
Folder Deleted : C:\Program Files\adawaretb
Folder Deleted : C:\ProgramData\blekko toolbars

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

*************************

AdwCleaner[S1].txt - [1555 octets] - [31/01/2013 13:48:50]

########## EOF - H:\AdwCleaner[S1].txt - [1615 octets] ##########

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:18 AM

Posted 31 January 2013 - 02:18 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 catbad

catbad
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 31 January 2013 - 02:28 PM

TDSkiller results:

14:14:45.0785 5572 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:14:46.0398 5572 ============================================================
14:14:46.0398 5572 Current date / time: 2013/01/31 14:14:46.0398
14:14:46.0398 5572 SystemInfo:
14:14:46.0398 5572
14:14:46.0398 5572 OS Version: 6.1.7601 ServicePack: 1.0
14:14:46.0398 5572 Product type: Workstation
14:14:46.0398 5572 ComputerName: BRITTENBOCA050
14:14:46.0399 5572 UserName: cmccaleb
14:14:46.0399 5572 Windows directory: C:\Windows
14:14:46.0399 5572 System windows directory: C:\Windows
14:14:46.0399 5572 Processor architecture: Intel x86
14:14:46.0399 5572 Number of processors: 4
14:14:46.0399 5572 Page size: 0x1000
14:14:46.0399 5572 Boot type: Normal boot
14:14:46.0399 5572 ============================================================
14:14:49.0422 5572 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:14:49.0424 5572 ============================================================
14:14:49.0424 5572 \Device\Harddisk0\DR0:
14:14:49.0424 5572 MBR partitions:
14:14:49.0424 5572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1947000
14:14:49.0424 5572 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x195B000, BlocksNum 0x1B86A000
14:14:49.0425 5572 ============================================================
14:14:49.0543 5572 C: <-> \Device\Harddisk0\DR0\Partition2
14:14:49.0543 5572 ============================================================
14:14:49.0544 5572 Initialize success
14:14:49.0544 5572 ============================================================
14:16:23.0261 1672 ============================================================
14:16:23.0261 1672 Scan started
14:16:23.0261 1672 Mode: Manual; TDLFS;
14:16:23.0261 1672 ============================================================
14:16:24.0012 1672 ================ Scan system memory ========================
14:16:24.0012 1672 System memory - ok
14:16:24.0012 1672 ================ Scan services =============================
14:16:24.0305 1672 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:16:24.0410 1672 1394ohci - ok
14:16:24.0429 1672 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:16:24.0431 1672 ACPI - ok
14:16:24.0436 1672 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:16:24.0493 1672 AcpiPmi - ok
14:16:24.0649 1672 [ A09A61CFDE15E5A67701EA812CE3F43F ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
14:16:24.0714 1672 Ad-Aware Service - ok
14:16:24.0733 1672 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:16:24.0743 1672 adp94xx - ok
14:16:24.0748 1672 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:16:24.0753 1672 adpahci - ok
14:16:24.0757 1672 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:16:24.0763 1672 adpu320 - ok
14:16:24.0778 1672 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:16:24.0778 1672 AeLookupSvc - ok
14:16:24.0833 1672 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
14:16:24.0890 1672 AFD - ok
14:16:24.0911 1672 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
14:16:24.0918 1672 agp440 - ok
14:16:24.0926 1672 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:16:24.0931 1672 aic78xx - ok
14:16:24.0949 1672 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
14:16:24.0953 1672 ALG - ok
14:16:24.0955 1672 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
14:16:24.0960 1672 aliide - ok
14:16:24.0993 1672 [ 912935C4DF55BEC1C951363D19C9BA92 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:16:25.0091 1672 AMD External Events Utility - ok
14:16:25.0094 1672 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:16:25.0098 1672 amdagp - ok
14:16:25.0101 1672 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
14:16:25.0104 1672 amdide - ok
14:16:25.0107 1672 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:16:25.0110 1672 AmdK8 - ok
14:16:25.0243 1672 [ 82563243A0C2B6864E24846820B57D52 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:16:25.0447 1672 amdkmdag - ok
14:16:25.0459 1672 [ 4A9F47A08D29510AFA24638540071A60 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:16:25.0575 1672 amdkmdap - ok
14:16:25.0615 1672 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:16:25.0620 1672 AmdPPM - ok
14:16:25.0654 1672 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:16:25.0785 1672 amdsata - ok
14:16:25.0789 1672 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:16:25.0794 1672 amdsbs - ok
14:16:25.0797 1672 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:16:25.0884 1672 amdxata - ok
14:16:25.0901 1672 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
14:16:26.0015 1672 AppID - ok
14:16:26.0066 1672 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:16:26.0070 1672 AppIDSvc - ok
14:16:26.0083 1672 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
14:16:26.0085 1672 Appinfo - ok
14:16:26.0106 1672 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
14:16:26.0113 1672 AppMgmt - ok
14:16:26.0118 1672 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
14:16:26.0124 1672 arc - ok
14:16:26.0129 1672 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:16:26.0138 1672 arcsas - ok
14:16:26.0286 1672 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:16:26.0397 1672 aspnet_state - ok
14:16:26.0438 1672 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:16:26.0438 1672 AsyncMac - ok
14:16:26.0452 1672 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
14:16:26.0453 1672 atapi - ok
14:16:26.0498 1672 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:16:26.0502 1672 AudioEndpointBuilder - ok
14:16:26.0515 1672 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:16:26.0519 1672 Audiosrv - ok
14:16:26.0540 1672 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:16:26.0568 1672 AxInstSV - ok
14:16:26.0595 1672 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
14:16:26.0604 1672 b06bdrv - ok
14:16:26.0637 1672 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:16:26.0644 1672 b57nd60x - ok
14:16:26.0661 1672 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
14:16:26.0667 1672 BDESVC - ok
14:16:26.0669 1672 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
14:16:26.0672 1672 Beep - ok
14:16:26.0691 1672 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
14:16:26.0694 1672 BFE - ok
14:16:26.0719 1672 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
14:16:26.0784 1672 BITS - ok
14:16:26.0787 1672 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:16:26.0793 1672 blbdrive - ok
14:16:26.0824 1672 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:16:26.0875 1672 bowser - ok
14:16:26.0878 1672 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:16:26.0881 1672 BrFiltLo - ok
14:16:26.0884 1672 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:16:26.0888 1672 BrFiltUp - ok
14:16:26.0912 1672 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
14:16:26.0975 1672 Browser - ok
14:16:26.0982 1672 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:16:26.0987 1672 Brserid - ok
14:16:26.0991 1672 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:16:26.0995 1672 BrSerWdm - ok
14:16:26.0998 1672 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:16:27.0000 1672 BrUsbMdm - ok
14:16:27.0003 1672 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:16:27.0007 1672 BrUsbSer - ok
14:16:27.0011 1672 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:16:27.0015 1672 BTHMODEM - ok
14:16:27.0044 1672 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
14:16:27.0050 1672 bthserv - ok
14:16:27.0070 1672 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:16:27.0077 1672 cdfs - ok
14:16:27.0095 1672 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:16:27.0176 1672 cdrom - ok
14:16:27.0202 1672 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
14:16:27.0203 1672 CertPropSvc - ok
14:16:27.0206 1672 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
14:16:27.0209 1672 circlass - ok
14:16:27.0223 1672 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
14:16:27.0225 1672 CLFS - ok
14:16:27.0332 1672 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:16:27.0346 1672 clr_optimization_v2.0.50727_32 - ok
14:16:27.0377 1672 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:16:27.0414 1672 clr_optimization_v4.0.30319_32 - ok
14:16:27.0431 1672 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:16:27.0435 1672 CmBatt - ok
14:16:27.0439 1672 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:16:27.0444 1672 cmdide - ok
14:16:27.0474 1672 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
14:16:27.0565 1672 CNG - ok
14:16:27.0627 1672 [ 83B54F32C6F55D853AD67A0C45D258C7 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
14:16:27.0686 1672 CnxtHdAudService - ok
14:16:27.0689 1672 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:16:27.0693 1672 Compbatt - ok
14:16:27.0709 1672 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:16:27.0745 1672 CompositeBus - ok
14:16:27.0753 1672 COMSysApp - ok
14:16:27.0757 1672 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:16:27.0760 1672 crcdisk - ok
14:16:27.0800 1672 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:16:27.0803 1672 CryptSvc - ok
14:16:27.0833 1672 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
14:16:27.0922 1672 CSC - ok
14:16:27.0930 1672 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
14:16:27.0933 1672 CscService - ok
14:16:28.0012 1672 [ 90F8539FA0DE4AAFE4FDBE7F95D6A512 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
14:16:28.0082 1672 dc3d - ok
14:16:28.0122 1672 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
14:16:28.0129 1672 DcomLaunch - ok
14:16:28.0159 1672 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
14:16:28.0161 1672 defragsvc - ok
14:16:28.0173 1672 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:16:28.0256 1672 DfsC - ok
14:16:28.0284 1672 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:16:28.0286 1672 Dhcp - ok
14:16:28.0289 1672 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
14:16:28.0292 1672 discache - ok
14:16:28.0311 1672 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
14:16:28.0314 1672 Disk - ok
14:16:28.0330 1672 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
14:16:28.0432 1672 dmvsc - ok
14:16:28.0471 1672 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:16:28.0473 1672 Dnscache - ok
14:16:28.0488 1672 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
14:16:28.0542 1672 dot3svc - ok
14:16:28.0546 1672 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
14:16:28.0548 1672 DPS - ok
14:16:28.0598 1672 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:16:28.0603 1672 drmkaud - ok
14:16:28.0621 1672 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:16:28.0695 1672 DXGKrnl - ok
14:16:28.0736 1672 [ 13B5171CF014D2D663CE436A3B48EA30 ] Eacfilt C:\Windows\system32\DRIVERS\eacfilt.sys
14:16:28.0859 1672 Eacfilt - ok
14:16:28.0887 1672 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
14:16:28.0888 1672 EapHost - ok
14:16:28.0964 1672 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
14:16:29.0018 1672 ebdrv - ok
14:16:29.0049 1672 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
14:16:29.0051 1672 EFS - ok
14:16:29.0135 1672 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:16:29.0247 1672 ehRecvr - ok
14:16:29.0253 1672 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
14:16:29.0274 1672 ehSched - ok
14:16:29.0318 1672 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:16:29.0327 1672 elxstor - ok
14:16:29.0448 1672 [ C3D8C7E58D6194286A6D3985CABF19E7 ] enterceptAgent C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
14:16:29.0548 1672 enterceptAgent - ok
14:16:29.0551 1672 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:16:29.0553 1672 ErrDev - ok
14:16:29.0583 1672 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
14:16:29.0591 1672 EventSystem - ok
14:16:29.0606 1672 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
14:16:29.0610 1672 exfat - ok
14:16:29.0614 1672 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:16:29.0619 1672 fastfat - ok
14:16:29.0646 1672 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
14:16:29.0649 1672 Fax - ok
14:16:29.0661 1672 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
14:16:29.0663 1672 fdc - ok
14:16:29.0675 1672 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
14:16:29.0676 1672 fdPHost - ok
14:16:29.0679 1672 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
14:16:29.0683 1672 FDResPub - ok
14:16:29.0686 1672 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:16:29.0691 1672 FileInfo - ok
14:16:29.0694 1672 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:16:29.0698 1672 Filetrace - ok
14:16:29.0729 1672 [ F96D1C2C40902604329933374950BABB ] Firehk C:\Windows\system32\DRIVERS\firehk.sys
14:16:29.0780 1672 Firehk - ok
14:16:29.0794 1672 [ F96D1C2C40902604329933374950BABB ] FirehkMP C:\Windows\system32\DRIVERS\firehk.sys
14:16:29.0795 1672 FirehkMP - ok
14:16:29.0834 1672 [ B536BC3DF46FD8F915CDB8CAD7961D31 ] firelm01 C:\Windows\system32\drivers\firelm01.sys
14:16:29.0886 1672 firelm01 - ok
14:16:29.0908 1672 [ C2A517A2E19584771A6B261CE80F56E9 ] FirePM C:\Windows\system32\Drivers\FirePM.sys
14:16:29.0963 1672 FirePM - ok
14:16:29.0975 1672 [ 59EF4BD94FEF480C6085064382DC31BB ] FireTDI C:\Windows\system32\Drivers\FireTDI.sys
14:16:30.0036 1672 FireTDI - ok
14:16:30.0050 1672 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:16:30.0053 1672 flpydisk - ok
14:16:30.0073 1672 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:16:30.0078 1672 FltMgr - ok
14:16:30.0107 1672 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
14:16:30.0168 1672 FontCache - ok
14:16:30.0221 1672 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:16:30.0226 1672 FontCache3.0.0.0 - ok
14:16:30.0236 1672 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:16:30.0241 1672 FsDepends - ok
14:16:30.0261 1672 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:16:30.0317 1672 Fs_Rec - ok
14:16:30.0350 1672 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:16:30.0457 1672 fvevol - ok
14:16:30.0485 1672 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:16:30.0489 1672 gagp30kx - ok
14:16:30.0591 1672 [ 483924F92E55A5F9423201EC635E2CED ] gfibto C:\Windows\system32\drivers\gfibto.sys
14:16:30.0693 1672 gfibto - ok
14:16:30.0723 1672 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
14:16:30.0794 1672 gpsvc - ok
14:16:30.0912 1672 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:16:30.0914 1672 gupdate - ok
14:16:30.0919 1672 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:16:30.0920 1672 gupdatem - ok
14:16:30.0953 1672 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:16:30.0959 1672 hcw85cir - ok
14:16:30.0970 1672 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:16:30.0972 1672 HDAudBus - ok
14:16:30.0976 1672 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:16:30.0980 1672 HidBatt - ok
14:16:30.0985 1672 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:16:30.0991 1672 HidBth - ok
14:16:31.0004 1672 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:16:31.0008 1672 HidIr - ok
14:16:31.0023 1672 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
14:16:31.0026 1672 hidserv - ok
14:16:31.0029 1672 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:16:31.0126 1672 HidUsb - ok
14:16:31.0159 1672 [ C1213A169904DB58B58602AF542709D7 ] HIPK C:\Windows\system32\drivers\HIPK.sys
14:16:31.0209 1672 HIPK - ok
14:16:31.0228 1672 [ 24C4F92D7C60F6A84449C2914284E060 ] HIPPSK C:\Windows\system32\drivers\HIPPSK.sys
14:16:31.0268 1672 HIPPSK - ok
14:16:31.0285 1672 [ 277C13F3DF009801EEEA728E32607DC6 ] HIPQK C:\Windows\system32\drivers\HIPQK.sys
14:16:31.0325 1672 HIPQK - ok
14:16:31.0373 1672 [ 2BC64E4D591358E332E7A84AD15A8D82 ] hips C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
14:16:31.0465 1672 hips - ok
14:16:31.0492 1672 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:16:31.0493 1672 hkmsvc - ok
14:16:31.0508 1672 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:16:31.0574 1672 HomeGroupListener - ok
14:16:31.0609 1672 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:16:31.0612 1672 HomeGroupProvider - ok
14:16:31.0644 1672 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:16:31.0649 1672 HpSAMD - ok
14:16:31.0661 1672 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:16:31.0722 1672 HTTP - ok
14:16:31.0725 1672 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:16:31.0780 1672 hwpolicy - ok
14:16:31.0802 1672 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:16:31.0805 1672 i8042prt - ok
14:16:31.0820 1672 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:16:31.0917 1672 iaStorV - ok
14:16:31.0963 1672 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:16:32.0041 1672 idsvc - ok
14:16:32.0062 1672 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:16:32.0066 1672 iirsp - ok
14:16:32.0105 1672 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
14:16:32.0109 1672 IKEEXT - ok
14:16:32.0139 1672 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
14:16:32.0144 1672 intelide - ok
14:16:32.0170 1672 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:16:32.0171 1672 intelppm - ok
14:16:32.0180 1672 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:16:32.0188 1672 IPBusEnum - ok
14:16:32.0192 1672 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:16:32.0200 1672 IpFilterDriver - ok
14:16:32.0231 1672 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:16:32.0237 1672 iphlpsvc - ok
14:16:32.0241 1672 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:16:32.0296 1672 IPMIDRV - ok
14:16:32.0299 1672 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:16:32.0302 1672 IPNAT - ok
14:16:32.0342 1672 [ F97A1952DEAA8F21E44FDA68E18D0B65 ] IPSECEXT C:\Windows\system32\DRIVERS\ipsecw2k.sys
14:16:32.0473 1672 IPSECEXT - ok
14:16:32.0478 1672 [ F97A1952DEAA8F21E44FDA68E18D0B65 ] IPSECSHM C:\Windows\system32\DRIVERS\ipsecw2k.sys
14:16:32.0479 1672 IPSECSHM - ok
14:16:32.0488 1672 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:16:32.0490 1672 IRENUM - ok
14:16:32.0494 1672 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:16:32.0497 1672 isapnp - ok
14:16:32.0512 1672 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:16:32.0572 1672 iScsiPrt - ok
14:16:32.0635 1672 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files\Intel\Services\IPT\jhi_service.exe
14:16:32.0728 1672 jhi_service - ok
14:16:32.0743 1672 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:16:32.0746 1672 kbdclass - ok
14:16:32.0752 1672 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:16:32.0823 1672 kbdhid - ok
14:16:32.0858 1672 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
14:16:32.0859 1672 KeyIso - ok
14:16:32.0974 1672 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:16:33.0084 1672 KSecDD - ok
14:16:33.0097 1672 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:16:33.0217 1672 KSecPkg - ok
14:16:33.0242 1672 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
14:16:33.0251 1672 KtmRm - ok
14:16:33.0283 1672 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
14:16:33.0347 1672 LanmanServer - ok
14:16:33.0380 1672 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:16:33.0382 1672 LanmanWorkstation - ok
14:16:33.0408 1672 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:16:33.0412 1672 lltdio - ok
14:16:33.0436 1672 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:16:33.0446 1672 lltdsvc - ok
14:16:33.0451 1672 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
14:16:33.0457 1672 lmhosts - ok
14:16:33.0513 1672 [ 5F5899711DF18A02162B6D518C17B0D7 ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:16:33.0516 1672 LMS - ok
14:16:33.0541 1672 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:16:33.0552 1672 LSI_FC - ok
14:16:33.0555 1672 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:16:33.0560 1672 LSI_SAS - ok
14:16:33.0564 1672 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:16:33.0569 1672 LSI_SAS2 - ok
14:16:33.0572 1672 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:16:33.0575 1672 LSI_SCSI - ok
14:16:33.0598 1672 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
14:16:33.0603 1672 luafv - ok
14:16:33.0667 1672 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:16:33.0803 1672 MBAMProtector - ok
14:16:33.0866 1672 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:16:33.0965 1672 MBAMScheduler - ok
14:16:34.0020 1672 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:16:34.0093 1672 MBAMService - ok
14:16:34.0164 1672 [ 20F77F14FE972AA028454047632B2AC8 ] McAfee SiteAdvisor Enterprise Service C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
14:16:34.0233 1672 McAfee SiteAdvisor Enterprise Service - ok
14:16:34.0331 1672 [ 02D0EFABB5B71005143C320DAF7A0515 ] McAfeeEngineService C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
14:16:34.0387 1672 McAfeeEngineService - ok
14:16:34.0480 1672 [ 3EF9511390F9106DD8CF0747BAEB335C ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
14:16:34.0482 1672 McAfeeFramework - ok
14:16:34.0549 1672 [ 2BC6F79DD9E934B84E62452736A8A5D8 ] McShield C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
14:16:34.0603 1672 McShield - ok
14:16:34.0633 1672 [ 3077FEEFA81B025390092F7FBF2B51C5 ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
14:16:34.0634 1672 McTaskManager - ok
14:16:34.0668 1672 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:16:34.0726 1672 Mcx2Svc - ok
14:16:34.0740 1672 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
14:16:34.0744 1672 megasas - ok
14:16:34.0748 1672 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:16:34.0753 1672 MegaSR - ok
14:16:34.0773 1672 [ D86AC00883B9C98B570E7643AAF8E554 ] MEI C:\Windows\system32\DRIVERS\HECI.sys
14:16:34.0883 1672 MEI - ok
14:16:34.0940 1672 [ A8D2C54C2F71F5CBA7CA2734341E57E6 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
14:16:35.0003 1672 mfeapfk - ok
14:16:35.0055 1672 [ 28BB783D85DF19E9E007E81DAF40ADCC ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
14:16:35.0118 1672 mfeavfk - ok
14:16:35.0153 1672 [ 8E43E242073E9DB5AA165EBE273FFD09 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
14:16:35.0212 1672 mfebopk - ok
14:16:35.0232 1672 [ E94D35A2A9B175B34B995AB37216C73E ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
14:16:35.0306 1672 mfehidk - ok
14:16:35.0320 1672 [ F68C9CDA15114B360727FE622E4AEC6F ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
14:16:35.0377 1672 mferkdet - ok
14:16:35.0394 1672 [ 78EFA6FD2A486C476045EAA1D2F218B7 ] mfetdik C:\Windows\system32\drivers\mfetdik.sys
14:16:35.0462 1672 mfetdik - ok
14:16:35.0474 1672 [ 4A736798C76E6BB2CF8224DCE34AA480 ] mfevtp C:\Windows\system32\mfevtps.exe
14:16:35.0534 1672 mfevtp - ok
14:16:35.0567 1672 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
14:16:35.0569 1672 MMCSS - ok
14:16:35.0585 1672 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
14:16:35.0593 1672 Modem - ok
14:16:35.0611 1672 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:16:35.0612 1672 monitor - ok
14:16:35.0626 1672 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:16:35.0629 1672 mouclass - ok
14:16:35.0638 1672 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:16:35.0642 1672 mouhid - ok
14:16:35.0647 1672 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:16:35.0702 1672 mountmgr - ok
14:16:35.0747 1672 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:16:35.0823 1672 MpFilter - ok
14:16:35.0827 1672 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
14:16:35.0921 1672 mpio - ok
14:16:36.0122 1672 [ A69630D039C38018689190234F866D77 ] MpKsl7d23d0b4 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83414F57-E8CD-4EEA-AD69-3DF268FEC241}\MpKsl7d23d0b4.sys
14:16:36.0123 1672 MpKsl7d23d0b4 - ok
14:16:36.0128 1672 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:16:36.0133 1672 mpsdrv - ok
14:16:36.0175 1672 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:16:36.0182 1672 MpsSvc - ok
14:16:36.0188 1672 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:16:36.0323 1672 MRxDAV - ok
14:16:36.0362 1672 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:16:36.0497 1672 mrxsmb - ok
14:16:36.0512 1672 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:16:36.0615 1672 mrxsmb10 - ok
14:16:36.0625 1672 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:16:36.0726 1672 mrxsmb20 - ok
14:16:36.0751 1672 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
14:16:36.0864 1672 msahci - ok
14:16:36.0891 1672 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:16:37.0011 1672 msdsm - ok
14:16:37.0039 1672 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
14:16:37.0044 1672 MSDTC - ok
14:16:37.0070 1672 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:16:37.0077 1672 Msfs - ok
14:16:37.0082 1672 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:16:37.0086 1672 mshidkmdf - ok
14:16:37.0109 1672 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:16:37.0112 1672 msisadrv - ok
14:16:37.0137 1672 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:16:37.0142 1672 MSiSCSI - ok
14:16:37.0145 1672 msiserver - ok
14:16:37.0159 1672 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:16:37.0163 1672 MSKSSRV - ok
14:16:37.0267 1672 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:16:37.0318 1672 MsMpSvc - ok
14:16:37.0321 1672 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:16:37.0325 1672 MSPCLOCK - ok
14:16:37.0334 1672 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:16:37.0337 1672 MSPQM - ok
14:16:37.0342 1672 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:16:37.0347 1672 MsRPC - ok
14:16:37.0351 1672 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:16:37.0352 1672 mssmbios - ok
14:16:37.0355 1672 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:16:37.0359 1672 MSTEE - ok
14:16:37.0362 1672 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:16:37.0364 1672 MTConfig - ok
14:16:37.0368 1672 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
14:16:37.0371 1672 Mup - ok
14:16:37.0392 1672 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
14:16:37.0395 1672 napagent - ok
14:16:37.0416 1672 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:16:37.0425 1672 NativeWifiP - ok
14:16:37.0471 1672 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:16:37.0474 1672 NDIS - ok
14:16:37.0485 1672 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:16:37.0490 1672 NdisCap - ok
14:16:37.0499 1672 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:16:37.0502 1672 NdisTapi - ok
14:16:37.0506 1672 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:16:37.0543 1672 Ndisuio - ok
14:16:37.0554 1672 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:16:37.0660 1672 NdisWan - ok
14:16:37.0663 1672 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:16:37.0700 1672 NDProxy - ok
14:16:37.0750 1672 [ 1992246301D28FF93BC464DBBDC79125 ] NEOFLTR_720_21697 C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS
14:16:37.0906 1672 NEOFLTR_720_21697 - ok
14:16:37.0909 1672 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:16:37.0913 1672 NetBIOS - ok
14:16:37.0918 1672 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:16:38.0013 1672 NetBT - ok
14:16:38.0024 1672 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
14:16:38.0025 1672 Netlogon - ok
14:16:38.0072 1672 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
14:16:38.0078 1672 Netman - ok
14:16:38.0102 1672 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:16:38.0188 1672 NetMsmqActivator - ok
14:16:38.0191 1672 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:16:38.0192 1672 NetPipeActivator - ok
14:16:38.0198 1672 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
14:16:38.0203 1672 netprofm - ok
14:16:38.0206 1672 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:16:38.0207 1672 NetTcpActivator - ok
14:16:38.0211 1672 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:16:38.0212 1672 NetTcpPortSharing - ok
14:16:38.0252 1672 [ 104BE93F0607C6AA0D85319581F96EC2 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
14:16:38.0334 1672 netvsc - ok
14:16:38.0371 1672 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:16:38.0374 1672 nfrd960 - ok
14:16:38.0410 1672 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:16:38.0471 1672 NisDrv - ok
14:16:38.0511 1672 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:16:38.0568 1672 NisSrv - ok
14:16:38.0608 1672 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
14:16:38.0610 1672 NlaSvc - ok
14:16:38.0613 1672 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:16:38.0617 1672 Npfs - ok
14:16:38.0648 1672 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
14:16:38.0653 1672 nsi - ok
14:16:38.0658 1672 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:16:38.0666 1672 nsiproxy - ok
14:16:38.0721 1672 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:16:38.0789 1672 Ntfs - ok
14:16:38.0807 1672 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
14:16:38.0809 1672 Null - ok
14:16:38.0863 1672 [ AE8E0BA801AB984D6484DEEC19193B86 ] NvcRpcServer C:\Program Files\Nationwide VPN\NvcRpcSvr.exe
14:16:38.0865 1672 NvcRpcServer - ok
14:16:38.0883 1672 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:16:38.0966 1672 nvraid - ok
14:16:38.0999 1672 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:16:39.0112 1672 nvstor - ok
14:16:39.0130 1672 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:16:39.0133 1672 nv_agp - ok
14:16:39.0136 1672 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:16:39.0141 1672 ohci1394 - ok
14:16:39.0192 1672 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:16:39.0249 1672 ose - ok
14:16:39.0583 1672 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:16:39.0603 1672 osppsvc - ok
14:16:39.0621 1672 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:16:39.0629 1672 p2pimsvc - ok
14:16:39.0641 1672 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
14:16:39.0649 1672 p2psvc - ok
14:16:39.0668 1672 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
14:16:39.0673 1672 Parport - ok
14:16:39.0700 1672 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:16:39.0828 1672 partmgr - ok
14:16:39.0831 1672 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:16:39.0834 1672 Parvdm - ok
14:16:39.0867 1672 [ 4088C1ECD1F54281A92FA663B0FDC36F ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys
14:16:39.0981 1672 PBADRV - ok
14:16:40.0006 1672 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:16:40.0008 1672 PcaSvc - ok
14:16:40.0026 1672 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
14:16:40.0027 1672 pci - ok
14:16:40.0062 1672 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
14:16:40.0065 1672 pciide - ok
14:16:40.0070 1672 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:16:40.0076 1672 pcmcia - ok
14:16:40.0079 1672 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
14:16:40.0082 1672 pcw - ok
14:16:40.0116 1672 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:16:40.0129 1672 PEAUTH - ok
14:16:40.0170 1672 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:16:40.0180 1672 PeerDistSvc - ok
14:16:40.0220 1672 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
14:16:40.0290 1672 pla - ok
14:16:40.0349 1672 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:16:40.0354 1672 PlugPlay - ok
14:16:40.0376 1672 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:16:40.0380 1672 PNRPAutoReg - ok
14:16:40.0387 1672 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:16:40.0390 1672 PNRPsvc - ok
14:16:40.0414 1672 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:16:40.0474 1672 PolicyAgent - ok
14:16:40.0496 1672 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
14:16:40.0498 1672 Power - ok
14:16:40.0532 1672 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:16:40.0535 1672 PptpMiniport - ok
14:16:40.0565 1672 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
14:16:40.0572 1672 Processor - ok
14:16:40.0607 1672 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
14:16:40.0610 1672 ProfSvc - ok
14:16:40.0624 1672 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:16:40.0626 1672 ProtectedStorage - ok
14:16:40.0650 1672 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:16:40.0654 1672 Psched - ok
14:16:40.0716 1672 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
14:16:40.0787 1672 PxHelp20 - ok
14:16:40.0824 1672 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:16:40.0850 1672 ql2300 - ok
14:16:40.0855 1672 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:16:40.0858 1672 ql40xx - ok
14:16:40.0884 1672 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
14:16:40.0891 1672 QWAVE - ok
14:16:40.0894 1672 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:16:40.0898 1672 QWAVEdrv - ok
14:16:40.0901 1672 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:16:40.0905 1672 RasAcd - ok
14:16:40.0926 1672 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:16:40.0930 1672 RasAgileVpn - ok
14:16:40.0947 1672 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
14:16:40.0952 1672 RasAuto - ok
14:16:40.0956 1672 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:16:40.0960 1672 Rasl2tp - ok
14:16:40.0969 1672 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
14:16:41.0029 1672 RasMan - ok
14:16:41.0033 1672 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:16:41.0037 1672 RasPppoe - ok
14:16:41.0058 1672 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:16:41.0061 1672 RasSstp - ok
14:16:41.0066 1672 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:16:41.0165 1672 rdbss - ok
14:16:41.0187 1672 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:16:41.0189 1672 rdpbus - ok
14:16:41.0193 1672 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:16:41.0244 1672 RDPCDD - ok
14:16:41.0279 1672 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:16:41.0367 1672 RDPDR - ok
14:16:41.0392 1672 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:16:41.0396 1672 RDPENCDD - ok
14:16:41.0402 1672 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:16:41.0407 1672 RDPREFMP - ok
14:16:41.0448 1672 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:16:41.0567 1672 RDPWD - ok
14:16:41.0593 1672 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:16:41.0714 1672 rdyboost - ok
14:16:41.0739 1672 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
14:16:41.0747 1672 RemoteAccess - ok
14:16:41.0768 1672 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:16:41.0774 1672 RemoteRegistry - ok
14:16:41.0955 1672 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
14:16:42.0021 1672 RoxMediaDB12OEM - ok
14:16:42.0099 1672 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
14:16:42.0102 1672 RoxWatch12 - ok
14:16:42.0122 1672 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:16:42.0125 1672 RpcEptMapper - ok
14:16:42.0152 1672 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
14:16:42.0158 1672 RpcLocator - ok
14:16:42.0172 1672 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
14:16:42.0178 1672 RpcSs - ok
14:16:42.0217 1672 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:16:42.0222 1672 rspndr - ok
14:16:42.0284 1672 [ 64CA613324D8BD0B278420ED4959AFD9 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
14:16:42.0450 1672 RTL8167 - ok
14:16:42.0466 1672 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:16:42.0532 1672 s3cap - ok
14:16:42.0549 1672 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
14:16:42.0550 1672 SamSs - ok
14:16:42.0682 1672 [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
14:16:42.0815 1672 SBAMSvc - ok
14:16:42.0845 1672 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:16:42.0956 1672 sbp2port - ok
14:16:43.0145 1672 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:16:43.0159 1672 SCardSvr - ok
14:16:43.0178 1672 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:16:43.0217 1672 scfilter - ok
14:16:43.0238 1672 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
14:16:43.0310 1672 Schedule - ok
14:16:43.0335 1672 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:16:43.0335 1672 SCPolicySvc - ok
14:16:43.0347 1672 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:16:43.0395 1672 SDRSVC - ok
14:16:43.0408 1672 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:16:43.0410 1672 secdrv - ok
14:16:43.0425 1672 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
14:16:43.0430 1672 seclogon - ok
14:16:43.0609 1672 [ 6ABF8E8AE3800CCF84D9AE6865A641E5 ] SecureStorageService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
14:16:44.0098 1672 SecureStorageService - ok
14:16:44.0127 1672 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
14:16:44.0128 1672 SENS - ok
14:16:44.0147 1672 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:16:44.0156 1672 SensrSvc - ok
14:16:44.0180 1672 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:16:44.0185 1672 Serenum - ok
14:16:44.0196 1672 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:16:44.0200 1672 Serial - ok
14:16:44.0205 1672 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:16:44.0208 1672 sermouse - ok
14:16:44.0222 1672 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
14:16:44.0225 1672 SessionEnv - ok
14:16:44.0230 1672 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:16:44.0233 1672 sffdisk - ok
14:16:44.0236 1672 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:16:44.0241 1672 sffp_mmc - ok
14:16:44.0244 1672 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:16:44.0280 1672 sffp_sd - ok
14:16:44.0283 1672 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:16:44.0290 1672 sfloppy - ok
14:16:44.0317 1672 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:16:44.0324 1672 SharedAccess - ok
14:16:44.0335 1672 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:16:44.0337 1672 ShellHWDetection - ok
14:16:44.0341 1672 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:16:44.0345 1672 sisagp - ok
14:16:44.0359 1672 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:16:44.0362 1672 SiSRaid2 - ok
14:16:44.0366 1672 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:16:44.0371 1672 SiSRaid4 - ok
14:16:44.0374 1672 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:16:44.0377 1672 Smb - ok
14:16:44.0429 1672 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:16:44.0435 1672 SNMPTRAP - ok
14:16:44.0441 1672 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
14:16:44.0443 1672 spldr - ok
14:16:44.0469 1672 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
14:16:44.0541 1672 Spooler - ok
14:16:44.0630 1672 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
14:16:44.0653 1672 sppsvc - ok
14:16:44.0660 1672 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:16:44.0707 1672 sppuinotify - ok
14:16:44.0749 1672 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:16:44.0867 1672 srv - ok
14:16:44.0891 1672 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:16:44.0932 1672 srv2 - ok
14:16:44.0959 1672 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:16:45.0077 1672 srvnet - ok
14:16:45.0100 1672 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:16:45.0105 1672 SSDPSRV - ok
14:16:45.0109 1672 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:16:45.0114 1672 SstpSvc - ok
14:16:45.0132 1672 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:16:45.0136 1672 stexstor - ok
14:16:45.0152 1672 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
14:16:45.0200 1672 StiSvc - ok
14:16:45.0242 1672 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:16:45.0356 1672 stllssvr - ok
14:16:45.0385 1672 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
14:16:45.0439 1672 StorSvc - ok
14:16:45.0472 1672 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:16:45.0524 1672 storvsc - ok
14:16:45.0551 1672 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:16:45.0554 1672 swenum - ok
14:16:45.0574 1672 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
14:16:45.0583 1672 swprv - ok
14:16:45.0594 1672 [ 04990C25043705985F1EC40BF704AAAC ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
14:16:45.0682 1672 SynthVid - ok
14:16:45.0708 1672 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
14:16:45.0774 1672 SysMain - ok
14:16:45.0801 1672 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:16:45.0860 1672 TabletInputService - ok
14:16:45.0888 1672 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
14:16:45.0890 1672 TapiSrv - ok
14:16:45.0896 1672 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
14:16:45.0901 1672 TBS - ok
14:16:45.0980 1672 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:16:46.0032 1672 Tcpip - ok
14:16:46.0063 1672 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:16:46.0069 1672 TCPIP6 - ok
14:16:46.0090 1672 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:16:46.0192 1672 tcpipreg - ok
14:16:46.0269 1672 [ E42D560E2163480E7B586B14ABEB3386 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
14:16:46.0571 1672 tcsd_win32.exe - ok
14:16:46.0690 1672 [ B434294EAA2AE4FB9BD63E25EB89B86F ] TdmService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
14:16:46.0765 1672 TdmService - ok
14:16:46.0796 1672 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:16:46.0898 1672 TDPIPE - ok
14:16:46.0943 1672 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:16:47.0068 1672 TDTCP - ok
14:16:47.0072 1672 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:16:47.0145 1672 tdx - ok
14:16:47.0149 1672 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:16:47.0236 1672 TermDD - ok
14:16:47.0274 1672 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
14:16:47.0277 1672 TermService - ok
14:16:47.0291 1672 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
14:16:47.0293 1672 Themes - ok
14:16:47.0308 1672 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
14:16:47.0309 1672 THREADORDER - ok
14:16:47.0336 1672 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
14:16:47.0338 1672 TrkWks - ok
14:16:47.0372 1672 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:16:47.0375 1672 TrustedInstaller - ok
14:16:47.0384 1672 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:16:47.0501 1672 tssecsrv - ok
14:16:47.0513 1672 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:16:47.0569 1672 TsUsbFlt - ok
14:16:47.0573 1672 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:16:47.0631 1672 TsUsbGD - ok
14:16:47.0645 1672 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:16:47.0702 1672 tunnel - ok
14:16:47.0706 1672 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:16:47.0709 1672 uagp35 - ok
14:16:47.0715 1672 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:16:47.0768 1672 udfs - ok
14:16:47.0795 1672 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:16:47.0800 1672 UI0Detect - ok
14:16:47.0823 1672 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:16:47.0828 1672 uliagpkx - ok
14:16:47.0839 1672 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:16:47.0876 1672 umbus - ok
14:16:47.0884 1672 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
14:16:47.0887 1672 UmPass - ok
14:16:47.0914 1672 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
14:16:47.0916 1672 UmRdpService - ok
14:16:48.0010 1672 [ F7A1F83F28B125AA3737BC06EABB0CD5 ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:16:48.0022 1672 UNS - ok
14:16:48.0044 1672 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
14:16:48.0051 1672 upnphost - ok
14:16:48.0071 1672 [ 4663AD7F61519E88687393BFCB154E4C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:16:48.0148 1672 usbccgp - ok
14:16:48.0172 1672 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:16:48.0175 1672 usbcir - ok
14:16:48.0197 1672 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:16:48.0297 1672 usbehci - ok
14:16:48.0334 1672 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:16:48.0427 1672 usbhub - ok
14:16:48.0453 1672 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:16:48.0580 1672 usbohci - ok
14:16:48.0614 1672 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:16:48.0620 1672 usbprint - ok
14:16:48.0638 1672 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:16:48.0722 1672 USBSTOR - ok
14:16:48.0749 1672 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:16:48.0855 1672 usbuhci - ok
14:16:48.0874 1672 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
14:16:48.0875 1672 UxSms - ok
14:16:48.0906 1672 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
14:16:48.0908 1672 VaultSvc - ok
14:16:48.0932 1672 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:16:48.0936 1672 vdrvroot - ok
14:16:48.0954 1672 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
14:16:49.0035 1672 vds - ok
14:16:49.0039 1672 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:16:49.0042 1672 vga - ok
14:16:49.0046 1672 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:16:49.0051 1672 VgaSave - ok
14:16:49.0055 1672 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:16:49.0104 1672 vhdmp - ok
14:16:49.0120 1672 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:16:49.0125 1672 viaagp - ok
14:16:49.0129 1672 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:16:49.0131 1672 ViaC7 - ok
14:16:49.0135 1672 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
14:16:49.0138 1672 viaide - ok
14:16:49.0158 1672 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:16:49.0215 1672 VMBusHID - ok
14:16:49.0232 1672 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:16:49.0281 1672 volmgr - ok
14:16:49.0288 1672 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:16:49.0295 1672 volmgrx - ok
14:16:49.0300 1672 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:16:49.0353 1672 volsnap - ok
14:16:49.0368 1672 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:16:49.0372 1672 vsmraid - ok
14:16:49.0409 1672 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
14:16:49.0511 1672 VSS - ok
14:16:49.0515 1672 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:16:49.0519 1672 vwifibus - ok
14:16:49.0525 1672 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
14:16:49.0533 1672 W32Time - ok
14:16:49.0539 1672 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:16:49.0542 1672 WacomPen - ok
14:16:49.0560 1672 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:16:49.0678 1672 WANARP - ok
14:16:49.0681 1672 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:16:49.0682 1672 Wanarpv6 - ok
14:16:49.0751 1672 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:16:49.0805 1672 WatAdminSvc - ok
14:16:49.0845 1672 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
14:16:49.0949 1672 wbengine - ok
14:16:49.0954 1672 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:16:49.0959 1672 WbioSrvc - ok
14:16:49.0965 1672 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:16:49.0968 1672 wcncsvc - ok
14:16:49.0985 1672 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:16:49.0990 1672 WcsPlugInService - ok
14:16:50.0005 1672 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
14:16:50.0007 1672 Wd - ok
14:16:50.0039 1672 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:16:50.0099 1672 Wdf01000 - ok
14:16:50.0104 1672 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:16:50.0106 1672 WdiServiceHost - ok
14:16:50.0109 1672 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:16:50.0111 1672 WdiSystemHost - ok
14:16:50.0138 1672 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
14:16:50.0198 1672 WebClient - ok
14:16:50.0220 1672 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:16:50.0226 1672 Wecsvc - ok
14:16:50.0234 1672 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:16:50.0236 1672 wercplsupport - ok
14:16:50.0250 1672 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
14:16:50.0252 1672 WerSvc - ok
14:16:50.0283 1672 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:16:50.0285 1672 WfpLwf - ok
14:16:50.0289 1672 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:16:50.0292 1672 WIMMount - ok
14:16:50.0342 1672 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:16:50.0367 1672 WinDefend - ok
14:16:50.0380 1672 WinHttpAutoProxySvc - ok
14:16:50.0466 1672 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:16:50.0497 1672 Winmgmt - ok
14:16:50.0531 1672 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
14:16:50.0543 1672 WinRM - ok
14:16:50.0603 1672 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:16:50.0647 1672 WinUsb - ok
14:16:50.0675 1672 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:16:50.0697 1672 Wlansvc - ok
14:16:50.0811 1672 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:16:50.0883 1672 wlcrasvc - ok
14:16:50.0980 1672 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:16:51.0064 1672 wlidsvc - ok
14:16:51.0100 1672 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:16:51.0106 1672 WmiAcpi - ok
14:16:51.0138 1672 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:16:51.0181 1672 wmiApSrv - ok
14:16:51.0232 1672 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:16:51.0317 1672 WMPNetworkSvc - ok
14:16:51.0347 1672 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:16:51.0352 1672 WPCSvc - ok
14:16:51.0357 1672 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:16:51.0392 1672 WPDBusEnum - ok
14:16:51.0400 1672 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:16:51.0402 1672 ws2ifsl - ok
14:16:51.0418 1672 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
14:16:51.0420 1672 wscsvc - ok
14:16:51.0423 1672 WSearch - ok
14:16:51.0482 1672 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:16:51.0492 1672 wuauserv - ok
14:16:51.0536 1672 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:16:51.0596 1672 WudfPf - ok
14:16:51.0636 1672 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:16:51.0699 1672 WUDFRd - ok
14:16:51.0744 1672 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:16:51.0818 1672 wudfsvc - ok
14:16:51.0849 1672 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:16:51.0858 1672 WwanSvc - ok
14:16:51.0892 1672 ================ Scan global ===============================
14:16:51.0925 1672 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
14:16:51.0953 1672 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
14:16:51.0961 1672 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
14:16:51.0994 1672 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:16:52.0015 1672 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:16:52.0028 1672 [Global] - ok
14:16:52.0029 1672 ================ Scan MBR ==================================
14:16:52.0039 1672 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:16:52.0333 1672 \Device\Harddisk0\DR0 - ok
14:16:52.0333 1672 ================ Scan VBR ==================================
14:16:52.0335 1672 [ 856D96D88B54EA05893168798E4FBAAF ] \Device\Harddisk0\DR0\Partition1
14:16:52.0336 1672 \Device\Harddisk0\DR0\Partition1 - ok
14:16:52.0368 1672 [ FD9DE2103F9B11D0CAEB9728AF8FDB70 ] \Device\Harddisk0\DR0\Partition2
14:16:52.0369 1672 \Device\Harddisk0\DR0\Partition2 - ok
14:16:52.0370 1672 ============================================================
14:16:52.0370 1672 Scan finished
14:16:52.0370 1672 ============================================================
14:16:52.0381 0912 Detected object count: 0
14:16:52.0381 0912 Actual detected object count: 0
14:18:23.0167 5348 Deinitialize success

#4 catbad

catbad
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 31 January 2013 - 03:04 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-31 14:19:32
-----------------------------
14:19:32.489 OS Version: Windows 6.1.7601 Service Pack 1
14:19:32.489 Number of processors: 4 586 0x2A07
14:19:32.492 ComputerName: BRITTENBOCA050 UserName: cmccaleb
14:19:47.108 Initialize success
14:27:42.071 AVAST engine defs: 13013100
14:27:44.482 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:27:44.486 Disk 0 Vendor: WDC_WD2500AAKX-753CA1 17.01H17 Size: 238475MB BusType: 3
14:27:44.557 Disk 0 MBR read successfully
14:27:44.561 Disk 0 MBR scan
14:27:44.578 Disk 0 Windows VISTA default MBR code
14:27:44.582 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
14:27:44.604 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12942 MB offset 81920
14:27:44.644 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225492 MB offset 26587136
14:27:44.672 Disk 0 scanning sectors +488394752
14:27:44.784 Disk 0 scanning C:\Windows\system32\drivers
14:28:08.532 Service scanning
14:28:28.346 Service MpKsl7d23d0b4 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83414F57-E8CD-4EEA-AD69-3DF268FEC241}\MpKsl7d23d0b4.sys **LOCKED** 32
14:28:51.339 Modules scanning
14:29:01.151 Disk 0 trace - called modules:
14:29:01.383 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
14:29:01.391 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8616c030]
14:29:01.398 3 CLASSPNP.SYS[8becf59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8519b908]
14:29:02.458 AVAST engine scan C:\Windows
14:29:10.550 AVAST engine scan C:\Windows\system32
14:33:47.309 AVAST engine scan C:\Windows\system32\drivers
14:34:09.677 AVAST engine scan C:\Users\cmccaleb.NATIONWIDE
14:38:11.947 Disk 0 MBR has been saved successfully to "C:\Users\cmccaleb.NATIONWIDE\Desktop\MBR.dat"
14:38:11.959 The log file has been saved successfully to "C:\Users\cmccaleb.NATIONWIDE\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-31 14:19:32
-----------------------------
14:19:32.489 OS Version: Windows 6.1.7601 Service Pack 1
14:19:32.489 Number of processors: 4 586 0x2A07
14:19:32.492 ComputerName: BRITTENBOCA050 UserName: cmccaleb
14:19:47.108 Initialize success
14:27:42.071 AVAST engine defs: 13013100
14:27:44.482 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:27:44.486 Disk 0 Vendor: WDC_WD2500AAKX-753CA1 17.01H17 Size: 238475MB BusType: 3
14:27:44.557 Disk 0 MBR read successfully
14:27:44.561 Disk 0 MBR scan
14:27:44.578 Disk 0 Windows VISTA default MBR code
14:27:44.582 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
14:27:44.604 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12942 MB offset 81920
14:27:44.644 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225492 MB offset 26587136
14:27:44.672 Disk 0 scanning sectors +488394752
14:27:44.784 Disk 0 scanning C:\Windows\system32\drivers
14:28:08.532 Service scanning
14:28:28.346 Service MpKsl7d23d0b4 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83414F57-E8CD-4EEA-AD69-3DF268FEC241}\MpKsl7d23d0b4.sys **LOCKED** 32
14:28:51.339 Modules scanning
14:29:01.151 Disk 0 trace - called modules:
14:29:01.383 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
14:29:01.391 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8616c030]
14:29:01.398 3 CLASSPNP.SYS[8becf59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8519b908]
14:29:02.458 AVAST engine scan C:\Windows
14:29:10.550 AVAST engine scan C:\Windows\system32
14:33:47.309 AVAST engine scan C:\Windows\system32\drivers
14:34:09.677 AVAST engine scan C:\Users\cmccaleb.NATIONWIDE
14:38:11.947 Disk 0 MBR has been saved successfully to "C:\Users\cmccaleb.NATIONWIDE\Desktop\MBR.dat"
14:38:11.959 The log file has been saved successfully to "C:\Users\cmccaleb.NATIONWIDE\Desktop\aswMBR.txt"
14:49:51.405 AVAST engine scan C:\ProgramData
14:51:51.540 Scan finished successfully
14:53:45.752 Disk 0 MBR has been saved successfully to "C:\Users\cmccaleb.NATIONWIDE\Desktop\MBR.dat"
14:53:45.760 The log file has been saved successfully to "C:\Users\cmccaleb.NATIONWIDE\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-31 14:19:32
-----------------------------
14:19:32.489 OS Version: Windows 6.1.7601 Service Pack 1
14:19:32.489 Number of processors: 4 586 0x2A07
14:19:32.492 ComputerName: BRITTENBOCA050 UserName: cmccaleb
14:19:47.108 Initialize success
14:27:42.071 AVAST engine defs: 13013100
14:27:44.482 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:27:44.486 Disk 0 Vendor: WDC_WD2500AAKX-753CA1 17.01H17 Size: 238475MB BusType: 3
14:27:44.557 Disk 0 MBR read successfully
14:27:44.561 Disk 0 MBR scan
14:27:44.578 Disk 0 Windows VISTA default MBR code
14:27:44.582 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
14:27:44.604 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12942 MB offset 81920
14:27:44.644 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225492 MB offset 26587136
14:27:44.672 Disk 0 scanning sectors +488394752
14:27:44.784 Disk 0 scanning C:\Windows\system32\drivers
14:28:08.532 Service scanning
14:28:28.346 Service MpKsl7d23d0b4 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83414F57-E8CD-4EEA-AD69-3DF268FEC241}\MpKsl7d23d0b4.sys **LOCKED** 32
14:28:51.339 Modules scanning
14:29:01.151 Disk 0 trace - called modules:
14:29:01.383 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
14:29:01.391 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8616c030]
14:29:01.398 3 CLASSPNP.SYS[8becf59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8519b908]
14:29:02.458 AVAST engine scan C:\Windows
14:29:10.550 AVAST engine scan C:\Windows\system32
14:33:47.309 AVAST engine scan C:\Windows\system32\drivers
14:34:09.677 AVAST engine scan C:\Users\cmccaleb.NATIONWIDE
14:38:11.947 Disk 0 MBR has been saved successfully to "C:\Users\cmccaleb.NATIONWIDE\Desktop\MBR.dat"
14:38:11.959 The log file has been saved successfully to "C:\Users\cmccaleb.NATIONWIDE\Desktop\aswMBR.txt"
14:49:51.405 AVAST engine scan C:\ProgramData
14:51:51.540 Scan finished successfully
14:53:45.752 Disk 0 MBR has been saved successfully to "C:\Users\cmccaleb.NATIONWIDE\Desktop\MBR.dat"
14:53:45.760 The log file has been saved successfully to "C:\Users\cmccaleb.NATIONWIDE\Desktop\aswMBR.txt"
14:54:05.520 Disk 0 MBR has been saved successfully to "C:\Users\cmccaleb.NATIONWIDE\Desktop\MBR.dat"
14:54:05.530 The log file has been saved successfully to "C:\Users\cmccaleb.NATIONWIDE\Desktop\aswMBR.txt"

#5 catbad

catbad
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 31 January 2013 - 04:16 PM

I ran ESET took about an hour, 114k files searched came up with 0 infected files. There was no button for "list of found threats"?

What do I do now. Still redirecting?

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:18 AM

Posted 31 January 2013 - 09:03 PM

Stay calm,we will fix it

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 catbad

catbad
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 01 February 2013 - 11:03 AM

Malewarebytes log:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.01.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
cmccaleb :: BRITTENBOCA050 [administrator]

Protection: Enabled

2/1/2013 8:48:56 AM
mbam-log-2013-02-01 (08-48-56).txt

Scan type: Full scan (C:\|D:\|H:\|S:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 349387
Time elapsed: 1 hour(s), 37 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
S:\EZUpload client.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

(end)

#8 catbad

catbad
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 01 February 2013 - 11:08 AM

minitoolbox:

MiniToolBox by Farbar Version:10-01-2013
Ran by cmccaleb (administrator) on 01-02-2013 at 10:55:35
Running from "C:\Users\cmccaleb.NATIONWIDE\Desktop"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================





========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration

#9 catbad

catbad
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 01 February 2013 - 11:12 AM

FSS:

Farbar Service Scanner Version: 30-01-2013
Ran by cmccaleb (administrator) on 01-02-2013 at 11:02:58
Running from "C:\Users\cmccaleb.NATIONWIDE\Desktop"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#10 catbad

catbad
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 01 February 2013 - 11:18 AM

# AdwCleaner v2.109 - Logfile created 02/01/2013 at 11:04:43
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : cmccaleb - BRITTENBOCA050
# Boot Mode : Normal
# Running from : C:\Users\cmccaleb.NATIONWIDE\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

*************************

AdwCleaner[S1].txt - [1684 octets] - [31/01/2013 13:48:50]
AdwCleaner[S2].txt - [647 octets] - [01/02/2013 11:04:43]

########## EOF - H:\AdwCleaner[S2].txt - [706 octets] ##########

#11 catbad

catbad
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 01 February 2013 - 11:25 AM

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.8 (01.31.2013:1)
OS: Windows 7 Professional x86
Ran by cmccaleb on Fri 02/01/2013 at 11:12:05.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\cmccaleb.NATIONWIDE\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\cmccaleb.NATIONWIDE\appdata\locallow\adawaretb"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/01/2013 at 11:15:19.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#12 catbad

catbad
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 01 February 2013 - 11:27 AM

Rkill:

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/01/2013 11:17:33 AM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 02/01/2013 11:17:46 AM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

#13 catbad

catbad
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 01 February 2013 - 11:31 AM

autoruns:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acrobat Assistant 8.0" "AcroTray" "Adobe Systems Inc." "c:\program files\adobe\acrobat 10.0\acrobat\acrotray.exe"
+ "Ad-Aware Antivirus" "Ad-Aware Antivirus Launcher" "Lavasoft Limited" "c:\program files\ad-aware antivirus\adawarelauncher.exe"
+ "Ad-Aware Browsing Protection" "Ad-Aware Browsing Protection and Anti-Phishing" "Lavasoft" "c:\programdata\ad-aware browsing protection\adawarebp.exe"
+ "Adobe Acrobat Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 10.0\acrobat\acrobat_sl.exe"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "DBRMTray" "DBRM_Toaster" "Dell Computer Corporation" "c:\dell\dbrm\reminder\dbrmtrayicon.exe"
+ "Desktop Disc Tool" "Roxio Burn Launcher" "" "c:\program files\roxio\oem\roxio burn\roxioburnlauncher.exe"
+ "McAfee Host Intrusion Prevention Tray" "McAfee HIP Tray Application" "McAfee, Inc." "c:\program files\mcafee\host intrusion prevention\firetray.exe"
+ "McAfeeUpdaterUI" "Common User Interface" "McAfee, Inc." "c:\program files\mcafee\common framework\udaterui.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "OrderReminder" "HP Cartridge Order Reminder" "Hewlett-Packard" "c:\program files\hewlett-packard\orderreminder\orderreminder.exe"
+ "PDVD9LanguageShortcut" "PowerDVD Language Application" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\language\language.exe"
+ "RemoteControl9" "PowerDVD RC Service" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\pdvd9serv.exe"
+ "RoxWatchTray" "RoxMMTrayApp Module" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\sharedcom\roxwatchtray12oem.exe"
+ "ScrewDrivers RDP Plugin" "" "" "c:\program files\tricerat\simplify printing\screwdrivers client v4\install_rdp.exe"
+ "ShStatEXE" "VirusScan tray icon" "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\shstat.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "DBRMTray" "TrayApp" "Microsoft" "c:\dell\dbrm\reminder\trayapp.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "NWepo.lnk" "" "" "c:\program files\network associates\nwepo.exe"
"C:\Users\cmccaleb.NATIONWIDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "DING!.lnk" "Ding.exe" "Southwest Airlines" "c:\program files\southwest airlines\ding\ding.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "dssrequest" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor enterprise\mcieplg.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "sacore" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor enterprise\mcieplg.dll"
+ "tmpx" "" "" "File not found: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
+ "wlpg" "Windows Live Album Download Protocol Handler" "Microsoft Corporation" "c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 10.0\acrobat elements\contextmenu.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "Roxio Burn" "TODO: <File description>" "TODO: <Company name>" "c:\program files\roxio\oem\roxio burn\rb_contextmenu.dll"
+ "RXDCExtSvr12" "Roxio Creator Shell Extension" "Sonic Solutions" "c:\program files\roxio\oem\virtual drive 12\dc_shellext.dll"
+ "VirusScan" "Shell Extension" "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\shext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "AdAwareContextMenu" "Ad-Aware Antivirus Shell Extension" "Lavasoft Limited" "c:\program files\ad-aware antivirus\adawareshellextension.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "VirusScan" "Shell Extension" "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\shext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 10.0\acrobat elements\contextmenu.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "RXDCExtSvr12" "Roxio Creator Shell Extension" "Sonic Solutions" "c:\program files\roxio\oem\virtual drive 12\dc_shellext.dll"
+ "VirusScan" "Shell Extension" "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\shext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "EnabledUnlockedFDEIconOverlay" "TDM Icon Overlay" "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\tdmiconoverlay.dll"
+ "UninitializedFdeIconOverlay" "TDM Icon Overlay" "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\tdmiconoverlay.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor enterprise\mcieplg.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "SmartSelect Class" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "TmIEPlugInBHO Class" "" "" "File not found: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor enterprise\mcieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files\windows live\writer\writerbrowserextension.dll"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\Ad-Aware Antivirus Scheduled Scan" "Ad-Aware Antivirus Launcher" "Lavasoft Limited" "c:\program files\ad-aware antivirus\adawarelauncher.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Microsoft Antimalware\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Stqp" "" "" "c:\windows\system32\mscorier3.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Ad-Aware Service" "Ad-Aware Service" "Lavasoft Limited" "c:\program files\ad-aware antivirus\adawareservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "enterceptAgent" "Host-based intrusion prevention component that blocks exploits and hacks in real-time, including malicious buffer overflow code execution and privilege escalations. If this service is disabled or stopped, the system is no longer protected against intrusions." "McAfee, Inc." "c:\program files\mcafee\host intrusion prevention\firesvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "hips" "Provides McAfee system monitoring and protection of your computer system." "McAfee, Inc." "c:\program files\mcafee\host intrusion prevention\hipscore\hipsvc.exe"
+ "jhi_service" "Intel® Identity Protection Technology Host Interface Service - Allows applications to access the local Intel Identity Protection Technology" "Intel Corporation" "c:\program files\intel\services\ipt\jhi_service.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files\intel\intel® management engine components\lms\lms.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "McAfee SiteAdvisor Enterprise Service" "Provides low-level support for McAfee SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor enterprise\mcsacore.exe"
+ "McAfeeEngineService" "McAfee Engine Service" "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\engineserver.exe"
+ "McAfeeFramework" "Shared component framework for McAfee products" "McAfee, Inc." "c:\program files\mcafee\common framework\frameworkservice.exe"
+ "McShield" "Provides McAfee On-Access scanning protection of your computer system." "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\mcshield.exe"
+ "McTaskManager" "Allows scheduling of McAfee scanning and updating activities." "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\vstskmgr.exe"
+ "mfevtp" "Provides validation trust protection services" "McAfee, Inc." "c:\windows\system32\mfevtps.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "NvcRpcServer" "Provides support for Nortel IPSec VPN tunnel." "Nortel Networks NA, Inc." "c:\program files\nationwide vpn\nvcrpcsvr.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "RoxMediaDB12OEM" "Roxio RoxMediaDB12OEM Service" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\sharedcom\roxmediadb12oem.exe"
+ "RoxWatch12" "RoxWatch12 Module" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\sharedcom\roxwatch12oem.exe"
+ "SBAMSvc" "Manages your antispyware and antivirus application" "GFI Software" "c:\program files\ad-aware antivirus\sbamsvc.exe"
+ "SecureStorageService" "Wave Secure Storage Service" "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\secure storage manager\securestorageservice.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
+ "tcsd_win32.exe" "TCS service for accessing the TPM" "" "c:\program files\ntru cryptosystems\ntru tcg software stack\bin\tcsd_win32.exe"
+ "TdmService" "Manages self-encrypting drives." "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\tdmservice.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files\intel\intel® management engine components\uns\uns.exe"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "CnxtHdAudService" "High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdrt32.sys"
+ "Eacfilt" "NDIS Filter Intermediate Driver" "Nortel Networks" "c:\windows\system32\drivers\eacfilt.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "Firehk" "McAfee HIP Firewall NDIS Driver" "McAfee, Inc." "c:\windows\system32\drivers\firehk.sys"
+ "FirehkMP" "McAfee HIP Firewall NDIS Driver" "McAfee, Inc." "c:\windows\system32\drivers\firehk.sys"
+ "firelm01" "McAfee HIP Firewall Content Driver" "McAfee, Inc." "c:\windows\system32\drivers\firelm01.sys"
+ "FirePM" "Host-based intrusion prevention component that blocks exploits and hacks in real-time, including malicious buffer overflow code execution and privilege escalations. If this service is disabled or stopped, the system is no longer protected against intrusions." "McAfee, Inc." "c:\windows\system32\drivers\firepm.sys"
+ "FireTDI" "Host-based intrusion prevention component that blocks exploits and hacks in real-time, including malicious buffer overflow code execution and privilege escalations. If this service is disabled or stopped, the system is no longer protected against intrusions." "McAfee, Inc." "c:\windows\system32\drivers\firetdi.sys"
+ "gfibto" "GFI Boot Time Operations Driver" "GFI Software" "c:\windows\system32\drivers\gfibto.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HIPK" "HIPS Content Driver" "McAfee, Inc." "c:\windows\system32\drivers\hipk.sys"
+ "HIPPSK" "Process Start Monitor Driver" "McAfee, Inc." "c:\windows\system32\drivers\hippsk.sys"
+ "HIPQK" "HipsCore Query interface" "McAfee, Inc." "c:\windows\system32\drivers\hipqk.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IPSECEXT" "Nortel Extranet Access Protocol" "Nortel Networks NA, Inc." "c:\windows\system32\drivers\ipsecw2k.sys"
+ "IPSECSHM" "Nortel IPSECSHM Adapter" "Nortel Networks NA, Inc." "c:\windows\system32\drivers\ipsecw2k.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MEI" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\heci.sys"
+ "mfeapfk" "Access Protection Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeapfk.sys"
+ "mfeavfk" "Anti-Virus File System Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeavfk.sys"
+ "mfebopk" "Buffer Overflow Protection Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfebopk.sys"
+ "mfehidk" "McAfee Link Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfehidk.sys"
+ "mferkdet" "McAfee Code Analysis Driver" "McAfee, Inc." "c:\windows\system32\drivers\mferkdet.sys"
+ "mfetdik" "Anti-Virus Mini-Firewall Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfetdik.sys"
+ "MpKsl7d23d0b4" "" "" "File not found: c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83414F57-E8CD-4EEA-AD69-3DF268FEC241}\MpKsl7d23d0b4.sys"
+ "NEOFLTR_720_21697" "NetBIOS Redirector" "Juniper Networks" "c:\windows\system32\drivers\neofltr_720_21697.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PBADRV" "PBADRV" "Dell Inc" "c:\windows\system32\drivers\pbadrv.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver " "Realtek " "c:\windows\system32\drivers\rt86win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI Ticker" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Decoder (PDVD9)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PDVD9)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd9\audiofilter\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer (PDVD9)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\audiofilter\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\audiofilter\claudwizard.ax"
+ "CyberLink AudioCD Filter (PDVD9)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\audiofilter\claudiocd.ax"
+ "Cyberlink Demuxer 2.0" "CLDemuxer2" "Cyberlink" "c:\program files\cyberlink\powerdvd9\navfilter\cldemuxer2.ax"
+ "CyberLink Digest Filter (PDVD9)" "DigestFilter Dynamic Link Library" "" "c:\program files\cyberlink\powerdvd9\digestfilter.dll"
+ "CyberLink DVD Navigator (PDVD9)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\navfilter\clnavx.ax"
+ "CyberLink FLV Splitter (PDVD9)" "CyberLink FLV Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\navfilter\clflvsplitter.ax"
+ "CyberLink HAM Decoder" "CyberLink 264 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\clcvd.ax"
+ "CyberLink HD/BD Mixer (PDVD9)" "CLHBMixer" " " "c:\program files\cyberlink\powerdvd9\audiofilter\clhbmixer.ax"
+ "CyberLink Line21 Decoder (PDVD9)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\clline21.ax"
+ "CyberLink Matroska Splitter (PDVD9)" "CyberLink Matroska Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\navfilter\clmkvsplter.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\navfilter\clsplter.ax"
+ "CyberLink MPEG-4 Splitter (PDVD9)" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\navfilter\clm4splt.ax"
+ "CyberLink RealAudio Decoder (PDVD9)" "CyberLink RealMedia Audio Decoder" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\audiofilter\clrmaud.ax"
+ "CyberLink RealMedia Splitter (PDVD9)" "CyberLink RealMedia Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\navfilter\clrmsplitter.ax"
+ "CyberLink RealVideo Decoder (PDVD9)" "CyberLink RealMedia Video Decoder" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\clrmvd.ax"
+ "Cyberlink SubTitle Importor (PDVD9)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\clsubtitle.ax"
+ "Cyberlink SubTitle Importor 2.0 (PDVD9)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (PDVD9)" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\audiofilter\clauts.ax"
+ "CyberLink Tzan Filter (PDVD9)" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\cltzan.ax"
+ "CyberLink Video Decoder (PDVD9)" "CyberLink 264 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\clcvd.ax"
+ "CyberLink Video/SP Decoder (PDVD9)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd9\videofilter\clvsd.ax"
+ "Half Size to Stereo" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "LVMWriter" "LVMWriter" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\lvmwriter.ax"
+ "Media Analyser" "analyse Filter (Sample)" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\mediaanalyser.ax"
+ "MMACE Deinterlace" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "PSI Parser" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Roxio Anaglyph to Stereo" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Roxio Anaglyph to Stereo" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Audio Source 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "Roxio Audio Source Filter" "Roxio Audio Source Filter" "Sonic Solutions" "c:\program files\roxio\oem\audiocodec\rxdsaudiosource.ax"
+ "Roxio Audio Stream Reader Filter" "Roxio Audio Stream Reader Filter" "Sonic Solutions" "c:\program files\roxio\oem\audiocodec\rxdsaudiostreamreader.ax"
+ "Roxio Audio Stream Writer Filter" "Roxio Audio Stream Writer Filter" "Sonic Solutions" "c:\program files\roxio\oem\audiocodec\rxdsaudiostreamwriter.ax"
+ "ROXIO Audio VCFChunker 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "ROXIO Audio VCFLooper 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "ROXIO AudioConvert 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "ROXIO AudioGrabber 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO BDAV Smart Render 1.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO ColorSpace Converter 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO CPU Regulator" "CPURegulator.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\cpuregulator.ax"
+ "ROXIO CrossGraphEx Renderer 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO CrossGraphEx Source 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "roxio DCFilters Audio Sync Filter 2 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters Dragons Lair 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters DVD Muxer 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters DVDStream Reader 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters DVDStream Splitter 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters Mpeg I/II Decoder 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters MPEG Transcoder" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters Smart Resizer 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "roxio DCFilters Subpicture Mixer 10" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"
+ "ROXIO Deinterlace 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO DV Scene Detector Tee 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO DVDCrossGraphEx Renderer 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO DVDCrossGraphEx Source 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Field Combiner 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Field Splitter 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Roxio File Writer Wrapper" "Roxio File Writer Wrapper" "Sonic" "c:\program files\roxio\oem\videocore 12\roxfilewriterwrapper.ax"
+ "ROXIO Image/Colour Source 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO ListImage Source 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO LPCMSyncFilter" "LPCMSync Filter" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\lpcmsyncfilter.dll"
+ "Roxio LVM File Source (Async.)" "LVMAsync" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\lvmasync.ax"
+ "Roxio Mp3 Encoder (SC)" "Roxio Audio Codec DLL" "Sonic Solutions" "c:\program files\roxio\oem\audiocodec\rxdsmp3encoder.ax"
+ "Roxio MPEG Analyzer Filter" "MPEG File Analyzer Dynamic Link Library" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\roxiompegprop.dll"
+ "Roxio MPEG Stream Analyzer" "Roxio MPEG Stream Splitter" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\mpegstreamanalyzer.dll"
+ "Roxio MPEG1 Audio Encoder" "ROXIO MPEG Audio Encoder" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\roxioaudioenc.dll"
+ "Roxio MPEG1 Encoder" "ROXIO MPEG1 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\mpeg1vidcodec.dll"
+ "Roxio MPEG1 Muxer" "ROXIO MPEG MUXER" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\mpeg1muxer.dll"
+ "Roxio MPEG2 Demuxer" "ROXIO MPEG Demuxer" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\roxiompegdemuxer.dll"
+ "Roxio MPEG2 Encoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\mpeg2vidcodec.dll"
+ "Roxio MPEG2 Muxer" "ROXIO MPEG MUXER" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\mpeg2muxer.dll"
+ "Roxio MPEG2 Video Decoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\mpeg2vidcodec.dll"
+ "ROXIO Pan Zoom 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Pin Tee" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Roxio Plasma CrossGraph Renderer" "MGICGFilter.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\plasmacgfilter.ax"
+ "Roxio Plasma CrossGraph Source" "MGICGFilter.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\plasmacgfilter.ax"
+ "ROXIO QT Source" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO QuickGrabber 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Raw Writer" "ROXIO Raw Writer" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\mgirawwriter.dll"
+ "Roxio RealD to Stereo" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Roxio Repack Filter" "Repack Filter" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\repackfilter.dll"
+ "ROXIO Scene Detector 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO SceneRecorder 1.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Roxio Smart Decoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\mpeg2vidcodec.dll"
+ "Roxio Smart Encoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\mpeg2vidcodec.dll"
+ "ROXIO SpyPos 3.0" "Null-In-Place (Sample)" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\mginullip.ax"
+ "Roxio StereoSource Cropper" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO ThumbnailGrabber 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Roxio Transport Stream Source" "ListFrameSource" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\tsmpegsource.dll"
+ "ROXIO VCFAlphaSplitter 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO VCFAudioMixer 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "ROXIO VCFDvrSupport 3.0" "DVR support filter" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\dvrsupportfilt.ax"
+ "ROXIO VCFDVSceneDetect 1.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO VCFHDVSceneDetect 1.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO VCFLatency 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "ROXIO VCFpeakmeter 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "ROXIO VCFStationLogo 1.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO VCFVideoCutList 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO VCFWaveform 1.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "ROXIO Video Effect 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Video Integrate" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Video Resampler 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Roxio Video Rotater," "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO Video VCFLooper 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "ROXIO VideoCombine 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "Roxio VOB Formatter" "VOBFormatter" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\vobformatter.ax"
+ "Roxio Vob Loader" "VOBLoader" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\vobloader.ax"
+ "ROXIO WAV Dest 3.0" "Roxio Audio Filters" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxaudio.ax"
+ "Sewer" "MVWcDSutil" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\mvwcdsutil.dll"
+ "Sonic Audio Resampler" "Audio Resampler Direct Show Filter" "Sonic Solutions Inc." "c:\program files\roxio\oem\audiocodec\filters\c12oem_trans_audio_samplerate_ds.ax"
+ "Sonic Cinemaster® Audio Decoder 4.3 (No Dolby)" "SonicHDAudio" "Sonic Solutions" "c:\program files\roxio\oem\common\cinemasteraudiond.dll"
+ "Sonic Cinemaster® VideoDecoder 4.3 (EMC12)" "CinemasterVideo" "Sonic Solutions" "c:\program files\roxio\oem\common\cinemastervideo.dll"
+ "Sonic HD Demuxer" "Sonic HD Demuxer" "" "c:\program files\roxio\oem\common\sonichddemuxer.dll"
+ "Sonic MPEG Multiplexer" "MPEG Multiplexer-Plus DS Filter" "Sonic Solutions Inc." "c:\program files\roxio\oem\audiocodec\filters\c12oem_mux_mp2_ds.ax"
+ "Sonic MPEG-2 Video Decoder" "MPEG-2 Video Decoder" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc02\c12oem_dec_mp2v_ds.ax"
+ "SubPicture Encoder" "ROXIO SubPicture Encoder" "Sonic Solutions" "c:\program files\common files\roxio shared\oem\12.0\mpeg\subpictenc.dll"
+ "VCG Null Renderer 3.0" "VideoCompositing Module" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\videocompositing.ax"
+ "VCG Video Mixer 3.0" "VideoCompositing Module" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\videocompositing.ax"
+ "VCGImageSource" "VideoCompositing Module" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\videocompositing.ax"
+ "VMR9 Wrapper 3.0" "VideoCompositing Module" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\videocompositing.ax"
+ "Vorbis Decode Filter" "ogg DShow filters" "" "c:\program files\common files\roxio shared\ogg_flac codecs\dsfvorbisdecoder.dll"
+ "VW Input Selector" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "VW Input Selector 2" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "VW Video Transition" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "VW Video Transition" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\oem\videocore 12\roxvideo.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "Provider Object" "Windows Vista and Windows 7 Credential Provider" "UPEK Inc." "c:\program files\common files\spba\provider.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" "" "" ""
+ "Provider Filter Object" "Windows Vista and Windows 7 Credential Provider" "UPEK Inc." "c:\program files\common files\spba\provider.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "spba" "PS QL Logon Kernel" "UPEK Inc." "c:\program files\common files\spba\homefus2.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port Monitor" "Adobe PDF Port Monitor DLL" "Adobe Systems Inc" "c:\windows\system32\adobepdf.dll"
+ "HP Standard TCP/IP Port" "Standard TCP/IP Port Monitor DLL" "Hewlett Packard" "c:\windows\system32\hptcpmon.dll"
+ "HPLJ1020LM" "" "" "c:\windows\system32\zlhp1020.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages" "" "" ""
+ "wvauth" "Authentication Package" "Wave Systems Corp." "c:\windows\system32\wvauth.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "TdmNetworkProvider" "TDM Network Provider" "Wave Systems Corp." "c:\windows\system32\tdmnetworkprovider.dll"




Thanks for all the help. Please review and let me know what to do next

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:18 AM

Posted 01 February 2013 - 11:39 AM

Click on startmenu and type

cmd

Right click on it and select run as administrator and run these commands

cd C:\Windows\system32
takeown /a /f mscorier3.dll
cacls mscorier3.dll /g everyone:f


Type Y and press <ENTER>

attrib -s -h -r mscorier3.dll
del mscorier3.dll


Launch Autoruns and click on TASK SCHEDULER tab uncheck this entry

+ "\Stqp" "" "" "c:\windows\system32\mscorier3.dll"

Press Windows+R key and type

services.msc and click ok

Right click on security center-properties>>Change the startup type to automatic and start it.

Restart the PC and let me know if you still have issues

#15 catbad

catbad
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 01 February 2013 - 12:05 PM

I am getting stuck at this part:

Type Y and press <ENTER>

attrib -s -h -r mscorier3.dll
del mscorier3.dll

When I type in "Y" it says "Y" is not recognized as an internal or external command, operable program or batch file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users