Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove trojan:js/seedabutor.b


  • Please log in to reply
23 replies to this topic

#1 hellbringer616

hellbringer616

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 22 February 2013 - 05:01 PM

As the title says i am having issues removing trojan:js/seedabutor.b

 

I have tried many many online guides on removing it, However none of them seem to work, There are no files out of the ordinary in the %appdata, No registry entries where they tell me to look, Even MalwareBytes doesn't see anything.

But Microsoft Security essentials detects it in the IE temp folder Everytime i leave it alone for 20 or so minutes and then move the mouse to wake it up. I've deleted the entire IE temp directory but it just keeps coming back, even if i don't use IE

 

Running Windows XP service pack 3 Microsoft Security essentials as the AV. all the latest updates for both.



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:05 AM

Posted 22 February 2013 - 07:04 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results



#3 hellbringer616

hellbringer616
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 26 February 2013 - 12:11 PM

TDSSKiller Log

09:21:31.0500 1472  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:21:31.0875 1472  ============================================================
09:21:31.0875 1472  Current date / time: 2013/02/26 09:21:31.0875
09:21:31.0875 1472  SystemInfo:
09:21:31.0875 1472  
09:21:31.0875 1472  OS Version: 5.1.2600 ServicePack: 3.0
09:21:31.0875 1472  Product type: Workstation
09:21:31.0875 1472  ComputerName: OWNER-8DQU99NXR
09:21:31.0875 1472  UserName: Owner
09:21:31.0875 1472  Windows directory: C:\WINDOWS
09:21:31.0875 1472  System windows directory: C:\WINDOWS
09:21:31.0890 1472  Processor architecture: Intel x86
09:21:31.0890 1472  Number of processors: 1
09:21:31.0890 1472  Page size: 0x1000
09:21:31.0890 1472  Boot type: Safe boot with network
09:21:31.0890 1472  ============================================================
09:21:32.0343 1472  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
09:21:32.0406 1472  Drive \Device\Harddisk3\DR13 - Size: 0x77800000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:21:32.0406 1472  ============================================================
09:21:32.0406 1472  \Device\Harddisk0\DR0:
09:21:32.0406 1472  MBR partitions:
09:21:32.0406 1472  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xF391D5B
09:21:32.0421 1472  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF391DD9, BlocksNum 0xDE327A8
09:21:32.0421 1472  \Device\Harddisk3\DR13:
09:21:32.0421 1472  MBR partitions:
09:21:32.0421 1472  \Device\Harddisk3\DR13\Partition1: MBR, Type 0xB, StartLBA 0x3E, BlocksNum 0x3BB5AA
09:21:32.0421 1472  ============================================================
09:21:32.0453 1472  C: <-> \Device\Harddisk0\DR0\Partition1
09:21:32.0484 1472  D: <-> \Device\Harddisk0\DR0\Partition2
09:21:32.0484 1472  ============================================================
09:21:32.0484 1472  Initialize success
09:21:32.0484 1472  ============================================================
09:21:41.0437 1392  ============================================================
09:21:41.0437 1392  Scan started
09:21:41.0437 1392  Mode: Manual; TDLFS; 
09:21:41.0437 1392  ============================================================
09:21:41.0625 1392  ================ Scan system memory ========================
09:21:41.0625 1392  System memory - ok
09:21:41.0640 1392  ================ Scan services =============================
09:21:41.0843 1392  aawqlxev - ok
09:21:41.0875 1392  aazbkfzm - ok
09:21:41.0906 1392  abdsknwh - ok
09:21:41.0968 1392  Abiosdsk - ok
09:21:42.0000 1392  abp480n5 - ok
09:21:42.0031 1392  abrngsze - ok
09:21:42.0062 1392  abypnzah - ok
09:21:42.0187 1392  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:21:42.0187 1392  ACDaemon - ok
09:21:42.0234 1392  acntswmh - ok
09:21:42.0296 1392  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:21:42.0296 1392  ACPI - ok
09:21:42.0359 1392  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
09:21:42.0359 1392  ACPIEC - ok
09:21:42.0390 1392  adnilcxt - ok
09:21:42.0484 1392  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:21:42.0484 1392  AdobeFlashPlayerUpdateSvc - ok
09:21:42.0515 1392  adpu160m - ok
09:21:42.0562 1392  adqirijz - ok
09:21:42.0593 1392  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
09:21:42.0609 1392  aec - ok
09:21:42.0640 1392  aenfelxh - ok
09:21:42.0671 1392  aezavdsv - ok
09:21:42.0750 1392  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
09:21:42.0750 1392  AFD - ok
09:21:42.0828 1392  [ 994A42D273C35B43EE9D1E8A5D8BC639 ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
09:21:42.0843 1392  AgereSoftModem - ok
09:21:42.0875 1392  agnzgvyk - ok
09:21:42.0906 1392  Aha154x - ok
09:21:42.0953 1392  aic78u2 - ok
09:21:42.0984 1392  aic78xx - ok
09:21:43.0015 1392  akovuegs - ok
09:21:43.0156 1392  [ 9A0A8E525C50B732EA0F8F0B597A95F9 ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
09:21:43.0187 1392  ALCXWDM - ok
09:21:43.0265 1392  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
09:21:43.0265 1392  Alerter - ok
09:21:43.0312 1392  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
09:21:43.0312 1392  ALG - ok
09:21:43.0343 1392  AliIde - ok
09:21:43.0375 1392  alxyzlik - ok
09:21:43.0421 1392  amovexwv - ok
09:21:43.0453 1392  amsint - ok
09:21:43.0484 1392  anchncgk - ok
09:21:43.0531 1392  anmrkcxz - ok
09:21:43.0562 1392  antnfsqa - ok
09:21:43.0656 1392  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:21:43.0656 1392  Apple Mobile Device - ok
09:21:43.0703 1392  armkaxfc - ok
09:21:43.0734 1392  arntlsqn - ok
09:21:43.0796 1392  asc - ok
09:21:43.0828 1392  asc3350p - ok
09:21:43.0859 1392  asc3550 - ok
09:21:43.0890 1392  aslayhsd - ok
09:21:43.0921 1392  asnmjlmo - ok
09:21:44.0109 1392  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:21:44.0109 1392  aspnet_state - ok
09:21:44.0171 1392  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:21:44.0171 1392  AsyncMac - ok
09:21:44.0218 1392  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
09:21:44.0218 1392  atapi - ok
09:21:44.0250 1392  Atdisk - ok
09:21:44.0296 1392  atfswkgv - ok
09:21:44.0328 1392  atfxbvki - ok
09:21:44.0375 1392  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:21:44.0390 1392  Atmarpc - ok
09:21:44.0421 1392  atmfuuen - ok
09:21:44.0484 1392  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
09:21:44.0484 1392  AudioSrv - ok
09:21:44.0562 1392  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
09:21:44.0562 1392  audstub - ok
09:21:44.0593 1392  avewxxis - ok
09:21:44.0640 1392  [ CAE7B6E4D7EB17829C526153D19B9C95 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
09:21:44.0640 1392  avgtp - ok
09:21:44.0671 1392  avriaabg - ok
09:21:44.0703 1392  awmignne - ok
09:21:44.0734 1392  axcehyct - ok
09:21:44.0796 1392  axvecdob - ok
09:21:44.0828 1392  aycskgcf - ok
09:21:44.0859 1392  aylnifld - ok
09:21:44.0890 1392  azzkqafo - ok
09:21:44.0937 1392  bbedutck - ok
09:21:44.0984 1392  bbwexcmc - ok
09:21:45.0031 1392  bcdpqfqy - ok
09:21:45.0062 1392  bclivdmo - ok
09:21:45.0109 1392  bebnbqam - ok
09:21:45.0171 1392  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
09:21:45.0171 1392  Beep - ok
09:21:45.0187 1392  bfdjeyof - ok
09:21:45.0250 1392  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
09:21:45.0265 1392  BITS - ok
09:21:45.0312 1392  bjixkfdx - ok
09:21:45.0343 1392  bjqawewk - ok
09:21:45.0375 1392  bkdpsbnm - ok
09:21:45.0406 1392  bkummmcc - ok
09:21:45.0437 1392  bllehtqm - ok
09:21:45.0484 1392  blpdjdjh - ok
09:21:45.0515 1392  bnztsmhe - ok
09:21:45.0609 1392  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:21:45.0609 1392  Bonjour Service - ok
09:21:45.0640 1392  bopqtrrd - ok
09:21:45.0687 1392  bpmqbamm - ok
09:21:45.0718 1392  bppjglbr - ok
09:21:45.0750 1392  bqhnebqi - ok
09:21:45.0812 1392  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
09:21:45.0812 1392  Browser - ok
09:21:45.0843 1392  btgnjarv - ok
09:21:45.0875 1392  btsjjfnn - ok
09:21:45.0906 1392  btwtnjfc - ok
09:21:45.0953 1392  bvgaiarr - ok
09:21:45.0953 1392  byanveav - ok
09:21:45.0953 1392  bzpjormd - ok
09:21:45.0968 1392  caqujvio - ok
09:21:45.0984 1392  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
09:21:45.0984 1392  cbidf2k - ok
09:21:45.0984 1392  ccbuybkm - ok
09:21:46.0015 1392  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:21:46.0015 1392  CCDECODE - ok
09:21:46.0062 1392  cctfgvam - ok
09:21:46.0078 1392  cd20xrnt - ok
09:21:46.0125 1392  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
09:21:46.0125 1392  Cdaudio - ok
09:21:46.0171 1392  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
09:21:46.0171 1392  Cdfs - ok
09:21:46.0218 1392  cdgdiper - ok
09:21:46.0265 1392  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:21:46.0265 1392  Cdrom - ok
09:21:46.0296 1392  cffsvppp - ok
09:21:46.0328 1392  Changer - ok
09:21:46.0390 1392  chmvskez - ok
09:21:46.0437 1392  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
09:21:46.0437 1392  CiSvc - ok
09:21:46.0468 1392  cksfbtgc - ok
09:21:46.0531 1392  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
09:21:46.0531 1392  ClipSrv - ok
09:21:46.0656 1392  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:21:46.0656 1392  clr_optimization_v2.0.50727_32 - ok
09:21:46.0718 1392  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:21:46.0718 1392  clr_optimization_v4.0.30319_32 - ok
09:21:46.0750 1392  cmbvtnza - ok
09:21:46.0781 1392  CmdIde - ok
09:21:46.0828 1392  cmdolygi - ok
09:21:46.0859 1392  COMSysApp - ok
09:21:46.0921 1392  coutlcot - ok
09:21:46.0953 1392  Cpqarray - ok
09:21:46.0984 1392  cqndtehh - ok
09:21:47.0015 1392  cqvpbdnd - ok
09:21:47.0078 1392  crnvuisb - ok
09:21:47.0125 1392  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
09:21:47.0125 1392  CryptSvc - ok
09:21:47.0156 1392  cuwbuvag - ok
09:21:47.0187 1392  cvclafqa - ok
09:21:47.0218 1392  cveocpgm - ok
09:21:47.0265 1392  cvsdudrc - ok
09:21:47.0312 1392  dac2w2k - ok
09:21:47.0343 1392  dac960nt - ok
09:21:47.0375 1392  dbdhaifx - ok
09:21:47.0421 1392  dcgeddcf - ok
09:21:47.0500 1392  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
09:21:47.0500 1392  DcomLaunch - ok
09:21:47.0546 1392  ddvjrshs - ok
09:21:47.0562 1392  ddwqfsbc - ok
09:21:47.0609 1392  decpnvgf - ok
09:21:47.0640 1392  devjkdqz - ok
09:21:47.0687 1392  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
09:21:47.0687 1392  Dhcp - ok
09:21:47.0718 1392  dilfoels - ok
09:21:47.0765 1392  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
09:21:47.0781 1392  Disk - ok
09:21:47.0828 1392  ditjusrx - ok
09:21:47.0843 1392  djxialrg - ok
09:21:47.0875 1392  dklefdml - ok
09:21:47.0906 1392  dkqrodbl - ok
09:21:47.0937 1392  dltuytwv - ok
09:21:47.0968 1392  dmadmin - ok
09:21:48.0031 1392  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
09:21:48.0031 1392  dmboot - ok
09:21:48.0062 1392  dmgztema - ok
09:21:48.0093 1392  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
09:21:48.0109 1392  dmio - ok
09:21:48.0140 1392  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
09:21:48.0140 1392  dmload - ok
09:21:48.0171 1392  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
09:21:48.0187 1392  dmserver - ok
09:21:48.0218 1392  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
09:21:48.0218 1392  DMusic - ok
09:21:48.0250 1392  dnaislea - ok
09:21:48.0265 1392  dnkocxzc - ok
09:21:48.0328 1392  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
09:21:48.0328 1392  Dnscache - ok
09:21:48.0359 1392  domfbork - ok
09:21:48.0453 1392  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
09:21:48.0453 1392  Dot3svc - ok
09:21:49.0500 1392  dpti2o - ok
09:21:49.0531 1392  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
09:21:49.0531 1392  drmkaud - ok
09:21:49.0562 1392  dseqsagy - ok
09:21:49.0593 1392  dsighuqm - ok
09:21:49.0640 1392  dtkgieze - ok
09:21:49.0671 1392  dtwuwxvi - ok
09:21:49.0703 1392  dupgojbr - ok
09:21:49.0750 1392  dwgouuaf - ok
09:21:49.0796 1392  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
09:21:49.0796 1392  EapHost - ok
09:21:49.0843 1392  eaqraqie - ok
09:21:49.0875 1392  ebdfsxry - ok
09:21:49.0906 1392  ebkmrzte - ok
09:21:49.0937 1392  ecowvlds - ok
09:21:49.0968 1392  ecvpokjj - ok
09:21:50.0015 1392  edgeqrhd - ok
09:21:50.0062 1392  efdweleg - ok
09:21:50.0093 1392  egrbrcef - ok
09:21:50.0125 1392  ehkosnhx - ok
09:21:50.0156 1392  eivusdyp - ok
09:21:50.0187 1392  epotphmz - ok
09:21:50.0250 1392  [ 9B3ECBF38CC2B378373B7278D36432C6 ] EPSON_PM_RPCV2_01 C:\WINDOWS\system32\E_S00RP1.EXE
09:21:50.0250 1392  EPSON_PM_RPCV2_01 - ok
09:21:50.0312 1392  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
09:21:50.0312 1392  ERSvc - ok
09:21:50.0343 1392  ethvtsuf - ok
09:21:50.0421 1392  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
09:21:50.0421 1392  Eventlog - ok
09:21:50.0468 1392  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
09:21:50.0484 1392  EventSystem - ok
09:21:50.0515 1392  ewlrlcem - ok
09:21:50.0562 1392  ewlwzydd - ok
09:21:50.0593 1392  ewnfonhx - ok
09:21:50.0625 1392  exilpmvv - ok
09:21:50.0671 1392  extomowg - ok
09:21:50.0703 1392  eyzioyll - ok
09:21:50.0734 1392  ezefwpjk - ok
09:21:50.0765 1392  ezxldptk - ok
09:21:50.0828 1392  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
09:21:50.0828 1392  Fastfat - ok
09:21:50.0890 1392  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:21:50.0906 1392  FastUserSwitchingCompatibility - ok
09:21:50.0937 1392  fbbtyhfh - ok
09:21:50.0968 1392  fbobgxgy - ok
09:21:51.0000 1392  fbyyxalf - ok
09:21:51.0031 1392  fciatzqn - ok
09:21:51.0078 1392  fcwhksbt - ok
09:21:51.0140 1392  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
09:21:51.0140 1392  Fdc - ok
09:21:51.0156 1392  fdrrzfbj - ok
09:21:51.0203 1392  [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS         C:\WINDOWS\system32\DRIVERS\fetnd5.sys
09:21:51.0203 1392  FETNDIS - ok
09:21:51.0250 1392  ffoglxxn - ok
09:21:51.0281 1392  fgjativr - ok
09:21:51.0312 1392  fhwvymgg - ok
09:21:51.0343 1392  fidbryfj - ok
09:21:51.0390 1392  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
09:21:51.0390 1392  Fips - ok
09:21:51.0406 1392  fkdudxji - ok
09:21:51.0453 1392  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:21:51.0453 1392  Flpydisk - ok
09:21:51.0515 1392  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
09:21:51.0515 1392  FltMgr - ok
09:21:51.0546 1392  fodxhrze - ok
09:21:51.0578 1392  foksktxn - ok
09:21:51.0671 1392  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:21:51.0671 1392  FontCache3.0.0.0 - ok
09:21:51.0703 1392  fowtaojq - ok
09:21:51.0734 1392  foyltkfa - ok
09:21:51.0765 1392  fqzlmvic - ok
09:21:51.0828 1392  frigomny - ok
09:21:51.0859 1392  fsaugjuy - ok
09:21:51.0890 1392  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:21:51.0890 1392  Fs_Rec - ok
09:21:51.0937 1392  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:21:51.0937 1392  Ftdisk - ok
09:21:51.0953 1392  fwaryise - ok
09:21:52.0000 1392  fwioaxud - ok
09:21:52.0031 1392  fxsuntry - ok
09:21:52.0062 1392  fzylueoy - ok
09:21:52.0093 1392  gatnmotx - ok
09:21:52.0156 1392  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:21:52.0156 1392  GEARAspiWDM - ok
09:21:52.0171 1392  gjykpftc - ok
09:21:52.0203 1392  gkaazzdt - ok
09:21:52.0250 1392  gljkskzp - ok
09:21:52.0281 1392  glowutml - ok
09:21:52.0312 1392  GMSIPCI - ok
09:21:52.0343 1392  gnsdsess - ok
09:21:52.0375 1392  gohllndh - ok
09:21:52.0390 1392  gouigprb - ok
09:21:52.0453 1392  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:21:52.0453 1392  Gpc - ok
09:21:52.0468 1392  gqcmcmlq - ok
09:21:52.0500 1392  gqktedlp - ok
09:21:52.0593 1392  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
09:21:52.0593 1392  gupdate - ok
09:21:52.0656 1392  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:21:52.0656 1392  gupdatem - ok
09:21:52.0703 1392  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:21:52.0703 1392  gusvc - ok
09:21:52.0734 1392  gvhyaywv - ok
09:21:52.0765 1392  gvvhvfxh - ok
09:21:52.0812 1392  gwgrhvra - ok
09:21:52.0843 1392  gwnibjxo - ok
09:21:52.0875 1392  gxofzzij - ok
09:21:52.0921 1392  gyfjsxyh - ok
09:21:52.0953 1392  gyinfbva - ok
09:21:52.0984 1392  gyklxifa - ok
09:21:53.0031 1392  gzbptqqh - ok
09:21:53.0062 1392  gzlduglw - ok
09:21:53.0093 1392  haglrqte - ok
09:21:53.0125 1392  hbfzakkp - ok
09:21:53.0171 1392  hcysjyah - ok
09:21:53.0203 1392  hdhjqbka - ok
09:21:53.0281 1392  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:21:53.0296 1392  helpsvc - ok
09:21:53.0312 1392  hhggsdqb - ok
09:21:53.0343 1392  hhqvykih - ok
09:21:53.0375 1392  hibrlyvo - ok
09:21:53.0421 1392  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
09:21:53.0421 1392  HidServ - ok
09:21:53.0453 1392  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:21:53.0453 1392  HidUsb - ok
09:21:53.0500 1392  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
09:21:53.0500 1392  hkmsvc - ok
09:21:53.0546 1392  hldbrvig - ok
09:21:53.0562 1392  hnjwvniy - ok
09:21:53.0593 1392  hpaqnddh - ok
09:21:53.0625 1392  hpn - ok
09:21:53.0656 1392  htknvzqt - ok
09:21:53.0718 1392  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
09:21:53.0718 1392  HTTP - ok
09:21:53.0765 1392  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
09:21:53.0765 1392  HTTPFilter - ok
09:21:53.0796 1392  hurxqiim - ok
09:21:53.0828 1392  hxchpehn - ok
09:21:53.0859 1392  hzgjjriq - ok
09:21:53.0906 1392  i2omgmt - ok
09:21:53.0953 1392  i2omp - ok
09:21:54.0000 1392  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:21:54.0000 1392  i8042prt - ok
09:21:54.0031 1392  ibndljci - ok
09:21:54.0078 1392  iddtwuqy - ok
09:21:54.0171 1392  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:21:54.0187 1392  idsvc - ok
09:21:54.0218 1392  ifalfljs - ok
09:21:54.0250 1392  ifztnxdd - ok
09:21:54.0281 1392  igtptkbq - ok
09:21:54.0312 1392  ihjomspr - ok
09:21:54.0359 1392  iiuydtrq - ok
09:21:54.0390 1392  ikwgpdah - ok
09:21:54.0421 1392  ilovqkhp - ok
09:21:54.0453 1392  ilpzdmut - ok
09:21:54.0484 1392  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
09:21:54.0484 1392  Imapi - ok
09:21:54.0562 1392  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\System32\imapi.exe
09:21:54.0562 1392  ImapiService - ok
09:21:54.0609 1392  [ F942EA7535431DE07E5119F7BAA1E804 ] InCDfs          C:\WINDOWS\system32\drivers\InCDFs.sys
09:21:54.0609 1392  InCDfs - ok
09:21:54.0625 1392  InCDPass - ok
09:21:54.0671 1392  InCDrec - ok
09:21:54.0703 1392  incdrm - ok
09:21:54.0734 1392  ini910u - ok
09:21:54.0765 1392  injkrbsm - ok
09:21:54.0796 1392  inordimn - ok
09:21:54.0843 1392  IntelIde - ok
09:21:54.0906 1392  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:21:54.0906 1392  intelppm - ok
09:21:54.0953 1392  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
09:21:54.0953 1392  ip6fw - ok
09:21:55.0000 1392  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:21:55.0000 1392  IpFilterDriver - ok
09:21:55.0046 1392  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:21:55.0046 1392  IpInIp - ok
09:21:55.0078 1392  ipivlkmn - ok
09:21:55.0140 1392  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:21:55.0140 1392  IpNat - ok
09:21:55.0171 1392  ipphlfmc - ok
09:21:55.0234 1392  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:21:55.0234 1392  IPSec - ok
09:21:55.0281 1392  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
09:21:55.0281 1392  IRENUM - ok
09:21:55.0312 1392  irxogwfr - ok
09:21:55.0375 1392  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:21:55.0375 1392  isapnp - ok
09:21:55.0390 1392  itsrwkpz - ok
09:21:55.0421 1392  iubksiih - ok
09:21:55.0468 1392  iuopmuqj - ok
09:21:55.0484 1392  iwsykjuq - ok
09:21:55.0515 1392  jbnhjmhq - ok
09:21:55.0546 1392  jbrcoweq - ok
09:21:55.0578 1392  jdsoyeui - ok
09:21:55.0609 1392  jgpdjgip - ok
09:21:55.0656 1392  jheohxox - ok
09:21:55.0687 1392  jngscblc - ok
09:21:55.0718 1392  jnrsgpnf - ok
09:21:55.0734 1392  jnvbxalw - ok
09:21:55.0765 1392  jnwgzias - ok
09:21:55.0796 1392  jorsqlnd - ok
09:21:55.0843 1392  jpfitcih - ok
09:21:55.0875 1392  jpivjpyj - ok
09:21:55.0906 1392  jpnagrsx - ok
09:21:55.0937 1392  jrlchirb - ok
09:21:55.0968 1392  jtqncjuj - ok
09:21:55.0984 1392  jvnaiygs - ok
09:21:56.0015 1392  jwgfdgvu - ok
09:21:56.0062 1392  jxpukpta - ok
09:21:56.0093 1392  jxwhptqa - ok
09:21:56.0125 1392  jzxfjgof - ok
09:21:56.0156 1392  kaajtgpr - ok
09:21:56.0187 1392  kalmfefk - ok
09:21:56.0218 1392  kazrzhtv - ok
09:21:56.0250 1392  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:21:56.0265 1392  Kbdclass - ok
09:21:56.0281 1392  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:21:56.0281 1392  kbdhid - ok
09:21:56.0312 1392  kdwihdpn - ok
09:21:56.0343 1392  kdzqdwqo - ok
09:21:56.0375 1392  keukobhj - ok
09:21:56.0406 1392  kffjiufq - ok
09:21:56.0453 1392  khucualv - ok
09:21:56.0484 1392  klginnbo - ok
09:21:56.0500 1392  kljrbfqc - ok
09:21:56.0531 1392  kluvorca - ok
09:21:56.0578 1392  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
09:21:56.0578 1392  kmixer - ok
09:21:56.0609 1392  knqbczqb - ok
09:21:56.0687 1392  [ 2B5EC87F403CF6D14E4C59469A31218D ] KodakSvc        C:\Program Files\Kodak\printer\center\KodakSvc.exe
09:21:56.0703 1392  KodakSvc - ok
09:21:56.0750 1392  kpxqkeey - ok
09:21:56.0765 1392  kpylbpqt - ok
09:21:56.0828 1392  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
09:21:56.0828 1392  KSecDD - ok
09:21:56.0859 1392  ksldjpvc - ok
09:21:56.0890 1392  kurirmha - ok
09:21:56.0937 1392  kvmlvklr - ok
09:21:56.0968 1392  kvomaqvb - ok
09:21:57.0015 1392  kyiguyhs - ok
09:21:57.0046 1392  kzdiywbq - ok
09:21:57.0078 1392  kzwulrsn - ok
09:21:57.0125 1392  lafmbelz - ok
09:21:57.0171 1392  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
09:21:57.0171 1392  lanmanserver - ok
09:21:57.0250 1392  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:21:57.0250 1392  lanmanworkstation - ok
09:21:57.0281 1392  lbgvtviz - ok
09:21:57.0312 1392  lbrtfdc - ok
09:21:57.0359 1392  lbuvjhbb - ok
09:21:57.0406 1392  lcfclnqr - ok
09:21:57.0453 1392  ldrdfrzz - ok
09:21:57.0500 1392  ldtietxg - ok
09:21:57.0531 1392  ldunoems - ok
09:21:57.0578 1392  lipntgst - ok
09:21:57.0625 1392  ljbsxetc - ok
09:21:57.0687 1392  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
09:21:57.0687 1392  LmHosts - ok
09:21:57.0703 1392  lmzddhug - ok
09:21:57.0734 1392  ltedpjoh - ok
09:21:57.0781 1392  ltjkjkou - ok
09:21:57.0812 1392  ltwczpwu - ok
09:21:57.0843 1392  lwclrequ - ok
09:21:57.0875 1392  lwdrfwqd - ok
09:21:57.0906 1392  lwtutojm - ok
09:21:57.0937 1392  lxsuxmai - ok
09:21:57.0968 1392  lzamqidq - ok
09:21:58.0000 1392  mbaccbzh - ok
09:21:58.0046 1392  mbstymgr - ok
09:21:58.0078 1392  mbvjwbll - ok
09:21:58.0109 1392  mcicxote - ok
09:21:58.0125 1392  mdgdtvhh - ok
09:21:58.0156 1392  mdqavgcv - ok
09:21:58.0156 1392  medyurzl - ok
09:21:58.0171 1392  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
09:21:58.0171 1392  Messenger - ok
09:21:58.0171 1392  mgsfmtgw - ok
09:21:58.0203 1392  mgwqzobb - ok
09:21:58.0203 1392  mgxtdlzm - ok
09:21:58.0203 1392  mitawsus - ok
09:21:58.0218 1392  mknofhbp - ok
09:21:58.0234 1392  mkttqpgv - ok
09:21:58.0250 1392  mlziekzr - ok
09:21:58.0296 1392  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
09:21:58.0296 1392  mnmdd - ok
09:21:58.0359 1392  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
09:21:58.0375 1392  mnmsrvc - ok
09:21:58.0437 1392  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
09:21:58.0437 1392  Modem - ok
09:21:58.0484 1392  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:21:58.0484 1392  Mouclass - ok
09:21:58.0531 1392  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:21:58.0531 1392  mouhid - ok
09:21:58.0562 1392  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
09:21:58.0562 1392  MountMgr - ok
09:21:58.0625 1392  [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
09:21:58.0625 1392  MpFilter - ok
09:21:58.0656 1392  mqdshikm - ok
09:21:58.0734 1392  [ 6AA46F9896D3C9E5A00E01BB416C707B ] mr7910          C:\WINDOWS\system32\DRIVERS\mr7910.sys
09:21:58.0734 1392  mr7910 - ok
09:21:58.0765 1392  mraid35x - ok
09:21:58.0796 1392  mrasprfm - ok
09:21:58.0843 1392  mrsbwbej - ok
09:21:58.0875 1392  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:21:58.0875 1392  MRxDAV - ok
09:21:58.0937 1392  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:21:58.0937 1392  MRxSmb - ok
09:21:59.0500 1392  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
09:21:59.0500 1392  MSDTC - ok
09:21:59.0578 1392  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
09:21:59.0578 1392  Msfs - ok
09:21:59.0609 1392  MSICPL - ok
09:21:59.0656 1392  MSIServer - ok
09:21:59.0703 1392  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:21:59.0703 1392  MSKSSRV - ok
09:21:59.0796 1392  [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:21:59.0796 1392  MsMpSvc - ok
09:21:59.0859 1392  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:21:59.0859 1392  MSPCLOCK - ok
09:21:59.0875 1392  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
09:21:59.0875 1392  MSPQM - ok
09:21:59.0921 1392  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:21:59.0921 1392  mssmbios - ok
09:21:59.0953 1392  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
09:21:59.0953 1392  MSTEE - ok
09:21:59.0968 1392  mthhdtfy - ok
09:22:00.0000 1392  mtoqhkwm - ok
09:22:00.0015 1392  mttwrezs - ok
09:22:00.0046 1392  mtyrvoiy - ok
09:22:00.0093 1392  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
09:22:00.0093 1392  Mup - ok
09:22:00.0125 1392  mvtjbzzm - ok
09:22:00.0140 1392  mvtkxqrj - ok
09:22:00.0156 1392  mwdmvhue - ok
09:22:00.0171 1392  mxktqpnv - ok
09:22:00.0203 1392  myngbdqe - ok
09:22:00.0218 1392  mzifsqrg - ok
09:22:00.0250 1392  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:22:00.0250 1392  NABTSFEC - ok
09:22:00.0312 1392  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
09:22:00.0312 1392  napagent - ok
09:22:00.0343 1392  nawisxvo - ok
09:22:00.0359 1392  nczplzmi - ok
09:22:00.0390 1392  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
09:22:00.0390 1392  NDIS - ok
09:22:00.0421 1392  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:22:00.0421 1392  NdisIP - ok
09:22:00.0453 1392  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:22:00.0453 1392  NdisTapi - ok
09:22:00.0500 1392  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:22:00.0500 1392  Ndisuio - ok
09:22:00.0515 1392  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:22:00.0515 1392  NdisWan - ok
09:22:00.0546 1392  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
09:22:00.0546 1392  NDProxy - ok
09:22:00.0562 1392  ndvfvfun - ok
09:22:00.0562 1392  neixxqes - ok
09:22:00.0593 1392  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
09:22:00.0593 1392  NetBIOS - ok
09:22:00.0609 1392  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
09:22:00.0609 1392  NetBT - ok
09:22:00.0640 1392  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
09:22:00.0640 1392  NetDDE - ok
09:22:00.0687 1392  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
09:22:00.0687 1392  NetDDEdsdm - ok
09:22:00.0734 1392  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\System32\lsass.exe
09:22:00.0734 1392  Netlogon - ok
09:22:00.0796 1392  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
09:22:00.0812 1392  Netman - ok
09:22:00.0875 1392  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:22:00.0875 1392  NetTcpPortSharing - ok
09:22:00.0906 1392  nfwromdm - ok
09:22:00.0937 1392  nfyuyqil - ok
09:22:00.0968 1392  nhduoqih - ok
09:22:01.0031 1392  ninlhiei - ok
09:22:01.0062 1392  njcuepdi - ok
09:22:01.0093 1392  njdsdowf - ok
09:22:01.0125 1392  njfdgtjo - ok
09:22:01.0156 1392  njkcsqdl - ok
09:22:01.0218 1392  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
09:22:01.0218 1392  Nla - ok
09:22:01.0281 1392  nlbjcixq - ok
09:22:01.0312 1392  nmaixcca - ok
09:22:01.0343 1392  nmcwalsi - ok
09:22:01.0375 1392  nmrhachh - ok
09:22:01.0406 1392  nodwdbbf - ok
09:22:01.0468 1392  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
09:22:01.0484 1392  Npfs - ok
09:22:01.0531 1392  nqhotmvf - ok
09:22:01.0562 1392  nsctgauq - ok
09:22:01.0593 1392  NTACCESS - ok
09:22:01.0656 1392  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
09:22:01.0656 1392  Ntfs - ok
09:22:01.0671 1392  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
09:22:01.0687 1392  NtLmSsp - ok
09:22:01.0718 1392  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
09:22:01.0734 1392  NtmsSvc - ok
09:22:01.0765 1392  ntwedbqu - ok
09:22:01.0812 1392  [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr        C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
09:22:01.0812 1392  NuidFltr - ok
09:22:01.0828 1392  nuiirhpe - ok
09:22:01.0859 1392  nujmjzxq - ok
09:22:01.0921 1392  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
09:22:01.0921 1392  Null - ok
09:22:01.0937 1392  nuxcshul - ok
09:22:01.0953 1392  nvkejyok - ok
09:22:01.0984 1392  nwazjhwz - ok
09:22:02.0031 1392  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:22:02.0031 1392  NwlnkFlt - ok
09:22:02.0046 1392  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:22:02.0046 1392  NwlnkFwd - ok
09:22:02.0078 1392  nwvbkgaw - ok
09:22:02.0109 1392  nwxwijlt - ok
09:22:02.0156 1392  nxbayzma - ok
09:22:02.0171 1392  nxmswzpn - ok
09:22:02.0187 1392  nxxwqbiz - ok
09:22:02.0218 1392  oamunrln - ok
09:22:02.0250 1392  obvyevcg - ok
09:22:02.0281 1392  ocplisdm - ok
09:22:02.0312 1392  odbdxmqk - ok
09:22:02.0343 1392  odroclrx - ok
09:22:02.0375 1392  oducihri - ok
09:22:02.0406 1392  oetvfhua - ok
09:22:02.0437 1392  oeuzvakj - ok
09:22:02.0468 1392  ofkwcpge - ok
09:22:02.0515 1392  ogbxryol - ok
09:22:02.0531 1392  ogigacro - ok
09:22:02.0562 1392  ohekaovg - ok
09:22:02.0593 1392  ohmowdps - ok
09:22:02.0625 1392  ohxzmxof - ok
09:22:02.0671 1392  oirxkxcn - ok
09:22:02.0703 1392  ojpeljlo - ok
09:22:02.0734 1392  ojwqdqfe - ok
09:22:02.0765 1392  okyypcvt - ok
09:22:02.0781 1392  omhunhrk - ok
09:22:02.0812 1392  onkdrqen - ok
09:22:02.0859 1392  onznmzms - ok
09:22:02.0890 1392  opxquodb - ok
09:22:02.0921 1392  oqyntfmt - ok
09:22:02.0953 1392  ospkivfr - ok
09:22:02.0984 1392  ouuhunca - ok
09:22:03.0015 1392  ovflzdsq - ok
09:22:03.0046 1392  ovmjjezy - ok
09:22:03.0078 1392  oxmfocff - ok
09:22:03.0109 1392  oyqnqezp - ok
09:22:03.0140 1392  ozmqlvoa - ok
09:22:03.0203 1392  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
09:22:03.0203 1392  Parport - ok
09:22:03.0234 1392  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
09:22:03.0250 1392  PartMgr - ok
09:22:03.0312 1392  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
09:22:03.0312 1392  ParVdm - ok
09:22:03.0359 1392  pblgblvv - ok
09:22:03.0390 1392  pbuwpmyo - ok
09:22:03.0421 1392  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
09:22:03.0421 1392  PCI - ok
09:22:03.0437 1392  PCIDump - ok
09:22:03.0484 1392  PCIIde - ok
09:22:03.0531 1392  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
09:22:03.0531 1392  Pcmcia - ok
09:22:03.0546 1392  pcvxnhuw - ok
09:22:03.0578 1392  PDCOMP - ok
09:22:03.0625 1392  PDFRAME - ok
09:22:03.0656 1392  PDRELI - ok
09:22:03.0687 1392  PDRFRAME - ok
09:22:03.0718 1392  perc2 - ok
09:22:03.0750 1392  perc2hib - ok
09:22:03.0843 1392  pgeartss - ok
09:22:03.0875 1392  phrgzmta - ok
09:22:03.0906 1392  phsdggem - ok
09:22:03.0937 1392  plhekkpm - ok
09:22:03.0984 1392  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
09:22:03.0984 1392  PlugPlay - ok
09:22:04.0015 1392  pniqfpkf - ok
09:22:04.0031 1392  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\System32\lsass.exe
09:22:04.0031 1392  PolicyAgent - ok
09:22:04.0078 1392  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:22:04.0078 1392  PptpMiniport - ok
09:22:04.0093 1392  prgkfclz - ok
09:22:04.0156 1392  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
09:22:04.0156 1392  Processor - ok
09:22:04.0187 1392  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:22:04.0203 1392  ProtectedStorage - ok
09:22:04.0265 1392  [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
09:22:04.0265 1392  ProtexisLicensing - ok
09:22:04.0312 1392  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
09:22:04.0312 1392  PSched - ok
09:22:04.0359 1392  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
09:22:04.0375 1392  PSI_SVC_2 - ok
09:22:04.0406 1392  psnwnbix - ok
09:22:04.0437 1392  ptdsvozr - ok
09:22:04.0484 1392  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:22:04.0484 1392  Ptilink - ok
09:22:04.0531 1392  ptjvzxpz - ok
09:22:04.0562 1392  pvlpcjyq - ok
09:22:04.0609 1392  pxfkumup - ok
09:22:04.0671 1392  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:22:04.0671 1392  PxHelp20 - ok
09:22:04.0703 1392  pylnplok - ok
09:22:04.0734 1392  qahmmjgk - ok
09:22:04.0781 1392  qbrkemuv - ok
09:22:04.0812 1392  qcyewdkv - ok
09:22:04.0859 1392  qdqdtdrk - ok
09:22:04.0890 1392  qfplocwb - ok
09:22:04.0921 1392  qiptgmam - ok
09:22:04.0953 1392  qiqbadqk - ok
09:22:04.0984 1392  qivoacrg - ok
09:22:05.0046 1392  qkqqtmbm - ok
09:22:05.0078 1392  qktcsvbo - ok
09:22:05.0109 1392  ql1080 - ok
09:22:05.0140 1392  Ql10wnt - ok
09:22:05.0171 1392  ql12160 - ok
09:22:05.0203 1392  ql1240 - ok
09:22:05.0250 1392  ql1280 - ok
09:22:05.0296 1392  qlrvwyln - ok
09:22:05.0328 1392  qngqggvk - ok
09:22:05.0359 1392  qrjtpxav - ok
09:22:05.0390 1392  quhyqkwb - ok
09:22:05.0437 1392  qxiwklcd - ok
09:22:05.0468 1392  qyzckuoy - ok
09:22:05.0500 1392  rahviaey - ok
09:22:05.0531 1392  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:22:05.0531 1392  RasAcd - ok
09:22:05.0593 1392  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
09:22:05.0593 1392  RasAuto - ok
09:22:05.0625 1392  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:22:05.0656 1392  Rasl2tp - ok
09:22:05.0718 1392  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
09:22:05.0718 1392  RasMan - ok
09:22:05.0765 1392  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:22:05.0765 1392  RasPppoe - ok
09:22:05.0781 1392  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
09:22:05.0781 1392  Raspti - ok
09:22:05.0828 1392  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:22:05.0828 1392  Rdbss - ok
09:22:05.0875 1392  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:22:05.0875 1392  RDPCDD - ok
09:22:05.0968 1392  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
09:22:05.0968 1392  RDPWD - ok
09:22:06.0031 1392  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
09:22:06.0046 1392  RDSessMgr - ok
09:22:06.0078 1392  rdurdfkd - ok
09:22:06.0140 1392  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
09:22:06.0140 1392  RealNetworks Downloader Resolver Service - ok
09:22:06.0187 1392  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
09:22:06.0187 1392  redbook - ok
09:22:06.0203 1392  regfkqli - ok
09:22:06.0265 1392  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
09:22:06.0265 1392  RemoteAccess - ok
09:22:06.0281 1392  rgilhfri - ok
09:22:06.0312 1392  rhugkims - ok
09:22:06.0343 1392  riubxnur - ok
09:22:06.0375 1392  riwwlabn - ok
09:22:06.0421 1392  rjyogpaa - ok
09:22:06.0453 1392  rkineeom - ok
09:22:06.0484 1392  rniwvubc - ok
09:22:06.0515 1392  rososwus - ok
09:22:06.0546 1392  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
09:22:06.0546 1392  RpcLocator - ok
09:22:06.0609 1392  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
09:22:06.0609 1392  RpcSs - ok
09:22:06.0625 1392  rqhyglgk - ok
09:22:06.0671 1392  rqnvxrba - ok
09:22:06.0687 1392  rrnzavey - ok
09:22:06.0718 1392  rsmwrzmu - ok
09:22:06.0750 1392  rsriplzf - ok
09:22:06.0781 1392  rstctoep - ok
09:22:06.0843 1392  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
09:22:06.0843 1392  RSVP - ok
09:22:06.0875 1392  rwghvwen - ok
09:22:06.0906 1392  rwyoitqi - ok
09:22:06.0953 1392  rxsmwxus - ok
09:22:07.0000 1392  rxsqjhwp - ok
09:22:07.0031 1392  rynvlnid - ok
09:22:07.0062 1392  rypksxxq - ok
09:22:07.0093 1392  ryzwsitk - ok
09:22:07.0125 1392  rzcuubaj - ok
09:22:07.0171 1392  rzjidhdb - ok
09:22:07.0203 1392  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
09:22:07.0234 1392  SamSs - ok
09:22:07.0265 1392  saoeupoe - ok
09:22:07.0296 1392  saqipzdk - ok
09:22:07.0328 1392  savayzaq - ok
09:22:07.0375 1392  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
09:22:07.0375 1392  SCardSvr - ok
09:22:07.0421 1392  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
09:22:07.0437 1392  Schedule - ok
09:22:07.0500 1392  sdxqendh - ok
09:22:07.0531 1392  sebbwnzh - ok
09:22:07.0593 1392  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:22:07.0593 1392  Secdrv - ok
09:22:07.0640 1392  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
09:22:07.0640 1392  seclogon - ok
09:22:07.0671 1392  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
09:22:07.0671 1392  SENS - ok
09:22:07.0734 1392  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
09:22:07.0734 1392  serenum - ok
09:22:07.0765 1392  serftwlb - ok
09:22:07.0796 1392  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
09:22:07.0796 1392  Serial - ok
09:22:07.0937 1392  SetupNTGLM7X - ok
09:22:07.0984 1392  seuvzzxz - ok
09:22:08.0015 1392  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
09:22:08.0015 1392  Sfloppy - ok
09:22:08.0093 1392  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
09:22:08.0093 1392  SharedAccess - ok
09:22:08.0125 1392  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:22:08.0140 1392  ShellHWDetection - ok
09:22:08.0171 1392  Simbad - ok
09:22:08.0203 1392  sjpobggc - ok
09:22:08.0250 1392  skvlwljp - ok
09:22:08.0296 1392  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:22:08.0296 1392  SLIP - ok
09:22:08.0375 1392  snncqivi - ok
09:22:08.0406 1392  snsjicve - ok
09:22:08.0437 1392  sofyddxv - ok
09:22:08.0500 1392  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
09:22:08.0500 1392  SONYPVU1 - ok
09:22:08.0546 1392  sosknekq - ok
09:22:08.0578 1392  Sparrow - ok
09:22:08.0625 1392  spibvwyd - ok
09:22:08.0671 1392  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
09:22:08.0671 1392  splitter - ok
09:22:08.0734 1392  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
09:22:08.0750 1392  Spooler - ok
09:22:08.0781 1392  sprwzuwz - ok
09:22:08.0812 1392  spuxyzow - ok
09:22:08.0843 1392  sqlxkfsr - ok
09:22:08.0875 1392  sqpnnpyh - ok
09:22:08.0906 1392  sqrqfqgf - ok
09:22:08.0953 1392  sqxbnnfd - ok
09:22:09.0000 1392  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
09:22:09.0000 1392  sr - ok
09:22:09.0015 1392  srdbdxjp - ok
09:22:09.0078 1392  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\System32\srsvc.dll
09:22:09.0078 1392  srservice - ok
09:22:09.0125 1392  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
09:22:09.0125 1392  Srv - ok
09:22:09.0171 1392  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
09:22:09.0171 1392  SSDPSRV - ok
09:22:09.0234 1392  [ AA09FD16363E4232C68AF854E8A26F21 ] StatusAgent4    C:\WINDOWS\system32\SAgent4.exe
09:22:09.0234 1392  StatusAgent4 - ok
09:22:09.0296 1392  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
09:22:09.0296 1392  stisvc - ok
09:22:09.0328 1392  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:22:09.0328 1392  streamip - ok
09:22:09.0390 1392  [ C86A229BB5CB5DC47498B2C530A9458E ] SWDUMon         C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
09:22:09.0390 1392  SWDUMon - ok
09:22:09.0437 1392  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
09:22:09.0437 1392  swenum - ok
09:22:09.0484 1392  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
09:22:09.0484 1392  swmidi - ok
09:22:09.0515 1392  SwPrv - ok
09:22:09.0562 1392  swzaxqme - ok
09:22:09.0609 1392  symc810 - ok
09:22:09.0640 1392  symc8xx - ok
09:22:09.0671 1392  symqcnbj - ok
09:22:09.0703 1392  sym_hi - ok
09:22:09.0734 1392  sym_u3 - ok
09:22:09.0781 1392  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
09:22:09.0781 1392  sysaudio - ok
09:22:09.0812 1392  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
09:22:09.0828 1392  SysmonLog - ok
09:22:09.0843 1392  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
09:22:09.0859 1392  TapiSrv - ok
09:22:09.0906 1392  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:22:09.0906 1392  Tcpip - ok
09:22:09.0968 1392  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
09:22:09.0968 1392  TDPIPE - ok
09:22:10.0015 1392  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
09:22:10.0015 1392  TDTCP - ok
09:22:10.0062 1392  tdtvxgsb - ok
09:22:10.0109 1392  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
09:22:10.0109 1392  TermDD - ok
09:22:10.0171 1392  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
09:22:10.0171 1392  TermService - ok
09:22:10.0203 1392  tfrbiong - ok
09:22:10.0250 1392  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
09:22:10.0250 1392  Themes - ok
09:22:10.0281 1392  thzxyypw - ok
09:22:10.0312 1392  tjqqjjww - ok
09:22:10.0359 1392  tkcokknf - ok
09:22:10.0390 1392  tmlbwjjd - ok
09:22:10.0421 1392  tmnueznq - ok
09:22:10.0453 1392  tmqmhuos - ok
09:22:10.0484 1392  tolgkkmx - ok
09:22:10.0531 1392  TosIde - ok
09:22:10.0562 1392  tqlaynno - ok
09:22:10.0578 1392  tqxptbaf - ok
09:22:10.0625 1392  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
09:22:10.0625 1392  TrkWks - ok
09:22:10.0671 1392  tspwdmid - ok
09:22:10.0703 1392  tsrlavgn - ok
09:22:10.0734 1392  ttcdcakv - ok
09:22:10.0765 1392  tusyiosh - ok
09:22:10.0796 1392  tvpwjscd - ok
09:22:10.0828 1392  [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35          C:\WINDOWS\system32\DRIVERS\uagp35.sys
09:22:10.0828 1392  uagp35 - ok
09:22:10.0859 1392  uauimyhl - ok
09:22:10.0890 1392  ubduqrie - ok
09:22:10.0921 1392  ubywibpd - ok
09:22:10.0968 1392  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
09:22:10.0968 1392  Udfs - ok
09:22:11.0000 1392  uezoceah - ok
09:22:11.0031 1392  ulkpvgkm - ok
09:22:11.0062 1392  ultra - ok
09:22:11.0078 1392  uoelqmle - ok
09:22:11.0109 1392  uoeqmfnn - ok
09:22:11.0156 1392  uopkhaip - ok
09:22:11.0187 1392  uovcurfi - ok
09:22:11.0218 1392  uoyufsjn - ok
09:22:11.0281 1392  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
09:22:11.0281 1392  Update - ok
09:22:11.0312 1392  upkvezps - ok
09:22:11.0375 1392  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
09:22:11.0375 1392  upnphost - ok
09:22:11.0406 1392  uppgjnjy - ok
09:22:11.0437 1392  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
09:22:11.0437 1392  UPS - ok
09:22:11.0468 1392  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
09:22:11.0484 1392  USBAAPL - ok
09:22:11.0500 1392  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:22:11.0515 1392  usbccgp - ok
09:22:11.0546 1392  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:22:11.0546 1392  usbehci - ok
09:22:11.0578 1392  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:22:11.0578 1392  usbhub - ok
09:22:11.0625 1392  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:22:11.0625 1392  usbprint - ok
09:22:11.0656 1392  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:22:11.0656 1392  usbscan - ok
09:22:11.0687 1392  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:22:11.0703 1392  usbstor - ok
09:22:11.0734 1392  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:22:11.0734 1392  usbuhci - ok
09:22:11.0812 1392  [ C5B70A6AA947667CE0E5FC84A05EC8B6 ] usnjsvc         C:\Program Files\MSN Messenger\usnsvc.exe
09:22:11.0812 1392  usnjsvc - ok
09:22:11.0859 1392  uvusvaov - ok
09:22:11.0890 1392  vatfagwl - ok
09:22:11.0937 1392  vckhrywn - ok
09:22:11.0968 1392  vcklnlho - ok
09:22:12.0000 1392  vclonksj - ok
09:22:12.0046 1392  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
09:22:12.0046 1392  VgaSave - ok
09:22:12.0078 1392  vgvajpij - ok
09:22:12.0109 1392  vhrleduk - ok
09:22:12.0171 1392  [ 012B67EAFBC92572228D00149CE7D079 ] viagfx          C:\WINDOWS\system32\DRIVERS\vtmini.sys
09:22:12.0171 1392  viagfx - ok
09:22:12.0218 1392  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
09:22:12.0218 1392  ViaIde - ok
09:22:12.0281 1392  [ 44056E9FEE477F512EE58BCFEE949621 ] viamraid        C:\WINDOWS\system32\drivers\viamraid.sys
09:22:12.0296 1392  viamraid - ok
09:22:12.0343 1392  vkbdrlgk - ok
09:22:12.0359 1392  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
09:22:12.0359 1392  VolSnap - ok
09:22:12.0390 1392  vqpbuzdb - ok
09:22:12.0453 1392  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
09:22:12.0468 1392  VSS - ok
09:22:12.0500 1392  vtbivaiu - ok
09:22:12.0609 1392  [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
09:22:12.0609 1392  vToolbarUpdater14.2.0 - ok
09:22:12.0656 1392  vvcvpddf - ok
09:22:12.0687 1392  vvwruwul - ok
09:22:12.0718 1392  vwkoxaci - ok
09:22:12.0765 1392  vxqjjcza - ok
09:22:12.0796 1392  vzisnsct - ok
09:22:12.0859 1392  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\System32\w32time.dll
09:22:12.0859 1392  W32Time - ok
09:22:12.0953 1392  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:22:12.0953 1392  Wanarp - ok
09:22:12.0984 1392  wbkojqjb - ok
09:22:13.0015 1392  wcyrhabu - ok
09:22:13.0093 1392  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:22:13.0093 1392  Wdf01000 - ok
09:22:13.0140 1392  WDICA - ok
09:22:13.0187 1392  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
09:22:13.0187 1392  wdmaud - ok
09:22:13.0265 1392  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
09:22:13.0265 1392  WebClient - ok
09:22:13.0312 1392  whgstkrz - ok
09:22:13.0437 1392  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
09:22:13.0437 1392  winmgmt - ok
09:22:13.0515 1392  wkfpqzni - ok
09:22:13.0640 1392  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:22:13.0656 1392  wlidsvc - ok
09:22:13.0703 1392  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
09:22:13.0703 1392  WmdmPmSN - ok
09:22:13.0734 1392  wmgnbkqy - ok
09:22:13.0828 1392  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
09:22:13.0828 1392  WmiApSrv - ok
09:22:13.0921 1392  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
09:22:13.0937 1392  WMPNetworkSvc - ok
09:22:14.0015 1392  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:22:14.0015 1392  WPFFontCache_v0400 - ok
09:22:14.0093 1392  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
09:22:14.0093 1392  wscsvc - ok
09:22:14.0140 1392  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:22:14.0140 1392  WSTCODEC - ok
09:22:14.0171 1392  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
09:22:14.0171 1392  wuauserv - ok
09:22:14.0234 1392  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:22:14.0234 1392  WudfPf - ok
09:22:14.0281 1392  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:22:14.0281 1392  WudfRd - ok
09:22:14.0328 1392  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
09:22:14.0328 1392  WudfSvc - ok
09:22:14.0390 1392  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
09:22:14.0406 1392  WZCSVC - ok
09:22:14.0437 1392  xhqawvui - ok
09:22:14.0468 1392  xmatnhya - ok
09:22:14.0531 1392  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
09:22:14.0531 1392  xmlprov - ok
09:22:14.0546 1392  xmwverrl - ok
09:22:14.0578 1392  xnvwyaef - ok
09:22:14.0625 1392  xqgomotb - ok
09:22:14.0656 1392  xtachdmt - ok
09:22:14.0671 1392  xtqfwxut - ok
09:22:14.0703 1392  xueujhhx - ok
09:22:14.0734 1392  xwbccihl - ok
09:22:14.0781 1392  xxuleeqv - ok
09:22:14.0812 1392  xykknpbf - ok
09:22:14.0843 1392  xzotvtec - ok
09:22:14.0875 1392  ymkufrvw - ok
09:22:14.0906 1392  yqeutvny - ok
09:22:14.0937 1392  ysjumfkm - ok
09:22:14.0968 1392  ytpvgqgz - ok
09:22:15.0000 1392  zcbfiqaa - ok
09:22:15.0031 1392  zcoaqgia - ok
09:22:15.0062 1392  zfkaglfh - ok
09:22:15.0109 1392  zrxlbdar - ok
09:22:15.0171 1392  ================ Scan global ===============================
09:22:15.0203 1392  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:22:15.0234 1392  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:22:15.0265 1392  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:22:15.0296 1392  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:22:15.0296 1392  [Global] - ok
09:22:15.0312 1392  ================ Scan MBR ==================================
09:22:15.0343 1392  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:22:15.0484 1392  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:22:15.0484 1392  \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:22:15.0546 1392  [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk3\DR13
09:22:16.0734 1392  \Device\Harddisk3\DR13 - ok
09:22:16.0750 1392  ================ Scan VBR ==================================
09:22:16.0765 1392  [ EFF308817DFD57CDF27BF86CFBA17412 ] \Device\Harddisk0\DR0\Partition1
09:22:16.0765 1392  \Device\Harddisk0\DR0\Partition1 - ok
09:22:16.0796 1392  [ 28DC3767F39550E8E3B5357113633BC5 ] \Device\Harddisk0\DR0\Partition2
09:22:16.0796 1392  \Device\Harddisk0\DR0\Partition2 - ok
09:22:16.0828 1392  [ 7FB82FE697387B2A2EC673EE0F5C6144 ] \Device\Harddisk3\DR13\Partition1
09:22:16.0843 1392  \Device\Harddisk3\DR13\Partition1 - ok
09:22:16.0859 1392  ============================================================
09:22:16.0859 1392  Scan finished
09:22:16.0859 1392  ============================================================
09:22:16.0906 1948  Detected object count: 1
09:22:16.0906 1948  Actual detected object count: 1
09:22:21.0515 1948  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:22:21.0515 1948  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 

aswMBR Log

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-26 09:25:30
-----------------------------
09:25:30.437    OS Version: Windows 5.1.2600 Service Pack 3
09:25:30.437    Number of processors: 1 586 0x605
09:25:30.437    ComputerName: OWNER-8DQU99NXR  UserName: Owner
09:25:30.875    Initialize success
09:26:29.390    AVAST engine defs: 13022600
09:26:41.859    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0
09:26:41.875    Disk 0 Vendor: ST325062 3.AA Size: 238475MB BusType: 1
09:26:41.890    Disk 0 MBR read successfully
09:26:41.921    Disk 0 MBR scan
09:26:41.968    Disk 0 Windows XP default MBR code
09:26:41.984    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       124707 MB offset 63
09:26:42.000    Disk 0 Partition - 00     0F Extended LBA            113764 MB offset 255401370
09:26:42.031    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       113764 MB offset 255401433
09:26:42.078    Disk 0 scanning sectors +488392065
09:26:42.171    Disk 0 scanning C:\WINDOWS\system32\drivers
09:26:54.859    Service scanning
09:27:13.890    Modules scanning
09:27:16.921    Disk 0 trace - called modules:
09:27:17.109    ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll viamraid.sys 
09:27:17.281    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8636b708]
09:27:17.453    3 CLASSPNP.SYS[f76f3fd7] -> nt!IofCallDriver -> \Device\Scsi\viamraid1Port2Path0Target0Lun0[0x86390a38]
09:27:18.046    AVAST engine scan C:\WINDOWS
09:27:23.859    AVAST engine scan C:\WINDOWS\system32
09:30:54.359    AVAST engine scan C:\WINDOWS\system32\drivers
09:31:16.140    AVAST engine scan C:\Documents and Settings\Owner
10:04:16.890    AVAST engine scan C:\Documents and Settings\All Users
10:11:00.718    Scan finished successfully
10:39:39.625    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
10:39:39.671    The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"



ESET Reults

C:\Program Files\HSN\bar\1.bin\HSNBAR.DLL	Win32/Toolbar.HSN application	cleaned by deleting - quarantined
C:\Program Files\HSN\bar\1.bin\HSNHTML.DLL	Win32/Toolbar.HSN application	cleaned by deleting - quarantined
C:\Program Files\HSN\bar\1.bin\HSNHTTP.DLL	Win32/Toolbar.HSN application	cleaned by deleting - quarantined
C:\Program Files\HSN\bar\1.bin\HSNIDLE.DLL	Win32/Toolbar.HSN application	cleaned by deleting - quarantined
C:\Program Files\HSN\bar\1.bin\HSNPLUGN.DLL	Win32/Toolbar.HSN application	cleaned by deleting - quarantined
C:\Program Files\HSN\bar\1.bin\HSNSKIN.DLL	Win32/Toolbar.HSN application	cleaned by deleting - quarantined
C:\Program Files\HSN\bar\1.bin\HSNTICKR.DLL	Win32/Toolbar.HSN application	cleaned by deleting - quarantined
C:\Program Files\HSN\bar\1.bin\NPHSN.DLL	Win32/Toolbar.MyWebSearch application	cleaned by deleting - quarantined
C:\Program Files\MyWebFace_5a\bar\1.bin\5adatact.dll	probably a variant of Win32/Toolbar.MyWebSearch.A application	cleaned by deleting - quarantined
C:\Program Files\MyWebFace_5a\bar\1.bin\5ahtmlmu.dll	probably a variant of Win32/Toolbar.MyWebSearch.B application	cleaned by deleting - quarantined
C:\Program Files\MyWebFace_5a\bar\1.bin\5askin.dll	a variant of Win32/Toolbar.MyWebSearch.P application	cleaned by deleting - quarantined
C:\Program Files\StartNow Toolbar\Toolbar32.dll	a variant of Win32/Toolbar.Zugo application	cleaned by deleting - quarantined
C:\Program Files\WeatherBlinkEI\Installr\1.bin\gcEIPlug.dll	Win32/Toolbar.MyWebSearch application	cleaned by deleting - quarantined
C:\Program Files\WeatherBlinkEI\Installr\1.bin\gcEZSETP.dll	Win32/Toolbar.MyWebSearch.Q application	cleaned by deleting - quarantined
C:\Program Files\WeatherBlinkEI\Installr\1.bin\NPgcEISb.dll	Win32/Toolbar.MyWebSearch application	cleaned by deleting - quarantined

I am aware of the toolbars, I intend to remove them. But haven't as the seedabutor seems more pressing.


 



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:05 AM

Posted 26 February 2013 - 12:16 PM

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#5 hellbringer616

hellbringer616
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 26 February 2013 - 02:23 PM

Mbam

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.22.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Owner :: OWNER-8DQU99NXR [administrator]

2/26/2013 1:35:13 PM
mbam-log-2013-02-26 (13-35-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229282
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Mini Toolbox

MiniToolBox by Farbar  Version:10-01-2013
Ran by Owner (administrator) on 26-02-2013 at 13:41:08
Running from "E:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

VIA Compatable Fast Ethernet Adapter = Local Area Connection 2 (Connected)


# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp 
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration        Host Name . . . . . . . . . . . . : owner-8dqu99nxr        Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Hybrid        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : No        DNS Suffix Search List. . . . . . : esr9850Ethernet adapter Local Area Connection 2:        Connection-specific DNS Suffix  . : esr9850        Description . . . . . . . . . . . : VIA Compatable Fast Ethernet Adapter #2        Physical Address. . . . . . . . . : 00-19-DB-62-80-39        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 192.168.0.104        Subnet Mask . . . . . . . . . . . : 255.255.255.0        Default Gateway . . . . . . . . . : 192.168.0.1        DHCP Server . . . . . . . . . . . : 192.168.0.1        DNS Servers . . . . . . . . . . . : 208.67.222.222                                            208.67.220.220        Primary WINS Server . . . . . . . : 192.168.0.1        Lease Obtained. . . . . . . . . . : Tuesday, February 26, 2013 9:48:25 AM        Lease Expires . . . . . . . . . . : Tuesday, February 26, 2013 9:48:25 PMServer:  resolver1.opendns.com
Address:  208.67.222.222

Name:    google.com.esr9850
Address:  67.215.65.132

Pinging google.com [74.125.225.66] with 32 bytes of data:Reply from 74.125.225.66: bytes=32 time=14ms TTL=52Reply from 74.125.225.66: bytes=32 time=13ms TTL=52Ping statistics for 74.125.225.66:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 13ms, Maximum = 14ms, Average = 13msServer:  resolver1.opendns.com
Address:  208.67.222.222

Name:    yahoo.com.esr9850
Address:  67.215.65.132

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:Reply from 98.138.253.109: bytes=32 time=196ms TTL=49Reply from 98.138.253.109: bytes=32 time=50ms TTL=49Ping statistics for 98.138.253.109:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 50ms, Maximum = 196ms, Average = 123msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 db 62 80 39 ...... VIA Compatable Fast Ethernet Adapter #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.104	  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1	  1
      192.168.0.0    255.255.255.0    192.168.0.104   192.168.0.104	  20
    192.168.0.104  255.255.255.255        127.0.0.1       127.0.0.1	  20
    192.168.0.255  255.255.255.255    192.168.0.104   192.168.0.104	  20
        224.0.0.0        240.0.0.0    192.168.0.104   192.168.0.104	  20
  255.255.255.255  255.255.255.255    192.168.0.104   192.168.0.104	  1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/21/2013 04:21:18 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional.  The Windows installer cannot continue.

Error: (02/21/2013 04:21:16 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional.  The Windows installer cannot continue.

Error: (02/21/2013 04:21:13 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional.  The Windows installer cannot continue.

Error: (02/21/2013 03:39:38 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot load netapi32.dll. (The paging file is too small for this operation to complete. ).

Error: (02/20/2013 00:24:52 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80508007, P2 mpupdateengine, P3 am bdd, P4 11.1.4289.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/04/2013 05:56:05 PM) (Source: MsiInstaller) (User: OWNER-8DQU99NXR)
Description: Product: iTunes -- Error 1303. The installer has insufficient privileges to access this directory: C:\Program Files\iTunes.  The installation cannot continue.  Log on as administrator or contact your system administrator.

Error: (02/04/2013 05:46:37 PM) (Source: MsiInstaller) (User: OWNER-8DQU99NXR)
Description: Product: QuickTime -- Error 1303. The installer has insufficient privileges to access this directory: C:\Program Files\QuickTime.  The installation cannot continue.  Log on as administrator or contact your system administrator.

Error: (01/25/2013 11:35:25 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/23/2013 11:26:06 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/23/2013 11:04:26 AM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.


System errors:
=============
Error: (02/26/2013 01:34:47 PM) (Source: DCOM) (User: OWNER-8DQU99NXR)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (02/26/2013 00:20:00 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.145.72.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.1.0522.00

	Source Path: 4.1.0522.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (02/26/2013 00:20:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (02/26/2013 00:20:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (02/26/2013 00:09:32 PM) (Source: DCOM) (User: OWNER-8DQU99NXR)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (02/26/2013 00:09:15 PM) (Source: DCOM) (User: OWNER-8DQU99NXR)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (02/26/2013 09:23:32 AM) (Source: DCOM) (User: OWNER-8DQU99NXR)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (02/26/2013 09:23:32 AM) (Source: DCOM) (User: OWNER-8DQU99NXR)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (02/26/2013 09:23:32 AM) (Source: DCOM) (User: OWNER-8DQU99NXR)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (02/26/2013 09:22:57 AM) (Source: DCOM) (User: OWNER-8DQU99NXR)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (02/21/2013 04:21:18 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (02/21/2013 04:21:16 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (02/21/2013 04:21:13 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (02/21/2013 03:39:38 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: netapi32.dllThe paging file is too small for this operation to complete.

Error: (02/20/2013 00:24:52 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80508007mpupdateengineam bdd11.1.4289.0mpsigstub.exe4.1.522.0microsoft security essentialsNILNILNIL

Error: (02/04/2013 05:56:05 PM) (Source: MsiInstaller)(User: OWNER-8DQU99NXR)
Description: Product: iTunes -- Error 1303. The installer has insufficient privileges to access this directory: C:\Program Files\iTunes.  The installation cannot continue.  Log on as administrator or contact your system administrator.(NULL)(NULL)(NULL)

Error: (02/04/2013 05:46:37 PM) (Source: MsiInstaller)(User: OWNER-8DQU99NXR)
Description: Product: QuickTime -- Error 1303. The installer has insufficient privileges to access this directory: C:\Program Files\QuickTime.  The installation cannot continue.  Log on as administrator or contact your system administrator.(NULL)(NULL)(NULL)

Error: (01/25/2013 11:35:25 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.1.522.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (01/23/2013 11:26:06 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset4.1.522.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (01/23/2013 11:04:26 AM) (Source: Application Hang)(User: )
Description: 1180947459


=========================== Installed Programs ============================

Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 10 Plugin (Version: 10.0.42.34)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.149)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Adobe Shockwave Player 11 (Version: 11)
Advertising Center (Version: 0.0.0.1)
aiofw (Version: 2.03.0000.0000)
aioocr (Version: 1.00.0000)
aioprnt (Version: 2.02.0000.0000)
aioscnnr (Version: 2.02.0000.0000)
Amazon Cloud Drive (Version: 1.10.00.0)
Amazon Kindle
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 2.8.255.384)
AutoUpdate (Version: 1.1)
AVG Security Toolbar (Version: 14.2.0.1)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint EX - PREMIUM Contents GC0076
Canon Easy-WebPrint EX
Canon iX6500 series Printer Driver
Canon iX6500 series User Registration
Canon My Printer
Canon SELPHY CP780
Canon Solution Menu EX
Canon Utilities SELPHY Photo Print (Version: 1.0.1.5)
Canon Utilities SELPHY Print Contents 1.0.0 (Version: 1.0.0.8)
CCleaner (Version: 3.27)
CCScore (Version: 8.02.0000.0001)
center (Version: 2.02.0000.0000)
Collage Maker (Version: 3.60)
Content (Version: 1.00.0000)
Corel Paint Shop Pro Photo X2 (Version: 12.010.0000)
Corel Painter 11
Corel Painter 11 - ICA (Version: 11.0)
Corel Painter 11 - IPM (Version: 11.2)
Corel Painter 11 (Version: 11.2)
Critical Update for Windows Media Player 11 (KB959772)
Defraggler (Version: 2.12)
DivX Codec (Version: 6.8.3)
DivX Player (Version: 6.8.2)
EPSON Printer Software
ESET Online Scanner v3
ESSBrwr (Version: 8.02.0000.0001)
ESSCDBK (Version: 8.03.0000.0001)
ESScore (Version: 8.03.0000.0001)
ESSgui (Version: 8.03.0000.0001)
ESSini (Version: 8.02.0000.0001)
ESSPCD (Version: 8.02.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 8.00.0000.0001)
Facebook Plug-In
fflink (Version: 6.02.1001.0001)
Flickr Uploadr 3.2.1
FrameMaster 2.14 (Version: 2.14)
FUJIFILM MyFinePix Studio 1.0
Google Talk (remove only)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
Help_CTR (Version: 2.02.0000.000)
helptut (Version: 2.00.0000.0000)
helpug (Version: 2.02.0000.0000)
HSN Shopping Bar
IconHandler 32 bit (Version: 2.0)
IncrediMail (Version: 6.2.9.5120)
IncrediMail 2.0 (Version: 6.2.9.5120)
Internet Explorer (Enable DEP)
iTunes (Version: 10.6.3.25)
K-Lite Codec Pack 8.7.0 (Standard) (Version: 8.7.0)
kgcbaby (Version: 5.03.0000.0002)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 6.03.0001.0001)
kgcmove (Version: 6.03.0001.0001)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
ksdip (Version: 2.00.0000.0000)
Langauge (Version: 1.2)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Digital Image Pro 7.0 (Version: 7.0.0.0000)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Web Publishing Wizard 1.52
MobileMe Control Panel (Version: 3.1.8.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Essentials (Version: 7.01.7665)
netbrdg (Version: 7.01.0000.0001)
OfotoXMI (Version: 8.03.0000.0001)
Paint Shop Pro 7 (Version: 7.0.4.0000)
Photo Notifier and Animation Creator (Version: 1.0.0.1008)
PhotoMail Maker (Version: 6.0.0.1007)
Picasa 3 (Version: 3.8)
PowerDVD
QuickTime (Version: 7.72.80.56)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
Realtek AC'97 Audio (Version: 5.29)
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.34.57.2)
SFR (Version: 8.01.0000.0001)
SHASTA (Version: 7.01.0000.0001)
skin0001 (Version: 8.02.0000.0001)
SKINXSDK (Version: 8.02.0000.0001)
staticcr (Version: 8.02.0000.0001)
The Print Shop
The Weather Channel App
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VIA/S3G Display Driver 6.14.10.0297
VPRINTOL (Version: 8.02.0000.0001)
WebFldrs XP (Version: 9.50.6513)
Windows Driver Package - (mr7910) Image  (08/08/2006 1.4.0.0) (Version: 08/08/2006 1.4.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Messenger (Version: 8.1.0178.00)
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WIRELESS (Version: 8.02.0000.0001)
Yahoo! Messenger

========================= Devices: ================================

Name: Optiarc DVD RW AD-7170A
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 958.48 MB
Available physical RAM: 415.36 MB
Total Pagefile: 1548.01 MB
Available Pagefile: 1238.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.61 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:121.78 GB) (Free:85.75 GB) NTFS
3 Drive d: () (Fixed) (Total:111.1 GB) (Free:111.02 GB) NTFS
4 Drive e: (UBUNTU1110) (Removable) (Total:1.86 GB) (Free:1.07 GB) FAT32

========================= Users: ========================================

User accounts for \\OWNER-8DQU99NXR

Administrator            ASPNET                   Guest                    
HelpAssistant            Owner                    SUPPORT_388945a0         


**** End of log ****

Service Scanner

Farbar Service Scanner Version: 20-02-2013
Ran by Owner (administrator) on 26-02-2013 at 13:42:19
Running from "E:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\System32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\System32\es.dll".


Windows Autoupdate Disabled Policy: 
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2007-02-20 14:03] - [2008-04-13 19:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2002-08-29 07:00] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

JRT
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Tue 02/26/2013 at 13:48:50.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}



~~~ Files

Successfully deleted: [File] C:\WINDOWS\tasks\OptimizerTool_home.job
Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\speedmaxpc"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\speedmaxpc"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\systweak"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\visi_coupon"
Successfully deleted: [Folder] "C:\Program Files\couponalert_2pei"
Successfully deleted: [Folder] "C:\Program Files\registry mechanic"
Successfully deleted: [Folder] "C:\Program Files\startnow toolbar"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/26/2013 at 13:58:04.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner

# AdwCleaner v2.113 - Logfile created 02/26/2013 at 13:44:10
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - OWNER-8DQU99NXR
# Boot Mode : Safe mode with networking
# Running from : E:\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\user.js
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Owner\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\MyWebFace_5a

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0626A63-410B-45E2-99A1-3F2475B2D695}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0626A63-410B-45E2-99A1-3F2475B2D695}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Toolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41D42E90-86D2-4521-9847-625D114F7D30}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{622382CB-942C-4580-A2B3-7B06A58D8538}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA2E16F2-387A-415F-BA95-B89BAF3AF109}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4E09482-2C6A-44B2-8D40-ABC01B36BB9D}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\iWon
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1368B44-60A8-470F-9537-C1BC2390C8E3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"_signature":"G7lHhOl0hrMRhTvsLytDbNZxr2zvx4YibhwOe3mqYoE=","_version":4,"extensions":{"i[...]

*************************

AdwCleaner[R1].txt - [56622 octets] - [26/02/2013 13:43:30]
AdwCleaner[S1].txt - [16229 octets] - [26/02/2013 13:44:10]

########## EOF - C:\AdwCleaner[S1].txt - [16290 octets] ##########

rkill

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/26/2013 02:05:23 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * AppMgmt [Missing ServiceDLL Value]

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found: 

  127.0.0.1       localhost

Program finished at: 02/26/2013 02:06:00 PM
Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)

Autoruns

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"	""	""	""
+ "Adobe ARM"	"Adobe Reader and Acrobat Manager"	"Adobe Systems Incorporated"	"c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon"	"Apple Push"	"Apple Inc."	"c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "ArcSoft Connection Service"	"ArcSoft Connect Daemon"	"ArcSoft Inc."	"c:\program files\common files\arcsoft\connection service\bin\acdaemon.exe"
+ "CanonMyPrinter"	"Canon My Printer"	"CANON INC."	"c:\program files\canon\myprinter\bjmyprt.exe"
+ "CanonSolutionMenuEx"	"Canon Solution Menu EX"	"CANON INC."	"c:\program files\canon\solution menu ex\cnsemain.exe"
+ "Corel File Shell Monitor"	"Corel File Shell Monitor"	"Corel, Inc."	"c:\program files\corel\corel paint shop pro photo x2\coreliomonitor.exe"
+ "EKIJ5000StatusMonitor"	"Status Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build)"	"Eastman Kodak Company"	"c:\windows\system32\spool\drivers\w32x86\3\ekij5000mui.exe"
+ "EPSON PictureMate"	"EPSON Status Monitor 3"	"SEIKO EPSON CORPORATION"	"c:\windows\system32\spool\drivers\w32x86\3\e_s4i2p1.exe"
+ "EPSON PictureMate Deluxe"	"EPSON Status Monitor 3"	"SEIKO EPSON CORPORATION"	"c:\windows\system32\spool\drivers\w32x86\3\e_fati9ta.exe"
+ "googletalk"	"Google Talk"	"Google"	"c:\program files\google\google talk\googletalk.exe"
+ "MSC"	"Microsoft Security Client User Interface"	"Microsoft Corporation"	"c:\program files\microsoft security client\msseces.exe"
+ "RemoteControl"	"PowerDVD RC Service"	"Cyberlink Corp."	"c:\program files\cyberlink\powerdvd\pdvdserv.exe"
+ "SoundMan"	"Realtek Sound Manager"	"Realtek Semiconductor Corp."	"c:\windows\soundman.exe"
+ "TkBellExe"	"RealNetworks Scheduler"	"RealNetworks, Inc."	"c:\program files\real\realplayer\update\realsched.exe"
+ "vProt"	""	""	"File not found: C:\Program Files\AVG Secure Search\vprot.exe"
+ "VTTimer"	""	"S3 Graphics, Inc."	"c:\windows\system32\vttimer.exe"
+ "VTTrayp"	"s3contrl (32-bit)"	"S3 Graphics Co., Ltd."	"c:\windows\system32\vttrayp.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup"	""	""	""
+ "Adobe Reader Speed Launch.lnk"	""	""	"File not found: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
+ "Kodak EasyShare software.lnk"	"Kodak EasyShare Software"	"Eastman Kodak Company"	"c:\program files\kodak\kodak easyshare software\bin\easyshare.exe"
+ "Microsoft Office.lnk"	"Microsoft Office 2000 component"	"Microsoft Corporation"	"c:\program files\microsoft office\office\osa9.exe"
+ "SELPHY Photo Print Launcher.lnk"	"SELPHY Photo Print"	"Canon Inc."	"c:\program files\canon\selphy photo print\cic_spphelper.exe"
+ "Symantec Fax Starter Edition Port.lnk"	"Symantec Fax Starter Edition Port Launcher"	"Microsoft Corporation"	"c:\program files\microsoft office\office\1033\olfsnt40.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"	""	""	""
+ "Address Book 6"	"Outlook Express Setup Library"	"Microsoft Corporation"	"c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6"	"Outlook Express Setup Library"	"Microsoft Corporation"	"c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"	""	""	""
+ "IncrediMail"	"IncrediMail Application"	"IncrediMail, Ltd."	"c:\program files\incredimail\bin\incmail.exe"
+ "Messenger (Yahoo!)"	"Yahoo! Messenger"	"Yahoo! Inc."	"c:\program files\yahoo!\messenger\yahoomessenger.exe"
+ "MSMSGS"	"Windows Messenger"	"Microsoft Corporation"	"c:\program files\messenger\msmsgs.exe"
+ "swg"	"GoogleToolbarNotifier"	"Google Inc."	"c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
+ "Yahoo! Pager"	"Yahoo! Messenger"	"Yahoo! Inc."	"c:\program files\yahoo!\messenger\yahoomessenger.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler"	""	""	""
+ "livecall"	"MSN Messenger Protocol Handler"	"Microsoft Corporation"	"c:\program files\msn messenger\msgrapp.8.1.0178.00.dll"
+ "msnim"	"MSN Messenger Protocol Handler"	"Microsoft Corporation"	"c:\program files\msn messenger\msgrapp.8.1.0178.00.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components"	""	""	""
+ "0"	""	""	"File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"	""	""	""
+ "EPP"	"Microsoft Security Client Shell Extension"	"Microsoft Corporation"	"c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"	""	""	""
+ "MBAMShlExt"	"Malwarebytes Anti-Malware"	"Malwarebytes Corporation"	"c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"	""	""	""
+ "EPP"	"Microsoft Security Client Shell Extension"	"Microsoft Corporation"	"c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers"	""	""	""
+ "PDF Shell Extension"	"PDF Shell Extension"	"Adobe Systems, Inc."	"c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"	""	""	""
+ "MBAMShlExt"	"Malwarebytes Anti-Malware"	"Malwarebytes Corporation"	"c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"	""	""	""
+ "Adobe PDF Link Helper"	"Adobe PDF Helper for Internet Explorer"	"Adobe Systems Incorporated"	"c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Canon Easy-WebPrint EX BHO"	"Easy-WebPrint EX"	"CANON INC."	"c:\program files\canon\easy-webprint ex\ewpexbho.dll"
+ "Google Toolbar Helper"	"Google Toolbar"	"Google Inc."	"c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO"	"GoogleToolbarNotifier"	"Google Inc."	"c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll"
+ "RealNetworks Download and Record Plugin for Internet Explorer"	"RealPlayer Download and Record Plugin"	"RealDownloader"	"c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll"
+ "Windows Live ID Sign-in Helper"	"Microsoft® Windows Live ID Login Helper"	"Microsoft Corporation"	"c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar"	""	""	""
+ "Canon Easy-WebPrint EX"	"Easy-WebPrint EX"	"CANON INC."	"c:\program files\canon\easy-webprint ex\ewpexhlp.dll"
+ "Google Toolbar"	"Google Toolbar"	"Google Inc."	"c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"	""	""	""
+ "Windows Messenger"	"Windows Messenger"	"Microsoft Corporation"	"c:\program files\messenger\msmsgs.exe"
"Task Scheduler"	""	""	""
+ "Adobe Flash Player Updater.job"	"Adobe® Flash® Player Update Service 11.5 r502"	"Adobe Systems Incorporated"	"c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppleSoftwareUpdate.job"	"Apple Software Update"	"Apple Inc."	"c:\program files\apple software update\softwareupdate.exe"
+ "Defraggler Volume C Task.job"	"Defraggler"	"Piriform Ltd"	"c:\program files\defraggler\df.exe"
+ "EasyShare Registration Task.job"	"EasyShare software update page"	"Eastman Kodak Company"	"c:\documents and settings\all users\application data\kodak\easysharesetup\$registration\registration_8.3.20.1.sxt"
+ "GoogleUpdateTaskMachineCore.job"	"Google Installer"	"Google Inc."	"c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job"	"Google Installer"	"Google Inc."	"c:\program files\google\update\googleupdate.exe"
+ "Kodak AiO Scheduled Maintenance.job"	"Kodak.Statistics"	"Eastman Kodak Company"	"c:\program files\kodak\printer\center\kodak.statistics.exe"
+ "LaunchApp.job"	""	""	"File not found: C:\Program Files\JustCloud\JustCloud.exe windowlaunch"
+ "Microsoft Antimalware Scheduled Scan.job"	"Microsoft Malware Protection Command Line Utility"	"Microsoft Corporation"	"c:\program files\microsoft security client\mpcmdrun.exe"
+ "RealPlayerRealUpgradeLogonTaskS-1-5-21-2052111302-842925246-839522115-1003.job"	"RealUpgrade Launcher"	"RealNetworks, Inc."	"c:\program files\real\realupgrade\realupgrade.exe"
+ "RealPlayerRealUpgradeScheduledTaskS-1-5-21-2052111302-842925246-839522115-1003.job"	"RealUpgrade Launcher"	"RealNetworks, Inc."	"c:\program files\real\realupgrade\realupgrade.exe"
+ "RealUpgradeLogonTaskS-1-5-21-2052111302-842925246-839522115-1003.job"	"RealUpgrade Launcher"	"RealNetworks, Inc."	"c:\program files\real\realupgrade\realupgrade.exe"
+ "RealUpgradeScheduledTaskS-1-5-21-2052111302-842925246-839522115-1003.job"	"RealUpgrade Launcher"	"RealNetworks, Inc."	"c:\program files\real\realupgrade\realupgrade.exe"
"HKLM\System\CurrentControlSet\Services"	""	""	""
+ "ACDaemon"	"ArcSoft Connect Service"	"ArcSoft Inc."	"c:\program files\common files\arcsoft\connection service\bin\acservice.exe"
+ "AdobeFlashPlayerUpdateSvc"	"This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."	"Adobe Systems Incorporated"	"c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device"	"Provides the interface to Apple mobile devices."	"Apple Inc."	"c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service"	"Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence."	"Apple Inc."	"c:\program files\bonjour\mdnsresponder.exe"
+ "EPSON_PM_RPCV2_01"	"EPSON Status Monitor 3"	"SEIKO EPSON CORPORATION"	"c:\windows\system32\e_s00rp1.exe"
+ "gupdate"	"Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."	"Google Inc."	"c:\program files\google\update\googleupdate.exe"
+ "gupdatem"	"Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."	"Google Inc."	"c:\program files\google\update\googleupdate.exe"
+ "gusvc"	"Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work."	"Google"	"c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "KodakSvc"	"Kodak AiO Device Service."	"Eastman Kodak Company"	"c:\program files\kodak\printer\center\kodaksvc.exe"
+ "MsMpSvc"	"Helps protect users from malware and other potentially unwanted software"	"Microsoft Corporation"	"c:\program files\microsoft security client\msmpeng.exe"
+ "ProtexisLicensing"	"Protexis Licensing Service"	""	"c:\windows\system32\psiservice.exe"
+ "PSI_SVC_2"	"This service provides Protexis licensing functionalty."	"Protexis Inc."	"c:\program files\common files\protexis\license service\psiservice_2.exe"
+ "RealNetworks Downloader Resolver Service"	"Manage different Downloader versions in RealNetworks' products."	""	"c:\program files\realnetworks\realdownloader\rndlresolversvc.exe"
+ "StatusAgent4"	"SAgent4"	"SEIKO EPSON CORPORATION"	"c:\windows\system32\sagent4.exe"
+ "usnjsvc"	"Service installed by Messenger to enable sharing scenarios"	"Microsoft Corporation"	"c:\program files\msn messenger\usnsvc.exe"
+ "vToolbarUpdater14.2.0"	""	""	"File not found: C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe"
+ "wlidsvc"	"Enables Windows Live ID authentication."	"Microsoft Corporation"	"c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc"	"Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"	"Microsoft Corporation"	"c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services"	""	""	""
+ "aawqlxev"	""	""	"File not found: C:\WINDOWS\system32\drivers\aawqlxev.sys"
+ "aazbkfzm"	""	""	"File not found: C:\WINDOWS\system32\drivers\aazbkfzm.sys"
+ "abdsknwh"	""	""	"File not found: C:\WINDOWS\system32\drivers\abdsknwh.sys"
+ "abrngsze"	""	""	"File not found: C:\WINDOWS\system32\drivers\abrngsze.sys"
+ "abypnzah"	""	""	"File not found: C:\WINDOWS\system32\drivers\abypnzah.sys"
+ "acntswmh"	""	""	"File not found: C:\WINDOWS\system32\drivers\acntswmh.sys"
+ "adnilcxt"	""	""	"File not found: C:\WINDOWS\system32\drivers\adnilcxt.sys"
+ "adqirijz"	""	""	"File not found: C:\WINDOWS\system32\drivers\adqirijz.sys"
+ "aenfelxh"	""	""	"File not found: C:\WINDOWS\system32\drivers\aenfelxh.sys"
+ "aezavdsv"	""	""	"File not found: C:\WINDOWS\system32\drivers\aezavdsv.sys"
+ "AgereSoftModem"	"SoftModem Device Driver"	"Agere Systems"	"c:\windows\system32\drivers\agrsm.sys"
+ "agnzgvyk"	""	""	"File not found: C:\WINDOWS\system32\drivers\agnzgvyk.sys"
+ "akovuegs"	""	""	"File not found: C:\WINDOWS\system32\drivers\akovuegs.sys"
+ "ALCXWDM"	"Realtek AC'97 Audio Driver (WDM)"	"Realtek Semiconductor Corp."	"c:\windows\system32\drivers\alcxwdm.sys"
+ "alxyzlik"	""	""	"File not found: C:\WINDOWS\system32\drivers\alxyzlik.sys"
+ "amovexwv"	""	""	"File not found: C:\WINDOWS\system32\drivers\amovexwv.sys"
+ "anchncgk"	""	""	"File not found: C:\WINDOWS\system32\drivers\anchncgk.sys"
+ "anmrkcxz"	""	""	"File not found: C:\WINDOWS\system32\drivers\anmrkcxz.sys"
+ "antnfsqa"	""	""	"File not found: C:\WINDOWS\system32\drivers\antnfsqa.sys"
+ "armkaxfc"	""	""	"File not found: C:\WINDOWS\system32\drivers\armkaxfc.sys"
+ "arntlsqn"	""	""	"File not found: C:\WINDOWS\system32\drivers\arntlsqn.sys"
+ "aslayhsd"	""	""	"File not found: C:\WINDOWS\system32\drivers\aslayhsd.sys"
+ "asnmjlmo"	""	""	"File not found: C:\WINDOWS\system32\drivers\asnmjlmo.sys"
+ "atfswkgv"	""	""	"File not found: C:\WINDOWS\system32\drivers\atfswkgv.sys"
+ "atfxbvki"	""	""	"File not found: C:\WINDOWS\system32\drivers\atfxbvki.sys"
+ "atmfuuen"	""	""	"File not found: C:\WINDOWS\system32\drivers\atmfuuen.sys"
+ "avewxxis"	""	""	"File not found: C:\WINDOWS\system32\drivers\avewxxis.sys"
+ "avgtp"	""	"AVG Technologies"	"c:\windows\system32\drivers\avgtpx86.sys"
+ "avriaabg"	""	""	"File not found: C:\WINDOWS\system32\drivers\avriaabg.sys"
+ "awmignne"	""	""	"File not found: C:\WINDOWS\system32\drivers\awmignne.sys"
+ "axcehyct"	""	""	"File not found: C:\WINDOWS\system32\drivers\axcehyct.sys"
+ "axvecdob"	""	""	"File not found: C:\WINDOWS\system32\drivers\axvecdob.sys"
+ "aycskgcf"	""	""	"File not found: C:\WINDOWS\system32\drivers\aycskgcf.sys"
+ "aylnifld"	""	""	"File not found: C:\WINDOWS\system32\drivers\aylnifld.sys"
+ "azzkqafo"	""	""	"File not found: C:\WINDOWS\system32\drivers\azzkqafo.sys"
+ "bbedutck"	""	""	"File not found: C:\WINDOWS\system32\drivers\bbedutck.sys"
+ "bbwexcmc"	""	""	"File not found: C:\WINDOWS\system32\drivers\bbwexcmc.sys"
+ "bcdpqfqy"	""	""	"File not found: C:\WINDOWS\system32\drivers\bcdpqfqy.sys"
+ "bclivdmo"	""	""	"File not found: C:\WINDOWS\system32\drivers\bclivdmo.sys"
+ "bebnbqam"	""	""	"File not found: C:\WINDOWS\system32\drivers\bebnbqam.sys"
+ "bfdjeyof"	""	""	"File not found: C:\WINDOWS\system32\drivers\bfdjeyof.sys"
+ "bjixkfdx"	""	""	"File not found: C:\WINDOWS\system32\drivers\bjixkfdx.sys"
+ "bjqawewk"	""	""	"File not found: C:\WINDOWS\system32\drivers\bjqawewk.sys"
+ "bkdpsbnm"	""	""	"File not found: C:\WINDOWS\system32\drivers\bkdpsbnm.sys"
+ "bkummmcc"	""	""	"File not found: C:\WINDOWS\system32\drivers\bkummmcc.sys"
+ "bllehtqm"	""	""	"File not found: C:\WINDOWS\system32\drivers\bllehtqm.sys"
+ "blpdjdjh"	""	""	"File not found: C:\WINDOWS\system32\drivers\blpdjdjh.sys"
+ "bnztsmhe"	""	""	"File not found: C:\WINDOWS\system32\drivers\bnztsmhe.sys"
+ "bopqtrrd"	""	""	"File not found: C:\WINDOWS\system32\drivers\bopqtrrd.sys"
+ "bpmqbamm"	""	""	"File not found: C:\WINDOWS\system32\drivers\bpmqbamm.sys"
+ "bppjglbr"	""	""	"File not found: C:\WINDOWS\system32\drivers\bppjglbr.sys"
+ "bqhnebqi"	""	""	"File not found: C:\WINDOWS\system32\drivers\bqhnebqi.sys"
+ "btgnjarv"	""	""	"File not found: C:\WINDOWS\system32\drivers\btgnjarv.sys"
+ "btsjjfnn"	""	""	"File not found: C:\WINDOWS\system32\drivers\btsjjfnn.sys"
+ "btwtnjfc"	""	""	"File not found: C:\WINDOWS\system32\drivers\btwtnjfc.sys"
+ "bvgaiarr"	""	""	"File not found: C:\WINDOWS\system32\drivers\bvgaiarr.sys"
+ "byanveav"	""	""	"File not found: C:\WINDOWS\system32\drivers\byanveav.sys"
+ "bzpjormd"	""	""	"File not found: C:\WINDOWS\system32\drivers\bzpjormd.sys"
+ "caqujvio"	""	""	"File not found: C:\WINDOWS\system32\drivers\caqujvio.sys"
+ "ccbuybkm"	""	""	"File not found: C:\WINDOWS\system32\drivers\ccbuybkm.sys"
+ "cctfgvam"	""	""	"File not found: C:\WINDOWS\system32\drivers\cctfgvam.sys"
+ "cdgdiper"	""	""	"File not found: C:\WINDOWS\system32\drivers\cdgdiper.sys"
+ "cffsvppp"	""	""	"File not found: C:\WINDOWS\system32\drivers\cffsvppp.sys"
+ "Changer"	""	""	"File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "chmvskez"	""	""	"File not found: C:\WINDOWS\system32\drivers\chmvskez.sys"
+ "cksfbtgc"	""	""	"File not found: C:\WINDOWS\system32\drivers\cksfbtgc.sys"
+ "cmbvtnza"	""	""	"File not found: C:\WINDOWS\system32\drivers\cmbvtnza.sys"
+ "cmdolygi"	""	""	"File not found: C:\WINDOWS\system32\drivers\cmdolygi.sys"
+ "coutlcot"	""	""	"File not found: C:\WINDOWS\system32\drivers\coutlcot.sys"
+ "cqndtehh"	""	""	"File not found: C:\WINDOWS\system32\drivers\cqndtehh.sys"
+ "cqvpbdnd"	""	""	"File not found: C:\WINDOWS\system32\drivers\cqvpbdnd.sys"
+ "crnvuisb"	""	""	"File not found: C:\WINDOWS\system32\drivers\crnvuisb.sys"
+ "cuwbuvag"	""	""	"File not found: C:\WINDOWS\system32\drivers\cuwbuvag.sys"
+ "cvclafqa"	""	""	"File not found: C:\WINDOWS\system32\drivers\cvclafqa.sys"
+ "cveocpgm"	""	""	"File not found: C:\WINDOWS\system32\drivers\cveocpgm.sys"
+ "cvsdudrc"	""	""	"File not found: C:\WINDOWS\system32\drivers\cvsdudrc.sys"
+ "dbdhaifx"	""	""	"File not found: C:\WINDOWS\system32\drivers\dbdhaifx.sys"
+ "dcgeddcf"	""	""	"File not found: C:\WINDOWS\system32\drivers\dcgeddcf.sys"
+ "ddvjrshs"	""	""	"File not found: C:\WINDOWS\system32\drivers\ddvjrshs.sys"
+ "ddwqfsbc"	""	""	"File not found: C:\WINDOWS\system32\drivers\ddwqfsbc.sys"
+ "decpnvgf"	""	""	"File not found: C:\WINDOWS\system32\drivers\decpnvgf.sys"
+ "devjkdqz"	""	""	"File not found: C:\WINDOWS\system32\drivers\devjkdqz.sys"
+ "dilfoels"	""	""	"File not found: C:\WINDOWS\system32\drivers\dilfoels.sys"
+ "ditjusrx"	""	""	"File not found: C:\WINDOWS\system32\drivers\ditjusrx.sys"
+ "djxialrg"	""	""	"File not found: C:\WINDOWS\system32\drivers\djxialrg.sys"
+ "dklefdml"	""	""	"File not found: C:\WINDOWS\system32\drivers\dklefdml.sys"
+ "dkqrodbl"	""	""	"File not found: C:\WINDOWS\system32\drivers\dkqrodbl.sys"
+ "dltuytwv"	""	""	"File not found: C:\WINDOWS\system32\drivers\dltuytwv.sys"
+ "dmgztema"	""	""	"File not found: C:\WINDOWS\system32\drivers\dmgztema.sys"
+ "dnaislea"	""	""	"File not found: C:\WINDOWS\system32\drivers\dnaislea.sys"
+ "dnkocxzc"	""	""	"File not found: C:\WINDOWS\system32\drivers\dnkocxzc.sys"
+ "domfbork"	""	""	"File not found: C:\WINDOWS\system32\drivers\domfbork.sys"
+ "dseqsagy"	""	""	"File not found: C:\WINDOWS\system32\drivers\dseqsagy.sys"
+ "dsighuqm"	""	""	"File not found: C:\WINDOWS\system32\drivers\dsighuqm.sys"
+ "dtkgieze"	""	""	"File not found: C:\WINDOWS\system32\drivers\dtkgieze.sys"
+ "dtwuwxvi"	""	""	"File not found: C:\WINDOWS\system32\drivers\dtwuwxvi.sys"
+ "dupgojbr"	""	""	"File not found: C:\WINDOWS\system32\drivers\dupgojbr.sys"
+ "dwgouuaf"	""	""	"File not found: C:\WINDOWS\system32\drivers\dwgouuaf.sys"
+ "eaqraqie"	""	""	"File not found: C:\WINDOWS\system32\drivers\eaqraqie.sys"
+ "ebdfsxry"	""	""	"File not found: C:\WINDOWS\system32\drivers\ebdfsxry.sys"
+ "ebkmrzte"	""	""	"File not found: C:\WINDOWS\system32\drivers\ebkmrzte.sys"
+ "ecowvlds"	""	""	"File not found: C:\WINDOWS\system32\drivers\ecowvlds.sys"
+ "ecvpokjj"	""	""	"File not found: C:\WINDOWS\system32\drivers\ecvpokjj.sys"
+ "edgeqrhd"	""	""	"File not found: C:\WINDOWS\system32\drivers\edgeqrhd.sys"
+ "efdweleg"	""	""	"File not found: C:\WINDOWS\system32\drivers\efdweleg.sys"
+ "egrbrcef"	""	""	"File not found: C:\WINDOWS\system32\drivers\egrbrcef.sys"
+ "ehkosnhx"	""	""	"File not found: C:\WINDOWS\system32\drivers\ehkosnhx.sys"
+ "eivusdyp"	""	""	"File not found: C:\WINDOWS\system32\drivers\eivusdyp.sys"
+ "epotphmz"	""	""	"File not found: C:\WINDOWS\system32\drivers\epotphmz.sys"
+ "ethvtsuf"	""	""	"File not found: C:\WINDOWS\system32\drivers\ethvtsuf.sys"
+ "ewlrlcem"	""	""	"File not found: C:\WINDOWS\system32\drivers\ewlrlcem.sys"
+ "ewlwzydd"	""	""	"File not found: C:\WINDOWS\system32\drivers\ewlwzydd.sys"
+ "ewnfonhx"	""	""	"File not found: C:\WINDOWS\system32\drivers\ewnfonhx.sys"
+ "exilpmvv"	""	""	"File not found: C:\WINDOWS\system32\drivers\exilpmvv.sys"
+ "extomowg"	""	""	"File not found: C:\WINDOWS\system32\drivers\extomowg.sys"
+ "eyzioyll"	""	""	"File not found: C:\WINDOWS\system32\drivers\eyzioyll.sys"
+ "ezefwpjk"	""	""	"File not found: C:\WINDOWS\system32\drivers\ezefwpjk.sys"
+ "ezxldptk"	""	""	"File not found: C:\WINDOWS\system32\drivers\ezxldptk.sys"
+ "fbbtyhfh"	""	""	"File not found: C:\WINDOWS\system32\drivers\fbbtyhfh.sys"
+ "fbobgxgy"	""	""	"File not found: C:\WINDOWS\system32\drivers\fbobgxgy.sys"
+ "fbyyxalf"	""	""	"File not found: C:\WINDOWS\system32\drivers\fbyyxalf.sys"
+ "fciatzqn"	""	""	"File not found: C:\WINDOWS\system32\drivers\fciatzqn.sys"
+ "fcwhksbt"	""	""	"File not found: C:\WINDOWS\system32\drivers\fcwhksbt.sys"
+ "fdrrzfbj"	""	""	"File not found: C:\WINDOWS\system32\drivers\fdrrzfbj.sys"
+ "FETNDIS"	"NDIS 5.0 miniport driver"	"VIA Technologies, Inc.              "	"c:\windows\system32\drivers\fetnd5.sys"
+ "ffoglxxn"	""	""	"File not found: C:\WINDOWS\system32\drivers\ffoglxxn.sys"
+ "fgjativr"	""	""	"File not found: C:\WINDOWS\system32\drivers\fgjativr.sys"
+ "fhwvymgg"	""	""	"File not found: C:\WINDOWS\system32\drivers\fhwvymgg.sys"
+ "fidbryfj"	""	""	"File not found: C:\WINDOWS\system32\drivers\fidbryfj.sys"
+ "fkdudxji"	""	""	"File not found: C:\WINDOWS\system32\drivers\fkdudxji.sys"
+ "fodxhrze"	""	""	"File not found: C:\WINDOWS\system32\drivers\fodxhrze.sys"
+ "foksktxn"	""	""	"File not found: C:\WINDOWS\system32\drivers\foksktxn.sys"
+ "fowtaojq"	""	""	"File not found: C:\WINDOWS\system32\drivers\fowtaojq.sys"
+ "foyltkfa"	""	""	"File not found: C:\WINDOWS\system32\drivers\foyltkfa.sys"
+ "fqzlmvic"	""	""	"File not found: C:\WINDOWS\system32\drivers\fqzlmvic.sys"
+ "frigomny"	""	""	"File not found: C:\WINDOWS\system32\drivers\frigomny.sys"
+ "fsaugjuy"	""	""	"File not found: C:\WINDOWS\system32\drivers\fsaugjuy.sys"
+ "fwaryise"	""	""	"File not found: C:\WINDOWS\system32\drivers\fwaryise.sys"
+ "fwioaxud"	""	""	"File not found: C:\WINDOWS\system32\drivers\fwioaxud.sys"
+ "fxsuntry"	""	""	"File not found: C:\WINDOWS\system32\drivers\fxsuntry.sys"
+ "fzylueoy"	""	""	"File not found: C:\WINDOWS\system32\drivers\fzylueoy.sys"
+ "gatnmotx"	""	""	"File not found: C:\WINDOWS\system32\drivers\gatnmotx.sys"
+ "GEARAspiWDM"	"CD DVD Filter"	"GEAR Software Inc."	"c:\windows\system32\drivers\gearaspiwdm.sys"
+ "gjykpftc"	""	""	"File not found: C:\WINDOWS\system32\drivers\gjykpftc.sys"
+ "gkaazzdt"	""	""	"File not found: C:\WINDOWS\system32\drivers\gkaazzdt.sys"
+ "gljkskzp"	""	""	"File not found: C:\WINDOWS\system32\drivers\gljkskzp.sys"
+ "glowutml"	""	""	"File not found: C:\WINDOWS\system32\drivers\glowutml.sys"
+ "GMSIPCI"	""	""	"File not found: E:\INSTALL\GMSIPCI.SYS"
+ "gnsdsess"	""	""	"File not found: C:\WINDOWS\system32\drivers\gnsdsess.sys"
+ "gohllndh"	""	""	"File not found: C:\WINDOWS\system32\drivers\gohllndh.sys"
+ "gouigprb"	""	""	"File not found: C:\WINDOWS\system32\drivers\gouigprb.sys"
+ "gqcmcmlq"	""	""	"File not found: C:\WINDOWS\system32\drivers\gqcmcmlq.sys"
+ "gqktedlp"	""	""	"File not found: C:\WINDOWS\system32\drivers\gqktedlp.sys"
+ "gvhyaywv"	""	""	"File not found: C:\WINDOWS\system32\drivers\gvhyaywv.sys"
+ "gvvhvfxh"	""	""	"File not found: C:\WINDOWS\system32\drivers\gvvhvfxh.sys"
+ "gwgrhvra"	""	""	"File not found: C:\WINDOWS\system32\drivers\gwgrhvra.sys"
+ "gwnibjxo"	""	""	"File not found: C:\WINDOWS\system32\drivers\gwnibjxo.sys"
+ "gxofzzij"	""	""	"File not found: C:\WINDOWS\system32\drivers\gxofzzij.sys"
+ "gyfjsxyh"	""	""	"File not found: C:\WINDOWS\system32\drivers\gyfjsxyh.sys"
+ "gyinfbva"	""	""	"File not found: C:\WINDOWS\system32\drivers\gyinfbva.sys"
+ "gyklxifa"	""	""	"File not found: C:\WINDOWS\system32\drivers\gyklxifa.sys"
+ "gzbptqqh"	""	""	"File not found: C:\WINDOWS\system32\drivers\gzbptqqh.sys"
+ "gzlduglw"	""	""	"File not found: C:\WINDOWS\system32\drivers\gzlduglw.sys"
+ "haglrqte"	""	""	"File not found: C:\WINDOWS\system32\drivers\haglrqte.sys"
+ "hbfzakkp"	""	""	"File not found: C:\WINDOWS\system32\drivers\hbfzakkp.sys"
+ "hcysjyah"	""	""	"File not found: C:\WINDOWS\system32\drivers\hcysjyah.sys"
+ "hdhjqbka"	""	""	"File not found: C:\WINDOWS\system32\drivers\hdhjqbka.sys"
+ "hhggsdqb"	""	""	"File not found: C:\WINDOWS\system32\drivers\hhggsdqb.sys"
+ "hhqvykih"	""	""	"File not found: C:\WINDOWS\system32\drivers\hhqvykih.sys"
+ "hibrlyvo"	""	""	"File not found: C:\WINDOWS\system32\drivers\hibrlyvo.sys"
+ "hldbrvig"	""	""	"File not found: C:\WINDOWS\system32\drivers\hldbrvig.sys"
+ "hnjwvniy"	""	""	"File not found: C:\WINDOWS\system32\drivers\hnjwvniy.sys"
+ "hpaqnddh"	""	""	"File not found: C:\WINDOWS\system32\drivers\hpaqnddh.sys"
+ "htknvzqt"	""	""	"File not found: C:\WINDOWS\system32\drivers\htknvzqt.sys"
+ "hurxqiim"	""	""	"File not found: C:\WINDOWS\system32\drivers\hurxqiim.sys"
+ "hxchpehn"	""	""	"File not found: C:\WINDOWS\system32\drivers\hxchpehn.sys"
+ "hzgjjriq"	""	""	"File not found: C:\WINDOWS\system32\drivers\hzgjjriq.sys"
+ "i2omgmt"	""	""	"File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ibndljci"	""	""	"File not found: C:\WINDOWS\system32\drivers\ibndljci.sys"
+ "iddtwuqy"	""	""	"File not found: C:\WINDOWS\system32\drivers\iddtwuqy.sys"
+ "ifalfljs"	""	""	"File not found: C:\WINDOWS\system32\drivers\ifalfljs.sys"
+ "ifztnxdd"	""	""	"File not found: C:\WINDOWS\system32\drivers\ifztnxdd.sys"
+ "igtptkbq"	""	""	"File not found: C:\WINDOWS\system32\drivers\igtptkbq.sys"
+ "ihjomspr"	""	""	"File not found: C:\WINDOWS\system32\drivers\ihjomspr.sys"
+ "iiuydtrq"	""	""	"File not found: C:\WINDOWS\system32\drivers\iiuydtrq.sys"
+ "ikwgpdah"	""	""	"File not found: C:\WINDOWS\system32\drivers\ikwgpdah.sys"
+ "ilovqkhp"	""	""	"File not found: C:\WINDOWS\system32\drivers\ilovqkhp.sys"
+ "ilpzdmut"	""	""	"File not found: C:\WINDOWS\system32\drivers\ilpzdmut.sys"
+ "InCDPass"	""	""	"File not found: system32\drivers\InCDPass.sys"
+ "incdrm"	""	""	"File not found: system32\drivers\InCDRm.sys"
+ "injkrbsm"	""	""	"File not found: C:\WINDOWS\system32\drivers\injkrbsm.sys"
+ "inordimn"	""	""	"File not found: C:\WINDOWS\system32\drivers\inordimn.sys"
+ "ipivlkmn"	""	""	"File not found: C:\WINDOWS\system32\drivers\ipivlkmn.sys"
+ "ipphlfmc"	""	""	"File not found: C:\WINDOWS\system32\drivers\ipphlfmc.sys"
+ "irxogwfr"	""	""	"File not found: C:\WINDOWS\system32\drivers\irxogwfr.sys"
+ "itsrwkpz"	""	""	"File not found: C:\WINDOWS\system32\drivers\itsrwkpz.sys"
+ "iubksiih"	""	""	"File not found: C:\WINDOWS\system32\drivers\iubksiih.sys"
+ "iuopmuqj"	""	""	"File not found: C:\WINDOWS\system32\drivers\iuopmuqj.sys"
+ "iwsykjuq"	""	""	"File not found: C:\WINDOWS\system32\drivers\iwsykjuq.sys"
+ "jbnhjmhq"	""	""	"File not found: C:\WINDOWS\system32\drivers\jbnhjmhq.sys"
+ "jbrcoweq"	""	""	"File not found: C:\WINDOWS\system32\drivers\jbrcoweq.sys"
+ "jdsoyeui"	""	""	"File not found: C:\WINDOWS\system32\drivers\jdsoyeui.sys"
+ "jgpdjgip"	""	""	"File not found: C:\WINDOWS\system32\drivers\jgpdjgip.sys"
+ "jheohxox"	""	""	"File not found: C:\WINDOWS\system32\drivers\jheohxox.sys"
+ "jngscblc"	""	""	"File not found: C:\WINDOWS\system32\drivers\jngscblc.sys"
+ "jnrsgpnf"	""	""	"File not found: C:\WINDOWS\system32\drivers\jnrsgpnf.sys"
+ "jnvbxalw"	""	""	"File not found: C:\WINDOWS\system32\drivers\jnvbxalw.sys"
+ "jnwgzias"	""	""	"File not found: C:\WINDOWS\system32\drivers\jnwgzias.sys"
+ "jorsqlnd"	""	""	"File not found: C:\WINDOWS\system32\drivers\jorsqlnd.sys"
+ "jpfitcih"	""	""	"File not found: C:\WINDOWS\system32\drivers\jpfitcih.sys"
+ "jpivjpyj"	""	""	"File not found: C:\WINDOWS\system32\drivers\jpivjpyj.sys"
+ "jpnagrsx"	""	""	"File not found: C:\WINDOWS\system32\drivers\jpnagrsx.sys"
+ "jrlchirb"	""	""	"File not found: C:\WINDOWS\system32\drivers\jrlchirb.sys"
+ "jtqncjuj"	""	""	"File not found: C:\WINDOWS\system32\drivers\jtqncjuj.sys"
+ "jvnaiygs"	""	""	"File not found: C:\WINDOWS\system32\drivers\jvnaiygs.sys"
+ "jwgfdgvu"	""	""	"File not found: C:\WINDOWS\system32\drivers\jwgfdgvu.sys"
+ "jxpukpta"	""	""	"File not found: C:\WINDOWS\system32\drivers\jxpukpta.sys"
+ "jxwhptqa"	""	""	"File not found: C:\WINDOWS\system32\drivers\jxwhptqa.sys"
+ "jzxfjgof"	""	""	"File not found: C:\WINDOWS\system32\drivers\jzxfjgof.sys"
+ "kaajtgpr"	""	""	"File not found: C:\WINDOWS\system32\drivers\kaajtgpr.sys"
+ "kalmfefk"	""	""	"File not found: C:\WINDOWS\system32\drivers\kalmfefk.sys"
+ "kazrzhtv"	""	""	"File not found: C:\WINDOWS\system32\drivers\kazrzhtv.sys"
+ "kdwihdpn"	""	""	"File not found: C:\WINDOWS\system32\drivers\kdwihdpn.sys"
+ "kdzqdwqo"	""	""	"File not found: C:\WINDOWS\system32\drivers\kdzqdwqo.sys"
+ "keukobhj"	""	""	"File not found: C:\WINDOWS\system32\drivers\keukobhj.sys"
+ "kffjiufq"	""	""	"File not found: C:\WINDOWS\system32\drivers\kffjiufq.sys"
+ "khucualv"	""	""	"File not found: C:\WINDOWS\system32\drivers\khucualv.sys"
+ "klginnbo"	""	""	"File not found: C:\WINDOWS\system32\drivers\klginnbo.sys"
+ "kljrbfqc"	""	""	"File not found: C:\WINDOWS\system32\drivers\kljrbfqc.sys"
+ "kluvorca"	""	""	"File not found: C:\WINDOWS\system32\drivers\kluvorca.sys"
+ "knqbczqb"	""	""	"File not found: C:\WINDOWS\system32\drivers\knqbczqb.sys"
+ "kpxqkeey"	""	""	"File not found: C:\WINDOWS\system32\drivers\kpxqkeey.sys"
+ "kpylbpqt"	""	""	"File not found: C:\WINDOWS\system32\drivers\kpylbpqt.sys"
+ "ksldjpvc"	""	""	"File not found: C:\WINDOWS\system32\drivers\ksldjpvc.sys"
+ "kurirmha"	""	""	"File not found: C:\WINDOWS\system32\drivers\kurirmha.sys"
+ "kvmlvklr"	""	""	"File not found: C:\WINDOWS\system32\drivers\kvmlvklr.sys"
+ "kvomaqvb"	""	""	"File not found: C:\WINDOWS\system32\drivers\kvomaqvb.sys"
+ "kyiguyhs"	""	""	"File not found: C:\WINDOWS\system32\drivers\kyiguyhs.sys"
+ "kzdiywbq"	""	""	"File not found: C:\WINDOWS\system32\drivers\kzdiywbq.sys"
+ "kzwulrsn"	""	""	"File not found: C:\WINDOWS\system32\drivers\kzwulrsn.sys"
+ "lafmbelz"	""	""	"File not found: C:\WINDOWS\system32\drivers\lafmbelz.sys"
+ "lbgvtviz"	""	""	"File not found: C:\WINDOWS\system32\drivers\lbgvtviz.sys"
+ "lbrtfdc"	""	""	"File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "lbuvjhbb"	""	""	"File not found: C:\WINDOWS\system32\drivers\lbuvjhbb.sys"
+ "lcfclnqr"	""	""	"File not found: C:\WINDOWS\system32\drivers\lcfclnqr.sys"
+ "ldrdfrzz"	""	""	"File not found: C:\WINDOWS\system32\drivers\ldrdfrzz.sys"
+ "ldtietxg"	""	""	"File not found: C:\WINDOWS\system32\drivers\ldtietxg.sys"
+ "ldunoems"	""	""	"File not found: C:\WINDOWS\system32\drivers\ldunoems.sys"
+ "lipntgst"	""	""	"File not found: C:\WINDOWS\system32\drivers\lipntgst.sys"
+ "ljbsxetc"	""	""	"File not found: C:\WINDOWS\system32\drivers\ljbsxetc.sys"
+ "lmzddhug"	""	""	"File not found: C:\WINDOWS\system32\drivers\lmzddhug.sys"
+ "ltedpjoh"	""	""	"File not found: C:\WINDOWS\system32\drivers\ltedpjoh.sys"
+ "ltjkjkou"	""	""	"File not found: C:\WINDOWS\system32\drivers\ltjkjkou.sys"
+ "ltwczpwu"	""	""	"File not found: C:\WINDOWS\system32\drivers\ltwczpwu.sys"
+ "lwclrequ"	""	""	"File not found: C:\WINDOWS\system32\drivers\lwclrequ.sys"
+ "lwdrfwqd"	""	""	"File not found: C:\WINDOWS\system32\drivers\lwdrfwqd.sys"
+ "lwtutojm"	""	""	"File not found: C:\WINDOWS\system32\drivers\lwtutojm.sys"
+ "lxsuxmai"	""	""	"File not found: C:\WINDOWS\system32\drivers\lxsuxmai.sys"
+ "lzamqidq"	""	""	"File not found: C:\WINDOWS\system32\drivers\lzamqidq.sys"
+ "mbaccbzh"	""	""	"File not found: C:\WINDOWS\system32\drivers\mbaccbzh.sys"
+ "mbstymgr"	""	""	"File not found: C:\WINDOWS\system32\drivers\mbstymgr.sys"
+ "mbvjwbll"	""	""	"File not found: C:\WINDOWS\system32\drivers\mbvjwbll.sys"
+ "mcicxote"	""	""	"File not found: C:\WINDOWS\system32\drivers\mcicxote.sys"
+ "mdgdtvhh"	""	""	"File not found: C:\WINDOWS\system32\drivers\mdgdtvhh.sys"
+ "mdqavgcv"	""	""	"File not found: C:\WINDOWS\system32\drivers\mdqavgcv.sys"
+ "medyurzl"	""	""	"File not found: C:\WINDOWS\system32\drivers\medyurzl.sys"
+ "mgsfmtgw"	""	""	"File not found: C:\WINDOWS\system32\drivers\mgsfmtgw.sys"
+ "mgwqzobb"	""	""	"File not found: C:\WINDOWS\system32\drivers\mgwqzobb.sys"
+ "mgxtdlzm"	""	""	"File not found: C:\WINDOWS\system32\drivers\mgxtdlzm.sys"
+ "mitawsus"	""	""	"File not found: C:\WINDOWS\system32\drivers\mitawsus.sys"
+ "mknofhbp"	""	""	"File not found: C:\WINDOWS\system32\drivers\mknofhbp.sys"
+ "mkttqpgv"	""	""	"File not found: C:\WINDOWS\system32\drivers\mkttqpgv.sys"
+ "mlziekzr"	""	""	"File not found: C:\WINDOWS\system32\drivers\mlziekzr.sys"
+ "mqdshikm"	""	""	"File not found: C:\WINDOWS\system32\drivers\mqdshikm.sys"
+ "mr7910"	"WDM Driver for PhotoViewer"	"Mars Semiconductor Corp."	"c:\windows\system32\drivers\mr7910.sys"
+ "mrasprfm"	""	""	"File not found: C:\WINDOWS\system32\drivers\mrasprfm.sys"
+ "mrsbwbej"	""	""	"File not found: C:\WINDOWS\system32\drivers\mrsbwbej.sys"
+ "MSICPL"	""	""	"File not found: E:\install4\MSICPL.sys"
+ "mthhdtfy"	""	""	"File not found: C:\WINDOWS\system32\drivers\mthhdtfy.sys"
+ "mtoqhkwm"	""	""	"File not found: C:\WINDOWS\system32\drivers\mtoqhkwm.sys"
+ "mttwrezs"	""	""	"File not found: C:\WINDOWS\system32\drivers\mttwrezs.sys"
+ "mtyrvoiy"	""	""	"File not found: C:\WINDOWS\system32\drivers\mtyrvoiy.sys"
+ "mvtjbzzm"	""	""	"File not found: C:\WINDOWS\system32\drivers\mvtjbzzm.sys"
+ "mvtkxqrj"	""	""	"File not found: C:\WINDOWS\system32\drivers\mvtkxqrj.sys"
+ "mwdmvhue"	""	""	"File not found: C:\WINDOWS\system32\drivers\mwdmvhue.sys"
+ "mxktqpnv"	""	""	"File not found: C:\WINDOWS\system32\drivers\mxktqpnv.sys"
+ "myngbdqe"	""	""	"File not found: C:\WINDOWS\system32\drivers\myngbdqe.sys"
+ "mzifsqrg"	""	""	"File not found: C:\WINDOWS\system32\drivers\mzifsqrg.sys"
+ "nawisxvo"	""	""	"File not found: C:\WINDOWS\system32\drivers\nawisxvo.sys"
+ "nczplzmi"	""	""	"File not found: C:\WINDOWS\system32\drivers\nczplzmi.sys"
+ "ndvfvfun"	""	""	"File not found: C:\WINDOWS\system32\drivers\ndvfvfun.sys"
+ "neixxqes"	""	""	"File not found: C:\WINDOWS\system32\drivers\neixxqes.sys"
+ "nfwromdm"	""	""	"File not found: C:\WINDOWS\system32\drivers\nfwromdm.sys"
+ "nfyuyqil"	""	""	"File not found: C:\WINDOWS\system32\drivers\nfyuyqil.sys"
+ "nhduoqih"	""	""	"File not found: C:\WINDOWS\system32\drivers\nhduoqih.sys"
+ "ninlhiei"	""	""	"File not found: C:\WINDOWS\system32\drivers\ninlhiei.sys"
+ "njcuepdi"	""	""	"File not found: C:\WINDOWS\system32\drivers\njcuepdi.sys"
+ "njdsdowf"	""	""	"File not found: C:\WINDOWS\system32\drivers\njdsdowf.sys"
+ "njfdgtjo"	""	""	"File not found: C:\WINDOWS\system32\drivers\njfdgtjo.sys"
+ "njkcsqdl"	""	""	"File not found: C:\WINDOWS\system32\drivers\njkcsqdl.sys"
+ "nlbjcixq"	""	""	"File not found: C:\WINDOWS\system32\drivers\nlbjcixq.sys"
+ "nmaixcca"	""	""	"File not found: C:\WINDOWS\system32\drivers\nmaixcca.sys"
+ "nmcwalsi"	""	""	"File not found: C:\WINDOWS\system32\drivers\nmcwalsi.sys"
+ "nmrhachh"	""	""	"File not found: C:\WINDOWS\system32\drivers\nmrhachh.sys"
+ "nodwdbbf"	""	""	"File not found: C:\WINDOWS\system32\drivers\nodwdbbf.sys"
+ "nqhotmvf"	""	""	"File not found: C:\WINDOWS\system32\drivers\nqhotmvf.sys"
+ "nsctgauq"	""	""	"File not found: C:\WINDOWS\system32\drivers\nsctgauq.sys"
+ "NTACCESS"	""	""	"File not found: E:\NTACCESS.sys"
+ "ntwedbqu"	""	""	"File not found: C:\WINDOWS\system32\drivers\ntwedbqu.sys"
+ "nuiirhpe"	""	""	"File not found: C:\WINDOWS\system32\drivers\nuiirhpe.sys"
+ "nujmjzxq"	""	""	"File not found: C:\WINDOWS\system32\drivers\nujmjzxq.sys"
+ "nuxcshul"	""	""	"File not found: C:\WINDOWS\system32\drivers\nuxcshul.sys"
+ "nvkejyok"	""	""	"File not found: C:\WINDOWS\system32\drivers\nvkejyok.sys"
+ "nwazjhwz"	""	""	"File not found: C:\WINDOWS\system32\drivers\nwazjhwz.sys"
+ "nwvbkgaw"	""	""	"File not found: C:\WINDOWS\system32\drivers\nwvbkgaw.sys"
+ "nwxwijlt"	""	""	"File not found: C:\WINDOWS\system32\drivers\nwxwijlt.sys"
+ "nxbayzma"	""	""	"File not found: C:\WINDOWS\system32\drivers\nxbayzma.sys"
+ "nxmswzpn"	""	""	"File not found: C:\WINDOWS\system32\drivers\nxmswzpn.sys"
+ "nxxwqbiz"	""	""	"File not found: C:\WINDOWS\system32\drivers\nxxwqbiz.sys"
+ "oamunrln"	""	""	"File not found: C:\WINDOWS\system32\drivers\oamunrln.sys"
+ "obvyevcg"	""	""	"File not found: C:\WINDOWS\system32\drivers\obvyevcg.sys"
+ "ocplisdm"	""	""	"File not found: C:\WINDOWS\system32\drivers\ocplisdm.sys"
+ "odbdxmqk"	""	""	"File not found: C:\WINDOWS\system32\drivers\odbdxmqk.sys"
+ "odroclrx"	""	""	"File not found: C:\WINDOWS\system32\drivers\odroclrx.sys"
+ "oducihri"	""	""	"File not found: C:\WINDOWS\system32\drivers\oducihri.sys"
+ "oetvfhua"	""	""	"File not found: C:\WINDOWS\system32\drivers\oetvfhua.sys"
+ "oeuzvakj"	""	""	"File not found: C:\WINDOWS\system32\drivers\oeuzvakj.sys"
+ "ofkwcpge"	""	""	"File not found: C:\WINDOWS\system32\drivers\ofkwcpge.sys"
+ "ogbxryol"	""	""	"File not found: C:\WINDOWS\system32\drivers\ogbxryol.sys"
+ "ogigacro"	""	""	"File not found: C:\WINDOWS\system32\drivers\ogigacro.sys"
+ "ohekaovg"	""	""	"File not found: C:\WINDOWS\system32\drivers\ohekaovg.sys"
+ "ohmowdps"	""	""	"File not found: C:\WINDOWS\system32\drivers\ohmowdps.sys"
+ "ohxzmxof"	""	""	"File not found: C:\WINDOWS\system32\drivers\ohxzmxof.sys"
+ "oirxkxcn"	""	""	"File not found: C:\WINDOWS\system32\drivers\oirxkxcn.sys"
+ "ojpeljlo"	""	""	"File not found: C:\WINDOWS\system32\drivers\ojpeljlo.sys"
+ "ojwqdqfe"	""	""	"File not found: C:\WINDOWS\system32\drivers\ojwqdqfe.sys"
+ "okyypcvt"	""	""	"File not found: C:\WINDOWS\system32\drivers\okyypcvt.sys"
+ "omhunhrk"	""	""	"File not found: C:\WINDOWS\system32\drivers\omhunhrk.sys"
+ "onkdrqen"	""	""	"File not found: C:\WINDOWS\system32\drivers\onkdrqen.sys"
+ "onznmzms"	""	""	"File not found: C:\WINDOWS\system32\drivers\onznmzms.sys"
+ "opxquodb"	""	""	"File not found: C:\WINDOWS\system32\drivers\opxquodb.sys"
+ "oqyntfmt"	""	""	"File not found: C:\WINDOWS\system32\drivers\oqyntfmt.sys"
+ "ospkivfr"	""	""	"File not found: C:\WINDOWS\system32\drivers\ospkivfr.sys"
+ "ouuhunca"	""	""	"File not found: C:\WINDOWS\system32\drivers\ouuhunca.sys"
+ "ovflzdsq"	""	""	"File not found: C:\WINDOWS\system32\drivers\ovflzdsq.sys"
+ "ovmjjezy"	""	""	"File not found: C:\WINDOWS\system32\drivers\ovmjjezy.sys"
+ "oxmfocff"	""	""	"File not found: C:\WINDOWS\system32\drivers\oxmfocff.sys"
+ "oyqnqezp"	""	""	"File not found: C:\WINDOWS\system32\drivers\oyqnqezp.sys"
+ "ozmqlvoa"	""	""	"File not found: C:\WINDOWS\system32\drivers\ozmqlvoa.sys"
+ "pblgblvv"	""	""	"File not found: C:\WINDOWS\system32\drivers\pblgblvv.sys"
+ "pbuwpmyo"	""	""	"File not found: C:\WINDOWS\system32\drivers\pbuwpmyo.sys"
+ "PCIDump"	""	""	"File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "pcvxnhuw"	""	""	"File not found: C:\WINDOWS\system32\drivers\pcvxnhuw.sys"
+ "PDCOMP"	""	""	"File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME"	""	""	"File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI"	""	""	"File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME"	""	""	"File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "pgeartss"	""	""	"File not found: C:\WINDOWS\system32\drivers\pgeartss.sys"
+ "phrgzmta"	""	""	"File not found: C:\WINDOWS\system32\drivers\phrgzmta.sys"
+ "phsdggem"	""	""	"File not found: C:\WINDOWS\system32\drivers\phsdggem.sys"
+ "plhekkpm"	""	""	"File not found: C:\WINDOWS\system32\drivers\plhekkpm.sys"
+ "pniqfpkf"	""	""	"File not found: C:\WINDOWS\system32\drivers\pniqfpkf.sys"
+ "prgkfclz"	""	""	"File not found: C:\WINDOWS\system32\drivers\prgkfclz.sys"
+ "psnwnbix"	""	""	"File not found: C:\WINDOWS\system32\drivers\psnwnbix.sys"
+ "ptdsvozr"	""	""	"File not found: C:\WINDOWS\system32\drivers\ptdsvozr.sys"
+ "Ptilink"	"Direct Parallel Link Driver"	"Parallel Technologies, Inc."	"c:\windows\system32\drivers\ptilink.sys"
+ "ptjvzxpz"	""	""	"File not found: C:\WINDOWS\system32\drivers\ptjvzxpz.sys"
+ "pvlpcjyq"	""	""	"File not found: C:\WINDOWS\system32\drivers\pvlpcjyq.sys"
+ "pxfkumup"	""	""	"File not found: C:\WINDOWS\system32\drivers\pxfkumup.sys"
+ "PxHelp20"	"Px Engine Device Driver for Windows 2000/XP"	"Sonic Solutions"	"c:\windows\system32\drivers\pxhelp20.sys"
+ "pylnplok"	""	""	"File not found: C:\WINDOWS\system32\drivers\pylnplok.sys"
+ "qahmmjgk"	""	""	"File not found: C:\WINDOWS\system32\drivers\qahmmjgk.sys"
+ "qbrkemuv"	""	""	"File not found: C:\WINDOWS\system32\drivers\qbrkemuv.sys"
+ "qcyewdkv"	""	""	"File not found: C:\WINDOWS\system32\drivers\qcyewdkv.sys"
+ "qdqdtdrk"	""	""	"File not found: C:\WINDOWS\system32\drivers\qdqdtdrk.sys"
+ "qfplocwb"	""	""	"File not found: C:\WINDOWS\system32\drivers\qfplocwb.sys"
+ "qiptgmam"	""	""	"File not found: C:\WINDOWS\system32\drivers\qiptgmam.sys"
+ "qiqbadqk"	""	""	"File not found: C:\WINDOWS\system32\drivers\qiqbadqk.sys"
+ "qivoacrg"	""	""	"File not found: C:\WINDOWS\system32\drivers\qivoacrg.sys"
+ "qkqqtmbm"	""	""	"File not found: C:\WINDOWS\system32\drivers\qkqqtmbm.sys"
+ "qktcsvbo"	""	""	"File not found: C:\WINDOWS\system32\drivers\qktcsvbo.sys"
+ "qlrvwyln"	""	""	"File not found: C:\WINDOWS\system32\drivers\qlrvwyln.sys"
+ "qngqggvk"	""	""	"File not found: C:\WINDOWS\system32\drivers\qngqggvk.sys"
+ "qrjtpxav"	""	""	"File not found: C:\WINDOWS\system32\drivers\qrjtpxav.sys"
+ "quhyqkwb"	""	""	"File not found: C:\WINDOWS\system32\drivers\quhyqkwb.sys"
+ "qxiwklcd"	""	""	"File not found: C:\WINDOWS\system32\drivers\qxiwklcd.sys"
+ "qyzckuoy"	""	""	"File not found: C:\WINDOWS\system32\drivers\qyzckuoy.sys"
+ "rahviaey"	""	""	"File not found: C:\WINDOWS\system32\drivers\rahviaey.sys"
+ "rdurdfkd"	""	""	"File not found: C:\WINDOWS\system32\drivers\rdurdfkd.sys"
+ "regfkqli"	""	""	"File not found: C:\WINDOWS\system32\drivers\regfkqli.sys"
+ "rgilhfri"	""	""	"File not found: C:\WINDOWS\system32\drivers\rgilhfri.sys"
+ "rhugkims"	""	""	"File not found: C:\WINDOWS\system32\drivers\rhugkims.sys"
+ "riubxnur"	""	""	"File not found: C:\WINDOWS\system32\drivers\riubxnur.sys"
+ "riwwlabn"	""	""	"File not found: C:\WINDOWS\system32\drivers\riwwlabn.sys"
+ "rjyogpaa"	""	""	"File not found: C:\WINDOWS\system32\drivers\rjyogpaa.sys"
+ "rkineeom"	""	""	"File not found: C:\WINDOWS\system32\drivers\rkineeom.sys"
+ "rniwvubc"	""	""	"File not found: C:\WINDOWS\system32\drivers\rniwvubc.sys"
+ "rososwus"	""	""	"File not found: C:\WINDOWS\system32\drivers\rososwus.sys"
+ "rqhyglgk"	""	""	"File not found: C:\WINDOWS\system32\drivers\rqhyglgk.sys"
+ "rqnvxrba"	""	""	"File not found: C:\WINDOWS\system32\drivers\rqnvxrba.sys"
+ "rrnzavey"	""	""	"File not found: C:\WINDOWS\system32\drivers\rrnzavey.sys"
+ "rsmwrzmu"	""	""	"File not found: C:\WINDOWS\system32\drivers\rsmwrzmu.sys"
+ "rsriplzf"	""	""	"File not found: C:\WINDOWS\system32\drivers\rsriplzf.sys"
+ "rstctoep"	""	""	"File not found: C:\WINDOWS\system32\drivers\rstctoep.sys"
+ "rwghvwen"	""	""	"File not found: C:\WINDOWS\system32\drivers\rwghvwen.sys"
+ "rwyoitqi"	""	""	"File not found: C:\WINDOWS\system32\drivers\rwyoitqi.sys"
+ "rxsmwxus"	""	""	"File not found: C:\WINDOWS\system32\drivers\rxsmwxus.sys"
+ "rxsqjhwp"	""	""	"File not found: C:\WINDOWS\system32\drivers\rxsqjhwp.sys"
+ "rynvlnid"	""	""	"File not found: C:\WINDOWS\system32\drivers\rynvlnid.sys"
+ "rypksxxq"	""	""	"File not found: C:\WINDOWS\system32\drivers\rypksxxq.sys"
+ "ryzwsitk"	""	""	"File not found: C:\WINDOWS\system32\drivers\ryzwsitk.sys"
+ "rzcuubaj"	""	""	"File not found: C:\WINDOWS\system32\drivers\rzcuubaj.sys"
+ "rzjidhdb"	""	""	"File not found: C:\WINDOWS\system32\drivers\rzjidhdb.sys"
+ "saoeupoe"	""	""	"File not found: C:\WINDOWS\system32\drivers\saoeupoe.sys"
+ "saqipzdk"	""	""	"File not found: C:\WINDOWS\system32\drivers\saqipzdk.sys"
+ "savayzaq"	""	""	"File not found: C:\WINDOWS\system32\drivers\savayzaq.sys"
+ "sdxqendh"	""	""	"File not found: C:\WINDOWS\system32\drivers\sdxqendh.sys"
+ "sebbwnzh"	""	""	"File not found: C:\WINDOWS\system32\drivers\sebbwnzh.sys"
+ "Secdrv"	"SafeDisc driver"	"Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."	"c:\windows\system32\drivers\secdrv.sys"
+ "serftwlb"	""	""	"File not found: C:\WINDOWS\system32\drivers\serftwlb.sys"
+ "SetupNTGLM7X"	""	""	"File not found: E:\NTGLM7X.sys"
+ "seuvzzxz"	""	""	"File not found: C:\WINDOWS\system32\drivers\seuvzzxz.sys"
+ "sjpobggc"	""	""	"File not found: C:\WINDOWS\system32\drivers\sjpobggc.sys"
+ "skvlwljp"	""	""	"File not found: C:\WINDOWS\system32\drivers\skvlwljp.sys"
+ "snncqivi"	""	""	"File not found: C:\WINDOWS\system32\drivers\snncqivi.sys"
+ "snsjicve"	""	""	"File not found: C:\WINDOWS\system32\drivers\snsjicve.sys"
+ "sofyddxv"	""	""	"File not found: C:\WINDOWS\system32\drivers\sofyddxv.sys"
+ "SONYPVU1"	"Sony USB Lower Filter driver"	"Sony Corporation"	"c:\windows\system32\drivers\sonypvu1.sys"
+ "sosknekq"	""	""	"File not found: C:\WINDOWS\system32\drivers\sosknekq.sys"
+ "spibvwyd"	""	""	"File not found: C:\WINDOWS\system32\drivers\spibvwyd.sys"
+ "sprwzuwz"	""	""	"File not found: C:\WINDOWS\system32\drivers\sprwzuwz.sys"
+ "spuxyzow"	""	""	"File not found: C:\WINDOWS\system32\drivers\spuxyzow.sys"
+ "sqlxkfsr"	""	""	"File not found: C:\WINDOWS\system32\drivers\sqlxkfsr.sys"
+ "sqpnnpyh"	""	""	"File not found: C:\WINDOWS\system32\drivers\sqpnnpyh.sys"
+ "sqrqfqgf"	""	""	"File not found: C:\WINDOWS\system32\drivers\sqrqfqgf.sys"
+ "sqxbnnfd"	""	""	"File not found: C:\WINDOWS\system32\drivers\sqxbnnfd.sys"
+ "srdbdxjp"	""	""	"File not found: C:\WINDOWS\system32\drivers\srdbdxjp.sys"
+ "SWDUMon"	"Driver Update Installer Monitor"	""	"c:\windows\system32\drivers\swdumon.sys"
+ "swzaxqme"	""	""	"File not found: C:\WINDOWS\system32\drivers\swzaxqme.sys"
+ "symqcnbj"	""	""	"File not found: C:\WINDOWS\system32\drivers\symqcnbj.sys"
+ "tdtvxgsb"	""	""	"File not found: C:\WINDOWS\system32\drivers\tdtvxgsb.sys"
+ "tfrbiong"	""	""	"File not found: C:\WINDOWS\system32\drivers\tfrbiong.sys"
+ "thzxyypw"	""	""	"File not found: C:\WINDOWS\system32\drivers\thzxyypw.sys"
+ "tjqqjjww"	""	""	"File not found: C:\WINDOWS\system32\drivers\tjqqjjww.sys"
+ "tkcokknf"	""	""	"File not found: C:\WINDOWS\system32\drivers\tkcokknf.sys"
+ "tmlbwjjd"	""	""	"File not found: C:\WINDOWS\system32\drivers\tmlbwjjd.sys"
+ "tmnueznq"	""	""	"File not found: C:\WINDOWS\system32\drivers\tmnueznq.sys"
+ "tmqmhuos"	""	""	"File not found: C:\WINDOWS\system32\drivers\tmqmhuos.sys"
+ "tolgkkmx"	""	""	"File not found: C:\WINDOWS\system32\drivers\tolgkkmx.sys"
+ "tqlaynno"	""	""	"File not found: C:\WINDOWS\system32\drivers\tqlaynno.sys"
+ "tqxptbaf"	""	""	"File not found: C:\WINDOWS\system32\drivers\tqxptbaf.sys"
+ "tspwdmid"	""	""	"File not found: C:\WINDOWS\system32\drivers\tspwdmid.sys"
+ "tsrlavgn"	""	""	"File not found: C:\WINDOWS\system32\drivers\tsrlavgn.sys"
+ "ttcdcakv"	""	""	"File not found: C:\WINDOWS\system32\drivers\ttcdcakv.sys"
+ "tusyiosh"	""	""	"File not found: C:\WINDOWS\system32\drivers\tusyiosh.sys"
+ "tvpwjscd"	""	""	"File not found: C:\WINDOWS\system32\drivers\tvpwjscd.sys"
+ "uauimyhl"	""	""	"File not found: C:\WINDOWS\system32\drivers\uauimyhl.sys"
+ "ubduqrie"	""	""	"File not found: C:\WINDOWS\system32\drivers\ubduqrie.sys"
+ "ubywibpd"	""	""	"File not found: C:\WINDOWS\system32\drivers\ubywibpd.sys"
+ "uezoceah"	""	""	"File not found: C:\WINDOWS\system32\drivers\uezoceah.sys"
+ "ulkpvgkm"	""	""	"File not found: C:\WINDOWS\system32\drivers\ulkpvgkm.sys"
+ "uoelqmle"	""	""	"File not found: C:\WINDOWS\system32\drivers\uoelqmle.sys"
+ "uoeqmfnn"	""	""	"File not found: C:\WINDOWS\system32\drivers\uoeqmfnn.sys"
+ "uopkhaip"	""	""	"File not found: C:\WINDOWS\system32\drivers\uopkhaip.sys"
+ "uovcurfi"	""	""	"File not found: C:\WINDOWS\system32\drivers\uovcurfi.sys"
+ "uoyufsjn"	""	""	"File not found: C:\WINDOWS\system32\drivers\uoyufsjn.sys"
+ "upkvezps"	""	""	"File not found: C:\WINDOWS\system32\drivers\upkvezps.sys"
+ "uppgjnjy"	""	""	"File not found: C:\WINDOWS\system32\drivers\uppgjnjy.sys"
+ "USBAAPL"	"Apple Mobile Device USB Driver"	"Apple, Inc."	"c:\windows\system32\drivers\usbaapl.sys"
+ "uvusvaov"	""	""	"File not found: C:\WINDOWS\system32\drivers\uvusvaov.sys"
+ "vatfagwl"	""	""	"File not found: C:\WINDOWS\system32\drivers\vatfagwl.sys"
+ "vckhrywn"	""	""	"File not found: C:\WINDOWS\system32\drivers\vckhrywn.sys"
+ "vcklnlho"	""	""	"File not found: C:\WINDOWS\system32\drivers\vcklnlho.sys"
+ "vclonksj"	""	""	"File not found: C:\WINDOWS\system32\drivers\vclonksj.sys"
+ "vgvajpij"	""	""	"File not found: C:\WINDOWS\system32\drivers\vgvajpij.sys"
+ "vhrleduk"	""	""	"File not found: C:\WINDOWS\system32\drivers\vhrleduk.sys"
+ "viagfx"	"VIA/S3G Miniport Driver"	"Copyright © VIA/S3 Graphics Co, Ltd."	"c:\windows\system32\drivers\vtmini.sys"
+ "viamraid"	"VIA RAID DRIVER FOR WIN 2000/XP/2003IA32"	"VIA Technologies inc,.ltd"	"c:\windows\system32\drivers\viamraid.sys"
+ "vkbdrlgk"	""	""	"File not found: C:\WINDOWS\system32\drivers\vkbdrlgk.sys"
+ "vqpbuzdb"	""	""	"File not found: C:\WINDOWS\system32\drivers\vqpbuzdb.sys"
+ "vtbivaiu"	""	""	"File not found: C:\WINDOWS\system32\drivers\vtbivaiu.sys"
+ "vvcvpddf"	""	""	"File not found: C:\WINDOWS\system32\drivers\vvcvpddf.sys"
+ "vvwruwul"	""	""	"File not found: C:\WINDOWS\system32\drivers\vvwruwul.sys"
+ "vwkoxaci"	""	""	"File not found: C:\WINDOWS\system32\drivers\vwkoxaci.sys"
+ "vxqjjcza"	""	""	"File not found: C:\WINDOWS\system32\drivers\vxqjjcza.sys"
+ "vzisnsct"	""	""	"File not found: C:\WINDOWS\system32\drivers\vzisnsct.sys"
+ "wbkojqjb"	""	""	"File not found: C:\WINDOWS\system32\drivers\wbkojqjb.sys"
+ "wcyrhabu"	""	""	"File not found: C:\WINDOWS\system32\drivers\wcyrhabu.sys"
+ "WDICA"	""	""	"File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "whgstkrz"	""	""	"File not found: C:\WINDOWS\system32\drivers\whgstkrz.sys"
+ "wkfpqzni"	""	""	"File not found: C:\WINDOWS\system32\drivers\wkfpqzni.sys"
+ "wmgnbkqy"	""	""	"File not found: C:\WINDOWS\system32\drivers\wmgnbkqy.sys"
+ "xhqawvui"	""	""	"File not found: C:\WINDOWS\system32\drivers\xhqawvui.sys"
+ "xmatnhya"	""	""	"File not found: C:\WINDOWS\system32\drivers\xmatnhya.sys"
+ "xmwverrl"	""	""	"File not found: C:\WINDOWS\system32\drivers\xmwverrl.sys"
+ "xnvwyaef"	""	""	"File not found: C:\WINDOWS\system32\drivers\xnvwyaef.sys"
+ "xqgomotb"	""	""	"File not found: C:\WINDOWS\system32\drivers\xqgomotb.sys"
+ "xtachdmt"	""	""	"File not found: C:\WINDOWS\system32\drivers\xtachdmt.sys"
+ "xtqfwxut"	""	""	"File not found: C:\WINDOWS\system32\drivers\xtqfwxut.sys"
+ "xueujhhx"	""	""	"File not found: C:\WINDOWS\system32\drivers\xueujhhx.sys"
+ "xwbccihl"	""	""	"File not found: C:\WINDOWS\system32\drivers\xwbccihl.sys"
+ "xxuleeqv"	""	""	"File not found: C:\WINDOWS\system32\drivers\xxuleeqv.sys"
+ "xykknpbf"	""	""	"File not found: C:\WINDOWS\system32\drivers\xykknpbf.sys"
+ "xzotvtec"	""	""	"File not found: C:\WINDOWS\system32\drivers\xzotvtec.sys"
+ "ymkufrvw"	""	""	"File not found: C:\WINDOWS\system32\drivers\ymkufrvw.sys"
+ "yqeutvny"	""	""	"File not found: C:\WINDOWS\system32\drivers\yqeutvny.sys"
+ "ysjumfkm"	""	""	"File not found: C:\WINDOWS\system32\drivers\ysjumfkm.sys"
+ "ytpvgqgz"	""	""	"File not found: C:\WINDOWS\system32\drivers\ytpvgqgz.sys"
+ "zcbfiqaa"	""	""	"File not found: C:\WINDOWS\system32\drivers\zcbfiqaa.sys"
+ "zcoaqgia"	""	""	"File not found: C:\WINDOWS\system32\drivers\zcoaqgia.sys"
+ "zfkaglfh"	""	""	"File not found: C:\WINDOWS\system32\drivers\zfkaglfh.sys"
+ "zrxlbdar"	""	""	"File not found: C:\WINDOWS\system32\drivers\zrxlbdar.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"	""	""	""
+ "msacm.l3acm"	"MPEG Layer-3 Audio Codec for MSACM"	"Fraunhofer Institut Integrierte Schaltungen IIS"	"c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet"	"Audio codec for MS ACM"	"Sipro Lab Telecom Inc."	"c:\windows\system32\sl_anet.acm"
+ "msacm.trspch"	"DSP Group TrueSpeech™ Audio Codec for MSACM V3.50"	"DSP GROUP, INC."	"c:\windows\system32\tssoft32.acm"
+ "vidc.cvid"	"Cinepak® Codec"	"Radius Inc."	"c:\windows\system32\iccvid.dll"
+ "vidc.DIVX"	"DivX"	"DivX, Inc."	"c:\windows\system32\divx.dll"
+ "vidc.iv31"	""	""	"c:\windows\system32\ir32_32.dll"
+ "vidc.iv32"	""	""	"c:\windows\system32\ir32_32.dll"
+ "vidc.yv12"	"DivX"	"DivX, Inc."	"c:\windows\system32\divx.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"	""	""	""
+ "9x8Resize"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder"	"ACELP.net Audio Decoder"	"Sipro Lab Telecom Inc."	"c:\windows\system32\acelpdec.ax"
+ "Allocator Fix"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "CoreCaption Filter"	"CoreCaption DLL"	"Corel Software, Inc."	"c:\program files\common files\corel\directshowcomponents2\corecaption.ax"
+ "CoreImgSrc"	"COREIMGFLT DLL"	"Corel Software, Inc."	"c:\program files\common files\corel\directshowcomponents\coreimgsrc.ax"
+ "CoreMovSrc"	"COREMOVFLT DLL"	"Corel Software, Inc."	"c:\program files\common files\corel\directshowcomponents\coremovsrc.ax"
+ "CoreNullXfrm Filter"	"CORENULLXFRM DLL"	"Corel Software, Inc."	"c:\program files\common files\corel\directshowcomponents2\corenullxfrm.ax"
+ "CoreVolume Filter"	"COREVOLUME DLL"	"Corel Software, Inc."	"c:\program files\common files\corel\directshowcomponents2\corevolume.ax"
+ "CyberLink Audio Decoder"	"CyberLink Audio Decoder Filter"	"CyberLink Corp."	"c:\program files\cyberlink\shared files\audiofilter\claud.ax"
+ "CyberLink Audio Effect"	"CyberLink Audio Effect Filter"	"CyberLink Corporation"	"c:\program files\cyberlink\shared files\audiofilter\claudfx.ax"
+ "CyberLink AudioCD Filter"	"CyberLink AudioCD Filter"	"CyberLink Corp."	"c:\program files\cyberlink\shared files\audiofilter\claudiocd.ax"
+ "CyberLink DVD Navigator"	"CyberLink DVD Navigation Filter"	"CyberLink Corp."	"c:\program files\cyberlink\shared files\navfilter\clnavx.ax"
+ "CyberLink Line21 Decoder Filter"	"CyberLink Line21 Decoder Filter"	"CyberLink Corp."	"c:\program files\cyberlink\shared files\videofilter\clline21.ax"
+ "CyberLink TimeStretch Filter"	"CLAuTS.ax"	"CyberLink Corp."	"c:\program files\cyberlink\shared files\audiofilter\clauts.ax"
+ "CyberLink Video/SP Decoder"	"CyberLink Video/SP Filter"	"CyberLink Corp."	"c:\program files\cyberlink\shared files\videofilter\clvsd.ax"
+ "DirectVobSub"	"VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth"	"MPC-HC Team"	"c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)"	"VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth"	"MPC-HC Team"	"c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DivX Decoder Filter"	"DivX® Decoder Filter"	"DivX, Inc."	"c:\windows\system32\divxdec.ax"
+ "DivX Demux"	"DivX® Media Filter"	"DivXNetworks"	"c:\windows\system32\divxmedia.ax"
+ "DivX Subtitle Decoder"	"DivX® Media Filter"	"DivXNetworks"	"c:\windows\system32\divxmedia.ax"
+ "ffdshow Audio Decoder"	"DirectShow and VFW video and audio decoding/encoding/processing filter"	""	"c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor"	"DirectShow and VFW video and audio decoding/encoding/processing filter"	""	"c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow DXVA Video Decoder"	"DirectShow and VFW video and audio decoding/encoding/processing filter"	""	"c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter"	"DirectShow and VFW video and audio decoding/encoding/processing filter"	""	"c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter"	"DirectShow and VFW video and audio decoding/encoding/processing filter"	""	"c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder"	"DirectShow and VFW video and audio decoding/encoding/processing filter"	""	"c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "FinePix Color Filter"	"FinePix Color Filter"	"FUJI PHOTO FILM CO.,LTD."	"c:\program files\fujifilm\myfinepix studio\plugins\fbuploader\mvfilters\fxcolorft.ax"
+ "FinePix Rotate Filter"	"FinePix Rotate Filter"	"FUJI PHOTO FILM CO.,LTD."	"c:\program files\fujifilm\myfinepix studio\plugins\fbuploader\mvfilters\fxrotateft.ax"
+ "Frame Eater"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "Fujifilm Setup Filter"	"FujifilmSetupFilter"	"FUJI PHOTO FILM CO., LTD. "	"c:\program files\fujifilm\myfinepix studio\plugins\fbuploader\mvfilters\fujifilmsetupfilter.ax"
+ "Haali Matroska Muxer"	"Haali Media Splitter"	""	"c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter"	"Haali Media Splitter"	""	"c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)"	"Haali Media Splitter"	""	"c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter"	"Haali Media Splitter"	""	"c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer"	""	""	"c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink"	"Haali Media Splitter"	""	"c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "LAV Audio Decoder"	"LAV Audio Decoder - DirectShow Audio Decoder"	"1f0.de - Hendrik Leppkes"	"c:\program files\k-lite codec pack\filters\lav\lavaudio.ax"
+ "LAV Splitter"	"LAV Splitter - DirectShow Media Splitter"	"1f0.de - Hendrik Leppkes"	"c:\program files\k-lite codec pack\filters\lav\lavsplitter.ax"
+ "LAV Splitter Source"	"LAV Splitter - DirectShow Media Splitter"	"1f0.de - Hendrik Leppkes"	"c:\program files\k-lite codec pack\filters\lav\lavsplitter.ax"
+ "LAV Video Decoder"	"LAV Video Decoder - DirectShow Video Decoder"	"1f0.de - Hendrik Leppkes"	"c:\program files\k-lite codec pack\filters\lav\lavvideo.ax"
+ "MPEG Layer-3 Decoder"	"MPEG Layer-3 Audio Decoder"	"Fraunhofer Institut Integrierte Schaltungen IIS"	"c:\windows\system32\l3codecx.ax"
+ "RealPlayer Audio Filter"	"Audio Filter Plugin"	"RealNetworks, Inc."	"c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Mp3 Transform Filter"	"Audio Filter Plugin"	"RealNetworks, Inc."	"c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer MPEG4 Transform Filter"	"Audio Filter Plugin"	"RealNetworks, Inc."	"c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter"	"Audio Filter Plugin"	"RealNetworks, Inc."	"c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter"	"Audio Filter Plugin"	"RealNetworks, Inc."	"c:\program files\real\realplayer\rdsf3260.dll"
+ "Record Queue"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "ShotBoundaryDet"	"Windows Movie Maker"	"Microsoft Corporation"	"c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "Snapshot"	"Arcsoft Snapshot Filter 1.0"	"Arcsoft Corporation"	"c:\program files\common files\arcsoft\mpeg engine\arcsnap.ax"
+ "Stetch"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter"	"WIA Stream Snapshot Filter"	"MyCompanyName"	"c:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber"	"Windows Movie Maker"	"Microsoft Corporation"	"c:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
"HKLM\Software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance"	""	""	""
+ "{584FDB1D-51C4-4A1D-B674-D548D915EE01}"	"WIC Metadata Handler Plug-in"	"Eastman Kodak Company"	"c:\program files\common files\kodak\wic_support\metadatawicmetadatahandler-platopt.dll"
+ "{6DDC8FCE-C470-444A-9425-8EAC662A99F7}"	"WIC Metadata Handler Plug-in"	"Eastman Kodak Company"	"c:\program files\common files\kodak\wic_support\metadatawicmetadatahandler-platopt.dll"
+ "{821C65A9-C22B-4387-9503-265472E25544}"	"WIC Metadata Handler Plug-in"	"Eastman Kodak Company"	"c:\program files\common files\kodak\wic_support\metadatawicmetadatahandler-platopt.dll"
+ "{90F5AF52-6D6C-4C83-8A7D-1C12923A1022}"	"WIC Metadata Handler Plug-in"	"Eastman Kodak Company"	"c:\program files\common files\kodak\wic_support\metadatawicmetadatahandler-platopt.dll"
+ "{C73B6814-9FF3-4D10-A5C0-678904F869E9}"	"WIC Metadata Handler Plug-in"	"Eastman Kodak Company"	"c:\program files\common files\kodak\wic_support\metadatawicmetadatahandler-platopt.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe"	""	""	""
+ "C:\WINDOWS\System32\GPhotos.scr"	"Google Photos Screensaver"	"Google Inc."	"c:\windows\system32\gphotos.scr"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"	""	""	""
+ "mdnsNSP"	"Bonjour Namespace Provider"	"Apple Inc."	"c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"	""	""	""
+ "Canon BJ Language Monitor iX6500 series"	"IJ Language Monitor"	"CANON INC."	"c:\windows\system32\cnmlmao.dll"
+ "CNY SELPHY CP LM13"	"SELPHY CP Family Driver Language Monitor"	"Canon INC."	"c:\windows\system32\cnymlm13.dll"
+ "EPSON PictureMate Deluxe 2KMonitor5A"	"EPSON Bi-directional Monitor"	"SEIKO EPSON CORPORATION"	"c:\windows\system32\e_flm9ta.dll"
+ "EPSON V6 2KMonitor"	"EPSON Bi-directional Monitor"	"SEIKO EPSON CORPORATION"	"c:\windows\system32\ebpmon24.dll"
+ "KODAK EASYSHARE 5000 Series All-in-One Printer"	"Language Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build)"	"Eastman Kodak Company"	"c:\windows\system32\ekij5000mon.dll"
+ "KODAK EASYSHARE All-in-One Printer"	"Language Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build)"	"Eastman Kodak Company"	"c:\windows\system32\ekij5000mon.dll"

 



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:05 AM

Posted 26 February 2013 - 10:29 PM

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Similarly Uninstall your adobe flash player and install the latest one from adobe.com

 

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

 

After restart let me know how system behaves
 



#7 hellbringer616

hellbringer616
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 27 February 2013 - 09:44 AM

Still getting it, MSSE quarantined it right when i looked, and it looks like it does basically from the time i boot up. Should i uninstall it and try everything again? The last round of tests i did in safemode, So MSSE wasn't running.



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:05 AM

Posted 27 February 2013 - 09:54 AM

Can you post the exact location of infection?



#9 hellbringer616

hellbringer616
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 27 February 2013 - 10:10 AM

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\%RANDOM%\%RANDOM%.htm

 

i've deleted the entire temporary internet files folder before and it still comes back
 


Edited by hellbringer616, 27 February 2013 - 10:10 AM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:05 AM

Posted 27 February 2013 - 10:26 AM

Press Windows+R key and type

inetcpl.cpl and click ok

Click on Advanced tab and click on RESET option

Makesure to checkmark DELETE PERSONAL SETTINGS option and click ok

Restart the PC and check



#11 hellbringer616

hellbringer616
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 27 February 2013 - 10:36 AM

Still detected it



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:05 AM

Posted 27 February 2013 - 10:42 AM

Use this guide to configure a clean boot

 

http://support.microsoft.com/kb/929135

 

Run TFC again and restart the PC.Does MSSE detect trojan now?

 

Are you receiving the warning while browsing?



#13 hellbringer616

hellbringer616
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 27 February 2013 - 10:58 AM

Yes it does.

 

And no, not while browsing, I get it while idling. or anytime anything happens


Edited by hellbringer616, 27 February 2013 - 10:59 AM.


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:05 AM

Posted 27 February 2013 - 11:10 AM

Please run ESET online scanner and post the log here.



#15 hellbringer616

hellbringer616
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 27 February 2013 - 11:27 AM

Just as an update the scan is estimated to take 1 hour. I will post the long then






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users