Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Every File Marked as Having a Virus


  • Please log in to reply
13 replies to this topic

#1 TechnicalDifficulty

TechnicalDifficulty

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 01 July 2013 - 02:38 PM

Hello,
 
Something is wrong with my computer so that every time I try to download any file at any time I get the following message: "(whatever the file name is) contained a virus and was deleted"
I've seen this problem around but I've found several conflicting "solutions" so I don't know what to do. I can't tell when this problem started since I went for over a year without using the Windows downloader. I have AVG but it's active and I've never tried uninstalling it. I'm using Internet Explorer 10. Nothing is showing up in my malware scans but the problem remains, Any help would be appreciated. I have some files I need to get this week.

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 L3DMaN

L3DMaN

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 01 July 2013 - 03:00 PM

Well I Recomment a full scam on your computer 

 

start your computer with safemode and networking

 

1- Run  TDSSKiller 

2- Hitman pro 

3 - Malwarebytes 

4- AdwCleaner

 

all this tools run on safemode 

 

them update and run your av on normal mode 



#3 gbtswengineer

gbtswengineer

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 01 July 2013 - 07:04 PM

Hi,

 

Have the exact same problem on my computer as well.  Ran SpyHunter 4 and it detected unknown program installations.  In essence, it appears to have replaced/hijacked my Microsoft Security Client and anytime you try to download antivirus software you get the message that the download file is infected with a virus and has been deleted.  It actually does more than that as it prevents you from starting up the firewall or executing MicroSoft Security Essentials. 

 

SpyHunter 4 did identify where the files lived and when I tried to access or remove them as the system administrator, I was told that I did not have the requisite access priviliges.  In essence, this is one nastly piece of malware.  I did speak with one of my Cyber Security colleagues and he advised me to re-install my operating system.  I haven't tried TDSSKILLER or Hitman pro as was suggested below, but I did run Malwarebytes and it found quite a few pieces of malware, but not as many as SpyHunter 4.

 

I did open a ticket with Enigma Software regarding the inability to disable or remove the unknown objects it discovered, but haven't heard anything back as of yet.

 

If I happen to run across a solution, I will let you know.

 

Regards,

 

Virgil



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:12 AM

Posted 02 July 2013 - 04:52 AM

@ gbtswengineer

If you have a problem, please start your own topic -

Thank You -



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,907 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:12 PM

Posted 02 July 2013 - 12:45 PM

You were not clear as to what program is telling you the file contained a virus and was deleted.

If it was AVG, I would remove it and install another. If not, I would still recommend replacing it.

Download a replacement anti-virus (choose and install only one) and save it to another computer.
- avast! Free Antivirus <- includes Google Chrome pre-checked by default during installation but gives you the option to uncheck
- Microsoft Security Essentials <- includes the option to join the customer experience improvement program
- BitDefender Antivirus Free Edition
- Avira Free Antivirus <- includes Ask.com Toolbar pre-checked by default during installation

Download the AVG Remover for 32-bit, 64-bit systems and save it to another computer.

Copy the replacement ant-virus setup file and AVG Remover to a usb stick, then transfer to the affected computer.

Disconnect from the Internet, Uninstall AVG, then run the AVG Remover tool.
Reboot and install the replacement anti-virus.
Reboot again to ensure it is working properly before reconnecting to the Internet.
Connect to the Internet, immediately update you anti-virus definitiions and perform a full scan.

BTW, Safe Mode is a troubleshooting mode designed to start Windows with minimal drivers and running processes to diagnose problems with your computer. This means some of the programs that normally start when Windows starts will not run.

Why use safe mode? The Windows operating system protects files when they are being accessed by an application or a program. Malware writers create programs that can insert itself and hide in these protected areas when the files are being used. Using safe mode reduces the number of modules requesting files to only essentials which make your computer functional. This in turn reduces the number of hiding places for malware, making it easier to find and delete the offending files when performing scans with anti-virus and anti-malware tools. In many cases, performing your scans in safe mode speeds up the scanning process.

Why not use safe mode? Some security tools like anti-rootkit scanners (ARKs) and programs with anti-rootkit technology use special drivers which are required for the scanning and removal process. These tools are designed to work in normal mode because the drivers will not load in safe mode which lessens the scan's effectiveness. Other security tools are optimized to run from normal mode where they are most effective. For example, Malwarebytes Anti-Malware is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, Malwarebytes loses some effectiveness for detection and removal when used in safe mode. For optimal removal, normal mode is recommended so it does not limit the abilities of Malwarebytes.

Scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. If the malware is not related to a running process (i.e. malicious .dll) it probably will not make a difference performing a scan in normal or safe mode. A hidden piece of malware such as a rootkit which protects other malicious files and registry keys from deletion may not be detected in either mode without the use of special tools. Additionaly, if the scanner you're using does not include definitions for the malware, then they may not detect or remove it regardless of what mode is used. Also keep in mind that there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 TechnicalDifficulty

TechnicalDifficulty
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 02 July 2013 - 04:02 PM

I updated and ran TDSSKiller, MalwareBytes and SuperAntiSpyware but they didn't find anything. I'll have to wait until I have access to another computer to download the other scan programs.
 

You were not clear as to what program is telling you the file contained a virus and was deleted.


Windows, so far as I know. It happens when I use the default download prompt. This is an image of what the message looks like.

 

ie_contained_a_virus_and_was_deleted.jpg



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:12 PM

Posted 02 July 2013 - 08:39 PM

Hello, I am wondering if you know why there is a Watermark in that image that says... Delete malware BlogSpot.


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 TechnicalDifficulty

TechnicalDifficulty
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 04 July 2013 - 04:53 PM

Hello, I am wondering if you know why there is a Watermark in that image that says... Delete malware BlogSpot.

It's a picture I found of the message I'm getting. The actual message doesn't have the watermark. Here's my MiniToolBox log:
 

MiniToolBox by Farbar Version: 16-06-2013
Ran by Admin (administrator) on 04-07-2013 at 12:43:59
Running from "C:\Users\Admin\Desktop"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 110.77.233.11:3128

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




========================= IP Configuration: ================================

Atheros AR5007EG Wireless Network Adapter = Wireless Network Connection (Connected)
Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Admin-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.md.comcast.net.
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-21-63-09-08-D6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a821:1e48:d463:6867%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, July 04, 2013 8:18:59 AM
Lease Expires . . . . . . . . . . : Thursday, July 11, 2013 10:49:05 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 218112355
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-48-D9-75-00-1E-EC-39-A5-28
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-1E-EC-39-A5-28
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.md.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 2607:f8b0:4004:803::1009
74.125.228.78
74.125.228.65
74.125.228.71
74.125.228.67
74.125.228.69
74.125.228.70
74.125.228.73
74.125.228.66
74.125.228.68
74.125.228.72
74.125.228.64


Pinging google.com [74.125.228.5] with 32 bytes of data:
Reply from 74.125.228.5: bytes=32 time=14ms TTL=55
Reply from 74.125.228.5: bytes=32 time=12ms TTL=55

Ping statistics for 74.125.228.5:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 14ms, Average = 13ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=89ms TTL=48
Reply from 206.190.36.45: bytes=32 time=139ms TTL=48

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 89ms, Maximum = 139ms, Average = 114ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 21 63 09 08 d6 ......Atheros AR5007EG Wireless Network Adapter
10...00 1e ec 39 a5 28 ......Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.2 25
10.0.0.0 255.255.255.0 On-link 10.0.0.2 281
10.0.0.2 255.255.255.255 On-link 10.0.0.2 281
10.0.0.255 255.255.255.255 On-link 10.0.0.2 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::a821:1e48:d463:6867/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/04/2013 11:42:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/04/2013 10:15:10 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/04/2013 10:12:33 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/03/2013 11:56:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4d334d98
Faulting module name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4d334d98
Exception code: 0x40000015
Fault offset: 0x0008cb40
Faulting process id: 0xfa8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/03/2013 03:35:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: recordingmanager.exe, version: 1.3.2.28, time stamp: 0x516d233e
Faulting module name: mametadata.dll, version: 1.3.2.28, time stamp: 0x516d22d9
Exception code: 0xc0000005
Fault offset: 0x000126c5
Faulting process id: 0x1774
Faulting application start time: 0xrecordingmanager.exe0
Faulting application path: recordingmanager.exe1
Faulting module path: recordingmanager.exe2
Report Id: recordingmanager.exe3

Error: (07/03/2013 03:28:48 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16611 stopped interacting with Windows and was closed. To see if more information about the problem

is available, check the problem history in the Action Center control panel.

Process ID: 2c8

Start Time: 01ce77e2e060413f

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/03/2013 10:55:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/02/2013 08:07:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/02/2013 09:08:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/02/2013 09:05:55 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (07/04/2013 10:49:04 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (07/04/2013 10:44:56 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (07/04/2013 10:44:10 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.

Error: (07/04/2013 10:44:10 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.

Error: (07/04/2013 09:21:47 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (07/04/2013 09:21:01 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.

Error: (07/04/2013 09:21:01 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.

Error: (07/04/2013 09:21:01 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.

Error: (07/04/2013 09:21:01 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.

Error: (07/04/2013 09:21:01 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.


Microsoft Office Sessions:
=========================
Error: (07/04/2013 11:42:54 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-

26B9AE371F9F}\recordingmanager.exe

Error: (07/04/2013 10:15:10 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-

26B9AE371F9F}\recordingmanager.exe

Error: (07/04/2013 10:12:33 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions

\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/03/2013 11:56:10 PM) (Source: Application Error)(User: )
Description: iexplore.exe0.0.0.04d334d98iexplore.exe0.0.0.04d334d98400000150008cb40fa801ce786a67d06c6fC:\Users\Admin\AppData\Local\Temp\RarSFX1\procs

\iexplore.exeC:\Users\Admin\AppData\Local\Temp\RarSFX1\procs\iexplore.exea941049e-e45d-11e2-a7f3-001eec39a528

Error: (07/03/2013 03:35:23 PM) (Source: Application Error)(User: )
Description: recordingmanager.exe1.3.2.28516d233emametadata.dll1.3.2.28516d22d9c0000005000126c5177401ce7821e0856c75C:\Program Files\RealNetworks

\RealDownloader\recordingmanager.exeC:\Program Files\RealNetworks\RealDownloader\RCAPlugins\mametadata.dllb399283f-e417-11e2-a70f-001eec39a528

Error: (07/03/2013 03:28:48 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.166112c801ce77e2e060413f0C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/03/2013 10:55:11 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-

26B9AE371F9F}\recordingmanager.exe

Error: (07/02/2013 08:07:57 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-

26B9AE371F9F}\recordingmanager.exe

Error: (07/02/2013 09:08:28 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-

26B9AE371F9F}\recordingmanager.exe

Error: (07/02/2013 09:05:55 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions

\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


CodeIntegrity Errors:
===================================
Date: 2013-07-02 01:39:47.851
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-

tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-07-02 01:39:47.648
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-

tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-07-02 01:39:47.445
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-

tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-07-02 00:55:34.239
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-

bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-07-02 00:55:34.037
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-

bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-07-02 00:55:33.818
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-

bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-05-23 16:39:09.738
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-

bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-05-23 16:39:09.507
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-

bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-05-23 16:39:09.266
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-

bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-05-18 18:51:12.043
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-

bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

µTorrent (Version: 3.3.1.29812)
32 Bit HP CIO Components Installer (Version: 7.1.8)
3dsmax ancillary install (Version: 1)
4500_G510af_Help_Web (Version: 000.0.440.000)
4500G510af_Software_Min (Version: 000.0.423.000)
4500G510af_web (Version: 000.0.425.000)
Ad-Aware Antivirus (Version: 10.4.47.4163)
Adobe AIR (Version: 1.1.0.5790)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color Video Profiles AE CS4 (Version: 2.0)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Dynamiclink Support (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Fonts All (Version: 2.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe MotionPicture Color Files CS4 (Version: 2.0)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Setup (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Alarm Clock v1.0
Allegorithmic Substance Designer 1.x (Version: 1.1.0 build 5599 (2011-01-13))
Allegorithmic Substance Player 1.x (Version: 1.1.0 build 5599 (2011-01-13))
Amazon Kindle
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
ArchVision Dashboard (Version: 1.0.2.1)
Audacity 1.3.13 (Unicode)
Audacity 2.0.2 (Version: 2.0.2)
AVG 2011 (Version: 10.0.1432)
AVG 2011 (Version: 10.0.3204)
AVG PC Tuneup (Version: 10.0.0.27)
AVG Security Toolbar (Version: 15.3.0.11)
BufferChm (Version: 130.0.331.000)
C4700 (Version: 130.0.373.000)
Craft Director Studio
dBpoweramp Music Converter (Version: Release 14.2)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
Doremi FLV to MP3 Converter 1.6 (Version: 1.6)
Doxillion Document Converter
ESET Online Scanner v3
Evrsoft First Page 2006
Express Zip File Compression Software
FBX Plugin 2006.08 for Max 9.0
FlashGet3.7 (Version: 3.7.0.1195)
FXCM Trading Station (Version: 111711)
Google Chrome (Version: 27.0.1453.116)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.149)
GPBaseService2 (Version: 130.0.371.000)
HijackThis 2.0.2 (Version: 2.0.2)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510a-f (Version: 13.0)
HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6 (Version: 14.0)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.005.000.002)
HPPhotoGadget (Version: 130.0.282.000)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
InstaCodecs (Version: 1.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 30 (Version: 6.0.300)
Kindle Previewer (Version: 2.51)
K-Lite Codec Pack 7.9.0 (Basic) (Version: 7.9.0)
LAME v3.98.3 for Audacity
LMMS 0.4.13 (Version: 0.4.13)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Home and Student 2010 - English (Version: 14.0.6114.5002)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mobipocket Creator 4.2 (Version: 4.2.41)
MorphVOX Pro (Version: 4.4.6)
Movie Maker 6.0 for Windows 7 (32-bit) (Version: 6.0.0)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 140.0.215.000)
Paint Shop Pro 7 (Version: 7.0.2.0000)
Photoshop Camera Raw (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
Power Sound Editor Free
PS_AIO_06_C4700_SW_Min (Version: 140.0.690.000)
QuickTime (Version: 7.71.80.42)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
RealUpgrade 1.1 (Version: 1.1.0)
RPC Plug-in for Autodesk 3ds Max 2012 32-bit (Version: 3.16.0.0)
Scan (Version: 140.0.80.000)
Shop for HP Supplies (Version: 13.0)
Skype Click to Call (Version: 6.9.12585)
Skype 6.5 (Version: 6.5.158)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Sound Normalizer 3.8 (Version: 3.8)
Status (Version: 130.0.373.000)
Suite Shared Configuration CS4 (Version: 1.0)
SUPERAntiSpyware (Version: 5.1.1002)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 130.0.376.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
VLC media player 1.1.11 (Version: 1.1.11)
WebReg (Version: 130.0.132.017)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 2038.43 MB
Available physical RAM: 1279.51 MB
Total Pagefile: 3949.37 MB
Available Pagefile: 2850.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.71 MB

========================= Partitions: =====================================

1 Drive c: (SQ004680V03) (Fixed) (Total:110.32 GB) (Free:2.29 GB) NTFS

========================= Users: ========================================

User accounts for \\Admin-PC

Administrator Guest Admin


**** End of log ****



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:12 PM

Posted 05 July 2013 - 08:44 PM

Hello, that image still does not tell us what application is making the claim that SAS is a virus.

Looking at your errors, I suggest you Uninstall RealPlayer and then reinstall it.

While you are in the Uninstaller uninstall this, it's outdated and exploitable.
Java™ 6 Update 30 (Version: 6.0.300)
Reboot the system now.

Install
RealPlayer
Java Version 7 Update 25
 
Update your SAS
 
Did you run these??
 
Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
Do not change the default options on scan results.
 
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
 
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 TechnicalDifficulty

TechnicalDifficulty
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 08 July 2013 - 08:56 PM

Looking at your errors, I suggest you Uninstall RealPlayer and then reinstall it.

While you are in the Uninstaller uninstall this, it's outdated and exploitable.
Java™ 6 Update 30 (Version: 6.0.300)
Reboot the system now.

Done. And here are the logs for the TDSSKiller, AdwCleaner and ESET scans.

TDSSKiller

18:10:18.0500 3032 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:10:18.0906 3032 ============================================================
18:10:18.0906 3032 Current date / time: 2013/07/08 18:10:18.0906
18:10:18.0906 3032 SystemInfo:
18:10:18.0906 3032
18:10:18.0906 3032 OS Version: 6.1.7601 ServicePack: 1.0
18:10:18.0906 3032 Product type: Workstation
18:10:18.0906 3032 ComputerName: Admin-PC
18:10:18.0907 3032 UserName: Admin
18:10:18.0907 3032 Windows directory: C:\Windows
18:10:18.0907 3032 System windows directory: C:\Windows
18:10:18.0907 3032 Processor architecture: Intel x86
18:10:18.0907 3032 Number of processors: 1
18:10:18.0907 3032 Page size: 0x1000
18:10:18.0907 3032 Boot type: Normal boot
18:10:18.0907 3032 ============================================================
18:10:24.0134 3032 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F,

TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:10:24.0300 3032 ============================================================
18:10:24.0300 3032 \Device\Harddisk0\DR0:
18:10:24.0300 3032 MBR partitions:
18:10:24.0300 3032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xDCA6000
18:10:24.0300 3032 ============================================================
18:10:24.0363 3032 C: <-> \Device\Harddisk0\DR0\Partition1
18:10:24.0469 3032 ============================================================
18:10:24.0469 3032 Initialize success
18:10:24.0469 3032 ============================================================
18:10:33.0820 5376 ============================================================
18:10:33.0820 5376 Scan started
18:10:33.0820 5376 Mode: Manual; TDLFS;
18:10:33.0820 5376 ============================================================
18:10:36.0180 5376 ================ Scan system memory ========================
18:10:36.0180 5376 System memory - ok
18:10:36.0184 5376 ================ Scan services =============================
18:10:36.0484 5376 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:10:36.0488 5376 !SASCORE - ok
18:10:36.0939 5376 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:10:36.0944 5376 1394ohci - ok
18:10:37.0071 5376 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:10:37.0077 5376 ACPI - ok
18:10:37.0176 5376 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:10:37.0178 5376 AcpiPmi - ok
18:10:37.0390 5376 [ E9BACEDF8511EF671E817D8690E12DE3 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
18:10:37.0414 5376 Ad-Aware Service - ok
18:10:37.0622 5376 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:10:37.0625 5376 AdobeARMservice - ok
18:10:37.0773 5376 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:10:37.0778 5376 AdobeFlashPlayerUpdateSvc - ok
18:10:37.0877 5376 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:10:37.0886 5376 adp94xx - ok
18:10:37.0925 5376 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:10:37.0932 5376 adpahci - ok
18:10:38.0170 5376 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:10:38.0260 5376 adpu320 - ok
18:10:38.0527 5376 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:10:38.0529 5376 AeLookupSvc - ok
18:10:38.0631 5376 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:10:38.0661 5376 AFD - ok
18:10:38.0743 5376 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
18:10:38.0762 5376 AgereSoftModem - ok
18:10:38.0823 5376 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:10:38.0826 5376 agp440 - ok
18:10:38.0891 5376 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:10:38.0894 5376 aic78xx - ok
18:10:38.0951 5376 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:10:38.0954 5376 ALG - ok
18:10:38.0984 5376 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:10:38.0987 5376 aliide - ok
18:10:39.0017 5376 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:10:39.0020 5376 amdagp - ok
18:10:39.0057 5376 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:10:39.0060 5376 amdide - ok
18:10:39.0120 5376 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:10:39.0124 5376 AmdK8 - ok
18:10:39.0147 5376 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:10:39.0149 5376 AmdPPM - ok
18:10:39.0203 5376 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:10:39.0207 5376 amdsata - ok
18:10:39.0241 5376 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:10:39.0246 5376 amdsbs - ok
18:10:39.0278 5376 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:10:39.0280 5376 amdxata - ok
18:10:39.0342 5376 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:10:39.0346 5376 AppID - ok
18:10:39.0422 5376 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:10:39.0442 5376 AppIDSvc - ok
18:10:39.0505 5376 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
18:10:39.0507 5376 Appinfo - ok
18:10:39.0584 5376 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
18:10:39.0615 5376 AppMgmt - ok
18:10:39.0674 5376 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:10:39.0677 5376 arc - ok
18:10:39.0709 5376 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:10:39.0713 5376 arcsas - ok
18:10:39.0871 5376 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:10:39.0891 5376 aspnet_state - ok
18:10:39.0987 5376 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:10:39.0989 5376 AsyncMac - ok
18:10:40.0030 5376 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:10:40.0031 5376 atapi - ok
18:10:40.0137 5376 [ AC4ADAC154563AB41CC79B0257BC685A ] athr C:\Windows\system32\DRIVERS\athr.sys
18:10:40.0159 5376 athr - ok
18:10:40.0254 5376 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:10:40.0262 5376 AudioEndpointBuilder - ok
18:10:40.0280 5376 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:10:40.0291 5376 Audiosrv - ok
18:10:40.0407 5376 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
18:10:40.0412 5376 AVG Security Toolbar Service - ok
18:10:40.0908 5376 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
18:10:41.0390 5376 AVGIDSAgent - ok
18:10:41.0468 5376 [ B9ACB889BA1E0561868C025F95D63E25 ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
18:10:41.0479 5376 AVGIDSDriver - ok
18:10:41.0589 5376 [ 13256FC72FA5B3F6D6E8C5957E579B7C ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
18:10:41.0593 5376 AVGIDSEH - ok
18:10:41.0681 5376 [ FA0685CC51DE5CFD804E7DEAA6488E0E ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
18:10:41.0684 5376 AVGIDSFilter - ok
18:10:41.0741 5376 [ F788B51100D0F40EA176798CCE954A1A ] AVGIDSShim C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
18:10:41.0745 5376 AVGIDSShim - ok
18:10:41.0849 5376 [ 901EB73F900D8DD1E8862C40427B83AE ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
18:10:41.0855 5376 Avgldx86 - ok
18:10:41.0959 5376 [ 5639DE66B37D02BD22DF4CF3155FBA60 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
18:10:41.0961 5376 Avgmfx86 - ok
18:10:42.0026 5376 [ D1BAF652EDA0AE70896276A1FB32C2D4 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
18:10:42.0028 5376 Avgrkx86 - ok
18:10:42.0074 5376 [ AAF0EBCAD95F2164CFFB544E00392498 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
18:10:42.0082 5376 Avgtdix - ok
18:10:42.0182 5376 [ C6C470CD49FE9DBA0F082540D7AF7642 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
18:10:42.0185 5376 avgtp - ok
18:10:42.0257 5376 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files\AVG\AVG10\avgwdsvc.exe
18:10:42.0263 5376 avgwd - ok
18:10:42.0334 5376 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:10:42.0337 5376 AxInstSV - ok
18:10:42.0411 5376 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:10:42.0420 5376 b06bdrv - ok
18:10:42.0495 5376 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:10:42.0501 5376 b57nd60x - ok
18:10:42.0573 5376 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:10:42.0576 5376 BDESVC - ok
18:10:42.0628 5376 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:10:42.0630 5376 Beep - ok
18:10:42.0706 5376 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
18:10:42.0719 5376 BITS - ok
18:10:42.0789 5376 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:10:42.0792 5376 blbdrive - ok
18:10:42.0919 5376 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:10:42.0922 5376 bowser - ok
18:10:42.0942 5376 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:10:42.0944 5376 BrFiltLo - ok
18:10:43.0007 5376 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:10:43.0009 5376 BrFiltUp - ok
18:10:43.0243 5376 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:10:43.0247 5376 BridgeMP - ok
18:10:43.0324 5376 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
18:10:43.0327 5376 Browser - ok
18:10:43.0363 5376 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:10:43.0369 5376 Brserid - ok
18:10:43.0438 5376 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:10:43.0441 5376 BrSerWdm - ok
18:10:43.0497 5376 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:10:43.0553 5376 BrUsbMdm - ok
18:10:43.0697 5376 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:10:43.0931 5376 BrUsbSer - ok
18:10:43.0950 5376 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:10:43.0952 5376 BTHMODEM - ok
18:10:44.0026 5376 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:10:44.0029 5376 bthserv - ok
18:10:44.0086 5376 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:10:44.0089 5376 cdfs - ok
18:10:44.0157 5376 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:10:44.0161 5376 cdrom - ok
18:10:44.0242 5376 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:10:44.0245 5376 CertPropSvc - ok
18:10:44.0306 5376 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:10:44.0310 5376 circlass - ok
18:10:44.0374 5376 [ 3E2AFAFA158C9ED670C106842BDCC81E ] CISVC C:\Windows\system32\CISVC.EXE
18:10:44.0376 5376 CISVC - ok
18:10:44.0457 5376 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:10:44.0461 5376 CLFS - ok
18:10:44.0538 5376 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:10:44.0575 5376 clr_optimization_v2.0.50727_32 - ok
18:10:44.0648 5376 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:10:44.0715 5376 clr_optimization_v4.0.30319_32 - ok
18:10:44.0820 5376 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:10:44.0822 5376 CmBatt - ok
18:10:44.0863 5376 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:10:44.0865 5376 cmdide - ok
18:10:44.0934 5376 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
18:10:44.0942 5376 CNG - ok
18:10:45.0025 5376 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:10:45.0028 5376 Compbatt - ok
18:10:45.0072 5376 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:10:45.0075 5376 CompositeBus - ok
18:10:45.0088 5376 COMSysApp - ok
18:10:45.0148 5376 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:10:45.0151 5376 crcdisk - ok
18:10:45.0227 5376 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:10:45.0230 5376 CryptSvc - ok
18:10:45.0327 5376 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
18:10:45.0336 5376 CSC - ok
18:10:45.0467 5376 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
18:10:45.0477 5376 CscService - ok
18:10:45.0626 5376 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:10:45.0639 5376 cvhsvc - ok
18:10:45.0713 5376 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:10:45.0722 5376 DcomLaunch - ok
18:10:45.0804 5376 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:10:45.0811 5376 defragsvc - ok
18:10:45.0919 5376 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:10:45.0922 5376 DfsC - ok
18:10:45.0993 5376 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:10:45.0999 5376 Dhcp - ok
18:10:46.0074 5376 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:10:46.0076 5376 discache - ok
18:10:46.0096 5376 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:10:46.0099 5376 Disk - ok
18:10:46.0138 5376 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:10:46.0141 5376 Dnscache - ok
18:10:46.0212 5376 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:10:46.0217 5376 dot3svc - ok
18:10:46.0276 5376 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:10:46.0279 5376 Dot4 - ok
18:10:46.0351 5376 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
18:10:46.0354 5376 Dot4Print - ok
18:10:46.0437 5376 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:10:46.0440 5376 dot4usb - ok
18:10:46.0541 5376 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:10:46.0544 5376 DPS - ok
18:10:46.0592 5376 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:10:46.0594 5376 drmkaud - ok
18:10:46.0698 5376 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:10:46.0711 5376 DXGKrnl - ok
18:10:46.0788 5376 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:10:46.0791 5376 EapHost - ok
18:10:46.0985 5376 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:10:47.0150 5376 ebdrv - ok
18:10:47.0188 5376 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:10:47.0191 5376 EFS - ok
18:10:47.0349 5376 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:10:47.0360 5376 ehRecvr - ok
18:10:47.0427 5376 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:10:47.0431 5376 ehSched - ok
18:10:47.0503 5376 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:10:47.0513 5376 elxstor - ok
18:10:47.0539 5376 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:10:47.0541 5376 ErrDev - ok
18:10:47.0673 5376 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:10:47.0679 5376 EventSystem - ok
18:10:47.0711 5376 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:10:47.0715 5376 exfat - ok
18:10:47.0742 5376 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:10:47.0747 5376 fastfat - ok
18:10:47.0825 5376 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:10:47.0835 5376 Fax - ok
18:10:47.0919 5376 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:10:47.0921 5376 fdc - ok
18:10:47.0949 5376 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:10:47.0952 5376 fdPHost - ok
18:10:48.0022 5376 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:10:48.0025 5376 FDResPub - ok
18:10:48.0070 5376 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:10:48.0073 5376 FileInfo - ok
18:10:48.0110 5376 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:10:48.0113 5376 Filetrace - ok
18:10:48.0239 5376 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher

\FNPLicensingService.exe
18:10:48.0274 5376 FLEXnet Licensing Service - ok
18:10:48.0297 5376 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:10:48.0299 5376 flpydisk - ok
18:10:48.0401 5376 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:10:48.0406 5376 FltMgr - ok
18:10:48.0510 5376 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
18:10:48.0525 5376 FontCache - ok
18:10:48.0664 5376 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:10:48.0709 5376 FontCache3.0.0.0 - ok
18:10:48.0732 5376 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:10:48.0737 5376 FsDepends - ok
18:10:48.0803 5376 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:10:48.0805 5376 Fs_Rec - ok
18:10:48.0916 5376 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:10:48.0996 5376 fvevol - ok
18:10:49.0065 5376 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:10:49.0068 5376 gagp30kx - ok
18:10:49.0166 5376 [ 483924F92E55A5F9423201EC635E2CED ] gfibto C:\Windows\system32\drivers\gfibto.sys
18:10:49.0168 5376 gfibto - ok
18:10:49.0254 5376 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:10:49.0265 5376 gpsvc - ok
18:10:49.0399 5376 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:10:49.0403 5376 gupdate - ok
18:10:49.0443 5376 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:10:49.0445 5376 gupdatem - ok
18:10:49.0512 5376 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:10:49.0515 5376 hcw85cir - ok
18:10:49.0598 5376 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:10:49.0605 5376 HdAudAddService - ok
18:10:49.0637 5376 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:10:49.0641 5376 HDAudBus - ok
18:10:49.0668 5376 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:10:49.0676 5376 HidBatt - ok
18:10:49.0711 5376 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:10:49.0716 5376 HidBth - ok
18:10:49.0795 5376 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:10:49.0798 5376 HidIr - ok
18:10:49.0867 5376 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
18:10:49.0870 5376 hidserv - ok
18:10:49.0927 5376 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:10:49.0930 5376 HidUsb - ok
18:10:49.0995 5376 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:10:49.0998 5376 hkmsvc - ok
18:10:50.0095 5376 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:10:50.0101 5376 HomeGroupListener - ok
18:10:50.0174 5376 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:10:50.0184 5376 HomeGroupProvider - ok
18:10:50.0311 5376 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:10:50.0317 5376 hpqcxs08 - ok
18:10:50.0359 5376 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:10:50.0363 5376 hpqddsvc - ok
18:10:50.0440 5376 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:10:50.0443 5376 HpSAMD - ok
18:10:50.0530 5376 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
18:10:50.0557 5376 HPSLPSVC - ok
18:10:50.0731 5376 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:10:50.0742 5376 HTTP - ok
18:10:50.0988 5376 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:10:50.0990 5376 hwpolicy - ok
18:10:51.0023 5376 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:10:51.0027 5376 i8042prt - ok
18:10:51.0080 5376 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:10:51.0087 5376 iaStorV - ok
18:10:51.0229 5376 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation

\infocard.exe
18:10:51.0245 5376 idsvc - ok
18:10:51.0509 5376 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:10:51.0650 5376 igfx - ok
18:10:51.0768 5376 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:10:51.0771 5376 iirsp - ok
18:10:51.0951 5376 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:10:51.0964 5376 IKEEXT - ok
18:10:52.0031 5376 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:10:52.0033 5376 intelide - ok
18:10:52.0124 5376 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:10:52.0127 5376 intelppm - ok
18:10:52.0213 5376 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:10:52.0218 5376 IPBusEnum - ok
18:10:52.0254 5376 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:10:52.0257 5376 IpFilterDriver - ok
18:10:52.0318 5376 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:10:52.0322 5376 IPMIDRV - ok
18:10:52.0375 5376 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:10:52.0378 5376 IPNAT - ok
18:10:52.0408 5376 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:10:52.0410 5376 IRENUM - ok
18:10:52.0445 5376 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:10:52.0447 5376 isapnp - ok
18:10:52.0481 5376 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:10:52.0486 5376 iScsiPrt - ok
18:10:52.0537 5376 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:10:52.0540 5376 kbdclass - ok
18:10:52.0615 5376 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:10:52.0619 5376 kbdhid - ok
18:10:52.0644 5376 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:10:52.0647 5376 KeyIso - ok
18:10:52.0709 5376 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:10:52.0713 5376 KSecDD - ok
18:10:52.0832 5376 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:10:52.0837 5376 KSecPkg - ok
18:10:52.0926 5376 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:10:52.0934 5376 KtmRm - ok
18:10:53.0031 5376 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
18:10:53.0038 5376 LanmanServer - ok
18:10:53.0138 5376 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:10:53.0144 5376 LanmanWorkstation - ok
18:10:53.0189 5376 Lavasoft Kernexplorer - ok
18:10:53.0261 5376 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:10:53.0264 5376 lltdio - ok
18:10:53.0330 5376 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:10:53.0338 5376 lltdsvc - ok
18:10:53.0370 5376 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:10:53.0373 5376 lmhosts - ok
18:10:53.0410 5376 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:10:53.0414 5376 LSI_FC - ok
18:10:53.0455 5376 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:10:53.0458 5376 LSI_SAS - ok
18:10:53.0488 5376 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:10:53.0491 5376 LSI_SAS2 - ok
18:10:53.0522 5376 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:10:53.0527 5376 LSI_SCSI - ok
18:10:53.0628 5376 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:10:53.0632 5376 luafv - ok
18:10:53.0715 5376 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:10:53.0720 5376 Mcx2Svc - ok
18:10:53.0814 5376 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:10:53.0817 5376 megasas - ok
18:10:53.0848 5376 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:10:53.0854 5376 MegaSR - ok
18:10:54.0111 5376 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2010_32 C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite

\raysat_3dsmax2010_32server.exe
18:10:54.0116 5376 mi-raysat_3dsmax2010_32 - ok
18:10:54.0191 5376 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:10:54.0194 5376 MMCSS - ok
18:10:54.0247 5376 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:10:54.0249 5376 Modem - ok
18:10:54.0362 5376 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:10:54.0364 5376 monitor - ok
18:10:54.0410 5376 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:10:54.0413 5376 mouclass - ok
18:10:54.0464 5376 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:10:54.0467 5376 mouhid - ok
18:10:54.0539 5376 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:10:54.0542 5376 mountmgr - ok
18:10:54.0603 5376 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:10:54.0608 5376 MozillaMaintenance - ok
18:10:54.0659 5376 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:10:54.0664 5376 mpio - ok
18:10:54.0844 5376 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:10:54.0847 5376 mpsdrv - ok
18:10:54.0935 5376 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:10:54.0939 5376 MRxDAV - ok
18:10:55.0017 5376 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:10:55.0021 5376 mrxsmb - ok
18:10:55.0063 5376 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:10:55.0068 5376 mrxsmb10 - ok
18:10:55.0101 5376 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:10:55.0106 5376 mrxsmb20 - ok
18:10:55.0168 5376 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
18:10:55.0171 5376 msahci - ok
18:10:55.0200 5376 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:10:55.0204 5376 msdsm - ok
18:10:55.0239 5376 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:10:55.0244 5376 MSDTC - ok
18:10:55.0365 5376 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:10:55.0369 5376 Msfs - ok
18:10:55.0482 5376 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:10:55.0484 5376 mshidkmdf - ok
18:10:55.0529 5376 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:10:55.0531 5376 msisadrv - ok
18:10:55.0591 5376 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:10:55.0596 5376 MSiSCSI - ok
18:10:55.0609 5376 msiserver - ok
18:10:55.0640 5376 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:10:55.0642 5376 MSKSSRV - ok
18:10:55.0667 5376 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:10:55.0669 5376 MSPCLOCK - ok
18:10:55.0696 5376 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:10:55.0698 5376 MSPQM - ok
18:10:55.0814 5376 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:10:55.0819 5376 MsRPC - ok
18:10:55.0872 5376 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:10:55.0875 5376 mssmbios - ok
18:10:55.0960 5376 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:10:55.0962 5376 MSTEE - ok
18:10:56.0012 5376 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:10:56.0014 5376 MTConfig - ok
18:10:56.0111 5376 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:10:56.0113 5376 Mup - ok
18:10:56.0188 5376 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:10:56.0197 5376 napagent - ok
18:10:56.0255 5376 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:10:56.0261 5376 NativeWifiP - ok
18:10:56.0372 5376 [ 1B8EAD4764CB698AA731F9DCBD6050B4 ] nchmicfilter C:\Windows\system32\DRIVERS\nchmicfilterx86.sys
18:10:56.0374 5376 nchmicfilter - ok
18:10:56.0491 5376 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:10:56.0505 5376 NDIS - ok
18:10:56.0576 5376 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:10:56.0579 5376 NdisCap - ok
18:10:56.0643 5376 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:10:56.0646 5376 NdisTapi - ok
18:10:56.0721 5376 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:10:56.0725 5376 Ndisuio - ok
18:10:56.0803 5376 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:10:56.0807 5376 NdisWan - ok
18:10:56.0878 5376 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:10:56.0881 5376 NDProxy - ok
18:10:56.0950 5376 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:10:56.0953 5376 Net Driver HPZ12 - ok
18:10:57.0060 5376 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:10:57.0063 5376 NetBIOS - ok
18:10:57.0133 5376 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:10:57.0138 5376 NetBT - ok
18:10:57.0223 5376 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:10:57.0226 5376 Netlogon - ok
18:10:57.0335 5376 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:10:57.0345 5376 Netman - ok
18:10:57.0406 5376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:10:57.0411 5376 NetMsmqActivator - ok
18:10:57.0448 5376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:10:57.0450 5376 NetPipeActivator - ok
18:10:57.0500 5376 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:10:57.0508 5376 netprofm - ok
18:10:57.0525 5376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:10:57.0527 5376 NetTcpActivator - ok
18:10:57.0542 5376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:10:57.0544 5376 NetTcpPortSharing - ok
18:10:57.0608 5376 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:10:57.0610 5376 nfrd960 - ok
18:10:57.0689 5376 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
18:10:57.0696 5376 NlaSvc - ok
18:10:57.0736 5376 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:10:57.0739 5376 Npfs - ok
18:10:57.0804 5376 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:10:57.0807 5376 nsi - ok
18:10:57.0838 5376 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:10:57.0840 5376 nsiproxy - ok
18:11:02.0262 5376 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:11:02.0283 5376 Ntfs - ok
18:11:06.0284 5376 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:11:06.0286 5376 Null - ok
18:11:06.0361 5376 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:11:06.0376 5376 nvraid - ok
18:11:06.0411 5376 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:11:06.0416 5376 nvstor - ok
18:11:14.0690 5376 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:11:18.0735 5376 nv_agp - ok
18:11:18.0884 5376 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:11:18.0887 5376 ohci1394 - ok
18:11:19.0166 5376 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:11:19.0233 5376 ose - ok
18:11:19.0646 5376 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform

\OSPPSVC.EXE
18:11:19.0860 5376 osppsvc - ok
18:11:19.0931 5376 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:11:19.0940 5376 p2pimsvc - ok
18:11:20.0104 5376 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:11:20.0114 5376 p2psvc - ok
18:11:20.0197 5376 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:11:20.0203 5376 Parport - ok
18:11:20.0294 5376 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:11:20.0297 5376 partmgr - ok
18:11:20.0319 5376 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:11:20.0321 5376 Parvdm - ok
18:11:20.0357 5376 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:11:20.0364 5376 PcaSvc - ok
18:11:20.0415 5376 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:11:20.0421 5376 pci - ok
18:11:20.0449 5376 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:11:20.0452 5376 pciide - ok
18:11:20.0549 5376 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:11:20.0553 5376 pcmcia - ok
18:11:20.0688 5376 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:11:20.0691 5376 pcw - ok
18:11:20.0804 5376 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:11:20.0815 5376 PEAUTH - ok
18:11:20.0926 5376 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:11:20.0949 5376 PeerDistSvc - ok
18:11:21.0509 5376 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:11:21.0538 5376 pla - ok
18:11:21.0613 5376 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:11:21.0621 5376 PlugPlay - ok
18:11:21.0691 5376 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:11:21.0694 5376 Pml Driver HPZ12 - ok
18:11:21.0759 5376 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:11:21.0764 5376 PNRPAutoReg - ok
18:11:21.0795 5376 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:11:21.0800 5376 PNRPsvc - ok
18:11:21.0936 5376 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:11:21.0953 5376 PolicyAgent - ok
18:11:22.0051 5376 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
18:11:22.0065 5376 Power - ok
18:11:22.0152 5376 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:11:22.0155 5376 PptpMiniport - ok
18:11:22.0189 5376 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:11:22.0194 5376 Processor - ok
18:11:22.0262 5376 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
18:11:22.0268 5376 ProfSvc - ok
18:11:22.0292 5376 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:11:22.0295 5376 ProtectedStorage - ok
18:11:22.0342 5376 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:11:22.0346 5376 Psched - ok
18:11:22.0412 5376 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:11:22.0455 5376 ql2300 - ok
18:11:22.0505 5376 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:11:22.0508 5376 ql40xx - ok
18:11:22.0572 5376 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:11:22.0580 5376 QWAVE - ok
18:11:22.0603 5376 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:11:22.0605 5376 QWAVEdrv - ok
18:11:22.0634 5376 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:11:22.0636 5376 RasAcd - ok
18:11:22.0701 5376 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:11:22.0704 5376 RasAgileVpn - ok
18:11:22.0762 5376 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:11:22.0767 5376 RasAuto - ok
18:11:22.0879 5376 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:11:22.0883 5376 Rasl2tp - ok
18:11:22.0979 5376 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:11:22.0988 5376 RasMan - ok
18:11:23.0020 5376 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:11:23.0023 5376 RasPppoe - ok
18:11:23.0075 5376 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:11:23.0078 5376 RasSstp - ok
18:11:23.0212 5376 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:11:23.0218 5376 rdbss - ok
18:11:23.0320 5376 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:11:23.0323 5376 rdpbus - ok
18:11:23.0389 5376 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:11:23.0392 5376 RDPCDD - ok
18:11:23.0459 5376 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:11:23.0468 5376 RDPDR - ok
18:11:23.0528 5376 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:11:23.0532 5376 RDPENCDD - ok
18:11:23.0559 5376 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:11:23.0562 5376 RDPREFMP - ok
18:11:24.0061 5376 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:11:24.0111 5376 RdpVideoMiniport - ok
18:11:24.0197 5376 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:11:24.0202 5376 RDPWD - ok
18:11:24.0270 5376 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:11:24.0275 5376 rdyboost - ok
18:11:24.0476 5376 [ 1B89CF5B5C12F5DA383DFFFD4F3D6667 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader

\rndlresolversvc.exe
18:11:24.0478 5376 RealNetworks Downloader Resolver Service - ok
18:11:24.0601 5376 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:11:24.0606 5376 RemoteAccess - ok
18:11:24.0728 5376 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:11:24.0734 5376 RemoteRegistry - ok
18:11:24.0830 5376 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:11:24.0834 5376 RpcEptMapper - ok
18:11:24.0908 5376 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:11:24.0912 5376 RpcLocator - ok
18:11:25.0107 5376 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:11:25.0116 5376 RpcSs - ok
18:11:25.0273 5376 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:11:25.0276 5376 rspndr - ok
18:11:25.0331 5376 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
18:11:25.0335 5376 RTL8167 - ok
18:11:25.0470 5376 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:11:25.0473 5376 s3cap - ok
18:11:25.0537 5376 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:11:25.0539 5376 SamSs - ok
18:11:25.0704 5376 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:11:25.0707 5376 SASDIFSV - ok
18:11:25.0784 5376 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:11:25.0787 5376 SASKUTIL - ok
18:11:26.0451 5376 [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
18:11:26.0602 5376 SBAMSvc - ok
18:11:26.0767 5376 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:11:26.0785 5376 sbp2port - ok
18:11:26.0844 5376 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:11:26.0851 5376 SCardSvr - ok
18:11:26.0922 5376 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:11:26.0924 5376 scfilter - ok
18:11:27.0020 5376 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:11:27.0035 5376 Schedule - ok
18:11:27.0146 5376 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:11:27.0149 5376 SCPolicySvc - ok
18:11:27.0235 5376 [ A643D6DF1B7546256B11FB5D6B5D1375 ] SCREAMINGBDRIVER C:\Windows\system32\drivers\ScreamingBAudio.sys
18:11:27.0238 5376 SCREAMINGBDRIVER - ok
18:11:27.0272 5376 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:11:27.0278 5376 sdbus - ok
18:11:27.0392 5376 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:11:27.0398 5376 SDRSVC - ok
18:11:27.0603 5376 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:11:27.0606 5376 secdrv - ok
18:11:27.0672 5376 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:11:27.0678 5376 seclogon - ok
18:11:27.0702 5376 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:11:27.0707 5376 SENS - ok
18:11:27.0779 5376 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:11:27.0784 5376 SensrSvc - ok
18:11:27.0813 5376 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:11:27.0816 5376 Serenum - ok
18:11:27.0862 5376 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:11:27.0866 5376 Serial - ok
18:11:27.0900 5376 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:11:27.0904 5376 sermouse - ok
18:11:28.0016 5376 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:11:28.0021 5376 SessionEnv - ok
18:11:28.0087 5376 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:11:28.0089 5376 sffdisk - ok
18:11:28.0118 5376 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:11:28.0121 5376 sffp_mmc - ok
18:11:28.0157 5376 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:11:28.0159 5376 sffp_sd - ok
18:11:28.0231 5376 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:11:28.0235 5376 sfloppy - ok
18:11:28.0479 5376 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
18:11:28.0495 5376 Sftfs - ok
18:11:29.0294 5376 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
18:11:29.0438 5376 sftlist - ok
18:11:29.0907 5376 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:11:29.0926 5376 Sftplay - ok
18:11:30.0020 5376 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:11:30.0023 5376 Sftredir - ok
18:11:30.0063 5376 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
18:11:30.0066 5376 Sftvol - ok
18:11:30.0161 5376 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
18:11:30.0165 5376 sftvsa - ok
18:11:30.0273 5376 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:11:30.0281 5376 ShellHWDetection - ok
18:11:30.0413 5376 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:11:30.0416 5376 sisagp - ok
18:11:30.0503 5376 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:11:30.0506 5376 SiSRaid2 - ok
18:11:30.0537 5376 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:11:30.0540 5376 SiSRaid4 - ok
18:11:30.0905 5376 [ 7C70691D01181E3F441C6B9D429D24CC ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:11:30.0910 5376 SkypeUpdate - ok
18:11:30.0951 5376 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:11:30.0955 5376 Smb - ok
18:11:31.0025 5376 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:11:31.0030 5376 SNMPTRAP - ok
18:11:31.0161 5376 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:11:31.0163 5376 spldr - ok
18:11:31.0287 5376 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
18:11:31.0295 5376 Spooler - ok
18:11:31.0504 5376 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:11:31.0557 5376 sppsvc - ok
18:11:31.0633 5376 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:11:31.0638 5376 sppuinotify - ok
18:11:31.0696 5376 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:11:31.0704 5376 srv - ok
18:11:31.0763 5376 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:11:31.0770 5376 srv2 - ok
18:11:31.0812 5376 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:11:31.0815 5376 srvnet - ok
18:11:31.0886 5376 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:11:31.0892 5376 SSDPSRV - ok
18:11:31.0912 5376 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:11:31.0917 5376 SstpSvc - ok
18:11:31.0978 5376 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:11:31.0980 5376 stexstor - ok
18:11:32.0059 5376 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:11:32.0071 5376 StiSvc - ok
18:11:32.0107 5376 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:11:32.0110 5376 storflt - ok
18:11:32.0145 5376 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:11:32.0148 5376 storvsc - ok
18:11:32.0190 5376 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
18:11:32.0197 5376 swenum - ok
18:11:32.0267 5376 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:11:32.0276 5376 swprv - ok
18:11:32.0305 5376 Synth3dVsc - ok
18:11:32.0581 5376 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:11:32.0602 5376 SysMain - ok
18:11:32.0672 5376 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:11:32.0678 5376 TabletInputService - ok
18:11:32.0749 5376 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:11:32.0757 5376 TapiSrv - ok
18:11:32.0827 5376 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:11:32.0833 5376 TBS - ok
18:11:32.0962 5376 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:11:32.0984 5376 Tcpip - ok
18:11:33.0019 5376 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:11:33.0029 5376 TCPIP6 - ok
18:11:33.0108 5376 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:11:33.0111 5376 tcpipreg - ok
18:11:33.0171 5376 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:11:33.0174 5376 TDPIPE - ok
18:11:33.0240 5376 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:11:33.0242 5376 TDTCP - ok
18:11:33.0304 5376 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:11:33.0307 5376 tdx - ok
18:11:33.0327 5376 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:11:33.0330 5376 TermDD - ok
18:11:33.0414 5376 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:11:33.0425 5376 TermService - ok
18:11:33.0486 5376 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:11:33.0491 5376 Themes - ok
18:11:33.0518 5376 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:11:33.0521 5376 THREADORDER - ok
18:11:33.0581 5376 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:11:33.0586 5376 TrkWks - ok
18:11:33.0712 5376 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:11:33.0717 5376 TrustedInstaller - ok
18:11:33.0752 5376 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:11:33.0755 5376 tssecsrv - ok
18:11:33.0843 5376 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:11:33.0846 5376 TsUsbFlt - ok
18:11:33.0862 5376 tsusbhub - ok
18:11:33.0928 5376 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:11:33.0931 5376 tunnel - ok
18:11:33.0966 5376 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:11:33.0969 5376 TVALZ - ok
18:11:34.0033 5376 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:11:34.0036 5376 uagp35 - ok
18:11:34.0107 5376 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:11:34.0113 5376 udfs - ok
18:11:34.0183 5376 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:11:34.0188 5376 UI0Detect - ok
18:11:34.0228 5376 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:11:34.0231 5376 uliagpkx - ok
18:11:34.0274 5376 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
18:11:34.0277 5376 umbus - ok
18:11:34.0298 5376 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:11:34.0301 5376 UmPass - ok
18:11:34.0363 5376 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
18:11:34.0369 5376 UmRdpService - ok
18:11:34.0404 5376 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:11:34.0412 5376 upnphost - ok
18:11:34.0445 5376 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:11:34.0448 5376 usbccgp - ok
18:11:34.0485 5376 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:11:34.0489 5376 usbcir - ok
18:11:34.0528 5376 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:11:34.0531 5376 usbehci - ok
18:11:34.0570 5376 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:11:34.0576 5376 usbhub - ok
18:11:34.0601 5376 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:11:34.0604 5376 usbohci - ok
18:11:34.0657 5376 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:11:34.0659 5376 usbprint - ok
18:11:34.0690 5376 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:11:34.0693 5376 usbscan - ok
18:11:34.0720 5376 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
18:11:34.0723 5376 USBSTOR - ok
18:11:34.0748 5376 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:11:34.0755 5376 usbuhci - ok
18:11:34.0817 5376 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:11:34.0822 5376 UxSms - ok
18:11:34.0871 5376 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:11:34.0874 5376 VaultSvc - ok
18:11:34.0938 5376 [ B2ABAB4CA46BAD182E27763DC19C780F ] VCSVADHWSer C:\Windows\system32\DRIVERS\vcsvad.sys
18:11:34.0940 5376 VCSVADHWSer - ok
18:11:34.0988 5376 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:11:34.0991 5376 vdrvroot - ok
18:11:35.0068 5376 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:11:35.0080 5376 vds - ok
18:11:35.0138 5376 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:11:35.0141 5376 vga - ok
18:11:35.0171 5376 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:11:35.0174 5376 VgaSave - ok
18:11:35.0187 5376 VGPU - ok
18:11:35.0246 5376 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:11:35.0250 5376 vhdmp - ok
18:11:35.0298 5376 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:11:35.0301 5376 viaagp - ok
18:11:35.0341 5376 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:11:35.0344 5376 ViaC7 - ok
18:11:35.0365 5376 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:11:35.0368 5376 viaide - ok
18:11:35.0401 5376 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:11:35.0406 5376 vmbus - ok
18:11:35.0432 5376 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:11:35.0435 5376 VMBusHID - ok
18:11:35.0461 5376 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:11:35.0467 5376 volmgr - ok
18:11:35.0533 5376 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:11:35.0540 5376 volmgrx - ok
18:11:35.0581 5376 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:11:35.0586 5376 volsnap - ok
18:11:35.0621 5376 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:11:35.0625 5376 vsmraid - ok
18:11:35.0710 5376 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:11:35.0730 5376 VSS - ok
18:11:35.0959 5376 [ 254E8F9BA44E9F55416B0E51DBFF3C5F ] vToolbarUpdater15.3.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater

\15.3.0\ToolbarUpdater.exe
18:11:35.0985 5376 vToolbarUpdater15.3.0 - ok
18:11:36.0005 5376 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:11:36.0008 5376 vwifibus - ok
18:11:36.0033 5376 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:11:36.0036 5376 vwififlt - ok
18:11:36.0109 5376 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:11:36.0120 5376 W32Time - ok
18:11:36.0272 5376 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:11:36.0275 5376 WacomPen - ok
18:11:36.0341 5376 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:11:36.0344 5376 WANARP - ok
18:11:36.0373 5376 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:11:36.0374 5376 Wanarpv6 - ok
18:11:36.0549 5376 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:11:36.0571 5376 WatAdminSvc - ok
18:11:36.0685 5376 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:11:36.0707 5376 wbengine - ok
18:11:36.0773 5376 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:11:36.0780 5376 WbioSrvc - ok
18:11:36.0850 5376 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:11:36.0859 5376 wcncsvc - ok
18:11:36.0885 5376 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:11:36.0890 5376 WcsPlugInService - ok
18:11:36.0949 5376 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:11:36.0951 5376 Wd - ok
18:11:37.0044 5376 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:11:37.0057 5376 Wdf01000 - ok
18:11:37.0132 5376 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:11:37.0137 5376 WdiServiceHost - ok
18:11:37.0150 5376 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:11:37.0154 5376 WdiSystemHost - ok
18:11:37.0225 5376 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:11:37.0233 5376 WebClient - ok
18:11:37.0261 5376 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:11:37.0270 5376 Wecsvc - ok
18:11:37.0298 5376 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:11:37.0308 5376 wercplsupport - ok
18:11:37.0333 5376 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:11:37.0337 5376 WerSvc - ok
18:11:37.0360 5376 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:11:37.0362 5376 WfpLwf - ok
18:11:37.0426 5376 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:11:37.0429 5376 WIMMount - ok
18:11:37.0468 5376 WinHttpAutoProxySvc - ok
18:11:37.0604 5376 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:11:37.0608 5376 Winmgmt - ok
18:11:37.0705 5376 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
18:11:37.0729 5376 WinRM - ok
18:11:37.0824 5376 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:11:37.0841 5376 Wlansvc - ok
18:11:37.0870 5376 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:11:37.0873 5376 WmiAcpi - ok
18:11:37.0937 5376 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:11:37.0941 5376 wmiApSrv - ok
18:11:38.0094 5376 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:11:38.0113 5376 WMPNetworkSvc - ok
18:11:38.0181 5376 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:11:38.0186 5376 WPCSvc - ok
18:11:38.0269 5376 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:11:38.0276 5376 WPDBusEnum - ok
18:11:38.0338 5376 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:11:38.0341 5376 ws2ifsl - ok
18:11:38.0354 5376 WSearch - ok
18:11:38.0475 5376 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:11:38.0508 5376 wuauserv - ok
18:11:38.0572 5376 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:11:38.0579 5376 WudfPf - ok
18:11:38.0612 5376 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:11:38.0616 5376 WUDFRd - ok
18:11:38.0686 5376 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:11:38.0695 5376 wudfsvc - ok
18:11:38.0762 5376 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:11:38.0770 5376 WwanSvc - ok
18:11:38.0806 5376 ================ Scan global ===============================
18:11:38.0889 5376 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:11:38.0956 5376 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:11:38.0976 5376 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:11:39.0030 5376 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:11:39.0098 5376 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:11:39.0105 5376 [Global] - ok
18:11:39.0110 5376 ================ Scan MBR ==================================
18:11:39.0131 5376 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:11:40.0828 5376 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:11:40.0828 5376 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:11:40.0833 5376 ================ Scan VBR ==================================
18:11:40.0892 5376 [ A7FE3DFE3947F584645FFC32EBCC88D8 ] \Device\Harddisk0\DR0\Partition1
18:11:40.0894 5376 \Device\Harddisk0\DR0\Partition1 - ok
18:11:40.0898 5376 ============================================================
18:11:40.0898 5376 Scan finished
18:11:40.0898 5376 ============================================================
18:11:40.0918 5676 Detected object count: 1
18:11:40.0918 5676 Actual detected object count: 1
18:12:05.0428 5676 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:12:05.0428 5676 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:12:10.0300 0760 Deinitialize success

AdwCleaner

# AdwCleaner v2.304 - Logfile created 07/08/2013 at 21:29:44
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : LEE - Admin-PC
# Boot Mode : Normal
# Running from : C:\Users\LEE\Desktop\jumble\Malware Tools\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\LEE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndeiekmdhemaggmkgljlpdeaomeplbp
Deleted on reboot : C:\Users\LEE\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\LEE\AppData\Roaming\Mozilla\Firefox\Profiles\kqx71qlq.default-1361276145901\searchplugins\Conduit.xml
File Deleted : C:\Users\LEE\AppData\Roaming\Mozilla\Firefox\Profiles\xwqkkmp2.default\extensions\gophoto@gophoto.it.xpi
File Deleted : C:\Users\LEE\AppData\Roaming\Mozilla\Firefox\Profiles\xwqkkmp2.default\searchplugins\Searchou.xml
Folder Deleted : C:\Program Files\adawaretb
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Gophoto.it
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\LEE\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\LEE\AppData\Local\Conduit
Folder Deleted : C:\Users\LEE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\LEE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndeiekmdhemaggmkgljlpdeaomeplbp
Folder Deleted : C:\Users\LEE\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Deleted : C:\Users\LEE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\LEE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Folder Deleted : C:\Users\LEE\AppData\Local\PackageAware
Folder Deleted : C:\Users\LEE\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\LEE\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\LEE\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\LEE\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\LEE\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\LEE\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\LEE\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\LEE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\LEE\AppData\Roaming\Mozilla\Firefox\Profiles\kqx71qlq.default-1361276145901\CT3281348
Folder Deleted : C:\Users\LEE\AppData\Roaming\Mozilla\Firefox\Profiles\kqx71qlq.default-1361276145901\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Deleted : C:\Users\LEE\AppData\Roaming\Mozilla\Firefox\Profiles\kqx71qlq.default-1361276145901\extensions\{94193c2f-e73f-4feb-b393-2b95f0a01430}
Folder Deleted : C:\Users\LEE\AppData\Roaming\Mozilla\Firefox\Profiles\kqx71qlq.default-1361276145901\Smartbar
Folder Deleted : C:\Users\LEE\AppData\Roaming\Mozilla\Firefox\Profiles\xwqkkmp2.default\adawaretb
Folder Deleted : C:\Users\LEE\AppData\Roaming\Mozilla\Firefox\Profiles\xwqkkmp2.default\ConduitCommon
Folder Deleted : C:\Users\LEE\AppData\Roaming\ParetoLogic

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\jndeiekmdhemaggmkgljlpdeaomeplbp
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3281348
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jndeiekmdhemaggmkgljlpdeaomeplbp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\LEE\AppData\Roaming\Mozilla\Firefox\Profiles\kqx71qlq.default-1361276145901\prefs.js

Deleted : user_pref("CT3281348.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3281348.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description[...]
Deleted : user_pref("CT3281348.1000234.TWC_TMP_city", "TEMPLE HILLS");
Deleted : user_pref("CT3281348.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT3281348.1000234.TWC_country", "UNITED STATES");
Deleted : user_pref("CT3281348.1000234.TWC_locId", "USMD0395");
Deleted : user_pref("CT3281348.1000234.TWC_location", "Temple Hills, MD");
Deleted : user_pref("CT3281348.1000234.TWC_region", "US");
Deleted : user_pref("CT3281348.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT3281348.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT3281348.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"67°F\",\"temperat[...]
Deleted : user_pref("CT3281348.CT3281348ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyOTAxNjYlMj[...]
Deleted : user_pref("CT3281348.CT3281348current_term.enc", "");
Deleted : user_pref("CT3281348.CT3281348sdate.enc", "MQ==");
Deleted : user_pref("CT3281348.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3281348.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3281348.FirstTime", "true");
Deleted : user_pref("CT3281348.FirstTimeFF3", "true");
Deleted : user_pref("CT3281348.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3281348.PG_ENABLE.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3281348.PrintItGreenStatus.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3281348.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT3281348.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT3281348.SF_USER_ID.enc", "Y2lkXzE1MjAxMzE1MTE0NDc5Mzk2MTI=");
Deleted : user_pref("CT3281348.UserID", "UN57724790643106573");
Deleted : user_pref("CT3281348.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3281348.embeddedsData", "[{\"appId\":\"130035115119979375\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3281348.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3281348.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3281348.fixPageNotFoundErrorByUser", "TRUE");
Deleted : user_pref("CT3281348.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3281348.fixUrls", true);
Deleted : user_pref("CT3281348.hxxp___cdn_printitgreen_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPW5vLGhzY3JvbGw[...]
Deleted : user_pref("CT3281348.installType", "DirectDownload");
Deleted : user_pref("CT3281348.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3281348.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3281348.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3281348.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3281348.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3281348.keyword", true);
Deleted : user_pref("CT3281348.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Deleted : user_pref("CT3281348.lastVersion", "10.15.2.523");
Deleted : user_pref("CT3281348.mam_gk_appStateReportTime.enc", "MTM2NzQzNTQ0MzcxMg==");
Deleted : user_pref("CT3281348.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3281348.mam_gk_appState_Easytobook.enc", "b24=");
Deleted : user_pref("CT3281348.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Deleted : user_pref("CT3281348.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3281348.mam_gk_appState_WindowShopper.enc", "b24=");
Deleted : user_pref("CT3281348.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3281348.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3281348.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Deleted : user_pref("CT3281348.mam_gk_currentVersion.enc", "MS40LjQuNg==");
Deleted : user_pref("CT3281348.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3281348.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Deleted : user_pref("CT3281348.mam_gk_lastLoginTime.enc", "MTM2NzQzNTQ0MzcxNA==");
Deleted : user_pref("CT3281348.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3281348.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3281348.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3281348.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3281348.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3281348.mam_gk_userId.enc", "MjYwOTUxMDgtODFkMi00YmYxLWE0ZDYtMGZlNzc0YjQyNjY0");
Deleted : user_pref("CT3281348.migrateAppsAndComponents", true);
Deleted : user_pref("CT3281348.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.youtube.com[...]
Deleted : user_pref("CT3281348.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"WEATHER\\\"]\"}");
Deleted : user_pref("CT3281348.revertSettingsEnabled", "false");
Deleted : user_pref("CT3281348.search.searchAppId", "130035115119979375");
Deleted : user_pref("CT3281348.search.searchCount", "0");
Deleted : user_pref("CT3281348.searchInNewTabEnabledByUser", "false");
Deleted : user_pref("CT3281348.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3281348.searchUserMode", "2");
Deleted : user_pref("CT3281348.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3281348.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3281348.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3281348.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3281348.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3281348.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3281348.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3281348.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1367435413205");
Deleted : user_pref("CT3281348.serviceLayer_services_appsMetadata_lastUpdate", "1367436089446");
Deleted : user_pref("CT3281348.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1367435418283");
Deleted : user_pref("CT3281348.serviceLayer_services_location_lastUpdate", "1367435410674");
Deleted : user_pref("CT3281348.serviceLayer_services_login_10.15.2.523_lastUpdate", "1367437219491");
Deleted : user_pref("CT3281348.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1367435418590");
Deleted : user_pref("CT3281348.serviceLayer_services_searchAPI_lastUpdate", "1367435411503");
Deleted : user_pref("CT3281348.serviceLayer_services_serviceMap_lastUpdate", "1367435410408");
Deleted : user_pref("CT3281348.serviceLayer_services_setupAPI_lastUpdate", "1367435411068");
Deleted : user_pref("CT3281348.serviceLayer_services_toolbarContextMenu_lastUpdate", "1367435417881");
Deleted : user_pref("CT3281348.serviceLayer_services_toolbarSettings_lastUpdate", "1367436089197");
Deleted : user_pref("CT3281348.serviceLayer_services_translation_lastUpdate", "1367435418546");
Deleted : user_pref("CT3281348.settingsINI", true);
Deleted : user_pref("CT3281348.showToolbarPermission", "false");
Deleted : user_pref("CT3281348.smartbar.CTID", "CT3281348");
Deleted : user_pref("CT3281348.smartbar.Uninstall", "0");
Deleted : user_pref("CT3281348.smartbar.homepage", true);
Deleted : user_pref("CT3281348.smartbar.isHidden", true);
Deleted : user_pref("CT3281348.smartbar.toolbarName", "BrotherSoft Extreme2 B1 ");
Deleted : user_pref("CT3281348.toolbarBornServerTime", "1-5-2013");
Deleted : user_pref("CT3281348.toolbarCurrentServerTime", "1-5-2013");
Deleted : user_pref("CT3281348.toolbarDisabled", "true");
Deleted : user_pref("CT3281348.toolbarLoginClientTime", "Wed May 01 2013 15:11:09 GMT-0400 (Eastern Daylight T[...]
Deleted : user_pref("CT3281348.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEz[...]
Deleted : user_pref("CT3281348.userIdGenerationCounter", "1");
Deleted : user_pref("CT3281348_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3289847.FF19Solved", "true");
Deleted : user_pref("CT3289847.UserID", "UN30369430525106263");
Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3289847.installDate", "22/3/2013 14:45:48");
Deleted : user_pref("CT3289847.installerVersion", "1.3.6.5");
Deleted : user_pref("CT3289847.keyword", "true");
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3281348&octid=CT328134[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281348[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3281348");
Deleted : user_pref("browser.search.defaultthis.engineName", "BrotherSoft Extreme2 B1 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281348&CUI[...]
Deleted : user_pref("browser.search.selectedEngine", "BrotherSoft Extreme2 B1 Customized Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281348&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.machineId", "0NPVYLVYHZEY64GRDR6NTHAB5YDSWKZVWQGGVSEPEWRBHIKKUDJDHRXO3YYSEAJIYNR[...]
Deleted : user_pref("smartbar.originalHomepage", "google.com");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
Deleted : user_pref("smartbar.originalSearchEngine", "WhiteSmoke New Customized Web Search");

File : C:\Users\LEE\AppData\Roaming\Mozilla\Firefox\Profiles\xwqkkmp2.default\prefs.js

C:\Users\LEE\AppData\Roaming\Mozilla\Firefox\Profiles\xwqkkmp2.default\user.js ... Deleted !

Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Mon Feb 04 2013 18:29:33 GMT-0500 (Eastern Standard [...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Mon Feb 04 2013 18:29:35 GMT-0500 (Eastern [...]
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", false);
Deleted : user_pref("CT3072253.revertSettingsEnabled", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Mon Feb 04 2013 18:29:36 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon Feb 04 2013 18:29:33 GMT-0500 (Eastern S[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\LEE\\AppData\\Roaming\\Mozilla\\Fir[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.0.3.14")[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3281348&octid=CT3281348&Sea[...]
Deleted : user_pref("extensions.crossriderapp498.bic", "1337c050353f0ea0a3588205045e6ded");
Deleted : user_pref("extensions.crossriderapp498.firstrun", false);
Deleted : user_pref("extensions.crossriderapp498.installationdate", 1320635663);
Deleted : user_pref("extensions.crossriderapp498.jsver", 3);
Deleted : user_pref("extensions.crossriderapp498.lastcheck", 22010594);
Deleted : user_pref("extensions.crossriderapp498.lastcheckitem", 22010596);
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.google.com/");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.google.com/");

-\\ Google Chrome v27.0.1453.116

File : C:\Users\LEE\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"session":{"urls_to_restore_on_startup":["hxxp://search.conduit.com/?ctid=CT3281348&Searc[...]

*************************

AdwCleaner[S1].txt - [25035 octets] - [08/07/2013 21:29:44]

########## EOF - C:\AdwCleaner[S1].txt - [25096 octets] ##########

[/quote]

 

ESET

 

ESET scan found no threats so didn't create a log.


Edited by TechnicalDifficulty, 08 July 2013 - 09:32 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:12 PM

Posted 08 July 2013 - 09:27 PM

Good, rerun TDSS killer
Change the option on this to Cure or delete
Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

 

If you want to install Java again , use this for Version 7 Update 25

Go HERE, select Windows Offline 32 bit

 

 

How is it now?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 TechnicalDifficulty

TechnicalDifficulty
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 08 July 2013 - 10:26 PM

How is it now?

 

 

No change. Still getting the same message and can't download.



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:12 PM

Posted 08 July 2013 - 10:34 PM

Ugghhh we will need a deeper look.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 TechnicalDifficulty

TechnicalDifficulty
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 09 July 2013 - 12:02 AM

I'm guessing it's probably not a virus. When I researched it before coming here I saw a number of different instructions for how to fix this problem and in about 2/3 of the solutions it was by manually changing some setting or file. I'll try one of those and if it works I'll report back.

 

Thanks for the assistance.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users