Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with mysearchdial and possiably with fake mozilla, where to start.


  • Please log in to reply
22 replies to this topic

#1 mountainjack64

mountainjack64

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 01 February 2014 - 01:42 PM

i have ran MBAM several times, removed themysearchdial. files but they come back. 

 

Also I keep getting, my video player is out of date and must be updated... new tabs pop open and states my download is ready to start.  Suspect Fake Mozilla...

 

I have followed several tutorials on this site, but I am missing something somewhere.  Your help would be appreciated. 

 

I am running Windows 7 home Premium


Edited by mountainjack64, 01 February 2014 - 02:15 PM.


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:33 PM

Posted 01 February 2014 - 04:27 PM

Hi,
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

-------------


thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 mountainjack64

mountainjack64
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 01 February 2014 - 07:17 PM

Here is the ADW Report

# AdwCleaner v3.018 - Report created 01/02/2014 at 18:06:25
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Mr X - MRX-PC
# Running from : C:\Users\Mr X\Desktop\adwcleaner\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Common Files\337

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\covxijqj.default-1366258037440\prefs.js ]


-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\Mr X\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5992 octets] - [28/01/2014 22:14:47]
AdwCleaner[R1].txt - [2921 octets] - [01/02/2014 18:03:21]
AdwCleaner[S0].txt - [6034 octets] - [28/01/2014 22:24:10]
AdwCleaner[S1].txt - [2753 octets] - [01/02/2014 18:06:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2813 octets] ##########



#4 mountainjack64

mountainjack64
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 01 February 2014 - 09:13 PM

Still waiting for JRT to finish ... should it take this long?



#5 mountainjack64

mountainjack64
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 01 February 2014 - 10:46 PM

JRT Is apparently not running properly... what next?



#6 mountainjack64

mountainjack64
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 01 February 2014 - 11:20 PM

JRT finished, after stopping it and restarting.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mr X on Sat 02/01/2014 at 21:30:15.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Mr X\AppData\Roaming\mozilla\firefox\profiles\covxijqj.default-1366258037440\minidumps [40 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/01/2014 at 22:16:24.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#7 mountainjack64

mountainjack64
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 02 February 2014 - 12:31 PM

Also every time i open a new web page i get another tab pop open redirecting me to a page to download new video update.



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:33 PM

Posted 02 February 2014 - 12:59 PM

Hi,
 
What browser are you running?
 

-------------

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

xXToffeeXx~


Edited by xXToffeeXx, 02 February 2014 - 01:00 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 mountainjack64

mountainjack64
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 02 February 2014 - 03:45 PM

I use firefox 99% of the time

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Mr X (administrator) on 02-02-2014 at 14:40:04
Running from "C:\Users\Mr X\Desktop"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Disconnected)
Atheros AR5B97 Wireless Network Adapter = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : MrX-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 2A-7C-8F-13-00-3D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter
   Physical Address. . . . . . . . . : 20-7C-8F-13-00-3D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f019:a46d:721f:2710%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.5.64(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, February 01, 2014 6:09:08 PM
   Lease Expires . . . . . . . . . . : Monday, February 03, 2014 11:24:48 AM
   Default Gateway . . . . . . . . . : 192.168.5.1
   DHCP Server . . . . . . . . . . . : 192.168.5.1
   DHCPv6 IAID . . . . . . . . . . . : 388005007
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-26-8D-48-20-6A-8A-18-2A-99
   DNS Servers . . . . . . . . . . . : 192.168.5.1
                                       192.168.5.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 20-6A-8A-18-2A-99
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:3ce1:6aa:3f57:fabf(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3ce1:6aa:3f57:fabf%22(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{A2946AEA-03B6-4AF5-A692-5943CFAE29A6}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {1BF077AF-9EA2-4263-B43B-582807ED5A8F}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0C51A8F8-732A-4BF4-B422-30503915BB33}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  Broadcom.Home
Address:  192.168.5.1

Name:    google.com
Addresses:  2607:f8b0:4000:800::1007
      74.125.227.100
      74.125.227.101
      74.125.227.102
      74.125.227.103
      74.125.227.104
      74.125.227.105
      74.125.227.110
      74.125.227.96
      74.125.227.97
      74.125.227.98
      74.125.227.99


Pinging google.com [74.125.227.100] with 32 bytes of data:
Reply from 74.125.227.100: bytes=32 time=40ms TTL=53
Reply from 74.125.227.100: bytes=32 time=44ms TTL=53

Ping statistics for 74.125.227.100:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 40ms, Maximum = 44ms, Average = 42ms
Server:  Broadcom.Home
Address:  192.168.5.1

Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=115ms TTL=46
Reply from 98.138.253.109: bytes=32 time=111ms TTL=46

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 111ms, Maximum = 115ms, Average = 113ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...2a 7c 8f 13 00 3d ......Microsoft Virtual WiFi Miniport Adapter
 12...20 7c 8f 13 00 3d ......Atheros AR5B97 Wireless Network Adapter
 11...20 6a 8a 18 2a 99 ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.5.1     192.168.5.64     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.5.0    255.255.255.0         On-link      192.168.5.64    281
     192.168.5.64  255.255.255.255         On-link      192.168.5.64    281
    192.168.5.255  255.255.255.255         On-link      192.168.5.64    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.5.64    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.5.64    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 22     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 22     58 2001::/32                On-link
 22    306 2001:0:9d38:6ab8:3ce1:6aa:3f57:fabf/128
                                    On-link
 12    281 fe80::/64                On-link
 22    306 fe80::/64                On-link
 22    306 fe80::3ce1:6aa:3f57:fabf/128
                                    On-link
 12    281 fe80::f019:a46d:721f:2710/128
                                    On-link
  1    306 ff00::/8                 On-link
 22    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/02/2014 04:16:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5148

Error: (02/02/2014 04:16:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5148

Error: (02/02/2014 04:16:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/02/2014 04:16:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4118

Error: (02/02/2014 04:16:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4118

Error: (02/02/2014 04:16:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/02/2014 04:14:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10818077

Error: (02/02/2014 04:14:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10818077

Error: (02/02/2014 04:14:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/02/2014 04:14:48 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10816923


System errors:
=============
Error: (02/02/2014 09:09:06 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.


Microsoft Office Sessions:
=========================
Error: (02/02/2014 04:16:01 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5148

Error: (02/02/2014 04:16:01 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5148

Error: (02/02/2014 04:16:01 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/02/2014 04:16:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4118

Error: (02/02/2014 04:16:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4118

Error: (02/02/2014 04:16:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/02/2014 04:14:49 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10818077

Error: (02/02/2014 04:14:49 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10818077

Error: (02/02/2014 04:14:49 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/02/2014 04:14:48 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10816923


CodeIntegrity Errors:
===================================
  Date: 2013-04-16 13:40:38.371
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-16 13:40:38.277
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-16 13:40:38.168
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-16 13:40:37.903
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-16 09:09:32.276
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-16 09:09:32.174
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-29 20:49:13.392
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-29 20:49:13.345
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

18 Wheels of Steel - American Long Haul (Version: 2.2.0.95)
4nec2 full version 5.8.14
64 Bit HP CIO Components Installer (Version: 7.2.8)
Acer Backup Manager (Version: 2.0.0.60)
Acer Crystal Eye webcam (Version: 1.0.3.5)
Acer ePower Management (Version: 5.00.3004)
Acer eRecovery Management (Version: 4.05.3011)
Acer Game Console
Acer Games (Version: 1.0.1.3)
Acer Registration (Version: 1.03.3003)
Acer ScreenSaver (Version: 1.1.0423.2010)
Acer Updater (Version: 1.02.3502)
Adobe AIR (Version: 4.0.0.1390)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 12 Plugin (Version: 12.0.0.43)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Agatha Christie - Death on the Nile (Version: 2.2.0.95)
Alcor Micro USB Card Reader (Version: 1.5.17.05094)
Amazon Kindle
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Asterisk Key 10.0
Atmel USB (Version: 11.0)
AxCrypt 1.7.2976.0 (Version: 1.7.2976.0)
Backup Manager Basic (Version: 2.0.0.60)
Barnes & Noble Desktop Reader (Version: 2.5.1.21)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
BF5R_PCS
Bing Bar (Version: 7.3.114.0)
BitPim 1.0.7.20090722 (Version: 1.0.7.20090722)
Blackhawk Striker 2 (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 12.52.03)
Browser Guard v3.0 (Version: 3.0.0.0)
BufferChm (Version: 130.0.331.000)
Build-a-lot 2 (Version: 2.2.0.95)
Camfrog Video Chat 6.5 (Version: 6.5.270)
CCleaner (Version: 4.09)
CHIRP
Chuzzle Deluxe (Version: 2.2.0.95)
Convert XPS to PDF Free (Version: 2)
ConvertHelper 2.2
Copy (Version: 130.0.366.000)
CW Decoder
CW Decoder (Version: 2.99)
CyberLink PowerDVD 9 (Version: 9.0.3216.50)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Pro (Version: 5.1.0.0333)
Define Ext (Version: 8)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
DIRECTV Player (Version: 9.2)
DivX Setup (Version: 2.6.1.84)
DJ_AIO_05_F4400_Software_Min (Version: 130.0.448.000)
DMUninstaller
Dora's Carnival Adventure (Version: 2.2.0.95)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 8.1.0.5 (04/07/2011) Qt
EAGLE 6.5.0 (Version: 6.5.0)
eBay Worldwide (Version: 2.1.0901)
EchoLink (Version: 2.0.908)
ESET Online Scanner v3
eSobi v2 (Version: 2.0.4.000274)
ExpressPCB (Version: 7.0.2)
EZNEC Demo v. 5.0 (Version: 5.0)
F4400 (Version: 130.0.448.000)
FATE (Version: 2.2.0.95)
Feedback Tool (Version: 1.2.0)
ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0)
FileHippo.com Update Checker
FlashPlayer (Version: 1.6.8)
FLV Blaster v5.9.0 (Version: 5.9.0)
Freemake Video Converter version 4.1.0 (Version: 4.1.0)
Freemake Video Downloader (Version: 3.6.0)
Frequency Filer
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 65.61.49249)
Google Earth (Version: 7.1.2.2041)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320)
Google Update Helper (Version: 1.3.22.3)
GPBaseService2 (Version: 130.0.371.000)
Haali Media Splitter
Ham University 3.12.1.0 (Version: 3.12.1.0)
HamSphere 3.0.3.2
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
Home Budget (Version: 4.0.7)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (Version: 13.0)
HP FWUpdateEDO3 (Version: 1.0.0.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Product Detection (Version: 11.14.0001)
HP Product Detection (Version: 11.15.0009)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Unified IO (Version: 1.0.1.95)
HP Update (Version: 5.003.001.001)
HPPhotoGadget (Version: 130.0.282.000)
hppLaserJetService (Version: 002.015.00599)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
HyperTerminal Private Edition v6.3
iCare Data Recovery 4.0
iCloud (Version: 2.1.2.8)
Identity Card (Version: 1.00.3003)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2119)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Intel® SDK for OpenCL* - CPU Only Runtime Package 2013 (Version: 3.0.1.15216)
Intel® SDK for OpenCL* Applications 2013 (Version: 3.0.0.81147)
Internet TV for Windows Media Center (Version: 4.2.2.0)
IObit Malware Fighter (Version: 2.1)
iSkysoft iMedia Converter(Build 3.0.3.0)
iTunes (Version: 11.1.1.11)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Jewel Quest - Heritage (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
JLink OB CDC Driver Package (Version: 1.2.2)
John Deere Drive Green (Version: 2.2.0.95)
Junk Mail filter update (Version: 16.4.3505.0912)
Just Learn Morse Code (Version: 1.0.0.0)
KooBits 4.0 (Version: 4.0.1)
KooBits 4.0 (Version: 4.0.1.9)
Launch Manager (Version: 4.0.12)
LAVMediaCodec 1.0.1 (Version: 1.0.1)
Legacy 7.5 (Version: 7.5 )
Lightspark 0.5.3-git (Version: 0.5.3-git)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Access database engine 2010 (English) (Version: 14.0.6029.1000)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (Version: 10.0.30319)
Modiac Blu-ray Ripper (Version: 1.0.0.4077)
Modiac DVD Ripper (Version: 1.7.0.4077)
Modiac Video Converter (Version: 2.5.0.4078)
Movie Maker (Version: 16.4.3505.0912)
Mozilla Firefox 27.0 (x86 en-US) (Version: 27.0)
Mozilla Maintenance Service (Version: 27.0)
MProg 2.8a (Version: )
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MultiBit 0.5.16 (Version: 0.5.16)
MyWinLocker (Version: 3.1.212.0)
MyWinLocker Suite (Version: 3.1.212.0)
Norton Online Backup (Version: 2.1.17869)
NTI Backup Now 5 (Version: 5.1.2.628)
NTI Backup Now Standard (Version: 5.1.2.628)
NTI Media Maker 8 (Version: 8.0.12.6630)
Orbitron - Satellite Tracking System (Version: 3.71)
Penguins! (Version: 2.2.0.95)
Photo Gallery (Version: 16.4.3505.0912)
PL-2303 Vista Driver Installer (Version: 3.2.0.0)
Plants vs. Zombies (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Daemon (Version: 2.2.20000)
Polar Golfer (Version: 2.2.0.95)
Polar WebSync (Version: 2.7.00002)
QuickTime (Version: 7.74.80.86)
Readiris Pro 12 (Version: 12.00.5965)
Realtek High Definition Audio Driver (Version: 6.0.1.6000)
Revo Uninstaller 1.95 (Version: 1.95)
Rosetta Stone Version 3 (Version: 3.3.7.0)
SafeIP
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.550.0)
Scan (Version: 13.0.0.0)
Secunia PSI (3.0.0.3001) (Version: 3.0.0.3001)
Shop for HP Supplies (Version: 13.0)
Shredder (Version: 2.0.8.3)
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.11 (Version: 6.11.102)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
SpyHunter (Version: 4.10.5.4085)
Status (Version: 130.0.373.000)
Steam (Version: 1.0.0.0)
StuffIt 2010 (Version: 14.0.0)
SUPERAntiSpyware (Version: 5.6.1010)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 14.0.6.0)
Times Reader (Version: 2.055)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Trend Micro RUBotted 2.0 Beta (Version: 2.0.0.1034)
TV 4.0 (Version: 4.0)
TVTrigger (Version: 1.41)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
US.TV v3.0
UV_5R_NEWOLD
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (Version: 1.11.1001)
Verizon Wireless Software Upgrade Assistant - Samsung (Version: 1.11.1201)
VideoPlayer v2.0.6 (Version: v2.0.6)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 2.1.2 (Version: 2.1.2)
WeatherBug (Version: 7.0.0.7)
WebReg (Version: 130.0.132.017)
Welcome Center (Version: 1.02.3002)
WinAVR 20100110 (remove only) (Version: 20100110)
Windows Driver Package - Segger (jlink) USB  (04/11/2012 2.6.8.2) (Version: 04/11/2012 2.6.8.2)
Windows Driver Package - SEGGER (usbser) Ports  (01/25/2012 6.0.2600.4) (Version: 01/25/2012 6.0.2600.4)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live Messenger (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinPatrol (Version: 28.0.2013.0)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinX DVD Ripper Platinum 5.1.1
WSMORSE version 1.05
Yagi Calculator Version 2.6.9
YagiCAD 6.1.9
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma's Revenge (Version: 2.2.0.95)

========================= Devices: ================================

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: MpKsl2c3a5334
Description: MpKsl2c3a5334
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl2c3a5334
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 3764.5 MB
Available physical RAM: 1619.77 MB
Total Pagefile: 6868.13 MB
Available Pagefile: 3351.34 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.5 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:284.32 GB) (Free:4.1 GB) NTFS

========================= Users: ========================================

User accounts for \\MRX-PC

Administrator            Guest                    Mr X                     

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

30-01-2014 19:44:22 Windows Update
01-02-2014 19:01:11 Restore Point before Name not available was removed using Program Install and Uninstall troubleshooter

**** End of log ****



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:33 PM

Posted 02 February 2014 - 04:01 PM

Hi,

Does the problem happen on any other browser?

Re-run malwarebytes, making sure to remove any threats found, and copy and paste the log into your next reply.

Also, reset Firefox here: https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems
See if the problem still happens after this.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 mountainjack64

mountainjack64
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 02 February 2014 - 05:01 PM

tried other browsers and didnt seem to have have any problems...  hopefully that will fix my problem.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.02.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Mr X :: MRX-PC [administrator]

2/2/2014 11:49:34 AM
mbam-log-2014-02-02 (11-49-34).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 481414
Time elapsed: 2 hour(s), 44 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#12 mountainjack64

mountainjack64
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 02 February 2014 - 06:28 PM

Any final steps to make sure?  So far so good, no problems with the redirects but pc is reallllllly slow.


Edited by mountainjack64, 02 February 2014 - 06:57 PM.


#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:33 PM

Posted 03 February 2014 - 12:31 PM

Hi,
 
So, no more redirects after doing those steps? That's good
 
When your computer is slow, what are you doing?
 
-------------

 

Some of your programs are out-of-date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system

 
Uninstall Adobe Flash Player 11 ActiveX and then download the latest version from here.
 
Uninstall Bing Bar using the control panel unless you specifically use it. Same with DivX Setup, Google Toolbar for Internet Explorer, and Yahoo! Toolbar. These are all toolbars.
 
Uninstall IObit Malware Fighter, see this post on why I suggest this. 
 
Uninstall SpyHunter, see this post on why I suggest this.
 
Uninstall Java 7 Update 17 as it's outdated. Unless you really need java for a specific reason I suggest just completely removing it
 
-------------

 

Please download Autoruns.
 
Open Downloads in your browser and click on the Autoruns download.
 
Click on Run to initiate the installation.
 
When Autoruns loads you will see an image similar to the one below.
 
autorunsscreen_zps2ac55e2e.png
 
Click on File, then click on Save.
 
You will see an image similar to the one below.
 
autorunsscreen1_zps8a35cb1a.png
 
Choose Desktop as the destination, then click on the down arrow in the Save as type: box and click on Text (*.txt), then click on Save.
 
There will be a Text icon on the desktop titled AutoRuns, click on it to open the log.
 
Copy the log and paste it in your next post.
 
xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 mountainjack64

mountainjack64
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 03 February 2014 - 06:21 PM

OK I think I have removed everything i could...   My web pages seemed to be loading very slowly, was watching vids on youtube and researching projects i have going... Just was so slow.

 

Here is the autorun log

 

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"    ""    ""    ""    "7/13/2009 10:49 PM"
+ "rdpclip"    ""    ""    "File not found: rdpclip"    ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "4/16/2013 10:30 PM"
+ "Acer ePower Management"    "ePowerTray"    "Acer Incorporated"    "c:\program files\acer\acer epower management\epowertray.exe"    "4/22/2010 8:19 PM"
+ "AmIcoSinglun64"    "Single LUN Icon Utility for VID 058F PID 6366"    "Alcor Micro Corp."    "c:\program files (x86)\amicosinglun\amicosinglun64.exe"    "9/22/2009 1:34 AM"
+ "HotKeysCmds"    "hkcmd Module"    "Intel Corporation"    "c:\windows\system32\hkcmd.exe"    "4/21/2010 11:39 AM"
+ "IgfxTray"    "igfxTray Module"    "Intel Corporation"    "c:\windows\system32\igfxtray.exe"    "4/21/2010 11:40 AM"
+ "MSC"    "Microsoft Security Client User Interface"    "Microsoft Corporation"    "c:\program files\microsoft security client\msseces.exe"    "10/23/2013 6:12 PM"
+ "mwlDaemon"    "MyWinLocker"    "Egis Technology Inc."    "c:\program files (x86)\egistec mywinlocker\x86\mwldaemon.exe"    "5/26/2010 5:36 AM"
+ "Persistence"    "persistence Module"    "Intel Corporation"    "c:\windows\system32\igfxpers.exe"    "4/21/2010 11:39 AM"
+ "RtHDVCpl"    "Realtek HD Audio Manager"    "Realtek Semiconductor"    "c:\program files\realtek\audio\hda\ravcpl64.exe"    "12/10/2009 3:48 AM"
+ "SynTPEnh"    "Synaptics TouchPad Enhancements"    "Synaptics Incorporated"    "c:\program files\synaptics\syntp\syntpenh.exe"    "9/17/2009 8:52 PM"
+ "WinPatrol"    "WinPatrol System Monitor"    "BillP Studios"    "c:\program files (x86)\billp studios\winpatrol\winpatrol.exe"    "4/17/2013 3:18 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "2/2/2014 7:43 PM"
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"    "11/21/2013 10:56 AM"
+ "APSDaemon"    "Apple Push"    "Apple Inc."    "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"    "4/16/2013 9:13 PM"
+ "BackupManagerTray"    "Acer Backup Manager"    "NewTech Infosystems, Inc."    "c:\program files (x86)\newtech infosystems\acer backup manager\backupmanagertray.exe"    "3/8/2010 2:56 AM"
+ "DivXMediaServer"    "DivX DLNA Media Server"    "DivX, LLC"    "c:\program files (x86)\divx\divx media server\divxmediaserver.exe"    "5/19/2013 8:37 PM"
+ "EgisTecPMMUpdate"    "PMM Update Application"    "Egis Technology Inc."    "c:\program files (x86)\egistec ips\pmmupdate.exe"    "3/10/2010 8:03 AM"
+ "EgisUpdate"    "EgisUpdate Release Application"    "Egis Technology Inc."    "c:\program files (x86)\egistec ips\egisupdate.exe"    "3/10/2010 8:04 AM"
+ "iTunesHelper"    "iTunesHelper"    "Apple Inc."    "c:\program files (x86)\itunes\ituneshelper.exe"    "10/1/2013 1:51 AM"
+ "LManager"    "Launch Manager"    "Dritek System Inc."    "c:\program files (x86)\launch manager\lmanager.exe"    "6/22/2010 12:34 AM"
+ "SunJavaUpdateSched"    "Java™ Update Scheduler"    "Oracle Corporation"    "c:\program files (x86)\common files\java\java update\jusched.exe"    "7/2/2013 10:16 AM"
+ "Trend Micro Browser Guard"    ""    "Trend Micro Inc."    "c:\program files (x86)\trend micro\browser guard\bgui.exe"    "2/25/2011 6:17 AM"
+ "Trend Micro RUBotted V2.0 Beta"    "Trend Micro RUBotted tool"    "Trend Micro Inc."    "c:\program files (x86)\trend micro\rubotted\rubottedgui.exe"    "7/25/2013 4:10 AM"
+ "WinPatrol"    "WinPatrol System Monitor"    "BillP Studios"    "c:\program files (x86)\billp studios\winpatrol\winpatrol.exe"    "4/17/2013 3:18 PM"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""    "8/12/2013 9:43 PM"
+ "Secunia PSI Tray.lnk"    "Secunia PSI Tray"    "Secunia"    "c:\program files (x86)\secunia\psi\psi_tray.exe"    "7/20/2012 5:11 AM"
"C:\Users\Mr X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""    "1/27/2014 9:33 PM"
+ "KooBits 4.lnk"    ""    ""    "c:\program files (x86)\koobits 4.0\koobits 4.0.exe"    "5/28/2010 5:38 PM"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "7/27/2009 2:40 PM"
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"    "7/13/2009 5:58 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "4/18/2013 2:47 PM"
+ "Google Chrome"    "Google Chrome"    "Google Inc."    "c:\program files (x86)\google\chrome\application\32.0.1700.102\installer\chrmstp.exe"    "1/22/2014 10:32 PM"
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files (x86)\windows mail\winmail.exe"    "7/13/2009 5:42 PM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "1/20/2014 10:37 AM"
+ "PCShowServer"    "PC Show power management wrapper"    "NDS Technologies"    "c:\users\mr x\appdata\local\directv player\pcshowserverpmwrapper.exe"    "11/14/2013 11:28 AM"
+ "Skype"    "Skype "    "Skype Technologies S.A."    "c:\program files (x86)\skype\phone\skype.exe"    "11/14/2013 10:33 AM"
+ "SUPERAntiSpyware"    "SUPERAntiSpyware Application"    "SUPERAntiSpyware"    "c:\program files\superantispyware\superantispyware.exe"    "1/6/2014 3:36 PM"
+ "Weather"    ""    "AWS Convergence Technologies, Inc."    "c:\program files (x86)\aws\weatherbug\weather.exe"    "4/29/2010 7:35 AM"
"HKLM\SOFTWARE\Classes\Protocols\Handler"    ""    ""    ""    "7/13/2009 10:53 PM"
+ "skype-ie-addon-data"    "Skype Click to Call for Internet Explorer"    "Skype Technologies S.A."    "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll"    "10/9/2013 4:50 AM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "12/26/2010 6:56 PM"
+ "axcrypt.File"    "AxCrypt Shell Extension"    "Axantum Software AB"    "c:\program files\axantum\axcrypt\shellext.dll"    "11/12/2012 8:09 AM"
+ "BCShellMenu"    "BestCrypt Shell Extension DLL"    "Jetico, Inc."    "c:\program files (x86)\jetico\shared64\bcshext.dll"    "11/9/2010 6:23 AM"
+ "DaemonShellExtImage"    "DAEMON Tools Pro"    "DT Soft Ltd"    "c:\program files (x86)\daemon tools pro\dtshl64.dll"    "4/26/2012 6:32 AM"
+ "EDSshellExt"    "Shell Extention"    "Egis Technology Inc."    "c:\program files (x86)\egistec mywinlocker\x64\mwlshellext.dll"    "5/26/2010 5:35 AM"
+ "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"    "10/23/2013 6:12 PM"
+ "PhotoStreamsExt"    ""    ""    "c:\program files\common files\apple\internet services\shellstreams64.dll"    "3/20/2013 12:51 PM"
+ "SASContextMenu Class"    "SUPERAntiSpyware Context Menu Extension"    "SUPERAntiSpyware.com"    "c:\program files\superantispyware\sasctxmn64.dll"    "7/18/2011 5:36 PM"
+ "StuffItContextMenuHandler"    "StuffIt Shell Extension DLL"    "Smith Micro Software, Inc."    "c:\program files (x86)\smith micro\stuffit 2010\sxshellextx64.dll"    "10/29/2009 12:21 PM"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "12/26/2010 6:56 PM"
+ "BCShellMenu"    "BestCrypt Shell Extension DLL"    "Jetico, Inc."    "c:\program files (x86)\jetico\shared\bcshext.dll"    "11/9/2010 6:23 AM"
+ "DaemonShellExtImage"    "DAEMON Tools Pro"    "DT Soft Ltd"    "c:\program files (x86)\daemon tools pro\dtshl32.dll"    "4/26/2012 6:31 AM"
+ "EDSshellExt"    "Shell Extention"    "Egis Technology Inc."    "c:\program files (x86)\egistec mywinlocker\x86\mwlshellext.dll"    "5/26/2010 5:31 AM"
+ "PhotoStreamsExt"    "ShellStreams.dll"    "Apple Inc."    "c:\program files (x86)\common files\apple\internet services\shellstreams.dll"    "3/20/2013 1:17 PM"
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers"    ""    ""    ""    "1/4/2011 12:02 AM"
+ "BCShellMenu"    "BestCrypt Shell Extension DLL"    "Jetico, Inc."    "c:\program files (x86)\jetico\shared64\bcshext.dll"    "11/9/2010 6:23 AM"
+ "DaemonShellExtDrive"    "DAEMON Tools Pro"    "DT Soft Ltd"    "c:\program files (x86)\daemon tools pro\dtshl64.dll"    "4/26/2012 6:32 AM"
+ "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"    "10/23/2013 6:12 PM"
"HKLM\Software\Wow6432Node\Classes\Drive\ShellEx\ContextMenuHandlers"    ""    ""    ""    "1/4/2011 12:02 AM"
+ "BCShellMenu"    "BestCrypt Shell Extension DLL"    "Jetico, Inc."    "c:\program files (x86)\jetico\shared\bcshext.dll"    "11/9/2010 6:23 AM"
+ "DaemonShellExtDrive"    "DAEMON Tools Pro"    "DT Soft Ltd"    "c:\program files (x86)\daemon tools pro\dtshl32.dll"    "4/26/2012 6:31 AM"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers"    ""    ""    ""    "12/26/2010 6:56 PM"
+ "StuffIt_Property_Sheet"    "StuffIt Shell Extension DLL"    "Smith Micro Software, Inc."    "c:\program files (x86)\smith micro\stuffit 2010\sxshellextx64.dll"    "10/29/2009 12:21 PM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/13/2009 10:53 PM"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"    "2/28/2013 2:39 PM"
+ "ShredderContextMenu"    "ShredderContextMenu"    "Egis Technology Inc."    "c:\program files (x86)\egistec shredder\x64\shreddercontextmenu.dll"    "4/2/2010 12:05 AM"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/13/2009 10:53 PM"
+ "ShredderContextMenu"    "ShredderContextMenu"    "Egis Technology Inc."    "c:\program files (x86)\egistec shredder\x86\shreddercontextmenu.dll"    "4/2/2010 12:03 AM"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""    "1/4/2011 12:02 AM"
+ "EDSshellExt"    "Shell Extention"    "Egis Technology Inc."    "c:\program files (x86)\egistec mywinlocker\x64\mwlshellext.dll"    "5/26/2010 5:35 AM"
+ "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"    "10/23/2013 6:12 PM"
+ "SASContextMenu Class"    "SUPERAntiSpyware Context Menu Extension"    "SUPERAntiSpyware.com"    "c:\program files\superantispyware\sasctxmn64.dll"    "7/18/2011 5:36 PM"
+ "StuffItContextMenuHandler"    "StuffIt Shell Extension DLL"    "Smith Micro Software, Inc."    "c:\program files (x86)\smith micro\stuffit 2010\sxshellextx64.dll"    "10/29/2009 12:21 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""    "1/4/2011 12:02 AM"
+ "EDSshellExt"    "Shell Extention"    "Egis Technology Inc."    "c:\program files (x86)\egistec mywinlocker\x86\mwlshellext.dll"    "5/26/2010 5:31 AM"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers"    ""    ""    ""    "1/4/2011 12:02 AM"
+ "BCShellMenu"    "BestCrypt Shell Extension DLL"    "Jetico, Inc."    "c:\program files (x86)\jetico\shared64\bcshext.dll"    "11/9/2010 6:23 AM"
+ "StuffItDropMenuHandler"    "StuffIt Shell Extension DLL"    "Smith Micro Software, Inc."    "c:\program files (x86)\smith micro\stuffit 2010\sxshellextx64.dll"    "10/29/2009 12:21 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers"    ""    ""    ""    "1/4/2011 12:02 AM"
+ "BCShellMenu"    "BestCrypt Shell Extension DLL"    "Jetico, Inc."    "c:\program files (x86)\jetico\shared\bcshext.dll"    "11/9/2010 6:23 AM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/13/2009 10:53 PM"
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files\windows sidebar\sbdrop.dll"    "7/13/2009 7:32 PM"
+ "igfxcui"    "igfxpph Module"    "Intel Corporation"    "c:\windows\system32\igfxpph.dll"    "4/21/2010 11:39 AM"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/13/2009 10:53 PM"
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files (x86)\windows sidebar\sbdrop.dll"    "7/13/2009 7:09 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""    "11/19/2013 11:56 AM"
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"    "5/11/2013 3:34 AM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""    "11/19/2013 11:56 AM"
+ "axcrypt.File"    "AxCrypt Shell Extension"    "Axantum Software AB"    "c:\program files\axantum\axcrypt\shellext.dll"    "11/12/2012 8:09 AM"
+ "BCShellMenu"    "BestCrypt Shell Extension DLL"    "Jetico, Inc."    "c:\program files (x86)\jetico\shared64\bcshext.dll"    "11/9/2010 6:23 AM"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"    "2/28/2013 2:39 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""    "11/19/2013 11:56 AM"
+ "BCShellMenu"    "BestCrypt Shell Extension DLL"    "Jetico, Inc."    "c:\program files (x86)\jetico\shared\bcshext.dll"    "11/9/2010 6:23 AM"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""    "11/19/2013 11:56 AM"
+ "StuffItDropMenuHandler"    "StuffIt Shell Extension DLL"    "Smith Micro Software, Inc."    "c:\program files (x86)\smith micro\stuffit 2010\sxshellextx64.dll"    "10/29/2009 12:21 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""    "1/24/2014 7:12 PM"
+ " SkyDrive1"    "Microsoft SkyDrive Shell Extension"    "Microsoft Corporation"    "c:\users\mr x\appdata\local\microsoft\skydrive\16.4.6013.0910\amd64\skydriveshell64.dll"    "9/11/2012 12:15 AM"
+ " SkyDrive2"    "Microsoft SkyDrive Shell Extension"    "Microsoft Corporation"    "c:\users\mr x\appdata\local\microsoft\skydrive\16.4.6013.0910\amd64\skydriveshell64.dll"    "9/11/2012 12:15 AM"
+ " SkyDrive3"    "Microsoft SkyDrive Shell Extension"    "Microsoft Corporation"    "c:\users\mr x\appdata\local\microsoft\skydrive\16.4.6013.0910\amd64\skydriveshell64.dll"    "9/11/2012 12:15 AM"
+ "egisPSDP"    "PSD DragDrop Protection"    "Egis Technology Inc."    "c:\program files (x86)\egistec mywinlocker\x64\psdprotect.dll"    "5/26/2010 5:34 AM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""    "2/3/2014 5:13 PM"
+ " SkyDrive1"    "Microsoft SkyDrive Shell Extension"    "Microsoft Corporation"    "c:\users\mr x\appdata\local\microsoft\skydrive\16.4.6013.0910\skydriveshell.dll"    "9/11/2012 12:29 AM"
+ " SkyDrive2"    "Microsoft SkyDrive Shell Extension"    "Microsoft Corporation"    "c:\users\mr x\appdata\local\microsoft\skydrive\16.4.6013.0910\skydriveshell.dll"    "9/11/2012 12:29 AM"
+ " SkyDrive3"    "Microsoft SkyDrive Shell Extension"    "Microsoft Corporation"    "c:\users\mr x\appdata\local\microsoft\skydrive\16.4.6013.0910\skydriveshell.dll"    "9/11/2012 12:29 AM"
+ "egisPSDP"    "PSD DragDrop Protection"    "Egis Technology Inc."    "c:\program files (x86)\egistec mywinlocker\x86\psdprotect.dll"    "5/26/2010 5:30 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "1/24/2014 7:12 PM"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files\java\jre7\bin\jp2ssv.dll"    "3/1/2013 6:30 AM"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files\java\jre7\bin\ssv.dll"    "3/1/2013 6:30 AM"
+ "TMIEGBHO Class"    ""    "Trend Micro Inc."    "c:\program files (x86)\trend micro\browser guard\x64\tmams64.dll"    "2/25/2011 6:20 AM"
+ "Windows Live ID Sign-in Helper"    "Microsoft® Windows Live ID Login Helper"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"    "7/17/2012 4:11 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "2/3/2014 5:13 PM"
+ "HP Print Enhancer"    "HP Smart Web Printing add-on for Internet Explorer"    "Hewlett-Packard Co."    "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll"    "5/19/2009 10:23 PM"
+ "HP Smart BHO Class"    "HP Smart Web Printing add-on for Internet Explorer"    "Hewlett-Packard Co."    "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll"    "5/19/2009 10:23 PM"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"    "12/18/2013 11:01 PM"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\ssv.dll"    "12/18/2013 11:00 PM"
+ "TMIEGBHO Class"    ""    "Trend Micro Inc."    "c:\program files (x86)\trend micro\browser guard\tmams.dll"    "2/25/2011 6:16 AM"
+ "Windows Live ID Sign-in Helper"    "Microsoft® Windows Live ID Login Helper"    "Microsoft Corp."    "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"    "7/17/2012 3:46 PM"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""    "12/24/2013 2:14 PM"
+ "Trend Micro BG Toolbar"    ""    "Trend Micro Inc."    "c:\program files (x86)\trend micro\browser guard\x64\tmieg64.dll"    "2/25/2011 6:19 AM"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""    "12/12/2013 9:32 PM"
+ "Trend Micro BG Toolbar"    ""    "Trend Micro Inc."    "c:\program files (x86)\trend micro\browser guard\tmieg.dll"    "2/25/2011 6:15 AM"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"    ""    ""    ""    "12/12/2013 9:32 PM"
+ "&Blog This in Windows Live Writer"    "Windows Live Writer Blog This Extension"    "Microsoft Corporation"    "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"    "9/12/2012 4:43 PM"
+ "Show or hide HP Smart Web Printing"    "HP Smart Web Printing add-on for Internet Explorer"    "Hewlett-Packard Co."    "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll"    "5/19/2009 10:23 PM"
"Task Scheduler"    ""    ""    ""    ""
+ "\Apple\AppleSoftwareUpdate"    "Apple Software Update"    "Apple Inc."    "c:\program files (x86)\apple software update\softwareupdate.exe"    "6/1/2011 6:46 PM"
+ "\CCleanerSkipUAC"    "CCleaner"    "Piriform Ltd"    "c:\program files\ccleaner\ccleaner.exe"    "12/13/2013 9:35 AM"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan"    "Microsoft Malware Protection Command Line Utility"    "Microsoft Corporation"    "c:\program files\microsoft security client\mpcmdrun.exe"    "10/23/2013 6:11 PM"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task"    "Windows Live Social Object Extractor Engine"    "Microsoft Corporation"    "c:\program files (x86)\windows live\soxe\wlsoxe.dll"    "9/12/2012 4:43 PM"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"    "6/10/2009 2:36 PM"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"    "7/13/2009 6:24 PM"
X "\SidebarExecute"    "Windows Desktop Gadgets"    "Microsoft Corporation"    "c:\program files\windows sidebar\sidebar.exe"    "7/13/2009 5:57 PM"
+ "\TidyNetwork Update"    ""    ""    "File not found: C:\Users\Mr X\AppData\Local\TidyNetwork.com\tidy2update.exe"    ""
+ "\UALU notificatin"    "ALURecover"    "Acer Incorporated"    "c:\program files\acer\acer updater\ualu.exe"    "2/5/2012 8:32 PM"
+ "\{4232CA01-3CD9-4B5C-B111-1BF22C8F606B}"    "Firefox"    "Mozilla Corporation"    "c:\program files (x86)\mozilla firefox\firefox.exe"    "1/28/2014 12:42 AM"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "2/3/2014 4:27 PM"
+ "!SASCORE"    "SUPERAntiSpyware Core Service"    "SUPERAntiSpyware.com"    "c:\program files\superantispyware\sascore64.exe"    "7/11/2012 12:54 PM"
+ "AdobeARMservice"    "Adobe Acrobat Updater keeps your Adobe software up to date."    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"    "11/21/2013 10:55 AM"
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"    "1/6/2014 11:38 PM"
+ "Apple Mobile Device"    "Provides the interface to Apple mobile devices."    "Apple Inc."    "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"    "5/17/2012 9:06 PM"
+ "BCWipeSvc"    "BCWipe service"    "Jetico, Inc."    "c:\program files (x86)\jetico\bcwipe\bcwipesvc.exe"    "5/21/2010 2:30 AM"
+ "BingDesktopUpdate"    "Bing Desktop Update Service"    "Microsoft Corp."    "c:\program files (x86)\microsoft\bingdesktop\bingdesktopupdater.exe"    "6/26/2013 10:11 PM"
+ "Bonjour Service"    "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence."    "Apple Inc."    "c:\program files\bonjour\mdnsresponder.exe"    "8/30/2011 11:52 PM"
+ "cvhsvc"    "Client Virtualization Handler Service (unlocalized description)"    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe"    "4/22/2013 3:57 AM"
+ "DsiWMIService"    "Dritek WMI Service"    "Dritek System Inc."    "c:\program files (x86)\launch manager\dsiwmis.exe"    "6/22/2010 12:32 AM"
+ "ePowerSvc"    "Acer ePower Service"    "Acer Incorporated"    "c:\program files\acer\acer epower management\epowersvc.exe"    "4/22/2010 8:19 PM"
+ "FLEXnet Licensing Service"    "This service performs licensing functions on behalf of FLEXnet enabled products."    "Acresso Software Inc."    "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"    "4/10/2008 10:51 AM"
+ "FreemakeVideoCapture"    "CaptureLibService"    "Ellora Assets Corp."    "c:\program files (x86)\freemake\capturelib\capturelibservice.exe"    "11/1/2013 1:40 AM"
+ "fsssvc"    "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work."    "Microsoft Corporation"    "c:\program files (x86)\windows live\family safety\fsssvc.exe"    "9/12/2012 4:41 PM"
+ "GameConsoleService"    "GameConsole management services"    "WildTangent, Inc."    "c:\program files (x86)\acer games\acer game console\gameconsoleservice.exe"    "4/3/2010 5:01 PM"
+ "GREGService"    "Global Registration Service"    "Acer Incorporated"    "c:\program files (x86)\acer\registration\gregsvc.exe"    "11/12/2009 3:18 AM"
+ "gupdate"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"    "10/13/2009 5:04 PM"
+ "gupdatem"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"    "10/13/2009 5:04 PM"
+ "HP LaserJet Service"    "A system service that allows HP Software to easily connect to your LaserJet for everyday tasks."    "HP"    "c:\program files (x86)\hp\hplaserjetservice\hplaserjetservice.exe"    "10/25/2010 2:53 PM"
+ "hpqcxs08"    "HP CUE Context Manager Objects"    "Hewlett-Packard Co."    "c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll"    "5/21/2009 7:21 PM"
+ "hpqddsvc"    "This service detects and monitors CUE devices on the system."    "Hewlett-Packard Co."    "c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll"    "5/21/2009 11:02 PM"
+ "HPSLPSVC"    "Discovers and monitors the state and the configuration of the HP devices attached to your network. If the service is stopped, and your network devices change IP addresses, they might become unavailable"    "Hewlett-Packard Co."    "c:\users\mr x\appdata\local\temp\7zs065f\hpslpsvc64.dll"    "10/22/2010 2:06 PM"
+ "IDriverT"    "Provides support for the Running Object Table for InstallShield Drivers"    "Macrovision Corporation"    "c:\program files (x86)\common files\installshield\driver\1150\intel 32\idrivert.exe"    "11/14/2005 1:06 AM"
+ "iPod Service"    "iPod hardware management services"    "Apple Inc."    "c:\program files\ipod\bin\ipodservice.exe"    "10/1/2013 1:51 AM"
+ "Live Updater Service"    "Updater Service"    "Acer Incorporated"    "c:\program files\acer\acer updater\updaterservice.exe"    "4/2/2012 11:49 PM"
+ "LMS"    "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces."    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"    "3/3/2010 4:33 PM"
+ "MBAMScheduler"    "Malwarebytes Anti-Malware scheduler"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"    "2/28/2013 2:38 PM"
+ "MBAMService"    "Malwarebytes Anti-Malware service"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"    "2/28/2013 2:38 PM"
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"    "1/27/2014 10:50 PM"
+ "MsMpSvc"    "Helps protect users from malware and other potentially unwanted software"    "Microsoft Corporation"    "c:\program files\microsoft security client\msmpeng.exe"    "10/23/2013 6:11 PM"
+ "MWLService"    "MyWinLocker Service"    "Egis Technology Inc."    "c:\program files (x86)\egistec mywinlocker\x86\mwlservice.exe"    "5/26/2010 5:31 AM"
+ "Net Driver HPZ12"    "Dot4Net Module"    "Hewlett-Packard"    "c:\windows\system32\hpzinw12.dll"    "8/5/2010 11:45 PM"
+ "NisSrv"    "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols"    "Microsoft Corporation"    "c:\program files\microsoft security client\nissrv.exe"    "10/23/2013 6:11 PM"
+ "NOBU"    "Norton Online Backup Service"    "Symantec Corporation"    "c:\program files (x86)\symantec\norton online backup\nobuagent.exe"    "6/1/2010 1:31 PM"
+ "NTI IScheduleSvc"    "NTI IShadow Manage backup/Sync jobs and  etc..."    "NewTech Infosystems, Inc."    "c:\program files (x86)\newtech infosystems\acer backup manager\ischedulesvc.exe"    "3/8/2010 2:58 AM"
+ "NTIBackupSvc"    "NTI Backup Now 5 Backup service for backup(restore).  "    "NewTech InfoSystems, Inc."    "c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe"    "10/30/2009 2:36 AM"
+ "NTISchedulerSvc"    "NTI Backup Now 5 Manage BackupNow backup jobs and  etc..."    "NewTech Infosystems, Inc."    "c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe"    "10/30/2009 2:36 AM"
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"    "1/9/2010 10:16 PM"
+ "osppsvc"    "Office Software Protection Platform Service (unlocalized description)"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"    "8/11/2009 8:00 PM"
+ "Pml Driver HPZ12"    "PmlDrv Module"    "Hewlett-Packard"    "c:\windows\system32\hpzipm12.dll"    "8/5/2010 11:45 PM"
+ "RUBotSrv"    "Trend Micro service for RUBotted tool"    "Trend Micro Inc."    "c:\program files (x86)\trend micro\rubotted\rubotsrv.exe"    "7/25/2013 4:09 AM"
+ "SafeIPS"    "SafeIP proxy service component"    "SafeIP"    "c:\program files (x86)\safeip\safeips.exe"    "6/28/2013 9:20 PM"
+ "Secunia PSI Agent"    "Performs routine software inspections of the system, the results of which can be seen in your Secunia PSI"    "Secunia"    "c:\program files (x86)\secunia\psi\psia.exe"    "7/20/2012 5:16 AM"
+ "Secunia Update Agent"    "Performs routine updates of selected software on the system, the results of which can be seen in your Secunia PSI"    "Secunia"    "c:\program files (x86)\secunia\psi\sua.exe"    "7/20/2012 5:12 AM"
+ "sftlist"    "Streams and manages applications."    "Microsoft Corporation"    "c:\program files (x86)\microsoft application virtualization client\sftlist.exe"    "6/25/2013 1:04 PM"
+ "sftvsa"    "Monitors global service events and launches virtual services."    "Microsoft Corporation"    "c:\program files (x86)\microsoft application virtualization client\sftvsa.exe"    "6/25/2013 1:02 PM"
+ "SkypeUpdate"    "Enables the detection, download and installation of updates for Skype."    "Skype Technologies"    "c:\program files (x86)\skype\updater\updater.exe"    "10/23/2013 2:12 AM"
+ "Steam Client Service"    "Steam Client Service monitors and updates Steam content"    "Valve Corporation"    "c:\program files (x86)\common files\steam\steamservice.exe"    "3/29/2013 12:41 PM"
+ "Stuffit Archive Name Service"    "StuffIt monitor for archive files"    "Smith Micro Software, Inc."    "c:\program files (x86)\smith micro\stuffit 2010\arcnameservice.exe"    "10/29/2009 10:50 AM"
+ "UNS"    "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device."    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"    "3/3/2010 4:35 PM"
+ "WinDefend"    "Protection against spyware and potentially unwanted software"    "Microsoft Corporation"    "c:\program files\windows defender\mpsvc.dll"    "7/13/2009 7:29 PM"
+ "wlidsvc"    "Enables Windows Live ID authentication."    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"    "7/17/2012 4:11 PM"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"    "7/13/2009 6:24 PM"
+ "YahooAUService"    "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements."    "Yahoo! Inc."    "c:\program files (x86)\yahoo!\softwareupdate\yahooauservice.exe"    "11/9/2008 2:47 PM"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "2/3/2014 4:27 PM"
+ "adp94xx"    "Adaptec Windows SAS/SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adp94xx.sys"    "12/5/2008 5:54 PM"
+ "adpahci"    "Adaptec Windows SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpahci.sys"    "5/1/2007 11:30 AM"
+ "adpu320"    "Adaptec StorPort Ultra320 SCSI Driver (X64)"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpu320.sys"    "2/27/2007 6:04 PM"
+ "aliide"    "ALi mini IDE Driver"    "Acer Laboratories Inc."    "c:\windows\system32\drivers\aliide.sys"    "7/13/2009 5:19 PM"
+ "amdsata"    "AHCI 1.2 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"    "3/18/2010 6:45 PM"
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"    "3/20/2009 12:36 PM"
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"    "3/19/2010 10:18 AM"
+ "AmUStor"    "Alocr Micro USB Mass Storage Driver"    "Alcor Micro, Corp."    "c:\windows\system32\drivers\amustor.sys"    "5/26/2009 7:32 AM"
+ "arc"    "Adaptec RAID Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arc.sys"    "5/24/2007 3:27 PM"
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arcsas.sys"    "1/14/2009 1:27 PM"
+ "athr"    "Atheros Extensible Wireless LAN device driver"    "Atheros Communications, Inc."    "c:\windows\system32\drivers\athrx.sys"    "3/31/2010 7:54 PM"
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\bxvbda.sys"    "2/13/2009 4:18 PM"
+ "b57nd60a"    "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\b57nd60a.sys"    "4/26/2009 5:14 AM"
+ "BCM43XX"    "Broadcom 802.11 Network Adapter wireless driver"    "Broadcom Corporation"    "c:\windows\system32\drivers\bcmwl664.sys"    "3/26/2009 7:06 PM"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"    "8/6/2006 7:51 PM"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"    "8/6/2006 7:51 PM"
+ "Brserid"    "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserid.sys"    "8/6/2006 7:51 PM"
+ "BrSerWdm"    "Brother Serial driver (WDM version)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserwdm.sys"    "8/6/2006 7:51 PM"
+ "BrUsbMdm"    "Brother USB MDM Driver "    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbmdm.sys"    "8/6/2006 7:51 PM"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"    "8/9/2006 6:11 AM"
+ "CH341SER_A64"    "WDM_64 for CH341 serial, by W.ch"    "www.winchiphead.com"    "c:\windows\system32\drivers\ch341s64.sys"    "11/4/2011 10:34 PM"
+ "cmdide"    "CMD PCI IDE Bus Driver"    "CMD Technology, Inc."    "c:\windows\system32\drivers\cmdide.sys"    "7/13/2009 5:19 PM"
+ "dtsoftbus01"    "DAEMON Tools Virtual Bus Driver"    "DT Soft Ltd"    "c:\windows\system32\drivers\dtsoftbus01.sys"    "1/13/2012 7:45 AM"
+ "ebdrv"    "Broadcom NetXtreme II 10 GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\evbda.sys"    "12/31/2008 10:29 AM"
+ "elxstor"    "Storport Miniport Driver for LightPulse HBAs"    "Emulex"    "c:\windows\system32\drivers\elxstor.sys"    "2/3/2009 4:52 PM"
+ "esgiguard"    ""    ""    "File not found: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"    ""
+ "GEARAspiWDM"    "CD DVD Filter"    "GEAR Software Inc."    "c:\windows\system32\drivers\gearaspiwdm.sys"    "5/3/2012 1:56 PM"
+ "hcw85cir"    "Hauppauge WinTV 885 Consumer IR Driver for eHome"    "Hauppauge Computer Works, Inc."    "c:\windows\system32\drivers\hcw85cir.sys"    "5/11/2009 2:26 AM"
+ "HECIx64"    "Intel® Management Engine Interface"    "Intel Corporation"    "c:\windows\system32\drivers\hecix64.sys"    "9/17/2009 1:54 PM"
+ "HPFXBULKLEDM"    "LEDM BULK"    "Hewlett Packard"    "c:\windows\system32\drivers\hppdbulkio.sys"    "4/29/2008 10:00 AM"
+ "HPFXFAX"    "LEDM FAX"    "Hewlett Packard"    "c:\windows\system32\drivers\hppdfaxio.sys"    "4/29/2008 10:00 AM"
+ "HpSAMD"    "Smart Array SAS/SATA Controller Media Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpsamd.sys"    "5/18/2009 5:43 PM"
+ "iaStor"    "Intel Rapid Storage Technology driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastor.sys"    "3/3/2010 8:51 PM"
+ "iaStorV"    "Intel Matrix Storage Manager driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorv.sys"    "3/5/2010 3:27 PM"
+ "igfx"    "Intel Graphics Kernel Mode Driver"    "Intel Corporation"    "c:\windows\system32\drivers\igdkmd64.sys"    "4/21/2010 12:18 PM"
+ "iirsp"    "Intel/ICP Raid Storport Driver"    "Intel Corp./ICP vortex GmbH"    "c:\windows\system32\drivers\iirsp.sys"    "12/13/2005 3:47 PM"
+ "Impcd"    "Intel® Turbo Boost Technology Driver"    "Intel Corporation"    "c:\windows\system32\drivers\impcd.sys"    "2/26/2010 5:32 PM"
+ "IntcAzAudAddService"    "Realtek® High Definition Audio Function Driver"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtkvhd64.sys"    "12/10/2009 3:38 AM"
+ "IntcDAud"    "Intel® Display Audio Driver"    "Intel® Corporation"    "c:\windows\system32\drivers\intcdaud.sys"    "2/3/2010 7:38 AM"
+ "k57nd60a"    "Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\k57nd60a.sys"    "10/30/2013 1:14 AM"
+ "L1E"    "Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)"    "Atheros Communications, Inc."    "c:\windows\system32\drivers\l1e62x64.sys"    "6/11/2009 12:45 AM"
+ "LSI_FC"    "LSI Fusion-MPT FC Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_fc.sys"    "12/9/2008 4:46 PM"
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas.sys"    "5/18/2009 6:20 PM"
+ "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas2.sys"    "5/18/2009 6:31 PM"
+ "LSI_SCSI"    "LSI Fusion-MPT SCSI Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_scsi.sys"    "4/16/2009 4:13 PM"
+ "mbamchameleon"    "Malwarebytes Chameleon Protection Driver"    "Malwarebytes Corporation"    "c:\windows\system32\drivers\mbamchameleon.sys"    "9/3/2013 4:56 PM"
+ "MBAMProtector"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\windows\system32\drivers\mbam.sys"    "2/28/2013 2:33 PM"
+ "megasas"    "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64"    "LSI Corporation"    "c:\windows\system32\drivers\megasas.sys"    "5/18/2009 7:09 PM"
+ "MegaSR"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."    "c:\windows\system32\drivers\megasr.sys"    "5/18/2009 7:25 PM"
+ "MpKsl2c3a5334"    ""    ""    "File not found: c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0F1F94D1-8477-4A31-9648-EA5DD6B12462}\MpKsl2c3a5334.sys"    ""
+ "mwlPSDFilter"    "mwlPSDFilter Filter Driver"    "Egis Technology Inc."    "c:\windows\system32\drivers\mwlpsdfilter.sys"    "6/2/2009 4:07 AM"
+ "mwlPSDNServ"    "mwlPSDNServ Driver"    "Egis Technology Inc."    "c:\windows\system32\drivers\mwlpsdnserv.sys"    "6/2/2009 4:07 AM"
+ "mwlPSDVDisk"    "mwlPSDVdisk Driver"    "Egis Technology Inc."    "c:\windows\system32\drivers\mwlpsdvdisk.sys"    "6/2/2009 4:15 AM"
+ "nfrd960"    "IBM ServeRAID Controller Driver"    "IBM Corporation"    "c:\windows\system32\drivers\nfrd960.sys"    "6/6/2006 3:11 PM"
+ "npf"    "npf.sys (NT5/6 AMD64) Kernel Driver"    "CACE Technologies, Inc."    "c:\windows\system32\drivers\npf.sys"    "6/25/2010 10:50 AM"
+ "NTIDrvr"    "NTI CD-ROM Filter Driver"    "NewTech Infosystems, Inc."    "c:\windows\system32\drivers\ntidrvr.sys"    "3/24/2009 9:09 PM"
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"    "3/19/2010 2:59 PM"
+ "nvstor"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"    "3/19/2010 2:45 PM"
+ "PSI"    "PSI mini-filter driver"    "Secunia"    "c:\windows\system32\drivers\psi_mf.sys"    "9/1/2010 1:53 AM"
+ "ql2300"    "QLogic Fibre Channel Stor Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql2300.sys"    "1/22/2009 5:05 PM"
+ "ql40xx"    "QLogic iSCSI Storport Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql40xx.sys"    "5/18/2009 7:18 PM"
+ "SASDIFSV"    "SASDIFSV64.SYS"    "SUPERAdBlocker.com and SUPERAntiSpyware.com"    "c:\program files\superantispyware\sasdifsv64.sys"    "7/21/2011 5:03 PM"
+ "SASKUTIL"    "SASKUTIL64.SYS"    "SUPERAdBlocker.com and SUPERAntiSpyware.com"    "c:\program files\superantispyware\saskutil64.sys"    "7/12/2011 3:00 PM"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"    "9/13/2006 7:18 AM"
+ "Ser2ph"    "Microsoft USB GPS driver"    "Prolific Technology Inc."    "c:\windows\system32\drivers\ser2ph64.sys"    "3/12/2007 1:25 AM"
+ "Ser2pl"    "USB-to-Serial Cable Driver"    "Prolific Technology Inc."    "c:\windows\system32\drivers\ser2pl64.sys"    "10/17/2013 5:02 AM"
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisraid2.sys"    "9/24/2008 12:28 PM"
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"    "10/1/2008 3:56 PM"
+ "stexstor"    "Promise  SuperTrak EX Series Driver for Windows "    "Promise Technology"    "c:\windows\system32\drivers\stexstor.sys"    "2/17/2009 5:03 PM"
+ "SynTP"    "Synaptics Touchpad Driver"    "Synaptics Incorporated"    "c:\windows\system32\drivers\syntp.sys"    "9/17/2009 8:30 PM"
+ "UBHelper"    "NTI CDROM Filter Driver"    "NewTech Infosystems Corporation"    "c:\windows\system32\drivers\ubhelper.sys"    "4/27/2009 2:48 AM"
+ "USBAAPL64"    "Apple Mobile Device USB Driver"    "Apple, Inc."    "c:\windows\system32\drivers\usbaapl64.sys"    "9/28/2012 11:32 AM"
+ "usbbus"    ""    ""    "File not found: system32\DRIVERS\lgx64bus.sys"    ""
+ "UsbDiag"    "LGE CDMA USB Serial Port"    ""    "File not found: system32\DRIVERS\lgx64diag.sys"    ""
+ "USBModem"    "LGE CDMA Modem Support"    ""    "File not found: system32\DRIVERS\lgx64modem.sys"    ""
+ "viaide"    "VIA Generic PCI IDE Bus Driver"    "VIA Technologies, Inc."    "c:\windows\system32\drivers\viaide.sys"    "7/13/2009 5:19 PM"
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd"    "c:\windows\system32\drivers\vsmraid.sys"    "1/30/2009 7:18 PM"
+ "WDC_SAM"    "Manages WD external storage products."    "Western Digital Technologies"    "c:\windows\system32\drivers\wdcsam64.sys"    "4/16/2008 2:39 AM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "4/18/2013 2:44 PM"
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"    "7/13/2009 7:28 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "2/2/2014 7:43 PM"
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codeca.acm"    "7/13/2009 7:06 PM"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\syswow64\iccvid.dll"    "7/29/2010 12:20 AM"
+ "vidc.DIVX"    "DivX"    "DivX, Inc."    "c:\windows\syswow64\divx.dll"    "2/19/2010 1:26 PM"
+ "VIDC.FFDS"    "ffdshow VFW"    ""    "c:\windows\syswow64\ff_vfw.dll"    "4/8/2012 4:40 PM"
+ "vidc.yv12"    "DivX"    "DivX, Inc."    "c:\windows\syswow64\divx.dll"    "2/19/2010 1:26 PM"
"HKLM\Software\Classes\Filter"    ""    ""    ""    "2/3/2014 5:11 PM"
+ "MainConcept MPEG Demultiplexer"    "MPEG-1/2 Demultiplexer"    "MainConcept GmbH"    "c:\program files (x86)\divx\divx transcode engine\plugins\mc_demux_mp2_ds.ax"    "4/10/2013 5:21 AM"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""    "7/13/2009 10:53 PM"
+ "DivX Decoder Filter"    "DivX Decoder Filter"    "DivX, Inc."    "c:\program files\divx\divx codec\divxdec.ax"    "4/2/2010 2:21 PM"
+ "Haali Matroska Muxer"    "Haali Media Splitter"    ""    "c:\program files (x86)\haali\matroskasplitter\splitter.x64.ax"    "3/3/2011 5:40 AM"
+ "Haali Media Splitter"    "Haali Media Splitter"    ""    "c:\program files (x86)\haali\matroskasplitter\splitter.x64.ax"    "3/3/2011 5:40 AM"
+ "Haali Media Splitter (AR)"    "Haali Media Splitter"    ""    "c:\program files (x86)\haali\matroskasplitter\splitter.x64.ax"    "3/3/2011 5:40 AM"
+ "Haali Simple Media Splitter"    "Haali Media Splitter"    ""    "c:\program files (x86)\haali\matroskasplitter\splitter.x64.ax"    "3/3/2011 5:40 AM"
+ "Haali Video Renderer"    ""    ""    "c:\program files (x86)\haali\matroskasplitter\dxr.x64.dll"    "3/3/2011 5:38 AM"
+ "Haali Video Sink"    "Haali Media Splitter"    ""    "c:\program files (x86)\haali\matroskasplitter\splitter.x64.ax"    "3/3/2011 5:40 AM"
+ "LAV Audio Decoder"    "LAV Audio Decoder - DirectShow Audio Decoder"    "1f0.de - Hendrik Leppkes"    "c:\program files (x86)\lavmediacodec\x64\lavaudio.ax"    "2/10/2013 7:13 AM"
+ "LAV Splitter"    "LAV Splitter - DirectShow Media Splitter"    "1f0.de - Hendrik Leppkes"    "c:\program files (x86)\lavmediacodec\x64\lavsplitter.ax"    "2/10/2013 7:13 AM"
+ "LAV Splitter Source"    "LAV Splitter - DirectShow Media Splitter"    "1f0.de - Hendrik Leppkes"    "c:\program files (x86)\lavmediacodec\x64\lavsplitter.ax"    "2/10/2013 7:13 AM"
+ "LAV Video Decoder"    "LAV Video Decoder - DirectShow Video Decoder"    "1f0.de - Hendrik Leppkes"    "c:\program files (x86)\lavmediacodec\x64\lavvideo.ax"    "2/10/2013 7:13 AM"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""    "7/30/2012 8:20 PM"
+ "AC3Filter"    "ac3filter"    ""    "c:\windows\syswow64\ac3filter.ax"    "7/9/2008 2:06 AM"
+ "Audio Destination"    "WAVDest Filter (Sample)"    "Microsoft Corporation"    "c:\program files (x86)\google\google earth\client\wavdest.ax"    "10/7/2013 1:33 PM"
+ "Capture File Writer"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "9/12/2012 4:42 PM"
+ "CyberLink Audio Decoder (PDVD9)"    "CyberLink Audio Decoder Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claud.ax"    "4/20/2010 2:26 AM"
+ "CyberLink Audio Effect (PDVD9)"    "CyberLink Audio Effect Filter"    "CyberLink Corporation"    "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudfx.ax"    "5/24/2009 9:31 PM"
+ "CyberLink Audio Spectrum Analyzer (PDVD9)"    "CLAudSpa.ax"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudspa.ax"    "11/9/2009 4:02 AM"
+ "CyberLink Audio Wizard"    "CyberLink Audio Wizard Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudwizard.ax"    "8/14/2009 7:26 AM"
+ "CyberLink AudioCD Filter (PDVD9)"    "CyberLink AudioCD Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudiocd.ax"    "5/15/2007 9:29 PM"
+ "Cyberlink Demuxer 2.0"    "CLDemuxer2"    "Cyberlink"    "c:\program files (x86)\cyberlink\powerdvd9\navfilter\cldemuxer2.ax"    "11/24/2009 3:29 AM"
+ "CyberLink Digest Filter (PDVD9)"    "DigestFilter Dynamic Link Library"    ""    "c:\program files (x86)\cyberlink\powerdvd9\digestfilter.dll"    "9/13/2009 8:21 PM"
+ "CyberLink DVD Navigator (PDVD9)"    "CyberLink DVD Navigation Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clnavx.ax"    "5/24/2010 9:15 PM"
+ "CyberLink FLV Splitter (PDVD9)"    "CyberLink FLV Splitter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clflvsplitter.ax"    "10/30/2009 2:20 AM"
+ "CyberLink HD/BD Mixer (PDVD9)"    "CLHBMixer"    " "    "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clhbmixer.ax"    "10/15/2009 3:20 AM"
+ "CyberLink Line21 Decoder (PDVD9)"    "CyberLink Line21 Decoder Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clline21.ax"    "6/10/2009 6:16 AM"
+ "CyberLink Matroska Splitter (PDVD9)"    "CyberLink Matroska Splitter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clmkvsplter.ax"    "12/4/2009 2:28 AM"
+ "CyberLink MPEG-4 Splitter (PDVD9)"    "CyberLink MPEG-4 Splitter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clm4splt.ax"    "3/14/2010 8:38 PM"
+ "CyberLink RealAudio Decoder (PDVD9)"    "CyberLink RealMedia Audio Decoder"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clrmaud.ax"    "12/24/2009 9:44 PM"
+ "CyberLink RealMedia Splitter (PDVD9)"    "CyberLink RealMedia Splitter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clrmsplitter.ax"    "11/3/2009 1:24 AM"
+ "CyberLink RealVideo Decoder (PDVD9)"    "CyberLink RealMedia Video Decoder"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clrmvd.ax"    "12/24/2009 9:42 PM"
+ "Cyberlink SubTitle Importor (PDVD9)"    "CLSubTitle.ax"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clsubtitle.ax"    "12/4/2009 4:16 AM"
+ "CyberLink TimeStretch Filter (PDVD9)"    "CLAuTS.ax"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clauts.ax"    "12/3/2009 7:14 AM"
+ "CyberLink Tzan Filter (PDVD9)"    "Cyberlink Tzan Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\videofilter\cltzan.ax"    "4/6/2010 8:10 PM"
+ "CyberLink Video/SP Decoder (PDVD9)"    "CyberLink Video/SP Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clvsd.ax"    "7/13/2010 4:17 AM"
+ "DivX AAC Decoder"    "AAC audio decoder filter"    "DivX, Inc."    "c:\program files (x86)\divx\divx plus directshow filters\daac.ax"    "3/5/2011 11:28 AM"
+ "DivX Decoder Filter"    "DivX Decoder Filter"    "DivX, Inc."    "c:\program files (x86)\divx\divx codec\divxdec.ax"    "7/26/2011 12:51 PM"
+ "DivX Demux Filter"    "DivX Plus DMF Navigator Filter"    "DivX, Inc."    "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"    "11/5/2012 10:04 PM"
+ "DivX Demux Filter (Unrestricted Edition)"    "DivX Plus DMF Navigator Filter"    "DivX, Inc."    "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"    "11/5/2012 10:04 PM"
+ "DivX H.264 Decoder"    "DivX H.264 Decoder Filter"    "DivX, Inc."    "c:\program files (x86)\divx\divx plus directshow filters\divxdech264.ax"    "4/2/2010 3:00 PM"
+ "ffdshow Audio Decoder"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files (x86)\ffdshow\ffdshow.ax"    "4/8/2012 4:40 PM"
+ "ffdshow Audio Processor"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files (x86)\ffdshow\ffdshow.ax"    "4/8/2012 4:40 PM"
+ "ffdshow DXVA Video Decoder"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files (x86)\ffdshow\ffdshow.ax"    "4/8/2012 4:40 PM"
+ "ffdshow raw video filter"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files (x86)\ffdshow\ffdshow.ax"    "4/8/2012 4:40 PM"
+ "ffdshow subtitles filter"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files (x86)\ffdshow\ffdshow.ax"    "4/8/2012 4:40 PM"
+ "ffdshow Video Decoder"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files (x86)\ffdshow\ffdshow.ax"    "4/8/2012 4:40 PM"
+ "Haali Matroska Muxer"    "Haali Media Splitter"    ""    "c:\program files (x86)\haali\matroskasplitter\splitter.ax"    "3/3/2011 5:40 AM"
+ "Haali Media Splitter"    "Haali Media Splitter"    ""    "c:\program files (x86)\haali\matroskasplitter\splitter.ax"    "3/3/2011 5:40 AM"
+ "Haali Media Splitter (AR)"    "Haali Media Splitter"    ""    "c:\program files (x86)\haali\matroskasplitter\splitter.ax"    "3/3/2011 5:40 AM"
+ "Haali Simple Media Splitter"    "Haali Media Splitter"    ""    "c:\program files (x86)\haali\matroskasplitter\splitter.ax"    "3/3/2011 5:40 AM"
+ "Haali Video Renderer"    ""    ""    "c:\program files (x86)\haali\matroskasplitter\dxr.dll"    "3/3/2011 5:38 AM"
+ "Haali Video Sink"    "Haali Media Splitter"    ""    "c:\program files (x86)\haali\matroskasplitter\splitter.ax"    "3/3/2011 5:40 AM"
+ "LAV Audio Decoder"    "LAV Audio Decoder - DirectShow Audio Decoder"    "1f0.de - Hendrik Leppkes"    "c:\program files (x86)\lavmediacodec\x86\lavaudio.ax"    "2/10/2013 7:11 AM"
+ "LAV Splitter"    "LAV Splitter - DirectShow Media Splitter"    "1f0.de - Hendrik Leppkes"    "c:\program files (x86)\lavmediacodec\x86\lavsplitter.ax"    "2/10/2013 7:11 AM"
+ "LAV Splitter Source"    "LAV Splitter - DirectShow Media Splitter"    "1f0.de - Hendrik Leppkes"    "c:\program files (x86)\lavmediacodec\x86\lavsplitter.ax"    "2/10/2013 7:11 AM"
+ "LAV Video Decoder"    "LAV Video Decoder - DirectShow Video Decoder"    "1f0.de - Hendrik Leppkes"    "c:\program files (x86)\lavmediacodec\x86\lavvideo.ax"    "2/10/2013 7:11 AM"
+ "MainConcept MPEG Demultiplexer"    "MPEG-1/2 Demultiplexer"    "MainConcept GmbH"    "c:\program files (x86)\divx\divx transcode engine\plugins\mc_demux_mp2_ds.ax"    "4/10/2013 5:21 AM"
+ "MainConcept Stream Parser"    "MPEG-1/2 Demultiplexer"    "MainConcept GmbH"    "c:\program files (x86)\divx\divx transcode engine\plugins\mc_demux_mp2_ds.ax"    "4/10/2013 5:21 AM"
+ "Record Queue"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "9/12/2012 4:42 PM"
+ "SlideShow"    ""    ""    "c:\program files (x86)\newtech infosystems\nti media maker 8\photo maker\slideshow.ax"    "6/23/2009 3:14 AM"
+ "WM VIH2 Fix"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "9/12/2012 4:42 PM"
+ "WMT DV Extract Filter"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "9/12/2012 4:42 PM"
+ "WMT Sample Info Filter"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "9/12/2012 4:42 PM"
+ "WMT Switch Filter"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "9/12/2012 4:42 PM"
+ "WMT Virtual Renderer"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "9/12/2012 4:42 PM"
+ "WMT Virtual Source"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "9/12/2012 4:42 PM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers"    ""    ""    ""    "7/13/2009 10:53 PM"
+ "WLIDCredentialProvider"    "Microsoft® Windows Live ID Credential Provider"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"    "7/17/2012 4:11 PM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"    ""    ""    ""    "2/2/2014 7:43 PM"
+ "igfxcui"    "igfxdev Module"    "Intel Corporation"    "c:\windows\system32\igfxdev.dll"    "4/21/2010 11:38 AM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"    ""    ""    ""    "12/3/2012 9:47 PM"
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files (x86)\bonjour\mdnsnsp.dll"    "8/30/2011 11:44 PM"
+ "WindowsLive Local NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"    "7/17/2012 3:45 PM"
+ "WindowsLive NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"    "7/17/2012 3:45 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64"    ""    ""    ""    "12/3/2012 9:47 PM"
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files\bonjour\mdnsnsp.dll"    "8/30/2011 11:53 PM"
+ "WindowsLive Local NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"    "7/17/2012 4:09 PM"
+ "WindowsLive NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"    "7/17/2012 4:09 PM"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""    "2/2/2014 7:45 PM"
+ "HP Standard TCP/IP Port"    "Standard TCP/IP Port Monitor DLL"    "Hewlett Packard"    "c:\windows\system32\hptcpmon.dll"    "9/16/2009 7:14 AM"
+ "hpf3l083.dll"    "LanguageMonitor"    "Hewlett-Packard Company"    "c:\windows\system32\hpf3l083.dll"    "10/6/2008 4:09 AM"
+ "PCL hpf3lw73"    "LanguageMonitor"    "Hewlett-Packard Company"    "c:\windows\system32\hpf3lw73.dll"    "7/13/2009 7:27 PM"
 



#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:33 PM

Posted 04 February 2014 - 01:12 PM

Hi,

 

Re-open Autoruns, and press ctrl and f together. Type the name below into the box and click find next. Remove the check from the box next to the entry, and repeat for each one.

 

Acer ePower Management

AmIcoSinglun64

IgfxTray

Persistence

Adobe ARM

 

These ones are optional, read the links and decide for yourself:

 

HotKeysCmds - http://www.systemlookup.com/Startup/4221-hkcmd_exe.html

APSDaemon - http://www.bleepingcomputer.com/startups/APSDaemon.exe-27028.html

BackupManagerTray - http://www.bleepingcomputer.com/startups/BackupManagerTray.exe-25858.html

DivXMediaServer - http://www.systemlookup.com/Startup/25818-DivXMediaServer_exe.html

EgisTecPMMUpdate - http://www.systemlookup.com/Startup/23065-PmmUpdate_exe.html

EgisUpdate - http://www.systemlookup.com/Startup/20572-EgisUpdate_exe.html

 

Reboot and see how your computer is after this.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users