Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Removing Adobe Update Virus

Started by Ubermensch , Sep 15 2012 12:57 PM

  • Please log in to reply
15 replies to this topic

#1 Ubermensch

Ubermensch

    New Member

  • Members
  • Pip
  • 12 posts

Posted 15 September 2012 - 12:57 PM

Hello all, I have fallen victim to haphazardly installing a trojan from the fake adobe update. I've run multiple anti-virus/malware remover tools (independent of each other and disabled live protection to avoid conflicts). None of my anti-virus tools are discovering anymore malicious content, however, my web brower occasionally gets redirected when searching the web and I notice a bit more lag time in running programs and loading web pages, than is usual.

I am running Windows 7 64-bit and Internet Explorer 8. I have run the following anti-virus programs both in and out of safe mode: Free AVG, Microsoft Security Essentials, Malware Bytes, and Comodo. The only other relevant info I can reveal at this time is that I can't update the virus definitions of MSE. It returns error: 0x80070424. I appreciate any assistance anyone may provide. Thank you in advance!

 

  • BC Ads
  • BleepingComputer.com

#2 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 15 September 2012 - 01:41 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Ubermensch

Ubermensch

    New Member

  • Members
  • Pip
  • 12 posts

Posted 15 September 2012 - 02:31 PM

Narenxp, thank you for your assistance. I had an error occur upon running ESET that I will outline first followed by the two successfully run instructions


ESET Error Details: Error occurred during downloading updated definitions at 90% completion and initiated a forced restart of the computer

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: 109
BCP1: A3A039D89EDF8547
BCP2: B3B7465EF15DC205
BCP3: FFFFF8800338B5C0
BCP4: 0000000000000002
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\091512-34398-01.dmp
C:\Users\George\AppData\Local\Temp\WER-92102-0.sysdata.xml


TDSSKiller Log:

14:49:41.0489 6676 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:49:41.0848 6676 ============================================================
14:49:41.0848 6676 Current date / time: 2012/09/15 14:49:41.0848
14:49:41.0848 6676 SystemInfo:
14:49:41.0848 6676
14:49:41.0848 6676 OS Version: 6.1.7601 ServicePack: 1.0
14:49:41.0848 6676 Product type: Workstation
14:49:41.0848 6676 ComputerName: GEORGE-PC
14:49:41.0848 6676 UserName: George
14:49:41.0848 6676 Windows directory: C:\Windows
14:49:41.0848 6676 System windows directory: C:\Windows
14:49:41.0848 6676 Running under WOW64
14:49:41.0848 6676 Processor architecture: Intel x64
14:49:41.0848 6676 Number of processors: 4
14:49:41.0848 6676 Page size: 0x1000
14:49:41.0848 6676 Boot type: Normal boot
14:49:41.0848 6676 ============================================================
14:49:42.0643 6676 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:49:42.0659 6676 ============================================================
14:49:42.0659 6676 \Device\Harddisk0\DR0:
14:49:42.0659 6676 MBR partitions:
14:49:42.0659 6676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x164E000
14:49:42.0659 6676 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1662000, BlocksNum 0x1BB62000
14:49:42.0659 6676 ============================================================
14:49:42.0690 6676 C: <-> \Device\Harddisk0\DR0\Partition2
14:49:42.0690 6676 ============================================================
14:49:42.0690 6676 Initialize success
14:49:42.0690 6676 ============================================================
14:50:21.0815 4988 ============================================================
14:50:21.0815 4988 Scan started
14:50:21.0815 4988 Mode: Manual;
14:50:21.0815 4988 ============================================================
14:50:24.0374 4988 ================ Scan system memory ========================
14:50:24.0374 4988 System memory - ok
14:50:24.0374 4988 ================ Scan services =============================
14:50:25.0169 4988 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:50:25.0185 4988 1394ohci - ok
14:50:25.0278 4988 [ E0065CBF1A25C015C218457D2CD522B9 ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
14:50:25.0278 4988 Acceler - ok
14:50:25.0325 4988 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:50:25.0341 4988 ACPI - ok
14:50:25.0403 4988 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:50:25.0403 4988 AcpiPmi - ok
14:50:25.0668 4988 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:50:25.0668 4988 AdobeARMservice - ok
14:50:25.0793 4988 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:50:25.0809 4988 adp94xx - ok
14:50:25.0918 4988 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:50:25.0934 4988 adpahci - ok
14:50:25.0949 4988 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:50:25.0965 4988 adpu320 - ok
14:50:26.0027 4988 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:50:26.0027 4988 AeLookupSvc - ok
14:50:26.0136 4988 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
14:50:26.0136 4988 AESTFilters - ok
14:50:26.0277 4988 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:50:26.0292 4988 AFD - ok
14:50:26.0370 4988 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:50:26.0370 4988 agp440 - ok
14:50:26.0433 4988 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:50:26.0433 4988 ALG - ok
14:50:26.0480 4988 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:50:26.0495 4988 aliide - ok
14:50:26.0511 4988 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:50:26.0526 4988 amdide - ok
14:50:26.0573 4988 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:50:26.0573 4988 AmdK8 - ok
14:50:26.0589 4988 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:50:26.0604 4988 AmdPPM - ok
14:50:26.0651 4988 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:50:26.0651 4988 amdsata - ok
14:50:26.0682 4988 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:50:26.0682 4988 amdsbs - ok
14:50:26.0714 4988 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:50:26.0729 4988 amdxata - ok
14:50:26.0807 4988 [ CA5F1BD1261BC771D30096BBCFD625A0 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
14:50:26.0823 4988 ApfiltrService - ok
14:50:26.0916 4988 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:50:26.0932 4988 AppID - ok
14:50:26.0979 4988 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:50:27.0026 4988 AppIDSvc - ok
14:50:27.0088 4988 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:50:27.0088 4988 Appinfo - ok
14:50:27.0135 4988 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:50:27.0150 4988 Apple Mobile Device - ok
14:50:27.0182 4988 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:50:27.0182 4988 AppMgmt - ok
14:50:27.0213 4988 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:50:27.0213 4988 arc - ok
14:50:27.0244 4988 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:50:27.0244 4988 arcsas - ok
14:50:27.0400 4988 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:50:27.0431 4988 aspnet_state - ok
14:50:27.0447 4988 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:50:27.0447 4988 AsyncMac - ok
14:50:27.0478 4988 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:50:27.0478 4988 atapi - ok
14:50:27.0525 4988 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:50:27.0540 4988 AudioEndpointBuilder - ok
14:50:27.0556 4988 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:50:27.0572 4988 AudioSrv - ok
14:50:27.0774 4988 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
14:50:27.0852 4988 AVGIDSAgent - ok
14:50:27.0915 4988 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:50:27.0915 4988 AVGIDSDriver - ok
14:50:27.0946 4988 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
14:50:27.0946 4988 AVGIDSFilter - ok
14:50:27.0993 4988 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
14:50:28.0008 4988 AVGIDSHA - ok
14:50:28.0118 4988 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
14:50:28.0133 4988 Avgldx64 - ok
14:50:28.0164 4988 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
14:50:28.0180 4988 Avgmfx64 - ok
14:50:28.0274 4988 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
14:50:28.0274 4988 Avgrkx64 - ok
14:50:28.0367 4988 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
14:50:28.0383 4988 Avgtdia - ok
14:50:28.0430 4988 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:50:28.0430 4988 avgwd - ok
14:50:28.0461 4988 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:50:28.0461 4988 AxInstSV - ok
14:50:28.0508 4988 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:50:28.0523 4988 b06bdrv - ok
14:50:28.0554 4988 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:50:28.0554 4988 b57nd60a - ok
14:50:28.0601 4988 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:50:28.0601 4988 BDESVC - ok
14:50:28.0617 4988 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:50:28.0617 4988 Beep - ok
14:50:28.0664 4988 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:50:28.0664 4988 blbdrive - ok
14:50:28.0710 4988 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:50:28.0726 4988 Bonjour Service - ok
14:50:28.0757 4988 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:50:28.0757 4988 bowser - ok
14:50:28.0788 4988 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:50:28.0788 4988 BrFiltLo - ok
14:50:28.0804 4988 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:50:28.0804 4988 BrFiltUp - ok
14:50:28.0851 4988 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:50:28.0866 4988 Browser - ok
14:50:28.0882 4988 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:50:28.0898 4988 Brserid - ok
14:50:28.0913 4988 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:50:28.0913 4988 BrSerWdm - ok
14:50:28.0929 4988 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:50:28.0929 4988 BrUsbMdm - ok
14:50:28.0960 4988 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:50:28.0960 4988 BrUsbSer - ok
14:50:28.0991 4988 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:50:29.0007 4988 BTHMODEM - ok
14:50:29.0085 4988 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:50:29.0100 4988 bthserv - ok
14:50:29.0132 4988 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:50:29.0147 4988 cdfs - ok
14:50:29.0225 4988 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:50:29.0225 4988 cdrom - ok
14:50:29.0288 4988 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:50:29.0288 4988 CertPropSvc - ok
14:50:29.0319 4988 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
14:50:29.0334 4988 circlass - ok
14:50:29.0381 4988 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:50:29.0397 4988 CLFS - ok
14:50:29.0506 4988 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:50:29.0553 4988 clr_optimization_v2.0.50727_32 - ok
14:50:29.0600 4988 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:50:29.0615 4988 clr_optimization_v2.0.50727_64 - ok
14:50:29.0709 4988 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:50:29.0974 4988 clr_optimization_v4.0.30319_32 - ok
14:50:30.0036 4988 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:50:30.0099 4988 clr_optimization_v4.0.30319_64 - ok
14:50:30.0161 4988 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:50:30.0161 4988 CmBatt - ok
14:50:30.0192 4988 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:50:30.0192 4988 cmdide - ok
14:50:30.0239 4988 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:50:30.0255 4988 CNG - ok
14:50:30.0270 4988 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:50:30.0270 4988 Compbatt - ok
14:50:30.0302 4988 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:50:30.0302 4988 CompositeBus - ok
14:50:30.0317 4988 COMSysApp - ok
14:50:30.0348 4988 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:50:30.0348 4988 crcdisk - ok
14:50:30.0411 4988 [ 6E163FAAF624A03A88DFD92E607DE6E5 ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
14:50:30.0426 4988 Credential Vault Host Control Service - ok
14:50:30.0442 4988 [ 8884B4D345DDB029F43AD2E7ADD54A30 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
14:50:30.0442 4988 Credential Vault Host Storage - ok
14:50:30.0504 4988 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:50:30.0504 4988 CryptSvc - ok
14:50:30.0536 4988 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
14:50:30.0551 4988 CSC - ok
14:50:30.0598 4988 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
14:50:30.0614 4988 CscService - ok
14:50:30.0645 4988 [ A84CAAE89B487931200B969D94018AFA ] cvusbdrv C:\Windows\system32\Drivers\cvusbdrv.sys
14:50:30.0660 4988 cvusbdrv - ok
14:50:30.0692 4988 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:50:30.0723 4988 DcomLaunch - ok
14:50:30.0770 4988 [ 3562C84415080B8B0C4D695A43372E3E ] dcpsysmgrsvc c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
14:50:30.0785 4988 dcpsysmgrsvc - ok
14:50:30.0816 4988 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:50:30.0832 4988 defragsvc - ok
14:50:30.0848 4988 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:50:30.0863 4988 DfsC - ok
14:50:30.0894 4988 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:50:30.0894 4988 Dhcp - ok
14:50:30.0926 4988 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:50:30.0941 4988 discache - ok
14:50:30.0972 4988 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:50:30.0972 4988 Disk - ok
14:50:30.0988 4988 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
14:50:30.0988 4988 dmvsc - ok
14:50:31.0035 4988 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:50:31.0035 4988 Dnscache - ok
14:50:31.0066 4988 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:50:31.0082 4988 dot3svc - ok
14:50:31.0097 4988 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:50:31.0113 4988 DPS - ok
14:50:31.0128 4988 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:50:31.0128 4988 drmkaud - ok
14:50:31.0175 4988 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:50:31.0206 4988 DXGKrnl - ok
14:50:31.0284 4988 [ 60633132A929C09FE78FAB16541F9E71 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
14:50:31.0300 4988 e1cexpress - ok
14:50:31.0331 4988 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:50:31.0347 4988 EapHost - ok
14:50:31.0440 4988 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:50:31.0487 4988 ebdrv - ok
14:50:31.0534 4988 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:50:31.0534 4988 EFS - ok
14:50:31.0596 4988 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:50:31.0596 4988 ehRecvr - ok
14:50:31.0628 4988 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:50:31.0628 4988 ehSched - ok
14:50:31.0659 4988 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:50:31.0674 4988 elxstor - ok
14:50:31.0690 4988 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:50:31.0690 4988 ErrDev - ok
14:50:31.0737 4988 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:50:31.0737 4988 EventSystem - ok
14:50:31.0877 4988 [ 5C08B9A2BAAEC1F33C2D50FD166DEEBB ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:50:31.0908 4988 EvtEng - ok
14:50:31.0940 4988 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:50:31.0955 4988 exfat - ok
14:50:31.0986 4988 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:50:31.0986 4988 fastfat - ok
14:50:32.0033 4988 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:50:32.0049 4988 Fax - ok
14:50:32.0064 4988 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:50:32.0064 4988 fdc - ok
14:50:32.0096 4988 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:50:32.0096 4988 fdPHost - ok
14:50:32.0111 4988 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:50:32.0111 4988 FDResPub - ok
14:50:32.0158 4988 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:50:32.0158 4988 FileInfo - ok
14:50:32.0174 4988 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:50:32.0174 4988 Filetrace - ok
14:50:32.0220 4988 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:50:32.0220 4988 FLEXnet Licensing Service - ok
14:50:32.0252 4988 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:50:32.0252 4988 flpydisk - ok
14:50:32.0283 4988 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:50:32.0283 4988 FltMgr - ok
14:50:32.0330 4988 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:50:32.0361 4988 FontCache - ok
14:50:32.0408 4988 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:50:32.0408 4988 FontCache3.0.0.0 - ok
14:50:32.0439 4988 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:50:32.0439 4988 FsDepends - ok
14:50:32.0470 4988 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:50:32.0470 4988 Fs_Rec - ok
14:50:32.0501 4988 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:50:32.0501 4988 fvevol - ok
14:50:32.0532 4988 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:50:32.0532 4988 gagp30kx - ok
14:50:32.0564 4988 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:50:32.0564 4988 GEARAspiWDM - ok
14:50:32.0610 4988 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:50:32.0626 4988 gpsvc - ok
14:50:32.0657 4988 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:50:32.0657 4988 hcw85cir - ok
14:50:32.0688 4988 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:50:32.0688 4988 HDAudBus - ok
14:50:32.0704 4988 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:50:32.0704 4988 HidBatt - ok
14:50:32.0720 4988 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:50:32.0720 4988 HidBth - ok
14:50:32.0751 4988 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:50:32.0751 4988 HidIr - ok
14:50:32.0782 4988 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:50:32.0782 4988 hidserv - ok
14:50:32.0813 4988 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:50:32.0813 4988 HidUsb - ok
14:50:32.0829 4988 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:50:32.0829 4988 hkmsvc - ok
14:50:32.0860 4988 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:50:32.0860 4988 HomeGroupListener - ok
14:50:32.0891 4988 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:50:32.0891 4988 HomeGroupProvider - ok
14:50:32.0922 4988 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:50:32.0922 4988 HpSAMD - ok
14:50:32.0969 4988 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:50:32.0985 4988 HTTP - ok
14:50:33.0016 4988 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:50:33.0016 4988 hwpolicy - ok
14:50:33.0047 4988 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:50:33.0063 4988 i8042prt - ok
14:50:33.0094 4988 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys
14:50:33.0094 4988 iaStor - ok
14:50:33.0141 4988 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:50:33.0156 4988 iaStorV - ok
14:50:33.0203 4988 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:50:33.0234 4988 idsvc - ok
14:50:33.0531 4988 [ 20D7FBBBBFC60F2799A42D36AD6F633E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:50:33.0765 4988 igfx - ok
14:50:33.0812 4988 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:50:33.0812 4988 iirsp - ok
14:50:33.0858 4988 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:50:33.0874 4988 IKEEXT - ok
14:50:33.0921 4988 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
14:50:33.0936 4988 IntcDAud - ok
14:50:33.0968 4988 [ 28D387EEFAD7CC3A0BEB9C3262E83ADD ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
14:50:33.0983 4988 Intel® PROSet Monitoring Service - ok
14:50:33.0999 4988 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:50:33.0999 4988 intelide - ok
14:50:34.0030 4988 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:50:34.0030 4988 intelppm - ok
14:50:34.0061 4988 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:50:34.0061 4988 IPBusEnum - ok
14:50:34.0077 4988 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:50:34.0077 4988 IpFilterDriver - ok
14:50:34.0092 4988 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:50:34.0092 4988 IPMIDRV - ok
14:50:34.0124 4988 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:50:34.0124 4988 IPNAT - ok
14:50:34.0186 4988 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:50:34.0202 4988 iPod Service - ok
14:50:34.0233 4988 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:50:34.0233 4988 IRENUM - ok
14:50:34.0248 4988 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:50:34.0248 4988 isapnp - ok
14:50:34.0280 4988 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:50:34.0280 4988 iScsiPrt - ok
14:50:34.0358 4988 [ 3B794CA0DE73790420DEBA3C759F1502 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
14:50:34.0358 4988 jhi_service - ok
14:50:34.0404 4988 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:50:34.0404 4988 kbdclass - ok
14:50:34.0420 4988 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:50:34.0420 4988 kbdhid - ok
14:50:34.0451 4988 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:50:34.0451 4988 KeyIso - ok
14:50:34.0482 4988 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:50:34.0482 4988 KSecDD - ok
14:50:34.0529 4988 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:50:34.0529 4988 KSecPkg - ok
14:50:34.0529 4988 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:50:34.0545 4988 ksthunk - ok
14:50:34.0592 4988 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:50:34.0607 4988 KtmRm - ok
14:50:34.0638 4988 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:50:34.0638 4988 LanmanServer - ok
14:50:34.0685 4988 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:50:34.0685 4988 LanmanWorkstation - ok
14:50:34.0716 4988 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:50:34.0716 4988 lltdio - ok
14:50:34.0763 4988 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:50:34.0779 4988 lltdsvc - ok
14:50:34.0794 4988 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:50:34.0794 4988 lmhosts - ok
14:50:34.0841 4988 [ DB083F1D27BA8A59CABB00F0A0FB6F84 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:50:34.0857 4988 LMS - ok
14:50:34.0888 4988 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:50:34.0888 4988 LSI_FC - ok
14:50:34.0904 4988 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:50:34.0904 4988 LSI_SAS - ok
14:50:34.0919 4988 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:50:34.0935 4988 LSI_SAS2 - ok
14:50:34.0950 4988 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:50:34.0950 4988 LSI_SCSI - ok
14:50:34.0982 4988 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:50:34.0982 4988 luafv - ok
14:50:35.0013 4988 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:50:35.0013 4988 Mcx2Svc - ok
14:50:35.0028 4988 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:50:35.0028 4988 megasas - ok
14:50:35.0060 4988 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:50:35.0075 4988 MegaSR - ok
14:50:35.0106 4988 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:50:35.0106 4988 MEIx64 - ok
14:50:35.0138 4988 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:50:35.0138 4988 MMCSS - ok
14:50:35.0169 4988 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:50:35.0169 4988 Modem - ok
14:50:35.0200 4988 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:50:35.0200 4988 monitor - ok
14:50:35.0216 4988 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:50:35.0216 4988 mouclass - ok
14:50:35.0247 4988 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:50:35.0247 4988 mouhid - ok
14:50:35.0262 4988 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:50:35.0278 4988 mountmgr - ok
14:50:35.0325 4988 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:50:35.0325 4988 MpFilter - ok
14:50:35.0340 4988 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:50:35.0356 4988 mpio - ok
14:50:35.0372 4988 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:50:35.0387 4988 mpsdrv - ok
14:50:35.0403 4988 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:50:35.0403 4988 MRxDAV - ok
14:50:35.0434 4988 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:50:35.0450 4988 mrxsmb - ok
14:50:35.0481 4988 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:50:35.0481 4988 mrxsmb10 - ok
14:50:35.0496 4988 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:50:35.0496 4988 mrxsmb20 - ok
14:50:35.0528 4988 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:50:35.0528 4988 msahci - ok
14:50:35.0574 4988 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:50:35.0574 4988 msdsm - ok
14:50:35.0590 4988 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:50:35.0606 4988 MSDTC - ok
14:50:35.0637 4988 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:50:35.0652 4988 Msfs - ok
14:50:35.0668 4988 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:50:35.0684 4988 mshidkmdf - ok
14:50:35.0699 4988 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:50:35.0699 4988 msisadrv - ok
14:50:35.0730 4988 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:50:35.0730 4988 MSiSCSI - ok
14:50:35.0746 4988 msiserver - ok
14:50:35.0777 4988 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:50:35.0777 4988 MSKSSRV - ok
14:50:35.0840 4988 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:50:35.0840 4988 MsMpSvc - ok
14:50:35.0871 4988 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:50:35.0871 4988 MSPCLOCK - ok
14:50:35.0886 4988 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:50:35.0886 4988 MSPQM - ok
14:50:35.0918 4988 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:50:35.0918 4988 MsRPC - ok
14:50:35.0949 4988 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:50:35.0949 4988 mssmbios - ok
14:50:35.0964 4988 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:50:35.0964 4988 MSTEE - ok
14:50:35.0996 4988 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:50:35.0996 4988 MTConfig - ok
14:50:36.0011 4988 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:50:36.0011 4988 Mup - ok
14:50:36.0120 4988 [ 09BDC231B40A84F6E86324D526DCF314 ] NACAgent C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
14:50:36.0152 4988 NACAgent - ok
14:50:36.0183 4988 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:50:36.0198 4988 napagent - ok
14:50:36.0245 4988 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:50:36.0261 4988 NativeWifiP - ok
14:50:36.0308 4988 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:50:36.0339 4988 NDIS - ok
14:50:36.0354 4988 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:50:36.0354 4988 NdisCap - ok
14:50:36.0386 4988 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:50:36.0386 4988 NdisTapi - ok
14:50:36.0401 4988 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:50:36.0401 4988 Ndisuio - ok
14:50:36.0432 4988 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:50:36.0432 4988 NdisWan - ok
14:50:36.0448 4988 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:50:36.0464 4988 NDProxy - ok
14:50:36.0464 4988 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:50:36.0464 4988 NetBIOS - ok
14:50:36.0495 4988 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:50:36.0495 4988 NetBT - ok
14:50:36.0510 4988 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:50:36.0510 4988 Netlogon - ok
14:50:36.0557 4988 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:50:36.0573 4988 Netman - ok
14:50:36.0604 4988 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:36.0604 4988 NetMsmqActivator - ok
14:50:36.0620 4988 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:36.0620 4988 NetPipeActivator - ok
14:50:36.0651 4988 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:50:36.0666 4988 netprofm - ok
14:50:36.0666 4988 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:36.0682 4988 NetTcpActivator - ok
14:50:36.0682 4988 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:36.0682 4988 NetTcpPortSharing - ok
14:50:36.0729 4988 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
14:50:36.0729 4988 netvsc - ok
14:50:36.0932 4988 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
14:50:37.0119 4988 NETwNs64 - ok
14:50:37.0150 4988 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:50:37.0150 4988 nfrd960 - ok
14:50:37.0197 4988 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:50:37.0197 4988 NisDrv - ok
14:50:37.0228 4988 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:50:37.0228 4988 NisSrv - ok
14:50:37.0275 4988 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:50:37.0290 4988 NlaSvc - ok
14:50:37.0306 4988 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:50:37.0306 4988 Npfs - ok
14:50:37.0322 4988 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:50:37.0322 4988 nsi - ok
14:50:37.0337 4988 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:50:37.0337 4988 nsiproxy - ok
14:50:37.0415 4988 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:50:37.0446 4988 Ntfs - ok
14:50:37.0571 4988 [ 78E7038ED1922C8E14CF8FE49F560721 ] ntrtscan c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
14:50:37.0602 4988 ntrtscan - ok
14:50:37.0618 4988 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:50:37.0634 4988 Null - ok
14:50:37.0649 4988 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:50:37.0649 4988 nvraid - ok
14:50:37.0680 4988 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:50:37.0696 4988 nvstor - ok
14:50:37.0727 4988 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:50:37.0727 4988 nv_agp - ok
14:50:37.0758 4988 [ 4E37455DB16AEC75862B1D0BC35B589E ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
14:50:37.0758 4988 O2FLASH - ok
14:50:37.0805 4988 [ 6172DB160FC566CF24307941C0E94D8E ] O2MDFRDR C:\Windows\system32\DRIVERS\O2MDFw7x64.sys
14:50:37.0821 4988 O2MDFRDR - ok
14:50:37.0836 4988 [ 8ED738ABA394BBF6D7802698BE453112 ] O2MDRRDR C:\Windows\system32\drivers\O2MDRw7x64.sys
14:50:37.0836 4988 O2MDRRDR - ok
14:50:37.0914 4988 [ 4635935FC972C582632BF45C26BFCB0E ] O2SDIOAssist c:\Windows\SysWOW64\srvany.exe
14:50:37.0914 4988 O2SDIOAssist - ok
14:50:37.0946 4988 [ A9C1E6B7C134FAD124338B7944FA996D ] O2SDJRDR C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
14:50:37.0946 4988 O2SDJRDR - ok
14:50:37.0977 4988 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:50:37.0977 4988 ohci1394 - ok
14:50:38.0039 4988 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:50:38.0055 4988 ose - ok
14:50:38.0211 4988 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:50:38.0273 4988 osppsvc - ok
14:50:38.0304 4988 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:50:38.0304 4988 p2pimsvc - ok
14:50:38.0336 4988 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:50:38.0336 4988 p2psvc - ok
14:50:38.0367 4988 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:50:38.0382 4988 Parport - ok
14:50:38.0414 4988 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:50:38.0429 4988 partmgr - ok
14:50:38.0460 4988 [ 363B3F857ABEE85767E01E3044C539CD ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys
14:50:38.0460 4988 PBADRV - ok
14:50:38.0492 4988 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:50:38.0507 4988 PcaSvc - ok
14:50:38.0523 4988 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:50:38.0538 4988 pci - ok
14:50:38.0554 4988 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:50:38.0554 4988 pciide - ok
14:50:38.0585 4988 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:50:38.0585 4988 pcmcia - ok
14:50:38.0616 4988 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:50:38.0616 4988 pcw - ok
14:50:38.0648 4988 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:50:38.0663 4988 PEAUTH - ok
14:50:38.0710 4988 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:50:38.0741 4988 PeerDistSvc - ok
14:50:38.0788 4988 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:50:38.0788 4988 PerfHost - ok
14:50:38.0866 4988 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:50:38.0897 4988 pla - ok
14:50:38.0944 4988 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:50:38.0960 4988 PlugPlay - ok
14:50:38.0960 4988 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:50:38.0975 4988 PNRPAutoReg - ok
14:50:38.0991 4988 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:50:39.0006 4988 PNRPsvc - ok
14:50:39.0038 4988 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:50:39.0053 4988 PolicyAgent - ok
14:50:39.0084 4988 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:50:39.0084 4988 Power - ok
14:50:39.0116 4988 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:50:39.0116 4988 PptpMiniport - ok
14:50:39.0131 4988 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:50:39.0131 4988 Processor - ok
14:50:39.0178 4988 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:50:39.0178 4988 ProfSvc - ok
14:50:39.0194 4988 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:50:39.0194 4988 ProtectedStorage - ok
14:50:39.0225 4988 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:50:39.0240 4988 Psched - ok
14:50:39.0303 4988 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:50:39.0334 4988 ql2300 - ok
14:50:39.0350 4988 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:50:39.0350 4988 ql40xx - ok
14:50:39.0396 4988 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:50:39.0396 4988 QWAVE - ok
14:50:39.0428 4988 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:50:39.0443 4988 QWAVEdrv - ok
14:50:39.0459 4988 qxuaja - ok
14:50:39.0490 4988 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:50:39.0490 4988 RasAcd - ok
14:50:39.0521 4988 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:50:39.0521 4988 RasAgileVpn - ok
14:50:39.0537 4988 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:50:39.0552 4988 RasAuto - ok
14:50:39.0568 4988 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:50:39.0568 4988 Rasl2tp - ok
14:50:39.0615 4988 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:50:39.0615 4988 RasMan - ok
14:50:39.0630 4988 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:50:39.0646 4988 RasPppoe - ok
14:50:39.0646 4988 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:50:39.0662 4988 RasSstp - ok
14:50:39.0677 4988 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:50:39.0693 4988 rdbss - ok
14:50:39.0708 4988 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:50:39.0724 4988 rdpbus - ok
14:50:39.0740 4988 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:50:39.0740 4988 RDPCDD - ok
14:50:39.0802 4988 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:50:39.0802 4988 RDPDR - ok
14:50:39.0833 4988 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:50:39.0833 4988 RDPENCDD - ok
14:50:39.0849 4988 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:50:39.0849 4988 RDPREFMP - ok
14:50:39.0880 4988 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:50:39.0896 4988 RDPWD - ok
14:50:39.0911 4988 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:50:39.0927 4988 rdyboost - ok
14:50:39.0989 4988 [ F90CC59135F2945A6EBB1670A7BBD8B3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:50:40.0005 4988 RegSrvc - ok
14:50:40.0067 4988 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:50:40.0098 4988 RemoteAccess - ok
14:50:40.0145 4988 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:50:40.0145 4988 RemoteRegistry - ok
14:50:40.0161 4988 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:50:40.0176 4988 RpcEptMapper - ok
14:50:40.0192 4988 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:50:40.0192 4988 RpcLocator - ok
14:50:40.0223 4988 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:50:40.0239 4988 RpcSs - ok
14:50:40.0270 4988 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:50:40.0270 4988 rspndr - ok
14:50:40.0286 4988 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:50:40.0286 4988 s3cap - ok
14:50:40.0301 4988 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:50:40.0301 4988 SamSs - ok
14:50:40.0317 4988 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:50:40.0332 4988 sbp2port - ok
14:50:40.0364 4988 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:50:40.0364 4988 SCardSvr - ok
14:50:40.0379 4988 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:50:40.0395 4988 scfilter - ok
14:50:40.0426 4988 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:50:40.0457 4988 Schedule - ok
14:50:40.0488 4988 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:50:40.0488 4988 SCPolicySvc - ok
14:50:40.0520 4988 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:50:40.0535 4988 SDRSVC - ok
14:50:40.0566 4988 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:50:40.0566 4988 secdrv - ok
14:50:40.0582 4988 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:50:40.0582 4988 seclogon - ok
14:50:40.0707 4988 [ F3D951071C624137430FE65A67541EF9 ] SecureStorageService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
14:50:40.0754 4988 SecureStorageService - ok
14:50:40.0785 4988 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:50:40.0785 4988 SENS - ok
14:50:40.0800 4988 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:50:40.0800 4988 SensrSvc - ok
14:50:40.0832 4988 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
14:50:40.0832 4988 Serenum - ok
14:50:40.0878 4988 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
14:50:40.0878 4988 Serial - ok
14:50:40.0910 4988 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:50:40.0910 4988 sermouse - ok
14:50:40.0941 4988 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:50:40.0956 4988 SessionEnv - ok
14:50:40.0956 4988 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:50:40.0972 4988 sffdisk - ok
14:50:40.0972 4988 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:50:40.0972 4988 sffp_mmc - ok
14:50:41.0003 4988 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:50:41.0003 4988 sffp_sd - ok
14:50:41.0019 4988 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:50:41.0019 4988 sfloppy - ok
14:50:41.0050 4988 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:50:41.0066 4988 ShellHWDetection - ok
14:50:41.0081 4988 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:50:41.0081 4988 SiSRaid2 - ok
14:50:41.0097 4988 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:50:41.0097 4988 SiSRaid4 - ok
14:50:41.0128 4988 sjzgxw - ok
14:50:41.0159 4988 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:50:41.0159 4988 Smb - ok
14:50:41.0206 4988 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:50:41.0222 4988 SNMPTRAP - ok
14:50:41.0237 4988 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:50:41.0237 4988 spldr - ok
14:50:41.0268 4988 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:50:41.0284 4988 Spooler - ok
14:50:41.0518 4988 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:50:41.0565 4988 sppsvc - ok
14:50:41.0580 4988 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:50:41.0580 4988 sppuinotify - ok
14:50:41.0612 4988 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:50:41.0627 4988 srv - ok
14:50:41.0643 4988 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:50:41.0658 4988 srv2 - ok
14:50:41.0674 4988 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:50:41.0690 4988 srvnet - ok
14:50:41.0721 4988 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:50:41.0721 4988 SSDPSRV - ok
14:50:41.0736 4988 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:50:41.0752 4988 SstpSvc - ok
14:50:41.0783 4988 [ C8F44E5E99FF6CF2E0627139CFEC0742 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
14:50:41.0799 4988 STacSV - ok
14:50:41.0814 4988 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
14:50:41.0830 4988 stdcfltn - ok
14:50:41.0861 4988 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:50:41.0861 4988 stexstor - ok
14:50:41.0892 4988 [ 7A69C8AF123F4C6A1D63DAA7F5E2638D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
14:50:41.0892 4988 STHDA - ok
14:50:41.0955 4988 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:50:41.0970 4988 stisvc - ok
14:50:41.0986 4988 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
14:50:42.0002 4988 StorSvc - ok
14:50:42.0033 4988 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:50:42.0033 4988 storvsc - ok
14:50:42.0095 4988 [ 202949BAC4370DE7AED7464DB8542CEA ] svcGenericHost c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
14:50:42.0095 4988 svcGenericHost - ok
14:50:42.0126 4988 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:50:42.0142 4988 swenum - ok
14:50:42.0173 4988 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:50:42.0189 4988 swprv - ok
14:50:42.0220 4988 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
14:50:42.0220 4988 SynthVid - ok
14:50:42.0282 4988 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:50:42.0329 4988 SysMain - ok
14:50:42.0345 4988 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:50:42.0360 4988 TabletInputService - ok
14:50:42.0376 4988 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:50:42.0392 4988 TapiSrv - ok
14:50:42.0407 4988 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:50:42.0423 4988 TBS - ok
14:50:42.0485 4988 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:50:42.0532 4988 Tcpip - ok
14:50:42.0579 4988 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:50:42.0610 4988 TCPIP6 - ok
14:50:42.0641 4988 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:50:42.0641 4988 tcpipreg - ok
14:50:42.0704 4988 [ E42D560E2163480E7B586B14ABEB3386 ] tcsd_win32.exe C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
14:50:42.0735 4988 tcsd_win32.exe - ok
14:50:42.0860 4988 [ 347D6407C90C0B6AC82F8249EBA9A482 ] TdmService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
14:50:42.0922 4988 TdmService - ok
14:50:42.0938 4988 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:50:42.0938 4988 TDPIPE - ok
14:50:42.0969 4988 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:50:42.0969 4988 TDTCP - ok
14:50:42.0984 4988 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:50:42.0984 4988 tdx - ok
14:50:43.0000 4988 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:50:43.0016 4988 TermDD - ok
14:50:43.0062 4988 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:50:43.0078 4988 TermService - ok
14:50:43.0094 4988 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:50:43.0094 4988 Themes - ok
14:50:43.0109 4988 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:50:43.0125 4988 THREADORDER - ok
14:50:43.0156 4988 tljkva - ok
14:50:43.0218 4988 [ 963C903E5176C5CDCAE321D48635B21F ] TMBMServer c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
14:50:43.0234 4988 TMBMServer - ok
14:50:43.0297 4988 [ 5602F33CCC295C7C80E9DB2B2C5CEB06 ] TmFilter c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys
14:50:43.0297 4988 TmFilter - ok
14:50:43.0360 4988 [ F0B06319CBEA325DBD987388E73B894A ] tmlisten c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
14:50:43.0391 4988 tmlisten - ok
14:50:43.0438 4988 [ B5C00FC8786A237937C33AABEE68CA26 ] tmlwf C:\Windows\system32\DRIVERS\tmlwf.sys
14:50:43.0438 4988 tmlwf - ok
14:50:43.0500 4988 [ 48D09383511757645C0A828622EF5AB3 ] TmPfw c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe
14:50:43.0516 4988 TmPfw - ok
14:50:43.0531 4988 [ AA78D4E62E335EAD1C200875D7DAC9FA ] TmPreFilter c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys
14:50:43.0547 4988 TmPreFilter - ok
14:50:43.0578 4988 [ A4B0E0D9CB7AAED795BF880C3EDAA08F ] TmProxy c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
14:50:43.0594 4988 TmProxy - ok
14:50:43.0625 4988 [ A42E6780C52B248AF54C6010A9A93384 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
14:50:43.0641 4988 tmtdi - ok
14:50:43.0703 4988 [ 5D38C32A4B093BC8190CF3FB9078C9CD ] tmwfp C:\Windows\system32\DRIVERS\tmwfp.sys
14:50:43.0703 4988 tmwfp - ok
14:50:43.0734 4988 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:50:43.0750 4988 TrkWks - ok
14:50:43.0812 4988 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:50:43.0812 4988 TrustedInstaller - ok
14:50:43.0843 4988 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:50:43.0859 4988 tssecsrv - ok
14:50:43.0875 4988 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:50:43.0875 4988 TsUsbFlt - ok
14:50:43.0890 4988 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:50:43.0890 4988 TsUsbGD - ok
14:50:43.0921 4988 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:50:43.0921 4988 tunnel - ok
14:50:43.0937 4988 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:50:43.0953 4988 uagp35 - ok
14:50:43.0968 4988 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:50:43.0984 4988 udfs - ok
14:50:44.0015 4988 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:50:44.0015 4988 UI0Detect - ok
14:50:44.0046 4988 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:50:44.0046 4988 uliagpkx - ok
14:50:44.0077 4988 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:50:44.0093 4988 umbus - ok
14:50:44.0109 4988 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:50:44.0109 4988 UmPass - ok
14:50:44.0140 4988 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
14:50:44.0155 4988 UmRdpService - ok
14:50:44.0296 4988 [ 07AE0C9F64C4D83ABAA816EE23548D6D ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:50:44.0347 4988 UNS - ok
14:50:44.0378 4988 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:50:44.0378 4988 upnphost - ok
14:50:44.0425 4988 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:50:44.0425 4988 USBAAPL64 - ok
14:50:44.0441 4988 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:50:44.0456 4988 usbccgp - ok
14:50:44.0472 4988 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:50:44.0487 4988 usbcir - ok
14:50:44.0503 4988 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:50:44.0503 4988 usbehci - ok
14:50:44.0550 4988 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:50:44.0550 4988 usbhub - ok
14:50:44.0581 4988 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:50:44.0581 4988 usbohci - ok
14:50:44.0612 4988 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:50:44.0612 4988 usbprint - ok
14:50:44.0659 4988 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:50:44.0659 4988 usbscan - ok
14:50:44.0675 4988 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:50:44.0690 4988 USBSTOR - ok
14:50:44.0706 4988 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:50:44.0706 4988 usbuhci - ok
14:50:44.0721 4988 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:50:44.0721 4988 UxSms - ok
14:50:44.0737 4988 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:50:44.0737 4988 VaultSvc - ok
14:50:44.0768 4988 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:50:44.0768 4988 vdrvroot - ok
14:50:44.0799 4988 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:50:44.0815 4988 vds - ok
14:50:44.0831 4988 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:50:44.0831 4988 vga - ok
14:50:44.0846 4988 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:50:44.0846 4988 VgaSave - ok
14:50:44.0877 4988 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:50:44.0877 4988 vhdmp - ok
14:50:44.0893 4988 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:50:44.0893 4988 viaide - ok
14:50:44.0924 4988 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:50:44.0940 4988 VMBusHID - ok
14:50:44.0955 4988 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:50:44.0955 4988 volmgr - ok
14:50:44.0987 4988 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:50:44.0987 4988 volmgrx - ok
14:50:45.0002 4988 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:50:45.0018 4988 volsnap - ok
14:50:45.0096 4988 [ AD4BA28B99BCFBFF40A550872A652A33 ] VSApiNt c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys
14:50:45.0127 4988 VSApiNt - ok
14:50:45.0158 4988 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:50:45.0158 4988 vsmraid - ok
14:50:45.0221 4988 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:50:45.0252 4988 VSS - ok
14:50:45.0267 4988 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:50:45.0267 4988 vwifibus - ok
14:50:45.0283 4988 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:50:45.0283 4988 vwififlt - ok
14:50:45.0314 4988 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:50:45.0314 4988 vwifimp - ok
14:50:45.0345 4988 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:50:45.0361 4988 W32Time - ok
14:50:45.0377 4988 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:50:45.0377 4988 WacomPen - ok
14:50:45.0408 4988 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:50:45.0423 4988 WANARP - ok
14:50:45.0423 4988 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:50:45.0423 4988 Wanarpv6 - ok
14:50:45.0486 4988 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:50:45.0517 4988 WatAdminSvc - ok
14:50:45.0579 4988 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:50:45.0611 4988 wbengine - ok
14:50:45.0642 4988 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:50:45.0642 4988 WbioSrvc - ok
14:50:45.0673 4988 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:50:45.0673 4988 wcncsvc - ok
14:50:45.0720 4988 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:50:45.0720 4988 WcsPlugInService - ok
14:50:45.0735 4988 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:50:45.0735 4988 Wd - ok
14:50:45.0782 4988 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:50:45.0798 4988 Wdf01000 - ok
14:50:45.0813 4988 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:50:45.0829 4988 WdiServiceHost - ok
14:50:45.0829 4988 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:50:45.0845 4988 WdiSystemHost - ok
14:50:45.0860 4988 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:50:45.0860 4988 WebClient - ok
14:50:45.0891 4988 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:50:45.0891 4988 Wecsvc - ok
14:50:45.0907 4988 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:50:45.0923 4988 wercplsupport - ok
14:50:45.0954 4988 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:50:45.0954 4988 WerSvc - ok
14:50:45.0985 4988 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:50:45.0985 4988 WfpLwf - ok
14:50:46.0001 4988 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:50:46.0001 4988 WIMMount - ok
14:50:46.0016 4988 WinHttpAutoProxySvc - ok
14:50:46.0063 4988 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:50:46.0063 4988 Winmgmt - ok
14:50:46.0141 4988 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:50:46.0188 4988 WinRM - ok
14:50:46.0250 4988 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
14:50:46.0250 4988 WinUsb - ok
14:50:46.0297 4988 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:50:46.0313 4988 Wlansvc - ok
14:50:46.0359 4988 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:50:46.0359 4988 wlcrasvc - ok
14:50:46.0437 4988 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:50:46.0469 4988 wlidsvc - ok
14:50:46.0500 4988 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:50:46.0500 4988 WmiAcpi - ok
14:50:46.0515 4988 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:50:46.0531 4988 wmiApSrv - ok
14:50:46.0562 4988 WMPNetworkSvc - ok
14:50:46.0578 4988 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:50:46.0593 4988 WPCSvc - ok
14:50:46.0625 4988 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:50:46.0625 4988 WPDBusEnum - ok
14:50:46.0640 4988 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:50:46.0640 4988 ws2ifsl - ok
14:50:46.0656 4988 WSearch - ok
14:50:46.0687 4988 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:50:46.0703 4988 WudfPf - ok
14:50:46.0718 4988 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:50:46.0718 4988 WUDFRd - ok
14:50:46.0734 4988 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:50:46.0749 4988 wudfsvc - ok
14:50:46.0765 4988 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:50:46.0781 4988 WwanSvc - ok
14:50:46.0874 4988 [ B87E12317928739E22D2E3ACC7CCAC80 ] ZcfgSvc7 C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
14:50:46.0905 4988 ZcfgSvc7 - ok
14:50:46.0921 4988 ================ Scan global ===============================
14:50:46.0937 4988 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:50:46.0968 4988 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:50:46.0968 4988 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:50:46.0999 4988 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:50:47.0030 4988 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:50:47.0030 4988 [Global] - ok
14:50:47.0030 4988 ================ Scan MBR ==================================
14:50:47.0061 4988 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:50:47.0311 4988 \Device\Harddisk0\DR0 - ok
14:50:47.0311 4988 ================ Scan VBR ==================================
14:50:47.0311 4988 [ F05F1CFF8C398459890410E37AF388A2 ] \Device\Harddisk0\DR0\Partition1
14:50:47.0311 4988 \Device\Harddisk0\DR0\Partition1 - ok
14:50:47.0327 4988 [ DC37E5E62C40D8FC6E460AD9B64D26E2 ] \Device\Harddisk0\DR0\Partition2
14:50:47.0342 4988 \Device\Harddisk0\DR0\Partition2 - ok
14:50:47.0342 4988 ============================================================
14:50:47.0342 4988 Scan finished
14:50:47.0342 4988 ============================================================
14:50:47.0358 1184 Detected object count: 0
14:50:47.0358 1184 Actual detected object count: 0
14:53:02.0742 5580 Deinitialize success

aswMBR Log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-15 14:53:54
-----------------------------
14:53:54.028 OS Version: Windows x64 6.1.7601 Service Pack 1
14:53:54.028 Number of processors: 4 586 0x2A07
14:53:54.028 ComputerName: GEORGE-PC UserName: George
14:53:55.494 Initialize success
14:55:22.879 AVAST engine defs: 12091400
14:55:34.471 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:55:34.471 Disk 0 Vendor: Hitachi_ ECBO Size: 238475MB BusType: 8
14:55:34.487 Disk 0 MBR read successfully
14:55:34.502 Disk 0 MBR scan
14:55:34.502 Disk 0 Windows VISTA default MBR code
14:55:34.518 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
14:55:34.533 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11420 MB offset 81920
14:55:34.549 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 227012 MB offset 23470080
14:55:34.580 Disk 0 scanning C:\Windows\system32\drivers
14:55:45.470 Service scanning
14:56:15.001 Modules scanning
14:56:15.016 Disk 0 trace - called modules:
14:56:15.016
14:56:16.374 AVAST engine scan C:\Windows
14:56:18.526 AVAST engine scan C:\Windows\system32
14:59:47.100 AVAST engine scan C:\Windows\system32\drivers
15:00:09.392 AVAST engine scan C:\Users\George
15:06:37.172 AVAST engine scan C:\ProgramData
15:08:20.664 Scan finished successfully
15:09:28.009 Disk 0 MBR has been saved successfully to "C:\Users\George\Desktop\MBR.dat"
15:09:28.025 The log file has been saved successfully to "C:\Users\George\Desktop\aswMBR.txt"

Edited by Ubermensch, 15 September 2012 - 02:33 PM.

#4 Ubermensch

Ubermensch

    New Member

  • Members
  • Pip
  • 12 posts

Posted 15 September 2012 - 02:36 PM

Some other potentially relevant notes: ESET identified windows defender on my computer, prior to running ESET I verified that it was disabled (and has been for some time) and I also disabled AVG live protectio prior to running any of the suggested programs. Thank you again.

#5 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 15 September 2012 - 03:26 PM

ESET Error Details: Error occurred during downloading updated definitions at 90% completion and initiated a forced restart of the computer


Try to run it in safemode with networking

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#6 Ubermensch

Ubermensch

    New Member

  • Members
  • Pip
  • 12 posts

Posted 15 September 2012 - 04:35 PM

This time I was able to update ESET completely (in safe mode w/ networking) however the scan froze 300,000 or so files in. The timer was still functioning but the files scanned number remained the same for about 10 minutes so I stopped the scan. I would say that the scan was around or above 90% completion based on the bar graphic at the top. Here is the log for the scan for your inspection. I will begin the other suggested operations at this time

ESET LOG

C:\CCE_Quarantine\{83F86938-D63A-4C67-A8EB-DE02B81BDA81} probably a variant of Win32/Adware.ECOHET application cleaned by deleting - quarantined
C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KKSPLF0H\7516fd43adaa5e0b8a65a672c39845d2[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\George\AppData\Local\Temp\ICReinstall\cnet2_DTLite4454-0315_exe[1].exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\George\AppData\Roaming\meace.dll a variant of Win32/Medfos.DK trojan cleaned by deleting - quarantined

#7 Ubermensch

Ubermensch

    New Member

  • Members
  • Pip
  • 12 posts

Posted 15 September 2012 - 05:56 PM

Mini Tool Box Log:

MiniToolBox by Farbar Version: 23-07-2012
Ran by George (administrator) on 15-09-2012 at 18:39:06
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Ultimate-N 6300 AGN = Wireless Network Connection (Connected)
Intel® 82579LM Gigabit Network Connection = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : George-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.fl.comcast.net.

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-24-D7-A8-03-81
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.fl.comcast.net.
Description . . . . . . . . . . . : Intel® Centrino® Ultimate-N 6300 AGN
Physical Address. . . . . . . . . : 00-24-D7-A8-03-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::71f7:c13b:de2d:f97b%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 15, 2012 5:28:47 PM
Lease Expires . . . . . . . . . . : Sunday, September 16, 2012 5:28:47 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234890455
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-60-C8-75-5C-26-0A-58-D0-6B
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : SSEDS
Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : 5C-26-0A-58-D0-6B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{CC9F550D-B416-46C5-A075-A2DF2B4DAA2F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.SSEDS:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.fl.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 2001:4860:800a::71
74.125.137.100
74.125.137.102
74.125.137.138
74.125.137.139
74.125.137.101
74.125.137.113


Pinging google.com [74.125.139.100] with 32 bytes of data:
Reply from 74.125.139.100: bytes=32 time=53ms TTL=47
Reply from 74.125.139.100: bytes=32 time=43ms TTL=47

Ping statistics for 74.125.139.100:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 43ms, Maximum = 53ms, Average = 48ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=185ms TTL=48
Reply from 98.138.253.109: bytes=32 time=204ms TTL=48

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 185ms, Maximum = 204ms, Average = 194ms
Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...00 24 d7 a8 03 81 ......Microsoft Virtual WiFi Miniport Adapter
13...00 24 d7 a8 03 80 ......Intel® Centrino® Ultimate-N 6300 AGN
11...5c 26 0a 58 d0 6b ......Intel® 82579LM Gigabit Network Connection
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.103 286
192.168.1.103 255.255.255.255 On-link 192.168.1.103 286
192.168.1.255 255.255.255.255 On-link 192.168.1.103 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.103 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.103 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 286 fe80::/64 On-link
13 286 fe80::71f7:c13b:de2d:f97b/128
On-link
1 306 ff00::/8 On-link
13 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/15/2012 05:29:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/15/2012 05:28:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2012 04:32:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2012 04:31:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/15/2012 04:31:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/15/2012 04:29:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/15/2012 03:20:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2012 03:10:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/15/2012 03:09:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/15/2012 00:20:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/15/2012 06:06:36 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/15/2012 06:06:36 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/15/2012 05:58:35 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/15/2012 05:58:35 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/15/2012 05:38:48 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.135.873.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/15/2012 05:29:12 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/15/2012 05:29:12 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/15/2012 05:29:11 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Client/Server Security Agent Personal Firewall service depends on the Trend Micro WFP Callout Driver service which failed to start because of the following error:
%%2

Error: (09/15/2012 05:29:11 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro WFP Callout Driver service failed to start due to the following error:
%%2

Error: (09/15/2012 05:29:10 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Client/Server Security Agent Personal Firewall service depends on the Trend Micro WFP Callout Driver service which failed to start because of the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (09/15/2012 05:29:09 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\George\Desktop\esetsmartinstaller_enu.exe

Error: (09/15/2012 05:28:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2012 04:32:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2012 04:31:59 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\George\Desktop\esetsmartinstaller_enu.exe

Error: (09/15/2012 04:31:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\George\Desktop\esetsmartinstaller_enu.exe

Error: (09/15/2012 04:29:20 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\George\Desktop\esetsmartinstaller_enu.exe

Error: (09/15/2012 03:20:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2012 03:10:07 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DFU33RL\esetsmartinstaller_enu[1].exe

Error: (09/15/2012 03:09:59 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DFU33RL\esetsmartinstaller_enu[1].exe

Error: (09/15/2012 00:20:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

AccelerometerP11 (Version: 2.00.10.21)
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.270)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2221)
BioAPI Framework (Version: 1.0.2)
BitTorrent (Version: 7.2.1)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.07)
Cisco NAC Agent (Version: 4.9.1.6)
CopyTrans Suite
Custom (Version: 12.34.56.789)
CyberLink PowerDVD 9.5 (Version: 9.5.1.3225)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager (Version: 1.3)
Dell ControlVault Host Components Installer 64 bit (Version: 2.0.20.159)
Dell Data Protection | Access (Version: 01.01.00.085)
Dell Data Protection | Access (Version: 2.0.00001.001)
Dell Data Protection | Access | Drivers (Version: 1.00.011)
Dell Data Protection | Access | Middleware (Version: 1.00.005)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell System Manager (Version: 1.6.00000)
Dell Touchpad (Version: 7.1208.101.116)
DellAccess (Version: 01.01.00.053)
EMBASSY Security Center (Version: 04.03.00.067)
ESET Online Scanner v3
Gemalto (Version: 01.64.01.0010)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Identity Protection Technology 1.0.71.0 (Version: 1.0.71.0)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Network Connections 15.7.176.1 (Version: 15.7.176.1)
Intel® Processor Graphics (Version: 8.15.10.2347)
Intel® PROSet/Wireless WiFi Software (Version: 14.00.20110)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 8.8.0 (Full) (Version: 8.8.0)
LiveMath Plug-In & ActiveX 3.5.9 [U18] - August 2008 (Version: 3.5.9 [U18] - August 2008)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NTRU TCG Software Stack (Version: 2.1.34)
O2Micro Flash Memory Card Windows Driver (Version: 3.0.07.23)
PC-CCID (Version: 2.0.0)
Preboot Manager (Version: 03.03.00.049)
Private Information Manager (Version: 07.01.00.007)
QuickTime (Version: 7.70.80.34)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
RealUpgrade 1.1 (Version: 1.1.0)
Respondus LockDown Browser (Version: 1.02.0001)
SPBA 5.9 (Version: 5.9.4.6686)
swMSM (Version: 12.0.0.1)
thinkorswim
Trend Micro Client/Server Security Agent (Version: 3.0.3152)
Trusted Drive Manager (Version: 4.0.0.512)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Upek Touchchip Fingerprint Reader (Version: 1.2.004)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Wave Infrastructure Installer (Version: 07.66.40.0008)
Wave Support Software Installer (Version: 05.13.00.014)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 3976.9 MB
Available physical RAM: 2269.8 MB
Total Pagefile: 7951.99 MB
Available Pagefile: 6004.17 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.47 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:221.69 GB) (Free:159.03 GB) NTFS

========================= Users: ========================================

User accounts for \\GEORGE-PC

Administrator George Guest


**** End of log ****


FSS Log

Farbar Service Scanner Version: 06-08-2012
Ran by George (administrator) on 15-09-2012 at 18:42:42
Running from "C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DFU33RL"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

ADW Cleaner Log

# AdwCleaner v2.001 - Logfile created 09/15/2012 at 18:47:35
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : George - GEORGE-PC
# Boot Mode : Normal
# Running from : C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJI972D5\2-adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [2030 octets] - [15/09/2012 18:45:22]
AdwCleaner[S3].txt - [807 octets] - [15/09/2012 18:47:35]

########## EOF - C:\AdwCleaner[S3].txt - [866 octets] ##########

MBAM came up clean on the very first scan.

#8 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 15 September 2012 - 05:59 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Post the new FSS log


download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#9 Ubermensch

Ubermensch

    New Member

  • Members
  • Pip
  • 12 posts

Posted 15 September 2012 - 06:11 PM

Post the new FSS log



Does this mean you would like me to run the FSS tool from the previous post again?

#10 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 15 September 2012 - 06:11 PM

Yes :)

#11 Ubermensch

Ubermensch

    New Member

  • Members
  • Pip
  • 12 posts

Posted 15 September 2012 - 06:28 PM

New FSS Log:

Farbar Service Scanner Version: 06-08-2012
Ran by George (administrator) on 15-09-2012 at 19:20:27
Running from "C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJI972D5"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

RKill Log:

Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/15/2012 07:22:09 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* c:\Windows\SysWOW64\srvany.exe (PID: 2768) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\George\Desktop\rkill\rkill-09-15-2012-07-22-15.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-21-2217850987-3608419602-3793409258-1001\$5d0b2e7ab18b23dc7a94744cfba618b7\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-2217850987-3608419602-3793409258-1001\$5d0b2e7ab18b23dc7a94744cfba618b7\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-2217850987-3608419602-3793409258-1001\$5d0b2e7ab18b23dc7a94744cfba618b7\U\ [ZA Dir]

Checking Windows Service Integrity:

* atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/15/2012 07:22:27 PM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)

Autoruns Log

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\delltpad\apoint.exe"
+ "DBRMTray" "DbrmTrayicon" "Microsoft" "c:\dell\dbrm\reminder\dbrmtrayicon.exe"
+ "FreeFallProtection" "FF_Protection MFC Application" "" "c:\program files (x86)\stmicroelectronics\accelerometerp11\ff_protection.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "IntelPROSet" "Intel® PROSet/Wireless Framework" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\ifrmewrk.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgtray.exe"
+ "IMSS" "PIcon startup utility" "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\imss\piconstartup.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "NACAgentUI" "Cisco NAC Agent UI" "Cisco Systems, Inc." "c:\program files (x86)\cisco\cisco nac agent\nacagentui.exe"
+ "OE" "Trend Micro Anti-Spam for OE monitor" "Trend Micro Inc." "c:\program files (x86)\trend micro\client server security agent\tmas_oe\tmas_oemon.exe"
+ "OfficeScanNT Monitor" "Trend Micro Client/Server Security Agent Monitor" "Trend Micro Inc." "c:\program files (x86)\trend micro\client server security agent\pccntmon.exe"
+ "PDVD9LanguageShortcut" "PowerDVD Language Application" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\language\language.exe"
+ "QuickTime Task" "" "" "File not found: C:\Users\George\Desktop\Uninstall 12.10.2011\QuickTime\QTTask.exe"
+ "RemoteControl9" "PowerDVD RC Service" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\pdvd9serv.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\update\realsched.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "DBRMTray" "TrayApp" "Microsoft" "c:\dell\dbrm\reminder\trayapp.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dell System Manager.lnk" "Dell System Manager" "Dell Inc." "c:\program files\dell\dell system manager\dcpsysmgr.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgppa.dll"
+ "tmpx" "Trend Micro NSC IE Plug-In" "Trend Micro Inc." "c:\program files (x86)\trend micro\client server security agent\bho\1009\tmieplg.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgsea.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgse.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgsea.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgse.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "EnabledUnlockedFDEIconOverlay" "TDM Icon Overlay" "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\tdmiconoverlay.dll"
+ "UninitializedFdeIconOverlay" "TDM Icon Overlay" "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\tdmiconoverlay.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgssiea.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "TmIEPlugInBHO Class" "Trend Micro NSC IE Plug-In" "Trend Micro Inc." "c:\program files (x86)\trend micro\client server security agent\bho\1009\tmieplg.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiex.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgssie.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealPlayer" "c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll"
+ "TmIEPlugInBHO Class" "Trend Micro NSC IE Plug-In" "Trend Micro Inc." "c:\program files (x86)\trend micro\client server security agent\bho\1009\tmieplg32.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Windows Live Messenger Companion Helper" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files (x86)\windows live\companion\companioncore.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiex.dll"
+ "Messenger Companion (Ctrl+Shift+C)" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files (x86)\windows live\companion\companioncore.dll"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\RealUpgradeLogonTaskS-1-5-21-2217850987-3608419602-3793409258-1001" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\RealUpgradeScheduledTaskS-1-5-21-2217850987-3608419602-3793409258-1001" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "\{01DE28A2-6BAF-4BF4-BF11-87E0239BA5FB}" "Setup.exe" "Acresso Software Inc." "c:\dell\drivers\r288884\setup.exe"
+ "\{1E693343-212F-4CDB-8B0C-A95BD0AAB303}" "Setup.exe" "Acresso Software Inc." "c:\dell\drivers\r288884\setup.exe"
+ "\{7E6337A3-EAF2-4731-8538-DBABDE8384EE}" "Cisco NAC Agent UI" "Cisco Systems, Inc." "c:\program files (x86)\cisco\cisco nac agent\nacagentui.exe"
+ "\{A13AA288-4574-4DE7-A049-281DAD4A416D}" "" "" "File not found: C:\Users\George\Desktop\School\Current Courses\FIN 4486 Financial Risk Management\SETUP.EXE"
+ "\{B5380A96-F051-4108-9210-7B1B827CFB3A}" "" "" "File not found: C:\Users\George\Desktop\School\Current Courses\FIN 4486 Financial Risk Management\SETUP.EXE"
+ "\{F0D953A4-D86F-4739-92F6-2C6167D699E6}" "" "" "File not found: C:\Users\George\Desktop\DELL_DATA-PROTECTION---ACCES_A00_R288884.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AESTFilters" "Andrea filters APO access service (64-bit)" "Andrea Electronics Corporation" "c:\program files\idt\wdm\aestsr64.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgwdsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "Credential Vault Host Control Service" "Host Control Service for Fingerprint Processing" "Broadcom Corporation" "c:\program files\broadcom corporation\broadcom ush host components\cv\bin\hostcontrolservice.exe"
+ "Credential Vault Host Storage" "Host Storage Service for Persisting CV Objects into Hard drive" "Broadcom Corporation" "c:\program files\broadcom corporation\broadcom ush host components\cv\bin\hoststorageservice.exe"
+ "dcpsysmgrsvc" "A support service required for the proper operation of Dell System Manager." "Dell Inc." "c:\program files\dell\dell system manager\dcpsysmgrsvc.exe"
+ "EvtEng" "Manages the event trace messages for all the Intel® PROSet/Wireless Software components." "Intel® Corporation" "c:\program files\intel\wifi\bin\evteng.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Acresso Software Inc." "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "Intel® PROSet Monitoring Service" "The Intel® PROSet Monitoring Service actively monitors changes to the system and updates affected network devices to keep them running in optimal condition. Stopping this service may negatively affect the performance of the network devices on the system." "Intel Corporation" "c:\windows\system32\iprosetmonitor.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "jhi_service" "Intel® Identity Protection Technology Host Interface Service - Allows applications to access the local Intel Identity Protection Technology" "Intel Corporation" "c:\program files (x86)\intel\services\ipt\jhi_service.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NACAgent" "Cisco Network Admission Control Agent" "Cisco Systems, Inc." "c:\program files (x86)\cisco\cisco nac agent\nacagent.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "ntrtscan" "Performs Real-time, Scheduled, and Manual scan on client/server security agents." "Trend Micro Inc." "c:\program files (x86)\trend micro\client server security agent\ntrtscan.exe"
+ "O2FLASH" "O2 Flash Memory Service" "O2Micro International" "c:\windows\system32\drivers\o2flash.exe"
+ "O2SDIOAssist" "O2Micro SDIO service" "" "c:\windows\syswow64\srvany.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "RegSrvc" "Provides registry access to all Intel® PROSet/Wireless Software components" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"
+ "SecureStorageService" "Wave Secure Storage Service" "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\secure storage manager\securestorageservice.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\program files\idt\wdm\stacsv64.exe"
+ "svcGenericHost" "Receives commands and notifications from the security server and facilitates communication from the client to the server" "Trend Micro Inc." "c:\program files (x86)\trend micro\client server security agent\hostedagent\svcgenerichost.exe"
+ "tcsd_win32.exe" "TCS service for accessing the TPM" "" "c:\program files (x86)\ntru cryptosystems\ntru tcg software stack\bin\tcsd_win32.exe"
+ "TdmService" "Manages self-encrypting drives." "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\tdmservice.exe"
+ "TMBMServer" "Manages the Trend Micro unauthorized change prevention feature" "Trend Micro Inc." "c:\program files (x86)\trend micro\bm\tmbmsrv.exe"
+ "tmlisten" "Receives commands and notifications from the security server and facilitates communication from the client to the server." "Trend Micro Inc." "c:\program files (x86)\trend micro\client server security agent\tmlisten.exe"
+ "TmPfw" "Provides packet level firewall, network virus scanning and intrusion detection capabilities." "Trend Micro Inc." "c:\program files (x86)\trend micro\client server security agent\tmpfw.exe"
+ "TmProxy" "Scans network traffic before passing it to the target application." "Trend Micro Inc." "c:\program files (x86)\trend micro\client server security agent\tmproxy.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "ZcfgSvc7" "ZeroConfig Service for Intel® PROSet/Wireless WiFi Software" "Intel® Corporation" "c:\program files\intel\wifi\bin\zcfgsvc7.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Acceler" "Accelerometer Port I/O" "ST Microelectronics" "c:\windows\system32\drivers\accelern.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdrivera.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfiltera.sys"
+ "AVGIDSHA" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsha.sys"
+ "Avgldx64" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx64.sys"
+ "Avgmfx64" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx64.sys"
+ "Avgrkx64" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx64.sys"
+ "Avgtdia" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdia.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "cvusbdrv" "Broadcom Credential Vault USB Driver" "Broadcom Corporation" "c:\windows\system32\drivers\cvusbdrv.sys"
+ "e1cexpress" "Intel® Gigabit Adapter NDIS 6.x driver" "Intel Corporation" "c:\windows\system32\drivers\e1c62x64.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "NETwNs64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netwns64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "O2MDFRDR" "O2Micro Media Reader Driver (AMD64)" "O2Micro " "c:\windows\system32\drivers\o2mdfw7x64.sys"
+ "O2MDRRDR" "O2Micro Media Reader Driver (AMD64)" "O2Micro " "c:\windows\system32\drivers\o2mdrw7x64.sys"
+ "O2SDJRDR" "O2Micro SD Reader Driver (AMD64)" "O2Micro " "c:\windows\system32\drivers\o2sdjw7x64.sys"
+ "PBADRV" "PBADRV" "Dell Inc" "c:\windows\system32\drivers\pbadrv.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "qxuaja" "" "" "File not found: C:\Windows\System32\Drivers\qxuaja.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "sjzgxw" "" "" "File not found: C:\Windows\System32\Drivers\sjzgxw.sys"
+ "stdcfltn" "Disk Class Filter Driver for Accelerometer" "ST Microelectronics" "c:\windows\system32\drivers\stdcfltn.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt64.sys"
+ "tljkva" "" "" "File not found: C:\Windows\System32\Drivers\tljkva.sys"
+ "TmFilter" "Post Filter For AMD64" "Trend Micro Inc." "c:\program files (x86)\trend micro\client server security agent\tmxpflt.sys"
+ "tmlwf" "Trend Micro NDIS 6.0 Filter Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmlwf.sys"
+ "TmPreFilter" "Pre-Filter For AMD64" "Trend Micro Inc." "c:\program files (x86)\trend micro\client server security agent\tmpreflt.sys"
+ "tmtdi" "Trend Micro TDI Driver (amd64-fre)" "Trend Micro Inc." "c:\windows\system32\drivers\tmtdi.sys"
+ "tmwfp" "Trend Micro WFP Callout Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmwfp.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "VSApiNt" "VsapiNT for AMD64" "Trend Micro Inc." "c:\program files (x86)\trend micro\client server security agent\vsapint.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AC3File" "" "" "c:\program files (x86)\k-lite codec pack\filters\ac3file.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Decoder (PDVD9)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PDVD9)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer (PDVD9)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudwizard.ax"
+ "CyberLink AudioCD Filter (PDVD9)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudiocd.ax"
+ "Cyberlink Demuxer 2.0" "CLDemuxer2" "Cyberlink" "c:\program files (x86)\cyberlink\powerdvd9\navfilter\cldemuxer2.ax"
+ "CyberLink Digest Filter (PDVD9)" "DigestFilter Dynamic Link Library" "" "c:\program files (x86)\cyberlink\powerdvd9\digestfilter.dll"
+ "CyberLink DVD Navigator (PDVD9)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clnavx.ax"
+ "CyberLink FLV Splitter (PDVD9)" "CyberLink FLV Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clflvsplitter.ax"
+ "CyberLink HAM Decoder" "CyberLink 264 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clcvd.ax"
+ "CyberLink HD/BD Mixer (PDVD9)" "CLHBMixer" " " "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clhbmixer.ax"
+ "CyberLink Line21 Decoder (PDVD9)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clline21.ax"
+ "CyberLink Matroska Splitter (PDVD9)" "CyberLink Matroska Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clmkvsplter.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clsplter.ax"
+ "CyberLink MPEG-4 Splitter (PDVD9)" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clm4splt.ax"
+ "CyberLink RealAudio Decoder (PDVD9)" "CyberLink RealMedia Audio Decoder" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clrmaud.ax"
+ "CyberLink RealMedia Splitter (PDVD9)" "CyberLink RealMedia Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clrmsplitter.ax"
+ "CyberLink RealVideo Decoder (PDVD9)" "CyberLink RealMedia Video Decoder" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clrmvd.ax"
+ "Cyberlink SubTitle Importor (PDVD9)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clsubtitle.ax"
+ "Cyberlink SubTitle Importor 2.0 (PDVD9)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (PDVD9)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clauts.ax"
+ "CyberLink Tzan Filter (PDVD9)" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\cltzan.ax"
+ "CyberLink Video Decoder (PDVD9)" "CyberLink 264 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clcvd.ax"
+ "CyberLink Video/SP Decoder (PDVD9)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clvsd.ax"
+ "DC-Bass Source" "DirectShow™ Audio Decoder" "http://www.dsp-worx.de" "c:\program files (x86)\k-lite codec pack\filters\dcbasssource.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files (x86)\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files (x86)\k-lite codec pack\filters\vsfilter.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow DXVA Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"
+ "File Source (Monkey Audio)" "" "" "c:\program files (x86)\k-lite codec pack\filters\monkeysource.ax"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files (x86)\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax"
+ "LAV Audio Decoder" "LAV Audio Decoder - DirectShow Audio Decoder" "1f0.de - Hendrik Leppkes" "c:\program files (x86)\k-lite codec pack\filters\lav\lavaudio.ax"
+ "LAV Splitter" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "c:\program files (x86)\k-lite codec pack\filters\lav\lavsplitter.ax"
+ "LAV Splitter Source" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "c:\program files (x86)\k-lite codec pack\filters\lav\lavsplitter.ax"
+ "LAV Video Decoder" "LAV Video Decoder - DirectShow Video Decoder" "1f0.de - Hendrik Leppkes" "c:\program files (x86)\k-lite codec pack\filters\lav\lavvideo.ax"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files (x86)\k-lite codec pack\filters\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files (x86)\k-lite codec pack\filters\madflac.ax"
+ "madVR" "madshi's D3D9 based video renderer" "madshi.net" "c:\program files (x86)\k-lite codec pack\filters\madvr\madvr.ax"
+ "RadLight OptimFROG DirectShow Filter" "RLOFRDec" "RadLight" "c:\program files (x86)\k-lite codec pack\filters\rlofrdec.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "c:\program files (x86)\k-lite codec pack\filters\vp7dec.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgrsa.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "Provider Object" "Windows Vista and Windows 7 Credential Provider" "UPEK Inc." "c:\program files\common files\spba\provider.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
+ "WvProvider Class" "Wave Credential Provider" "Wave Systems Corp." "c:\windows\system32\wvcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" "" "" ""
+ "Provider Filter Object" "Windows Vista and Windows 7 Credential Provider" "UPEK Inc." "c:\program files\common files\spba\provider.dll"
+ "WvCredFilter Class" "Wave Credential Provider" "Wave Systems Corp." "c:\windows\system32\wvcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
+ "spba" "PS QL Logon Kernel" "UPEK Inc." "c:\program files\common files\spba\homefus2.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "LIDIL hpzllwn7" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzllwn7.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages" "" "" ""
+ "wvauth" "Authentication Package" "Wave Systems Corp." "c:\windows\system32\wvauth.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "TdmNetworkProvider" "TDM Network Provider" "Wave Systems Corp." "c:\windows\system32\tdmnetworkprovider.dll"
"C:\Users\George\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Currency" "Convert from one currency to another." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\Gadget.xml"

#12 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 15 September 2012 - 06:35 PM

Run RKILL again and post the new log

Edited by narenxp, 15 September 2012 - 06:49 PM.

#13 Ubermensch

Ubermensch

    New Member

  • Members
  • Pip
  • 12 posts

Posted 15 September 2012 - 06:46 PM

RKill Log:
Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/15/2012 07:45:43 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/15/2012 07:45:50 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)

#14 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 15 September 2012 - 06:50 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#15 Ubermensch

Ubermensch

    New Member

  • Members
  • Pip
  • 12 posts

Posted 15 September 2012 - 07:18 PM

I can't thank you enough. I am very grateful for the time and effort you have contributed so selflessly to help me. Thanks again and I wish you the best!
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·