Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect infection, most likely rootkit


  • Please log in to reply
9 replies to this topic

#1 xuul

xuul

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 01 July 2012 - 05:21 AM

The work computer was apparently infected with some game installation last week, with the only visible symptom being search engine redirects. I do not want to risk damaging the system by trying to do more to fix it on my own.

Key facts:

* Roughly 50% of the time search engine links redirect to ad sites by opening a new window: bidsystem.com to endocrineweb, kidgoup.com, getanswersfast, IP addresses that security programs block, and so on. Google, Yahoo, Bing all do it.

* MalwareBytes removed the following: Trojan.Happili, Trojan.FakeMS, Hijacker.Application, Adware.TryMedia, and then a day or two later Trojan.Lameshield. I removed the game ("Price is Right"), Adobe, and Java installs from the days after the symptoms started. I remember removing an Ask.com toolbar at one point.

* In the past week the computer has been called clean following full scans by Trend Micro, AVG Free, MalwareBytes, Sophos, and Kaspersky Security Scan. The Google redirects are still happening.

* The Google redirects do not happen when the computer is in Safe Mode.

* There do not seem to be any processes that are obviously malicious.

* I can only find what look like false positives with TDSS Killer, aswMBR, and GMER. But I do not have the expertise to make that judgment.

* The operating system is Windows 7 Professional, Service Pack 1. 32-bit.

* The browser is Internet Explorer 8, version 8.0.7601.17514. I believe the proxy is turned off and that the host file is clean, but I am not very familiar with Windows 7.

Edited by xuul, 01 July 2012 - 05:33 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:13 AM

Posted 01 July 2012 - 05:29 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 xuul

xuul
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 02 July 2012 - 01:13 AM

Thank you. ESET caught Kryptik.AHNI and BHO.OEI trojans.



TDSS Killer:


00:21:08.0761 6612 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
00:21:09.0619 6612 ============================================================
00:21:09.0619 6612 Current date / time: 2012/07/02 00:21:09.0619
00:21:09.0619 6612 SystemInfo:
00:21:09.0619 6612
00:21:09.0619 6612 OS Version: 6.1.7601 ServicePack: 1.0
00:21:09.0619 6612 Product type: Workstation
00:21:09.0619 6612 ComputerName: WORKSTATION3-PC
00:21:09.0619 6612 UserName: Workstation3
00:21:09.0619 6612 Windows directory: C:\Windows
00:21:09.0619 6612 System windows directory: C:\Windows
00:21:09.0619 6612 Processor architecture: Intel x86
00:21:09.0619 6612 Number of processors: 4
00:21:09.0619 6612 Page size: 0x1000
00:21:09.0619 6612 Boot type: Normal boot
00:21:09.0619 6612 ============================================================
00:21:10.0477 6612 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:21:10.0477 6612 ============================================================
00:21:10.0477 6612 \Device\Harddisk0\DR0:
00:21:10.0477 6612 MBR partitions:
00:21:10.0477 6612 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x177000
00:21:10.0477 6612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18B000, BlocksNum 0x1D01D800
00:21:10.0477 6612 ============================================================
00:21:10.0508 6612 C: <-> \Device\Harddisk0\DR0\Partition1
00:21:10.0508 6612 ============================================================
00:21:10.0508 6612 Initialize success
00:21:10.0508 6612 ============================================================
00:21:26.0248 6296 ============================================================
00:21:26.0248 6296 Scan started
00:21:26.0248 6296 Mode: Manual; TDLFS;
00:21:26.0248 6296 ============================================================
00:21:27.0169 6296 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
00:21:27.0169 6296 1394ohci - ok
00:21:27.0200 6296 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
00:21:27.0216 6296 ACPI - ok
00:21:27.0231 6296 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
00:21:27.0231 6296 AcpiPmi - ok
00:21:27.0340 6296 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:21:27.0340 6296 AdobeARMservice - ok
00:21:27.0418 6296 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:21:27.0418 6296 AdobeFlashPlayerUpdateSvc - ok
00:21:27.0450 6296 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
00:21:27.0465 6296 adp94xx - ok
00:21:27.0496 6296 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
00:21:27.0496 6296 adpahci - ok
00:21:27.0512 6296 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
00:21:27.0528 6296 adpu320 - ok
00:21:27.0543 6296 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
00:21:27.0543 6296 AeLookupSvc - ok
00:21:27.0590 6296 AERTFilters (7a841462ad4749f8a07b27ae8e8947b8) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
00:21:27.0606 6296 AERTFilters - ok
00:21:27.0652 6296 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
00:21:27.0652 6296 AFD - ok
00:21:27.0684 6296 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
00:21:27.0684 6296 agp440 - ok
00:21:27.0715 6296 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
00:21:27.0730 6296 aic78xx - ok
00:21:27.0886 6296 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
00:21:27.0886 6296 ALG - ok
00:21:27.0918 6296 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
00:21:27.0918 6296 aliide - ok
00:21:27.0964 6296 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
00:21:27.0964 6296 AMD External Events Utility - ok
00:21:28.0011 6296 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
00:21:28.0011 6296 amdagp - ok
00:21:28.0042 6296 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
00:21:28.0042 6296 amdide - ok
00:21:28.0058 6296 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
00:21:28.0058 6296 AmdK8 - ok
00:21:28.0089 6296 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
00:21:28.0089 6296 AmdPPM - ok
00:21:28.0120 6296 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
00:21:28.0120 6296 amdsata - ok
00:21:28.0152 6296 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
00:21:28.0167 6296 amdsbs - ok
00:21:28.0183 6296 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
00:21:28.0183 6296 amdxata - ok
00:21:28.0276 6296 Amsp (5783279fe2088c4cd1747c0a47025e23) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
00:21:28.0292 6296 Amsp - ok
00:21:28.0386 6296 Apache2 (3c8b7e1e3f136c000c96690ac008c799) c:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
00:21:28.0432 6296 Apache2 - ok
00:21:28.0479 6296 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
00:21:28.0479 6296 AppID - ok
00:21:28.0510 6296 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
00:21:28.0510 6296 AppIDSvc - ok
00:21:28.0557 6296 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
00:21:28.0557 6296 Appinfo - ok
00:21:28.0635 6296 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:21:28.0635 6296 Apple Mobile Device - ok
00:21:28.0682 6296 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
00:21:28.0682 6296 AppMgmt - ok
00:21:28.0713 6296 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
00:21:28.0729 6296 arc - ok
00:21:28.0729 6296 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
00:21:28.0744 6296 arcsas - ok
00:21:28.0760 6296 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:21:28.0760 6296 AsyncMac - ok
00:21:28.0791 6296 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
00:21:28.0791 6296 atapi - ok
00:21:29.0010 6296 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
00:21:29.0088 6296 atikmdag - ok
00:21:29.0181 6296 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
00:21:29.0197 6296 AudioEndpointBuilder - ok
00:21:29.0197 6296 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
00:21:29.0212 6296 Audiosrv - ok
00:21:29.0431 6296 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
00:21:29.0634 6296 AVGIDSAgent - ok
00:21:29.0930 6296 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
00:21:29.0992 6296 AVGIDSDriver - ok
00:21:30.0024 6296 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
00:21:30.0039 6296 AVGIDSFilter - ok
00:21:30.0070 6296 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
00:21:30.0086 6296 AVGIDSHX - ok
00:21:30.0102 6296 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
00:21:30.0117 6296 AVGIDSShim - ok
00:21:30.0148 6296 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
00:21:30.0180 6296 Avgldx86 - ok
00:21:30.0211 6296 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
00:21:30.0226 6296 Avgmfx86 - ok
00:21:30.0289 6296 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
00:21:30.0304 6296 Avgrkx86 - ok
00:21:30.0336 6296 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
00:21:30.0351 6296 Avgtdix - ok
00:21:30.0414 6296 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
00:21:30.0429 6296 avgwd - ok
00:21:30.0492 6296 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
00:21:30.0492 6296 AxInstSV - ok
00:21:30.0523 6296 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
00:21:30.0523 6296 b06bdrv - ok
00:21:30.0554 6296 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:21:30.0570 6296 b57nd60x - ok
00:21:30.0601 6296 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
00:21:30.0601 6296 BDESVC - ok
00:21:30.0616 6296 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:21:30.0616 6296 Beep - ok
00:21:30.0679 6296 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
00:21:30.0679 6296 BFE - ok
00:21:30.0897 6296 BFXNHCNGEJG (71b8da260e391a04751221d6394993f1) C:\Users\WORKST~1\AppData\Local\Temp\BFXNHCNGEJG.exe
00:21:30.0944 6296 BFXNHCNGEJG - ok
00:21:31.0069 6296 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
00:21:31.0069 6296 BITS - ok
00:21:31.0100 6296 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
00:21:31.0100 6296 blbdrive - ok
00:21:31.0194 6296 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
00:21:31.0209 6296 Bonjour Service - ok
00:21:31.0240 6296 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
00:21:31.0240 6296 bowser - ok
00:21:31.0287 6296 BPowMon (104c980400850ea84f86cd31ae2eeece) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
00:21:31.0287 6296 BPowMon - ok
00:21:31.0303 6296 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:21:31.0318 6296 BrFiltLo - ok
00:21:31.0334 6296 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:21:31.0334 6296 BrFiltUp - ok
00:21:31.0381 6296 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
00:21:31.0381 6296 Browser - ok
00:21:31.0396 6296 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:21:31.0396 6296 Brserid - ok
00:21:31.0412 6296 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:21:31.0412 6296 BrSerWdm - ok
00:21:31.0428 6296 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:21:31.0428 6296 BrUsbMdm - ok
00:21:31.0443 6296 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:21:31.0443 6296 BrUsbSer - ok
00:21:31.0490 6296 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
00:21:31.0521 6296 BrYNSvc - ok
00:21:31.0521 6296 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
00:21:31.0537 6296 BTHMODEM - ok
00:21:31.0552 6296 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
00:21:31.0552 6296 bthserv - ok
00:21:31.0755 6296 CarboniteService (cfa5f2b90fc2a3f38b297584c9e0d2b8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
00:21:31.0786 6296 CarboniteService - ok
00:21:31.0864 6296 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:21:31.0880 6296 cdfs - ok
00:21:31.0911 6296 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
00:21:31.0911 6296 cdrom - ok
00:21:31.0958 6296 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
00:21:31.0974 6296 CertPropSvc - ok
00:21:31.0989 6296 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
00:21:32.0005 6296 circlass - ok
00:21:32.0036 6296 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:21:32.0036 6296 CLFS - ok
00:21:32.0098 6296 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:21:32.0114 6296 clr_optimization_v2.0.50727_32 - ok
00:21:32.0192 6296 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:21:32.0223 6296 clr_optimization_v4.0.30319_32 - ok
00:21:32.0254 6296 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
00:21:32.0254 6296 CmBatt - ok
00:21:32.0286 6296 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
00:21:32.0286 6296 cmdide - ok
00:21:32.0317 6296 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
00:21:32.0332 6296 CNG - ok
00:21:32.0364 6296 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
00:21:32.0364 6296 Compbatt - ok
00:21:32.0410 6296 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
00:21:32.0410 6296 CompositeBus - ok
00:21:32.0426 6296 COMSysApp - ok
00:21:32.0442 6296 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
00:21:32.0442 6296 crcdisk - ok
00:21:32.0473 6296 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
00:21:32.0473 6296 CryptSvc - ok
00:21:32.0520 6296 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
00:21:32.0535 6296 CSC - ok
00:21:32.0582 6296 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
00:21:32.0598 6296 CscService - ok
00:21:32.0629 6296 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
00:21:32.0629 6296 DcomLaunch - ok
00:21:32.0644 6296 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
00:21:32.0660 6296 defragsvc - ok
00:21:32.0707 6296 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
00:21:32.0707 6296 DfsC - ok
00:21:32.0769 6296 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
00:21:32.0769 6296 Dhcp - ok
00:21:32.0785 6296 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:21:32.0785 6296 discache - ok
00:21:32.0816 6296 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
00:21:32.0816 6296 Disk - ok
00:21:32.0847 6296 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
00:21:32.0863 6296 Dnscache - ok
00:21:32.0894 6296 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
00:21:32.0894 6296 dot3svc - ok
00:21:32.0941 6296 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
00:21:32.0941 6296 DPS - ok
00:21:32.0972 6296 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:21:32.0972 6296 drmkaud - ok
00:21:33.0081 6296 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
00:21:33.0097 6296 DXGKrnl - ok
00:21:33.0112 6296 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
00:21:33.0112 6296 EapHost - ok
00:21:33.0237 6296 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
00:21:33.0284 6296 ebdrv - ok
00:21:33.0378 6296 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
00:21:33.0378 6296 EFS - ok
00:21:33.0440 6296 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
00:21:33.0456 6296 ehRecvr - ok
00:21:33.0471 6296 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
00:21:33.0471 6296 ehSched - ok
00:21:33.0534 6296 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
00:21:33.0549 6296 elxstor - ok
00:21:33.0565 6296 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
00:21:33.0580 6296 ErrDev - ok
00:21:33.0627 6296 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
00:21:33.0627 6296 EventSystem - ok
00:21:33.0658 6296 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:21:33.0674 6296 exfat - ok
00:21:33.0690 6296 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:21:33.0690 6296 fastfat - ok
00:21:33.0736 6296 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
00:21:33.0736 6296 Fax - ok
00:21:33.0768 6296 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
00:21:33.0768 6296 fdc - ok
00:21:33.0783 6296 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
00:21:33.0783 6296 fdPHost - ok
00:21:33.0799 6296 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
00:21:33.0814 6296 FDResPub - ok
00:21:33.0814 6296 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:21:33.0814 6296 FileInfo - ok
00:21:33.0830 6296 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:21:33.0830 6296 Filetrace - ok
00:21:33.0846 6296 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
00:21:33.0846 6296 flpydisk - ok
00:21:33.0861 6296 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:21:33.0877 6296 FltMgr - ok
00:21:33.0924 6296 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
00:21:33.0955 6296 FontCache - ok
00:21:34.0017 6296 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:21:34.0033 6296 FontCache3.0.0.0 - ok
00:21:34.0048 6296 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:21:34.0048 6296 FsDepends - ok
00:21:34.0080 6296 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
00:21:34.0080 6296 fssfltr - ok
00:21:34.0173 6296 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
00:21:34.0220 6296 fsssvc - ok
00:21:34.0298 6296 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
00:21:34.0314 6296 Fs_Rec - ok
00:21:34.0345 6296 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
00:21:34.0360 6296 fvevol - ok
00:21:34.0376 6296 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:21:34.0376 6296 gagp30kx - ok
00:21:34.0423 6296 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
00:21:34.0438 6296 gpsvc - ok
00:21:34.0563 6296 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:21:34.0563 6296 gupdate - ok
00:21:34.0579 6296 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:21:34.0579 6296 gupdatem - ok
00:21:34.0594 6296 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:21:34.0594 6296 hcw85cir - ok
00:21:34.0626 6296 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
00:21:34.0626 6296 HDAudBus - ok
00:21:34.0641 6296 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
00:21:34.0641 6296 HECI - ok
00:21:34.0657 6296 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
00:21:34.0657 6296 HidBatt - ok
00:21:34.0672 6296 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
00:21:34.0672 6296 HidBth - ok
00:21:34.0704 6296 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
00:21:34.0704 6296 HidIr - ok
00:21:34.0719 6296 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
00:21:34.0719 6296 hidserv - ok
00:21:34.0766 6296 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
00:21:34.0766 6296 HidUsb - ok
00:21:34.0797 6296 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
00:21:34.0797 6296 hkmsvc - ok
00:21:34.0828 6296 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
00:21:34.0828 6296 HomeGroupListener - ok
00:21:34.0844 6296 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
00:21:34.0860 6296 HomeGroupProvider - ok
00:21:34.0938 6296 HP LaserJet Service (d1e9cb573a9edf7be12e9c57f32e97f7) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
00:21:34.0938 6296 HP LaserJet Service - ok
00:21:34.0984 6296 HPFXBULKLEDM (6f98a555acf3c1b68fcc1f50e0fd2091) C:\Windows\system32\drivers\hppcbulkio.sys
00:21:34.0984 6296 HPFXBULKLEDM - ok
00:21:35.0031 6296 HPFXFAX (7f854bd9c113b4569ce6579ea3847a2a) C:\Windows\system32\drivers\hppcfaxio.sys
00:21:35.0031 6296 HPFXFAX - ok
00:21:35.0062 6296 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
00:21:35.0062 6296 HpSAMD - ok
00:21:35.0125 6296 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
00:21:35.0140 6296 HTTP - ok
00:21:35.0172 6296 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
00:21:35.0187 6296 hwpolicy - ok
00:21:35.0218 6296 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
00:21:35.0234 6296 i8042prt - ok
00:21:35.0250 6296 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
00:21:35.0265 6296 iaStor - ok
00:21:35.0328 6296 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
00:21:35.0328 6296 IAStorDataMgrSvc - ok
00:21:35.0374 6296 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
00:21:35.0374 6296 iaStorV - ok
00:21:35.0468 6296 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:21:35.0499 6296 idsvc - ok
00:21:35.0530 6296 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
00:21:35.0530 6296 iirsp - ok
00:21:35.0577 6296 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
00:21:35.0593 6296 IKEEXT - ok
00:21:35.0608 6296 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
00:21:35.0624 6296 Impcd - ok
00:21:35.0733 6296 IntcAzAudAddService (5ceef2cccb4fe00d3ffbfeb12bcfa07f) C:\Windows\system32\drivers\RTKVHDA.sys
00:21:35.0827 6296 IntcAzAudAddService - ok
00:21:35.0905 6296 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
00:21:35.0920 6296 intelide - ok
00:21:35.0952 6296 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
00:21:35.0952 6296 intelppm - ok
00:21:35.0967 6296 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
00:21:35.0967 6296 IPBusEnum - ok
00:21:35.0983 6296 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:21:35.0998 6296 IpFilterDriver - ok
00:21:36.0045 6296 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
00:21:36.0045 6296 iphlpsvc - ok
00:21:36.0076 6296 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
00:21:36.0076 6296 IPMIDRV - ok
00:21:36.0092 6296 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:21:36.0092 6296 IPNAT - ok
00:21:36.0123 6296 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:21:36.0139 6296 IRENUM - ok
00:21:36.0139 6296 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
00:21:36.0139 6296 isapnp - ok
00:21:36.0170 6296 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
00:21:36.0170 6296 iScsiPrt - ok
00:21:36.0201 6296 k57nd60x (7ea81534e80570bdf6ee4a4248bba4d6) C:\Windows\system32\DRIVERS\k57nd60x.sys
00:21:36.0201 6296 k57nd60x - ok
00:21:36.0248 6296 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:21:36.0248 6296 kbdclass - ok
00:21:36.0279 6296 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
00:21:36.0279 6296 kbdhid - ok
00:21:36.0310 6296 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:21:36.0310 6296 KeyIso - ok
00:21:36.0326 6296 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
00:21:36.0326 6296 KSecDD - ok
00:21:36.0342 6296 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
00:21:36.0342 6296 KSecPkg - ok
00:21:36.0435 6296 KSS (e47ffca0909871ac1bff0d446ff63ca9) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
00:21:36.0466 6296 KSS - ok
00:21:36.0498 6296 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
00:21:36.0498 6296 KtmRm - ok
00:21:36.0544 6296 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
00:21:36.0560 6296 LanmanServer - ok
00:21:36.0607 6296 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
00:21:36.0607 6296 LanmanWorkstation - ok
00:21:36.0638 6296 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:21:36.0638 6296 lltdio - ok
00:21:36.0669 6296 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
00:21:36.0685 6296 lltdsvc - ok
00:21:36.0700 6296 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
00:21:36.0700 6296 lmhosts - ok
00:21:36.0794 6296 LMIGuardianSvc (f622a3c0c10a26c1dc789cdeb0b2a4eb) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
00:21:36.0810 6296 LMIGuardianSvc - ok
00:21:36.0825 6296 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
00:21:36.0825 6296 LMIInfo - ok
00:21:36.0856 6296 LMIMaint (ce9e8bf4e9194b29767cda90f8bdc675) C:\Program Files\LogMeIn\x86\RaMaint.exe
00:21:36.0856 6296 LMIMaint - ok
00:21:36.0856 6296 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
00:21:36.0872 6296 lmimirr - ok
00:21:36.0872 6296 LMIRfsClientNP - ok
00:21:36.0888 6296 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
00:21:36.0888 6296 LMIRfsDriver - ok
00:21:36.0934 6296 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
00:21:36.0934 6296 LogMeIn - ok
00:21:36.0981 6296 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:21:36.0981 6296 LSI_FC - ok
00:21:36.0981 6296 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:21:36.0997 6296 LSI_SAS - ok
00:21:36.0997 6296 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:21:37.0012 6296 LSI_SAS2 - ok
00:21:37.0028 6296 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:21:37.0028 6296 LSI_SCSI - ok
00:21:37.0044 6296 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:21:37.0044 6296 luafv - ok
00:21:37.0075 6296 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
00:21:37.0075 6296 Mcx2Svc - ok
00:21:37.0106 6296 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
00:21:37.0106 6296 megasas - ok
00:21:37.0184 6296 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
00:21:37.0200 6296 MegaSR - ok
00:21:37.0293 6296 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
00:21:37.0309 6296 Microsoft Office Groove Audit Service - ok
00:21:37.0324 6296 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:21:37.0340 6296 MMCSS - ok
00:21:37.0340 6296 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:21:37.0356 6296 Modem - ok
00:21:37.0371 6296 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:21:37.0387 6296 monitor - ok
00:21:37.0418 6296 motmodem (69814acd50a9d6d28296050ef6215d46) C:\Windows\system32\DRIVERS\motmodem.sys
00:21:37.0418 6296 motmodem - ok
00:21:37.0449 6296 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
00:21:37.0449 6296 mouclass - ok
00:21:37.0480 6296 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
00:21:37.0496 6296 mouhid - ok
00:21:37.0527 6296 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
00:21:37.0527 6296 mountmgr - ok
00:21:37.0558 6296 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
00:21:37.0574 6296 mpio - ok
00:21:37.0590 6296 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:21:37.0590 6296 mpsdrv - ok
00:21:37.0636 6296 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
00:21:37.0652 6296 MpsSvc - ok
00:21:37.0683 6296 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
00:21:37.0683 6296 MRxDAV - ok
00:21:37.0730 6296 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:21:37.0730 6296 mrxsmb - ok
00:21:37.0761 6296 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:21:37.0777 6296 mrxsmb10 - ok
00:21:37.0792 6296 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:21:37.0792 6296 mrxsmb20 - ok
00:21:37.0824 6296 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
00:21:37.0824 6296 msahci - ok
00:21:37.0870 6296 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
00:21:37.0870 6296 msdsm - ok
00:21:37.0902 6296 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
00:21:37.0902 6296 MSDTC - ok
00:21:37.0933 6296 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:21:37.0948 6296 Msfs - ok
00:21:37.0948 6296 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:21:37.0948 6296 mshidkmdf - ok
00:21:37.0980 6296 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
00:21:37.0995 6296 msisadrv - ok
00:21:38.0026 6296 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
00:21:38.0042 6296 MSiSCSI - ok
00:21:38.0042 6296 msiserver - ok
00:21:38.0073 6296 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:21:38.0073 6296 MSKSSRV - ok
00:21:38.0089 6296 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:21:38.0104 6296 MSPCLOCK - ok
00:21:38.0104 6296 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:21:38.0104 6296 MSPQM - ok
00:21:38.0120 6296 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:21:38.0136 6296 MsRPC - ok
00:21:38.0167 6296 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
00:21:38.0167 6296 mssmbios - ok
00:21:38.0182 6296 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:21:38.0198 6296 MSTEE - ok
00:21:38.0214 6296 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
00:21:38.0214 6296 MTConfig - ok
00:21:38.0229 6296 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:21:38.0229 6296 Mup - ok
00:21:38.0260 6296 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
00:21:38.0276 6296 napagent - ok
00:21:38.0307 6296 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:21:38.0307 6296 NativeWifiP - ok
00:21:38.0338 6296 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
00:21:38.0354 6296 NDIS - ok
00:21:38.0385 6296 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:21:38.0385 6296 NdisCap - ok
00:21:38.0401 6296 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:21:38.0401 6296 NdisTapi - ok
00:21:38.0448 6296 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
00:21:38.0448 6296 Ndisuio - ok
00:21:38.0463 6296 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
00:21:38.0463 6296 NdisWan - ok
00:21:38.0494 6296 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
00:21:38.0494 6296 NDProxy - ok
00:21:38.0541 6296 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
00:21:38.0557 6296 Net Driver HPZ12 - ok
00:21:38.0588 6296 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:21:38.0588 6296 NetBIOS - ok
00:21:38.0619 6296 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
00:21:38.0635 6296 NetBT - ok
00:21:38.0666 6296 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:21:38.0666 6296 Netlogon - ok
00:21:38.0697 6296 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
00:21:38.0697 6296 Netman - ok
00:21:38.0728 6296 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
00:21:38.0728 6296 netprofm - ok
00:21:38.0791 6296 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:21:38.0791 6296 NetTcpPortSharing - ok
00:21:38.0822 6296 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
00:21:38.0822 6296 nfrd960 - ok
00:21:38.0853 6296 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
00:21:38.0869 6296 NlaSvc - ok
00:21:38.0884 6296 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:21:38.0884 6296 Npfs - ok
00:21:38.0916 6296 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
00:21:38.0916 6296 nsi - ok
00:21:38.0931 6296 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:21:38.0931 6296 nsiproxy - ok
00:21:38.0994 6296 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
00:21:39.0025 6296 Ntfs - ok
00:21:39.0056 6296 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:21:39.0056 6296 Null - ok
00:21:39.0087 6296 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
00:21:39.0087 6296 nvraid - ok
00:21:39.0103 6296 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
00:21:39.0118 6296 nvstor - ok
00:21:39.0134 6296 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
00:21:39.0150 6296 nv_agp - ok
00:21:39.0228 6296 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:21:39.0243 6296 odserv - ok
00:21:39.0368 6296 ofcservice (ab71f7de0a3a52c622b5743ab64674c4) C:\Program Files\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe
00:21:39.0384 6296 ofcservice - ok
00:21:39.0493 6296 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
00:21:39.0493 6296 ohci1394 - ok
00:21:39.0555 6296 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:21:39.0571 6296 ose - ok
00:21:39.0602 6296 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:21:39.0618 6296 p2pimsvc - ok
00:21:39.0649 6296 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
00:21:39.0649 6296 p2psvc - ok
00:21:39.0680 6296 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
00:21:39.0680 6296 Parport - ok
00:21:39.0711 6296 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
00:21:39.0711 6296 partmgr - ok
00:21:39.0727 6296 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
00:21:39.0727 6296 Parvdm - ok
00:21:39.0758 6296 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
00:21:39.0758 6296 PcaSvc - ok
00:21:39.0789 6296 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
00:21:39.0805 6296 pci - ok
00:21:39.0820 6296 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
00:21:39.0836 6296 pciide - ok
00:21:39.0852 6296 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
00:21:39.0852 6296 pcmcia - ok
00:21:39.0867 6296 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:21:39.0867 6296 pcw - ok
00:21:39.0961 6296 PDFProFiltSrvPP (c1c3baf078be5a14384a4ba2d730817d) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
00:21:39.0992 6296 PDFProFiltSrvPP - ok
00:21:40.0023 6296 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:21:40.0039 6296 PEAUTH - ok
00:21:40.0086 6296 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
00:21:40.0101 6296 PeerDistSvc - ok
00:21:40.0179 6296 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
00:21:40.0210 6296 pla - ok
00:21:40.0288 6296 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
00:21:40.0304 6296 PlugPlay - ok
00:21:40.0351 6296 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
00:21:40.0366 6296 Pml Driver HPZ12 - ok
00:21:40.0398 6296 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
00:21:40.0398 6296 PNRPAutoReg - ok
00:21:40.0413 6296 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:21:40.0413 6296 PNRPsvc - ok
00:21:40.0460 6296 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
00:21:40.0460 6296 PolicyAgent - ok
00:21:40.0476 6296 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
00:21:40.0491 6296 Power - ok
00:21:40.0538 6296 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:21:40.0538 6296 PptpMiniport - ok
00:21:40.0554 6296 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
00:21:40.0554 6296 Processor - ok
00:21:40.0616 6296 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
00:21:40.0616 6296 ProfSvc - ok
00:21:40.0647 6296 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:21:40.0647 6296 ProtectedStorage - ok
00:21:40.0694 6296 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:21:40.0694 6296 Psched - ok
00:21:40.0741 6296 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
00:21:40.0772 6296 ql2300 - ok
00:21:40.0866 6296 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
00:21:40.0866 6296 ql40xx - ok
00:21:40.0897 6296 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
00:21:40.0912 6296 QWAVE - ok
00:21:40.0912 6296 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:21:40.0912 6296 QWAVEdrv - ok
00:21:40.0959 6296 radpms (b953369c5ef43615f1bfa9cea69fc9aa) C:\Windows\system32\DRIVERS\radpms.sys
00:21:40.0975 6296 radpms - ok
00:21:40.0975 6296 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:21:40.0990 6296 RasAcd - ok
00:21:41.0006 6296 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:21:41.0006 6296 RasAgileVpn - ok
00:21:41.0022 6296 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
00:21:41.0037 6296 RasAuto - ok
00:21:41.0053 6296 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:21:41.0068 6296 Rasl2tp - ok
00:21:41.0100 6296 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
00:21:41.0115 6296 RasMan - ok
00:21:41.0131 6296 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:21:41.0131 6296 RasPppoe - ok
00:21:41.0162 6296 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:21:41.0162 6296 RasSstp - ok
00:21:41.0178 6296 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
00:21:41.0178 6296 rdbss - ok
00:21:41.0193 6296 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
00:21:41.0209 6296 rdpbus - ok
00:21:41.0240 6296 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:21:41.0240 6296 RDPCDD - ok
00:21:41.0271 6296 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
00:21:41.0271 6296 RDPDR - ok
00:21:41.0302 6296 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:21:41.0302 6296 RDPENCDD - ok
00:21:41.0318 6296 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:21:41.0318 6296 RDPREFMP - ok
00:21:41.0349 6296 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
00:21:41.0349 6296 RDPWD - ok
00:21:41.0396 6296 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
00:21:41.0396 6296 rdyboost - ok
00:21:41.0427 6296 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
00:21:41.0427 6296 RemoteAccess - ok
00:21:41.0443 6296 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
00:21:41.0458 6296 RemoteRegistry - ok
00:21:41.0490 6296 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
00:21:41.0490 6296 RimUsb - ok
00:21:41.0505 6296 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
00:21:41.0505 6296 RpcEptMapper - ok
00:21:41.0521 6296 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
00:21:41.0536 6296 RpcLocator - ok
00:21:41.0568 6296 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
00:21:41.0583 6296 RpcSs - ok
00:21:41.0599 6296 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:21:41.0599 6296 rspndr - ok
00:21:41.0630 6296 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
00:21:41.0630 6296 s3cap - ok
00:21:41.0661 6296 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:21:41.0661 6296 SamSs - ok
00:21:41.0692 6296 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
00:21:41.0692 6296 sbp2port - ok
00:21:41.0724 6296 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
00:21:41.0724 6296 SCardSvr - ok
00:21:41.0755 6296 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
00:21:41.0755 6296 scfilter - ok
00:21:41.0817 6296 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
00:21:41.0817 6296 Schedule - ok
00:21:41.0864 6296 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
00:21:41.0864 6296 SCPolicySvc - ok
00:21:41.0895 6296 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
00:21:41.0895 6296 SDRSVC - ok
00:21:42.0020 6296 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:21:42.0020 6296 SeaPort - ok
00:21:42.0051 6296 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:21:42.0051 6296 secdrv - ok
00:21:42.0067 6296 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
00:21:42.0082 6296 seclogon - ok
00:21:42.0098 6296 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
00:21:42.0098 6296 SENS - ok
00:21:42.0129 6296 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
00:21:42.0129 6296 SensrSvc - ok
00:21:42.0160 6296 Ser2pl (ac1f2a09b76b57356f906eeda43ccc2a) C:\Windows\system32\DRIVERS\ser2pl.sys
00:21:42.0160 6296 Ser2pl - ok
00:21:42.0207 6296 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
00:21:42.0207 6296 Serenum - ok
00:21:42.0223 6296 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
00:21:42.0223 6296 Serial - ok
00:21:42.0254 6296 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
00:21:42.0254 6296 sermouse - ok
00:21:42.0285 6296 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
00:21:42.0285 6296 SessionEnv - ok
00:21:42.0316 6296 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
00:21:42.0316 6296 sffdisk - ok
00:21:42.0332 6296 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
00:21:42.0348 6296 sffp_mmc - ok
00:21:42.0348 6296 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
00:21:42.0348 6296 sffp_sd - ok
00:21:42.0379 6296 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
00:21:42.0379 6296 sfloppy - ok
00:21:42.0410 6296 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
00:21:42.0426 6296 SharedAccess - ok
00:21:42.0472 6296 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
00:21:42.0472 6296 ShellHWDetection - ok
00:21:42.0519 6296 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
00:21:42.0519 6296 sisagp - ok
00:21:42.0550 6296 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:21:42.0550 6296 SiSRaid2 - ok
00:21:42.0566 6296 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
00:21:42.0566 6296 SiSRaid4 - ok
00:21:42.0582 6296 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:21:42.0582 6296 Smb - ok
00:21:42.0628 6296 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
00:21:42.0628 6296 SNMPTRAP - ok
00:21:42.0660 6296 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
00:21:42.0660 6296 spldr - ok
00:21:42.0706 6296 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
00:21:42.0706 6296 Spooler - ok
00:21:42.0816 6296 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
00:21:42.0878 6296 sppsvc - ok
00:21:42.0987 6296 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
00:21:42.0987 6296 sppuinotify - ok
00:21:43.0018 6296 sptd - ok
00:21:43.0065 6296 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
00:21:43.0081 6296 srv - ok
00:21:43.0096 6296 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
00:21:43.0096 6296 srv2 - ok
00:21:43.0112 6296 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
00:21:43.0112 6296 srvnet - ok
00:21:43.0159 6296 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
00:21:43.0174 6296 SSDPSRV - ok
00:21:43.0174 6296 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
00:21:43.0190 6296 SstpSvc - ok
00:21:43.0206 6296 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
00:21:43.0206 6296 stexstor - ok
00:21:43.0252 6296 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
00:21:43.0252 6296 StillCam - ok
00:21:43.0284 6296 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
00:21:43.0299 6296 StiSvc - ok
00:21:43.0315 6296 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
00:21:43.0315 6296 storflt - ok
00:21:43.0346 6296 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
00:21:43.0346 6296 StorSvc - ok
00:21:43.0362 6296 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
00:21:43.0362 6296 storvsc - ok
00:21:43.0377 6296 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
00:21:43.0377 6296 swenum - ok
00:21:43.0408 6296 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
00:21:43.0424 6296 swprv - ok
00:21:43.0486 6296 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
00:21:43.0486 6296 SysMain - ok
00:21:43.0518 6296 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
00:21:43.0518 6296 TabletInputService - ok
00:21:43.0549 6296 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
00:21:43.0564 6296 TapiSrv - ok
00:21:43.0580 6296 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
00:21:43.0596 6296 TBS - ok
00:21:43.0674 6296 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
00:21:43.0705 6296 Tcpip - ok
00:21:43.0720 6296 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
00:21:43.0736 6296 TCPIP6 - ok
00:21:43.0767 6296 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
00:21:43.0767 6296 tcpipreg - ok
00:21:43.0783 6296 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
00:21:43.0783 6296 TDPIPE - ok
00:21:43.0830 6296 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
00:21:43.0830 6296 TDTCP - ok
00:21:43.0861 6296 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
00:21:43.0861 6296 tdx - ok
00:21:43.0892 6296 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
00:21:43.0908 6296 TermDD - ok
00:21:43.0939 6296 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
00:21:43.0954 6296 TermService - ok
00:21:43.0986 6296 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
00:21:44.0001 6296 Themes - ok
00:21:44.0001 6296 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:21:44.0017 6296 THREADORDER - ok
00:21:44.0048 6296 tmactmon (260d9b745e612469454fbd2c4058b915) C:\Windows\system32\DRIVERS\tmactmon.sys
00:21:44.0048 6296 tmactmon - ok
00:21:44.0079 6296 tmcomm (11e6a2d8ebf7031d3b1c9602030bff6a) C:\Windows\system32\DRIVERS\tmcomm.sys
00:21:44.0079 6296 tmcomm - ok
00:21:44.0095 6296 tmevtmgr (86574927c6626130a3b02ff52a0a6abe) C:\Windows\system32\DRIVERS\tmevtmgr.sys
00:21:44.0110 6296 tmevtmgr - ok
00:21:44.0204 6296 TMiCRCScanService (494b7c71c13a6604fdc3008c3f0241cd) C:\Program Files\Trend Micro\Security Server\PCCSRV\WSS\iCRCService.exe
00:21:44.0204 6296 TMiCRCScanService - ok
00:21:44.0282 6296 TmListen (dcd55afb49710a8ccc8183c6ae5e02f4) C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
00:21:44.0298 6296 TmListen - ok
00:21:44.0329 6296 tmtdi (69bf24e2871088115f422d6c7f41c400) C:\Windows\system32\DRIVERS\tmtdi.sys
00:21:44.0329 6296 tmtdi - ok
00:21:44.0360 6296 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
00:21:44.0360 6296 TrkWks - ok
00:21:44.0407 6296 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
00:21:44.0407 6296 TrustedInstaller - ok
00:21:44.0454 6296 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:21:44.0454 6296 tssecsrv - ok
00:21:44.0500 6296 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
00:21:44.0500 6296 TsUsbFlt - ok
00:21:44.0532 6296 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
00:21:44.0547 6296 tunnel - ok
00:21:44.0578 6296 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
00:21:44.0578 6296 uagp35 - ok
00:21:44.0610 6296 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
00:21:44.0625 6296 udfs - ok
00:21:44.0656 6296 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
00:21:44.0656 6296 UI0Detect - ok
00:21:44.0688 6296 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
00:21:44.0703 6296 uliagpkx - ok
00:21:44.0734 6296 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
00:21:44.0734 6296 umbus - ok
00:21:44.0766 6296 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
00:21:44.0766 6296 UmPass - ok
00:21:44.0797 6296 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
00:21:44.0812 6296 UmRdpService - ok
00:21:44.0844 6296 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
00:21:44.0844 6296 upnphost - ok
00:21:44.0875 6296 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
00:21:44.0890 6296 USBAAPL - ok
00:21:44.0906 6296 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
00:21:44.0922 6296 usbaudio - ok
00:21:44.0922 6296 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
00:21:44.0937 6296 usbccgp - ok
00:21:44.0968 6296 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
00:21:44.0984 6296 usbcir - ok
00:21:45.0000 6296 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
00:21:45.0000 6296 usbehci - ok
00:21:45.0015 6296 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
00:21:45.0015 6296 usbhub - ok
00:21:45.0031 6296 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
00:21:45.0031 6296 usbohci - ok
00:21:45.0062 6296 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
00:21:45.0062 6296 usbprint - ok
00:21:45.0109 6296 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
00:21:45.0109 6296 usbscan - ok
00:21:45.0140 6296 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:21:45.0140 6296 USBSTOR - ok
00:21:45.0156 6296 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
00:21:45.0156 6296 usbuhci - ok
00:21:45.0171 6296 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
00:21:45.0187 6296 UxSms - ok
00:21:45.0218 6296 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:21:45.0218 6296 VaultSvc - ok
00:21:45.0249 6296 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
00:21:45.0249 6296 VClone - ok
00:21:45.0296 6296 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
00:21:45.0296 6296 vdrvroot - ok
00:21:45.0343 6296 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
00:21:45.0343 6296 vds - ok
00:21:45.0390 6296 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
00:21:45.0390 6296 vga - ok
00:21:45.0405 6296 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
00:21:45.0405 6296 VgaSave - ok
00:21:45.0436 6296 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
00:21:45.0436 6296 vhdmp - ok
00:21:45.0468 6296 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
00:21:45.0468 6296 viaagp - ok
00:21:45.0483 6296 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
00:21:45.0483 6296 ViaC7 - ok
00:21:45.0499 6296 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
00:21:45.0499 6296 viaide - ok
00:21:45.0514 6296 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
00:21:45.0514 6296 vmbus - ok
00:21:45.0530 6296 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
00:21:45.0530 6296 VMBusHID - ok
00:21:45.0546 6296 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
00:21:45.0546 6296 volmgr - ok
00:21:45.0561 6296 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
00:21:45.0577 6296 volmgrx - ok
00:21:45.0592 6296 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
00:21:45.0592 6296 volsnap - ok
00:21:45.0624 6296 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
00:21:45.0624 6296 vsmraid - ok
00:21:45.0686 6296 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
00:21:45.0733 6296 VSS - ok
00:21:45.0748 6296 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
00:21:45.0748 6296 vwifibus - ok
00:21:45.0780 6296 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
00:21:45.0780 6296 W32Time - ok
00:21:45.0795 6296 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
00:21:45.0811 6296 WacomPen - ok
00:21:45.0842 6296 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:21:45.0842 6296 WANARP - ok
00:21:45.0842 6296 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:21:45.0842 6296 Wanarpv6 - ok
00:21:45.0920 6296 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
00:21:45.0951 6296 WatAdminSvc - ok
00:21:46.0029 6296 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
00:21:46.0076 6296 wbengine - ok
00:21:46.0092 6296 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
00:21:46.0107 6296 WbioSrvc - ok
00:21:46.0154 6296 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
00:21:46.0154 6296 wcncsvc - ok
00:21:46.0170 6296 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
00:21:46.0170 6296 WcsPlugInService - ok
00:21:46.0216 6296 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
00:21:46.0232 6296 Wd - ok
00:21:46.0248 6296 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:21:46.0263 6296 Wdf01000 - ok
00:21:46.0279 6296 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:21:46.0279 6296 WdiServiceHost - ok
00:21:46.0279 6296 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:21:46.0294 6296 WdiSystemHost - ok
00:21:46.0326 6296 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
00:21:46.0341 6296 WebClient - ok
00:21:46.0388 6296 WebProxyService (4b839733bfe5f55f2b9438c2bebaf6dd) C:\Program Files\Paychex Smart Time\Setup Wizard\ColoradoCommunicationsService.exe
00:21:46.0419 6296 WebProxyService - ok
00:21:46.0435 6296 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
00:21:46.0435 6296 Wecsvc - ok
00:21:46.0450 6296 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
00:21:46.0466 6296 wercplsupport - ok
00:21:46.0497 6296 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
00:21:46.0497 6296 WerSvc - ok
00:21:46.0528 6296 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
00:21:46.0528 6296 WfpLwf - ok
00:21:46.0544 6296 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
00:21:46.0544 6296 WIMMount - ok
00:21:46.0606 6296 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
00:21:46.0622 6296 WinDefend - ok
00:21:46.0638 6296 WinHttpAutoProxySvc - ok
00:21:46.0684 6296 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
00:21:46.0684 6296 Winmgmt - ok
00:21:46.0762 6296 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
00:21:46.0778 6296 WinRM - ok
00:21:46.0872 6296 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
00:21:46.0872 6296 WinUsb - ok
00:21:46.0918 6296 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
00:21:46.0934 6296 Wlansvc - ok
00:21:47.0028 6296 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:21:47.0028 6296 wlcrasvc - ok
00:21:47.0137 6296 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:21:47.0137 6296 wlidsvc - ok
00:21:47.0215 6296 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
00:21:47.0215 6296 WmiAcpi - ok
00:21:47.0262 6296 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
00:21:47.0277 6296 wmiApSrv - ok
00:21:47.0355 6296 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:21:47.0355 6296 WMPNetworkSvc - ok
00:21:47.0386 6296 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
00:21:47.0402 6296 WPCSvc - ok
00:21:47.0418 6296 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
00:21:47.0433 6296 WPDBusEnum - ok
00:21:47.0480 6296 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
00:21:47.0480 6296 ws2ifsl - ok
00:21:47.0511 6296 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
00:21:47.0511 6296 wscsvc - ok
00:21:47.0511 6296 WSearch - ok
00:21:47.0605 6296 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
00:21:47.0605 6296 wuauserv - ok
00:21:47.0698 6296 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
00:21:47.0698 6296 WudfPf - ok
00:21:47.0730 6296 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:21:47.0745 6296 WUDFRd - ok
00:21:47.0761 6296 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
00:21:47.0776 6296 wudfsvc - ok
00:21:47.0792 6296 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
00:21:47.0808 6296 WwanSvc - ok
00:21:47.0839 6296 MBR (0x1B8) (d7ad5aa31a559120c3ba48fd0a1b1636) \Device\Harddisk0\DR0
00:21:48.0166 6296 \Device\Harddisk0\DR0 - ok
00:21:48.0198 6296 Boot (0x1200) (fc53216987e87b8576d484dbf0e653b3) \Device\Harddisk0\DR0\Partition0
00:21:48.0198 6296 \Device\Harddisk0\DR0\Partition0 - ok
00:21:48.0213 6296 Boot (0x1200) (98dc99ef01c62b48df91980ec8098e02) \Device\Harddisk0\DR0\Partition1
00:21:48.0229 6296 \Device\Harddisk0\DR0\Partition1 - ok
00:21:48.0229 6296 ============================================================
00:21:48.0229 6296 Scan finished
00:21:48.0229 6296 ============================================================
00:21:48.0229 6208 Detected object count: 0
00:21:48.0229 6208 Actual detected object count: 0




aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-02 00:24:06
-----------------------------
00:24:06.528 OS Version: Windows 6.1.7601 Service Pack 1
00:24:06.528 Number of processors: 4 586 0x2502
00:24:06.528 ComputerName: WORKSTATION3-PC UserName: Workstation3
00:24:09.243 Initialize success
00:26:14.312 AVAST engine defs: 12070101
00:26:57.041 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:26:57.056 Disk 0 Vendor: ST325031 CC45 Size: 238418MB BusType: 3
00:26:57.087 Disk 0 MBR read successfully
00:26:57.087 Disk 0 MBR scan
00:26:57.119 Disk 0 Windows 7 default MBR code
00:26:57.119 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
00:26:57.150 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 81920
00:26:57.181 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 237627 MB offset 1617920
00:26:57.212 Disk 0 scanning sectors +488278016
00:26:57.321 Disk 0 scanning C:\Windows\system32\drivers
00:27:18.709 Service scanning
00:27:59.164 Modules scanning
00:28:05.575 Disk 0 trace - called modules:
00:28:06.106 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
00:28:06.121 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87dda9c8]
00:28:06.137 3 CLASSPNP.SYS[8b7ad59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8626b028]
00:28:09.226 AVAST engine scan C:\Windows
00:28:11.613 AVAST engine scan C:\Windows\system32
00:32:57.729 AVAST engine scan C:\Windows\system32\drivers
00:33:25.733 AVAST engine scan C:\Users\Workstation3
00:40:48.343 AVAST engine scan C:\ProgramData
00:43:01.053 Scan finished successfully
00:45:14.574 Disk 0 MBR has been saved successfully to "C:\Users\Workstation3\Documents\Bob's Docs\MBR.dat"
00:45:14.589 The log file has been saved successfully to "C:\Users\Workstation3\Documents\Bob's Docs\aswMBR 7-2-12.txt"


ESET:

C:\Users\Workstation3\AppData\Local\ElevatedDiagnostics\Diagnostics\vhqjm.dll a variant of Win32/Kryptik.AHNI trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Workstation3\AppData\Local\Google\Chrome\User Data\Default\Default\aadddjgddjdigdgedfgbdigbdegfgbgb\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Workstation3\AppData\Local\Google\Chrome\User Data\Default\Default\aadddjgddjdigdgedfgbdigbdegfgbgb\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Workstation3\AppData\Local\Temp\NODD86A.tmp a variant of Win32/Kryptik.AHNI trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Workstation3\AppData\Local\Temp\ICReinstall\cnet2_ComboFix_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Workstation3\Documents\Bob's Docs\cnet2_ComboFix_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:13 AM

Posted 02 July 2012 - 01:16 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Copy the contents of text file here

#5 xuul

xuul
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 03 July 2012 - 01:23 AM

MiniToolBox by Farbar Version: 25-06-2012
Ran by Workstation3 (administrator) on 03-07-2012 at 02:14:47
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=123.123.123.123:80

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.0.1 publish=Yes
add address name="Local Area Connection" address=192.168.0.153 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Workstation3-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : A4-BA-DB-FC-BF-59
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.153(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 24.92.226.12
24.92.226.11
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{EA0E81F3-49C5-4AD4-A227-78B26235F2D8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:fc:36d6:3f57:ff66(Preferred)
Link-local IPv6 Address . . . . . : fe80::fc:36d6:3f57:ff66%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dns-comm-cac-lb-02.nyroc.rr.com
Address: 24.92.226.12

Name: google.com
Addresses: 2607:f8b0:4004:803::1008
74.125.228.38
74.125.228.39
74.125.228.40
74.125.228.41
74.125.228.46
74.125.228.32
74.125.228.33
74.125.228.34
74.125.228.35
74.125.228.36
74.125.228.37


Pinging google.com [74.125.228.64] with 32 bytes of data:
Reply from 74.125.228.64: bytes=32 time=53ms TTL=48
Reply from 74.125.228.64: bytes=32 time=54ms TTL=48

Ping statistics for 74.125.228.64:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 53ms, Maximum = 54ms, Average = 53ms
Server: dns-comm-cac-lb-02.nyroc.rr.com
Address: 24.92.226.12

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=68ms TTL=44
Reply from 98.139.183.24: bytes=32 time=94ms TTL=43

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 68ms, Maximum = 94ms, Average = 81ms
Server: dns-comm-cac-lb-02.nyroc.rr.com
Address: 24.92.226.12

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...a4 ba db fc bf 59 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.153 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.153 276
192.168.0.153 255.255.255.255 On-link 192.168.0.153 276
192.168.0.255 255.255.255.255 On-link 192.168.0.153 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.153 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.153 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:5ef5:79fd:fc:36d6:3f57:ff66/128
On-link
12 306 fe80::/64 On-link
12 306 fe80::fc:36d6:3f57:ff66/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280]

(Microsoft Corp.)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280]

(Microsoft Corp.)
Catalog5 07 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/03/2012 01:59:08 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.

hr = 0x80070013, The media is write protected.
.

Error: (07/03/2012 01:59:08 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-

11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write

protected.
]

Error: (07/03/2012 01:59:08 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.

hr = 0x80070013, The media is write protected.
.

Error: (07/03/2012 01:59:08 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-

11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write

protected.
]

Error: (07/02/2012 00:17:03 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/07/02 12:17:03.522]: [00004108]: SendSKeySettingToDevice:: Snmp

Load Error[0] To[192.168.0.171]

Error: (07/02/2012 09:26:57 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/07/02 09:26:57.727]: [00004400]: SendSKeySettingToDevice:: Snmp

Load Error[0] To[192.168.0.171]

Error: (07/02/2012 03:33:21 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/07/02 03:33:21.003]: [00004528]: SendSKeySettingToDevice:: Snmp

Load Error[0] To[192.168.0.171]

Error: (07/02/2012 02:42:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for

"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",

version="8.0.50727.4053"1".
Dependent Assembly

Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v

ersion="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/02/2012 02:42:10 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for

"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",

version="8.0.50727.4053"1".
Dependent Assembly

Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v

ersion="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/02/2012 02:42:10 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for

"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",

version="8.0.50727.4053"1".
Dependent Assembly

Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v

ersion="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/03/2012 01:59:50 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (07/03/2012 01:59:50 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/02/2012 08:28:32 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{dacbbd50-949a-11df-88ad-806e6f6e6963}\System Volume

Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{81F28C7C-0108-419C-A5F5-

55EBE606CFF6}

Error: (07/02/2012 08:28:21 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{dacbbd50-949a-11df-88ad-806e6f6e6963}\System Volume

Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{5E4C0D35-BB81-4BB8-B33E-

91C6B9753FD8}

Error: (07/02/2012 08:28:15 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{dacbbd50-949a-11df-88ad-806e6f6e6963}\System Volume

Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F6BAF902-DB1B-40E9-821D-

A0D5F9043253}

Error: (07/02/2012 08:27:52 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{dacbbd50-949a-11df-88ad-806e6f6e6963}\System Volume

Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{EDE07ACF-C866-479D-AD25-

0F590BD63DAA}

Error: (07/02/2012 08:27:41 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{dacbbd50-949a-11df-88ad-806e6f6e6963}\System Volume

Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{71D419AA-DF54-4E10-A132-

21B76EB538E7}

Error: (07/02/2012 08:27:33 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{dacbbd50-949a-11df-88ad-806e6f6e6963}\System Volume

Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4000E0DD-FE18-42C8-93CF-

0A938A1E8827}

Error: (07/02/2012 07:18:56 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:17:03 PM on ?7/?2/?2012 was unexpected.

Error: (07/02/2012 07:18:56 PM) (Source: atikmdag) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (11/01/2011 05:43:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 16073 seconds with

0 seconds of active time. This session ended with a crash.

Error: (10/26/2011 02:26:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 172 seconds with 0

seconds of active time. This session ended with a crash.

Error: (09/12/2011 03:10:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 10837 seconds with

0 seconds of active time. This session ended with a crash.

Error: (08/28/2011 10:36:49 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000,

Microsoft Office Version: 12.0.6425.1000. This session lasted 53 seconds with 0 seconds of active

time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 7.1.4)
32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Androsa FileProtector (Version: 1.4.4)
Apache HTTP Server 2.0.63 (Version: 2.0.63)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center (Version: 2.009.0710.1126)
AVG 2012 (Version: 12.0.2180)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2180)
Bio-Office Fingerprint T&A management system
Bonjour (Version: 3.0.0.10)
Broadcom Management Programs (Version: 12.35.01)
Brother MFL-Pro Suite MFC-7860DW (Version: 1.0.0.0)
Carbonite (Version: 5.1.0 build 925 (Dec-05-2011))
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Full Existing (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Full New (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Light (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Previews Common (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0710.1127.18698)
Catalyst Control Center InstallProxy (Version: 2009.0710.1127.18698)
Catalyst Control Center Localization All (Version: 2009.0710.1127.18698)
ccc-core-static (Version: 2009.0710.1127.18698)
ccc-utility (Version: 2009.0710.1127.18698)
CCC Help Chinese Standard (Version: 2009.0710.1126.18698)
CCC Help Chinese Traditional (Version: 2009.0710.1126.18698)
CCC Help Czech (Version: 2009.0710.1126.18698)
CCC Help Danish (Version: 2009.0710.1126.18698)
CCC Help Dutch (Version: 2009.0710.1126.18698)
CCC Help English (Version: 2009.0710.1126.18698)
CCC Help Finnish (Version: 2009.0710.1126.18698)
CCC Help French (Version: 2009.0710.1126.18698)
CCC Help German (Version: 2009.0710.1126.18698)
CCC Help Greek (Version: 2009.0710.1126.18698)
CCC Help Hungarian (Version: 2009.0710.1126.18698)
CCC Help Italian (Version: 2009.0710.1126.18698)
CCC Help Japanese (Version: 2009.0710.1126.18698)
CCC Help Korean (Version: 2009.0710.1126.18698)
CCC Help Norwegian (Version: 2009.0710.1126.18698)
CCC Help Polish (Version: 2009.0710.1126.18698)
CCC Help Portuguese (Version: 2009.0710.1126.18698)
CCC Help Russian (Version: 2009.0710.1126.18698)
CCC Help Spanish (Version: 2009.0710.1126.18698)
CCC Help Swedish (Version: 2009.0710.1126.18698)
CCC Help Thai (Version: 2009.0710.1126.18698)
CCC Help Turkish (Version: 2009.0710.1126.18698)
D3DX10 (Version: 15.4.2368.0902)
Dell Edoc Viewer (Version: 1.0.0)
DESI Labeling System (Version: 2.5)
EPSON N10 N11 Series Printer Uninstall
ESET Online Scanner v3
G-Lock EasyMail (Version: 6.81)
Google Chrome (Version: 20.0.1132.47)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
HP LaserJet Professional M1530 MFP Series
HP LJ M1530 MFP Series HP Scan (Version: 1.0.302.0)
HP Update (Version: 5.002.006.003)
HPLaserJetHelp_LearnCenter (Version: 1.02.0000)
HPLJUT (Version: 1.00.0012)
hppFaxDrvM1530 (Version: 003.000.00001)
hppFaxUtilityM1530 (Version: 000.002.00001)
hppLaserJetService (Version: 002.015.00599)
hppM1530LaserJetService (Version: 001.008.00477)
hppSendFaxM1530 (Version: 003.000.00001)
hppTLBXFXM1530 (Version: 001.012.00948)
hpzTLBXFX (Version: 006.015.01163)
I.R.I.S. OCR (Version: 12.3.4.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 15.4.3502.0922)
Kaspersky Security Scan (Version: 12.0.1.117)
LogMeIn (Version: 4.1.1558)
magicJack (Version: 2.0.6073.4413)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Motorola Mobile Drivers Installation 5.1.0 (Version: 5.1.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
Octoshape add-in for Adobe Flash Player
PaperPort Image Printer (Version: 1.00.0001)
Paychex Smart Time Communications Setup Wizard (Version: 1.00.0026)
PL-2303 USB-to-Serial (Version: 1.3.0)
PowerDVD DX (Version: 8.3.6029)
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver (Version: 6.0.1.5919)
Scansoft PDF Professional
Skins (Version: 2009.0710.1127.18698)
Skype™ 5.5 (Version: 5.5.124)
Sophos Virus Removal Tool (Version: 2.1)
Topaz SigPlusSE Tablet ActiveX 3.95 (Version: 3.95)
Trend Micro Worry-Free Business Security Agent (Version: 1.0.0)
Trend Micro Worry-Free Business Security Agent (Version: 7.0.1592)
Trend Micro Worry-Free Business Security Standard (Version: 17.0.0.1343)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 2999.11 MB
Available physical RAM: 1603.12 MB
Total Pagefile: 5996.51 MB
Available Pagefile: 4105.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.01 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:232.06 GB) (Free:187.63 GB) NTFS
4 Drive z: (DATAPART2) (Network) (Total:232.83 GB) (Free:229.12 GB) NTFS

========================= Users: ========================================

User accounts for \\WORKSTATION3-PC

Administrator DCS_WORKSTATION3-PC Guest
Workstation3


**** End of log ****





"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "ATIModeChange" "" "" "File not found: Ati2mdxx.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgtray.exe"
+ "BrStsMon00" "Brother Status Monitor Application" "Brother Industries, Ltd." "c:\program files\browny02\brother\brstmonw.exe"
+ "Carbonite Backup" "Carbonite User Interface" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carboniteui.exe"
+ "ControlCenter4" "ControlCenter Launcher" "Brother Industries, Ltd." "c:\program files\controlcenter4\brccboot.exe"
+ "GrooveMonitor" "GrooveMonitor Utility" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovemonitor.exe"
+ "HP LaserJet Professional M1530 MFP Series Fax" "hppfaxprintersrv" "Hewlett-Packard Company" "c:\program files\hp\digital imaging\fax\fax driver 0.6 base\hppfaxprintersrv.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files\intel\intel® rapid storage technology\iastoricon.exe"
+ "IndexSearch" "PaperPort IndexSearch" "Nuance Communications, Inc." "c:\program files\nuance\paperport\indexsearch.exe"
+ "LogMeIn GUI" "LogMeIn Desktop Application" "LogMeIn, Inc." "c:\program files\logmein\x86\logmeinsystray.exe"
+ "PaperPort PTD" "PaperPort Print to Desktop for NT" "Nuance Communications, Inc." "c:\program files\nuance\paperport\pptd40nt.exe"
+ "PDF5 Registry Controller" "PDF Converter Registry Controller" "Nuance Communications, Inc." "c:\program files\nuance\pdf viewer plus\registrycontroller.exe"
+ "PDFHook" "PdfCreateHook Application" "Nuance Communications, Inc." "c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe"
+ "PDVDDXSrv" "CyberLink PowerDVD Resident Program" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe"
+ "PPort12reminder" "Ereg" "Nuance Communications, Inc." "c:\program files\nuance\paperport\ereg\ereg.exe"
+ "QuickTime Task" "" "" "File not found: C:\Program Files\QuickTime\QTTask.exe"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rthdvcpl.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "ToolboxFX" "HPTLBXFX" "Hewlett-Packard Company" "c:\program files\hp\toolboxfx\bin\hptlbxfx.exe"
+ "Trend Micro Client Framework" "Trend Micro Client Session Agent Monitor" "Trend Micro Inc." "c:\program files\trend micro\uniclient\uifrmwrk\uiwatchdog.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Monitor Apache Servers.lnk" "Apache HTTP Server Monitor" "Apache Software Foundation" "c:\program files\trend micro\security server\pccsrv\apache2\bin\apachemonitor.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "cdloader" "magicJack (cdloader2)" "magicJack L.P." "c:\users\workstation3\appdata\roaming\mjusbsp\cdloader2.exe"
+ "Diagnostics" "" "" "File not found: C:\Users\Workstation3\AppData\Local\ElevatedDiagnostics\Diagnostics\vhqjm.dll"
+ "ISUSPM" "Acresso Software Manager" "Acresso Corporation" "c:\programdata\flexnet\connect\11\isuspm.exe"
+ "KSS" "Kaspersky Security Scan" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "grooveLocalGWS" "GrooveSystemServices Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovesystemservices.dll"
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgpp.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "tmpx" "Trend Micro NSC IE Plug-In" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20004\1.6.1106\6.6.1045\tmieplg.dll"
+ "tmtbim" "Trend Micro TrendSecure" "Trend Micro Inc." "c:\program files\trend micro\security agent\uiframework\protoolbarimratingactivex.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
+ "wlpg" "Windows Live Album Download Protocol Handler" "Microsoft Corporation" "c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "SABShellExecuteHook Class" "" "" "File not found: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Androsa FileProtector" "Androsa FileProtector Shell Extension" "AndrosaSoft©" "c:\program files\androsasoft\androsa fileprotector\tools\shext.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "TmdshellExt Class" "Trend Micro Client Shell Extension" "Trend Micro Inc." "c:\program files\trend micro\uniclient\uifrmwrk\tmdshell.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Androsa FileProtector" "Androsa FileProtector Shell Extension" "AndrosaSoft©" "c:\program files\androsasoft\androsa fileprotector\tools\shext.dll"
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "TmdshellExt Class" "Trend Micro Client Shell Extension" "Trend Micro Inc." "c:\program files\trend micro\uniclient\uifrmwrk\tmdshell.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Carbonite.Green" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "Carbonite.Partial" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "Carbonite.Yellow" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgdtiex.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgssie.dll"
+ "Groove GFS Browser Helper" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "PlusIEEventHelper Class" "PlusIEContextMenu.dll" "Zeon Corporation" "c:\program files\nuance\pdf viewer plus\bin\plusiecontextmenu.dll"
+ "Search Helper" "Search Helper for Internet Explorer" "Microsoft Corporation" "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
+ "TmIEPlugInBHO Class" "Trend Micro NSC IE Plug-In" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20004\1.6.1106\6.6.1045\tmieplg.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Windows Live Messenger Companion Helper" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files\windows live\companion\companioncore.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "\HPLJCustParticipation" "HPUTSCH" "Hewlett Packard" "c:\program files\hp\hpljut\hpljutsch.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\PC Optimizer Pro startups" "" "" "File not found: C:\Program Files\PC Optimizer Pro\StartApps.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}" "" "" "File not found: C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AERTFilters" "Andrea filters APO access service (32-bit)" "Andrea Electronics Corporation" "c:\program files\realtek\audio\hda\aertsrv.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "Amsp" "Manages Trend Micro Worry-Free Business security modules" "Trend Micro Inc." "c:\program files\trend micro\amsp\coreserviceshell.exe"
+ "Apache2" "Apache" "Apache Software Foundation" "c:\program files\trend micro\security server\pccsrv\apache2\bin\apache.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgwdsvc.exe"
+ "BFXNHCNGEJG" "Rootkit detection utility" "Sysinternals - www.sysinternals.com" "c:\users\workstation3\appdata\local\temp\bfxnhcngejg.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "BPowMon" "Power monitoring service for Broadcom applications." "Broadcom Corp." "c:\program files\broadcom\bpowmon\bpowmon.exe"
+ "BrYNSvc" "BrYNCSvc" "Brother Industries, Ltd." "c:\program files\browny02\brynsvc.exe"
+ "CarboniteService" "Carbonite Backup Service" "Carbonite, Inc. (www.carbonite.com)" "c:\program files\carbonite\carbonite backup\carboniteservice.exe"
+ "fsssvc" "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work." "Microsoft Corporation" "c:\program files\windows live\family safety\fsssvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "HP LaserJet Service" "A system service that allows HP Software to easily connect to your LaserJet for everyday tasks." "HP" "c:\program files\hp\hplaserjetservice\hplaserjetservice.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "KSS" "Scans computer for viruses and vulnerabilities." "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe"
+ "LMIGuardianSvc" "Support LogMeIn processes with quality assurance feedback" "LogMeIn, Inc." "c:\program files\logmein\x86\lmiguardiansvc.exe"
+ "LMIMaint" "LogMeIn Maintenance Service" "LogMeIn, Inc." "c:\program files\logmein\x86\ramaint.exe"
+ "LogMeIn" "LogMeIn" "LogMeIn, Inc." "c:\program files\logmein\x86\logmein.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveauditservice.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ofcservice" "Provides the functionality to manage Security Agents" "Trend Micro Inc." "c:\program files\trend micro\security server\pccsrv\web\service\ofcservice.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "PDFProFiltSrvPP" "PDFPro IFilter Service" "Nuance Communications, Inc." "c:\program files\nuance\paperport\pdfprofiltsrvpp.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly." "Microsoft Corporation" "c:\program files\microsoft\search enhancement pack\seaport\seaport.exe"
+ "TMiCRCScanService" "Provides smart scanning for the Trend Micro Security Agents." "Trend Micro Inc." "c:\program files\trend micro\security server\pccsrv\wss\icrcservice.exe"
+ "TmListen" "Facilitates communication between the Security Agent and the Security Server" "Trend Micro Inc." "c:\program files\trend micro\security agent\tmlisten.exe"
+ "WebProxyService" "ColoradoCommunicationsService" "Icon Time Systems" "c:\program files\paychex smart time\setup wizard\coloradocommunicationsservice.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriverx.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfilterx.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "AVGIDSShim" "AVG Technologies IDS Application Activity Monitor Shim Loader Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsshimx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "Avgtdix" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECI" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\heci.sys"
+ "HPFXBULKLEDM" "LEDM BULK" "Hewlett Packard" "c:\windows\system32\drivers\hppcbulkio.sys"
+ "HPFXFAX" "LEDM FAX" "Hewlett Packard" "c:\windows\system32\drivers\hppcfaxio.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x86" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "k57nd60x" "Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\k57nd60x.sys"
+ "LMIInfo" "RemotelyAnywhere Kernel Information Provider" "LogMeIn, Inc." "c:\program files\logmein\x86\rainfo.sys"
+ "lmimirr" "LogMeIn Mirror Miniport Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmimirr.sys"
+ "LMIRfsDriver" "LogMeIn Rfs Drivemap Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmirfsdriver.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "motmodem" "Motorola USB Modem and Ports Driver" "Motorola" "c:\windows\system32\drivers\motmodem.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "radpms" "RemotelyAnywhereDpmsSecure Device Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\radpms.sys"
+ "RimUsb" "BlackBerry Device Driver" "Research In Motion Limited" "c:\windows\system32\drivers\rimusb.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Ser2pl" "USB-to-Serial Cable Driver" "Prolific Technology Inc." "c:\windows\system32\drivers\ser2pl.sys"
+ "Serial" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "tmactmon" "Trend Micro Activity Monitor Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmactmon.sys"
+ "tmcomm" "Trend Micro Common Engine Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmcomm.sys"
+ "tmevtmgr" "Trend Micro Event Manager Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmevtmgr.sys"
+ "tmtdi" "Trend Micro TDI Driver (i386-fre)" "Trend Micro Inc." "c:\windows\system32\drivers\tmtdi.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "VClone" "VirtualCloneCD Driver" "Elaborate Bytes AG" "c:\windows\system32\drivers\vclone.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI Ticker" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files\google\google earth\client\wavdest.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Tzan Filter" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cltzan.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "LogMeIn Video Decoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files\logmein\x86\racodec.ax"
+ "LogMeIn Video Encoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files\logmein\x86\racodec.ax"
+ "MMACE Deinterlace" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgrsx.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "LogMeInCredProv" "LogMeIn Remote Control Helper" "LogMeIn, Inc." "c:\windows\system32\lmiinit.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "" "" "File not found: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "EPSON N10 N11 Series 32MonitorBA" "EPSON Bi-directional Monitor x86" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbgea.dll"
+ "HP Fax Port" "port monitor" "Hewlett-Packard Company" "c:\windows\system32\hppfaxprintermon5.dll"
+ "HP Standard TCP/IP Port" "Standard TCP/IP Port Monitor DLL" "Hewlett Packard" "c:\windows\system32\hptcpmon.dll"
+ "LogMeIn Printer Port Monitor" "RemotelyAnywhere Printer Port Monitor" "LogMeIn, Inc." "c:\windows\system32\lmiport.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "LMIRfsClientNP" "LogMeIn Virtual Disk Network" "LogMeIn, Inc." "c:\windows\system32\lmirfsclientnp.dll"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:13 AM

Posted 03 July 2012 - 03:50 AM

Malwarebytes log?

Launch autoruns again and uncheck this entry

"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Diagnostics" "" "" "File not found: C:\Users\Workstation3\AppData\Local\ElevatedDiagnostics\Diagnostics\vhqjm.dll"


#7 xuul

xuul
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 03 July 2012 - 04:20 AM

Full scan:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.02.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Workstation3 :: WORKSTATION3-PC [administrator]

7/2/2012 11:45:17 PM
mbam-log-2012-07-02 (23-45-17).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 363284
Time elapsed: 2 hour(s), 7 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




QuickScan after restart:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.03.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Workstation3 :: WORKSTATION3-PC [administrator]

7/3/2012 2:02:58 AM
mbam-log-2012-07-03 (02-02-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241850
Time elapsed: 10 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




AutoRuns after deselecting vhqjm.dll:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "ATIModeChange" "" "" "File not found: Ati2mdxx.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgtray.exe"
+ "BrStsMon00" "Brother Status Monitor Application" "Brother Industries, Ltd." "c:\program files\browny02\brother\brstmonw.exe"
+ "Carbonite Backup" "Carbonite User Interface" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carboniteui.exe"
+ "ControlCenter4" "ControlCenter Launcher" "Brother Industries, Ltd." "c:\program files\controlcenter4\brccboot.exe"
+ "GrooveMonitor" "GrooveMonitor Utility" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovemonitor.exe"
+ "HP LaserJet Professional M1530 MFP Series Fax" "hppfaxprintersrv" "Hewlett-Packard Company" "c:\program files\hp\digital imaging\fax\fax driver 0.6 base\hppfaxprintersrv.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files\intel\intel® rapid storage technology\iastoricon.exe"
+ "IndexSearch" "PaperPort IndexSearch" "Nuance Communications, Inc." "c:\program files\nuance\paperport\indexsearch.exe"
+ "LogMeIn GUI" "LogMeIn Desktop Application" "LogMeIn, Inc." "c:\program files\logmein\x86\logmeinsystray.exe"
+ "PaperPort PTD" "PaperPort Print to Desktop for NT" "Nuance Communications, Inc." "c:\program files\nuance\paperport\pptd40nt.exe"
+ "PDF5 Registry Controller" "PDF Converter Registry Controller" "Nuance Communications, Inc." "c:\program files\nuance\pdf viewer plus\registrycontroller.exe"
+ "PDFHook" "PdfCreateHook Application" "Nuance Communications, Inc." "c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe"
+ "PDVDDXSrv" "CyberLink PowerDVD Resident Program" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe"
+ "PPort12reminder" "Ereg" "Nuance Communications, Inc." "c:\program files\nuance\paperport\ereg\ereg.exe"
+ "QuickTime Task" "" "" "File not found: C:\Program Files\QuickTime\QTTask.exe"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rthdvcpl.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "ToolboxFX" "HPTLBXFX" "Hewlett-Packard Company" "c:\program files\hp\toolboxfx\bin\hptlbxfx.exe"
+ "Trend Micro Client Framework" "Trend Micro Client Session Agent Monitor" "Trend Micro Inc." "c:\program files\trend micro\uniclient\uifrmwrk\uiwatchdog.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Monitor Apache Servers.lnk" "Apache HTTP Server Monitor" "Apache Software Foundation" "c:\program files\trend micro\security server\pccsrv\apache2\bin\apachemonitor.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "cdloader" "magicJack (cdloader2)" "magicJack L.P." "c:\users\workstation3\appdata\roaming\mjusbsp\cdloader2.exe"
X "Diagnostics" "" "" "File not found: C:\Users\Workstation3\AppData\Local\ElevatedDiagnostics\Diagnostics\vhqjm.dll"
+ "ISUSPM" "Acresso Software Manager" "Acresso Corporation" "c:\programdata\flexnet\connect\11\isuspm.exe"
+ "KSS" "Kaspersky Security Scan" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "grooveLocalGWS" "GrooveSystemServices Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovesystemservices.dll"
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgpp.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "tmpx" "Trend Micro NSC IE Plug-In" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20004\1.6.1106\6.6.1045\tmieplg.dll"
+ "tmtbim" "Trend Micro TrendSecure" "Trend Micro Inc." "c:\program files\trend micro\security agent\uiframework\protoolbarimratingactivex.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
+ "wlpg" "Windows Live Album Download Protocol Handler" "Microsoft Corporation" "c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "SABShellExecuteHook Class" "" "" "File not found: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Androsa FileProtector" "Androsa FileProtector Shell Extension" "AndrosaSoft©" "c:\program files\androsasoft\androsa fileprotector\tools\shext.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "TmdshellExt Class" "Trend Micro Client Shell Extension" "Trend Micro Inc." "c:\program files\trend micro\uniclient\uifrmwrk\tmdshell.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Androsa FileProtector" "Androsa FileProtector Shell Extension" "AndrosaSoft©" "c:\program files\androsasoft\androsa fileprotector\tools\shext.dll"
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "TmdshellExt Class" "Trend Micro Client Shell Extension" "Trend Micro Inc." "c:\program files\trend micro\uniclient\uifrmwrk\tmdshell.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Carbonite.Green" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "Carbonite.Partial" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "Carbonite.Yellow" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgdtiex.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgssie.dll"
+ "Groove GFS Browser Helper" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "PlusIEEventHelper Class" "PlusIEContextMenu.dll" "Zeon Corporation" "c:\program files\nuance\pdf viewer plus\bin\plusiecontextmenu.dll"
+ "Search Helper" "Search Helper for Internet Explorer" "Microsoft Corporation" "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
+ "TmIEPlugInBHO Class" "Trend Micro NSC IE Plug-In" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20004\1.6.1106\6.6.1045\tmieplg.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Windows Live Messenger Companion Helper" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files\windows live\companion\companioncore.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "\HPLJCustParticipation" "HPUTSCH" "Hewlett Packard" "c:\program files\hp\hpljut\hpljutsch.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\PC Optimizer Pro startups" "" "" "File not found: C:\Program Files\PC Optimizer Pro\StartApps.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}" "" "" "File not found: C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AERTFilters" "Andrea filters APO access service (32-bit)" "Andrea Electronics Corporation" "c:\program files\realtek\audio\hda\aertsrv.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "Amsp" "Manages Trend Micro Worry-Free Business security modules" "Trend Micro Inc." "c:\program files\trend micro\amsp\coreserviceshell.exe"
+ "Apache2" "Apache" "Apache Software Foundation" "c:\program files\trend micro\security server\pccsrv\apache2\bin\apache.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgwdsvc.exe"
+ "BFXNHCNGEJG" "Rootkit detection utility" "Sysinternals - www.sysinternals.com" "c:\users\workstation3\appdata\local\temp\bfxnhcngejg.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "BPowMon" "Power monitoring service for Broadcom applications." "Broadcom Corp." "c:\program files\broadcom\bpowmon\bpowmon.exe"
+ "BrYNSvc" "BrYNCSvc" "Brother Industries, Ltd." "c:\program files\browny02\brynsvc.exe"
+ "CarboniteService" "Carbonite Backup Service" "Carbonite, Inc. (www.carbonite.com)" "c:\program files\carbonite\carbonite backup\carboniteservice.exe"
+ "fsssvc" "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work." "Microsoft Corporation" "c:\program files\windows live\family safety\fsssvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "HP LaserJet Service" "A system service that allows HP Software to easily connect to your LaserJet for everyday tasks." "HP" "c:\program files\hp\hplaserjetservice\hplaserjetservice.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "KSS" "Scans computer for viruses and vulnerabilities." "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe"
+ "LMIGuardianSvc" "Support LogMeIn processes with quality assurance feedback" "LogMeIn, Inc." "c:\program files\logmein\x86\lmiguardiansvc.exe"
+ "LMIMaint" "LogMeIn Maintenance Service" "LogMeIn, Inc." "c:\program files\logmein\x86\ramaint.exe"
+ "LogMeIn" "LogMeIn" "LogMeIn, Inc." "c:\program files\logmein\x86\logmein.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveauditservice.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ofcservice" "Provides the functionality to manage Security Agents" "Trend Micro Inc." "c:\program files\trend micro\security server\pccsrv\web\service\ofcservice.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "PDFProFiltSrvPP" "PDFPro IFilter Service" "Nuance Communications, Inc." "c:\program files\nuance\paperport\pdfprofiltsrvpp.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly." "Microsoft Corporation" "c:\program files\microsoft\search enhancement pack\seaport\seaport.exe"
+ "TMiCRCScanService" "Provides smart scanning for the Trend Micro Security Agents." "Trend Micro Inc." "c:\program files\trend micro\security server\pccsrv\wss\icrcservice.exe"
+ "TmListen" "Facilitates communication between the Security Agent and the Security Server" "Trend Micro Inc." "c:\program files\trend micro\security agent\tmlisten.exe"
+ "WebProxyService" "ColoradoCommunicationsService" "Icon Time Systems" "c:\program files\paychex smart time\setup wizard\coloradocommunicationsservice.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriverx.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfilterx.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "AVGIDSShim" "AVG Technologies IDS Application Activity Monitor Shim Loader Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsshimx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "Avgtdix" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECI" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\heci.sys"
+ "HPFXBULKLEDM" "LEDM BULK" "Hewlett Packard" "c:\windows\system32\drivers\hppcbulkio.sys"
+ "HPFXFAX" "LEDM FAX" "Hewlett Packard" "c:\windows\system32\drivers\hppcfaxio.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x86" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "k57nd60x" "Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\k57nd60x.sys"
+ "LMIInfo" "RemotelyAnywhere Kernel Information Provider" "LogMeIn, Inc." "c:\program files\logmein\x86\rainfo.sys"
+ "lmimirr" "LogMeIn Mirror Miniport Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmimirr.sys"
+ "LMIRfsDriver" "LogMeIn Rfs Drivemap Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmirfsdriver.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "motmodem" "Motorola USB Modem and Ports Driver" "Motorola" "c:\windows\system32\drivers\motmodem.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "radpms" "RemotelyAnywhereDpmsSecure Device Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\radpms.sys"
+ "RimUsb" "BlackBerry Device Driver" "Research In Motion Limited" "c:\windows\system32\drivers\rimusb.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Ser2pl" "USB-to-Serial Cable Driver" "Prolific Technology Inc." "c:\windows\system32\drivers\ser2pl.sys"
+ "Serial" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "tmactmon" "Trend Micro Activity Monitor Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmactmon.sys"
+ "tmcomm" "Trend Micro Common Engine Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmcomm.sys"
+ "tmevtmgr" "Trend Micro Event Manager Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmevtmgr.sys"
+ "tmtdi" "Trend Micro TDI Driver (i386-fre)" "Trend Micro Inc." "c:\windows\system32\drivers\tmtdi.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "VClone" "VirtualCloneCD Driver" "Elaborate Bytes AG" "c:\windows\system32\drivers\vclone.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI Ticker" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files\google\google earth\client\wavdest.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Tzan Filter" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cltzan.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "LogMeIn Video Decoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files\logmein\x86\racodec.ax"
+ "LogMeIn Video Encoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files\logmein\x86\racodec.ax"
+ "MMACE Deinterlace" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgrsx.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "LogMeInCredProv" "LogMeIn Remote Control Helper" "LogMeIn, Inc." "c:\windows\system32\lmiinit.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "" "" "File not found: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "EPSON N10 N11 Series 32MonitorBA" "EPSON Bi-directional Monitor x86" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbgea.dll"
+ "HP Fax Port" "port monitor" "Hewlett-Packard Company" "c:\windows\system32\hppfaxprintermon5.dll"
+ "HP Standard TCP/IP Port" "Standard TCP/IP Port Monitor DLL" "Hewlett Packard" "c:\windows\system32\hptcpmon.dll"
+ "LogMeIn Printer Port Monitor" "RemotelyAnywhere Printer Port Monitor" "LogMeIn, Inc." "c:\windows\system32\lmiport.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "LMIRfsClientNP" "LogMeIn Virtual Disk Network" "LogMeIn, Inc." "c:\windows\system32\lmirfsclientnp.dll"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:13 AM

Posted 03 July 2012 - 04:22 AM

Let me know if you still have redirects before we wrap up

#9 xuul

xuul
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 03 July 2012 - 04:44 AM

Nope. There have been no redirects since the ESET scan.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:13 AM

Posted 03 July 2012 - 09:30 AM

grt :thumbsup:

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users