Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect problem


  • Please log in to reply
9 replies to this topic

#1 bposert

bposert

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 20 August 2012 - 09:49 AM

Hi. I'm running Windows 7, and noticed over the last week that when I click on a link in Google search results, often I get redirected to an unrelated site.
Clicking on the link a second time usually takes me to the right place.

I run MSE all of the time, and it hasn't noticed anything.
I ran Malwarebytes Anti Malware, and it found and took action on the following:
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13JD1QO2\Testbundle23w_1254[1].exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Bob\AppData\Local\Temp\mor.exe (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\Bob\AppData\Local\{1c5ba6b1-0e86-7738-a494-d129f7ee995f}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Users\Bob\0.33474439439894776.exe (Exploit.Drop.UR.2) -> Quarantined and deleted successfully.

The problem is still happening. I ran GMER and it found the following.
I'm not sure that BTHPORT is actually a problem; it points to a .sys file which a few people say is legal. In other words, it does not point to a DLL, which clearly would be a virus.

Thank you!

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-20 07:47:50
Windows 6.1.7601 Service Pack 1
Running: ewdrr68p.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c80932303ec
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c80932303ec (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Users\Bob\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{BBA40BF9-EAB3-11E1-92B2-082E5F7E7F03}.dat 4096 bytes
File C:\Users\Bob\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{BBA40BFA-EAB3-11E1-92B2-082E5F7E7F03}.dat 4608 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:32 AM

Posted 20 August 2012 - 09:57 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 bposert

bposert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 20 August 2012 - 12:53 PM

Thanks Narenxp! Lots of stuff in the scans.

Here are results:



08:15:33.0542 4040 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
08:15:33.0932 4040 ============================================================
08:15:33.0932 4040 Current date / time: 2012/08/20 08:15:33.0932
08:15:33.0932 4040 SystemInfo:
08:15:33.0932 4040
08:15:33.0932 4040 OS Version: 6.1.7601 ServicePack: 1.0
08:15:33.0932 4040 Product type: Workstation
08:15:33.0932 4040 ComputerName: BOB-LAPTOP
08:15:33.0932 4040 UserName: Bob
08:15:33.0942 4040 Windows directory: C:\Windows
08:15:33.0942 4040 System windows directory: C:\Windows
08:15:33.0942 4040 Running under WOW64
08:15:33.0942 4040 Processor architecture: Intel x64
08:15:33.0942 4040 Number of processors: 8
08:15:33.0942 4040 Page size: 0x1000
08:15:33.0942 4040 Boot type: Normal boot
08:15:33.0942 4040 ============================================================
08:15:34.0512 4040 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:15:34.0512 4040 ============================================================
08:15:34.0512 4040 \Device\Harddisk0\DR0:
08:15:34.0512 4040 MBR partitions:
08:15:34.0512 4040 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
08:15:34.0512 4040 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x72453800
08:15:34.0512 4040 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x724B7800, BlocksNum 0x221B800
08:15:34.0512 4040 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x746D3000, BlocksNum 0x335B0
08:15:34.0512 4040 ============================================================
08:15:34.0532 4040 C: <-> \Device\Harddisk0\DR0\Partition2
08:15:34.0572 4040 D: <-> \Device\Harddisk0\DR0\Partition3
08:15:34.0572 4040 ============================================================
08:15:34.0572 4040 Initialize success
08:15:34.0572 4040 ============================================================
08:16:04.0472 7152 ============================================================
08:16:04.0472 7152 Scan started
08:16:04.0472 7152 Mode: Manual; TDLFS;
08:16:04.0472 7152 ============================================================
08:16:04.0692 7152 ================ Scan system memory ========================
08:16:04.0692 7152 System memory - ok
08:16:04.0692 7152 ================ Scan services =============================
08:16:04.0902 7152 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:16:04.0902 7152 1394ohci - ok
08:16:04.0962 7152 [ 733CA4DF8BE48A1009B86FA442551CA4 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
08:16:04.0962 7152 Accelerometer - ok
08:16:05.0012 7152 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:16:05.0022 7152 ACPI - ok
08:16:05.0052 7152 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:16:05.0052 7152 AcpiPmi - ok
08:16:05.0182 7152 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:16:05.0182 7152 AdobeARMservice - ok
08:16:05.0382 7152 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:16:05.0392 7152 AdobeFlashPlayerUpdateSvc - ok
08:16:05.0442 7152 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:16:05.0452 7152 adp94xx - ok
08:16:05.0492 7152 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:16:05.0502 7152 adpahci - ok
08:16:05.0532 7152 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:16:05.0542 7152 adpu320 - ok
08:16:05.0572 7152 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:16:05.0572 7152 AeLookupSvc - ok
08:16:05.0642 7152 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
08:16:05.0652 7152 AESTFilters - ok
08:16:05.0712 7152 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:16:05.0722 7152 AFD - ok
08:16:05.0752 7152 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:16:05.0752 7152 agp440 - ok
08:16:05.0792 7152 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:16:05.0802 7152 ALG - ok
08:16:05.0832 7152 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:16:05.0832 7152 aliide - ok
08:16:05.0892 7152 [ C53D784D7303C463D004C0D5782917B4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:16:05.0892 7152 AMD External Events Utility - ok
08:16:05.0912 7152 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:16:05.0912 7152 amdide - ok
08:16:05.0942 7152 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:16:05.0942 7152 AmdK8 - ok
08:16:06.0192 7152 [ 06778049A44C316E8D016039B9D14667 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:16:06.0382 7152 amdkmdag - ok
08:16:06.0432 7152 [ 94B4028F0EEA1F166D78186A254676B5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:16:06.0442 7152 amdkmdap - ok
08:16:06.0482 7152 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
08:16:06.0482 7152 AmdPPM - ok
08:16:06.0512 7152 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:16:06.0522 7152 amdsata - ok
08:16:06.0532 7152 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:16:06.0532 7152 amdsbs - ok
08:16:06.0552 7152 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:16:06.0552 7152 amdxata - ok
08:16:06.0592 7152 [ 157B1C973637919DCD0D0464167C86BA ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
08:16:06.0602 7152 AMPPAL - ok
08:16:06.0612 7152 [ 157B1C973637919DCD0D0464167C86BA ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
08:16:06.0612 7152 AMPPALP - ok
08:16:06.0682 7152 [ FB70F8C1283C8CC6BFAA6F9971107E68 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
08:16:06.0692 7152 AMPPALR3 - ok
08:16:06.0742 7152 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:16:06.0742 7152 AppID - ok
08:16:06.0772 7152 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:16:06.0772 7152 AppIDSvc - ok
08:16:06.0792 7152 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:16:06.0792 7152 Appinfo - ok
08:16:06.0822 7152 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
08:16:06.0822 7152 arc - ok
08:16:06.0842 7152 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:16:06.0852 7152 arcsas - ok
08:16:06.0922 7152 aspnet_state - ok
08:16:06.0942 7152 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:16:06.0952 7152 AsyncMac - ok
08:16:06.0982 7152 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:16:06.0982 7152 atapi - ok
08:16:07.0042 7152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:16:07.0052 7152 AudioEndpointBuilder - ok
08:16:07.0062 7152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:16:07.0072 7152 AudioSrv - ok
08:16:07.0102 7152 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:16:07.0102 7152 AxInstSV - ok
08:16:07.0152 7152 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:16:07.0162 7152 b06bdrv - ok
08:16:07.0202 7152 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:16:07.0212 7152 b57nd60a - ok
08:16:07.0252 7152 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
08:16:07.0252 7152 BBSvc - ok
08:16:07.0332 7152 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
08:16:07.0352 7152 BCM43XX - ok
08:16:07.0382 7152 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:16:07.0382 7152 BDESVC - ok
08:16:07.0412 7152 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:16:07.0412 7152 Beep - ok
08:16:07.0472 7152 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:16:07.0482 7152 BFE - ok
08:16:07.0532 7152 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
08:16:07.0552 7152 BITS - ok
08:16:07.0582 7152 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
08:16:07.0582 7152 blbdrive - ok
08:16:07.0702 7152 [ E52221FF68AABB5BEE32A7DEE69E7EAB ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
08:16:07.0722 7152 Bluetooth Device Monitor - ok
08:16:07.0762 7152 [ 5CFA8896A5E10B226B0606B4C84D97AE ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
08:16:07.0772 7152 Bluetooth Media Service - ok
08:16:07.0862 7152 [ 03FE8826F70FC84401B554C4004C4593 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
08:16:07.0872 7152 Bluetooth OBEX Service - ok
08:16:07.0892 7152 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:16:07.0892 7152 bowser - ok
08:16:07.0942 7152 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:16:07.0942 7152 BrFiltLo - ok
08:16:07.0962 7152 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:16:07.0962 7152 BrFiltUp - ok
08:16:08.0012 7152 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:16:08.0022 7152 Browser - ok
08:16:08.0042 7152 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:16:08.0052 7152 Brserid - ok
08:16:08.0102 7152 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:16:08.0102 7152 BrSerWdm - ok
08:16:08.0122 7152 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:16:08.0122 7152 BrUsbMdm - ok
08:16:08.0142 7152 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:16:08.0142 7152 BrUsbSer - ok
08:16:08.0212 7152 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
08:16:08.0242 7152 BthEnum - ok
08:16:08.0272 7152 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:16:08.0272 7152 BTHMODEM - ok
08:16:08.0312 7152 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
08:16:08.0322 7152 BthPan - ok
08:16:08.0362 7152 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
08:16:08.0412 7152 BTHPORT - ok
08:16:08.0452 7152 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:16:08.0452 7152 bthserv - ok
08:16:08.0492 7152 [ FA2D081709A764F6BEE16B7FFE03E36C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
08:16:08.0492 7152 BTHSSecurityMgr - ok
08:16:08.0532 7152 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
08:16:08.0562 7152 BTHUSB - ok
08:16:08.0592 7152 [ A0CA8F0493D26E67436929856E32F585 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
08:16:08.0592 7152 btmaux - ok
08:16:08.0622 7152 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
08:16:08.0632 7152 btmhsf - ok
08:16:08.0652 7152 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:16:08.0652 7152 cdfs - ok
08:16:08.0692 7152 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:16:08.0692 7152 cdrom - ok
08:16:08.0732 7152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:16:08.0732 7152 CertPropSvc - ok
08:16:08.0762 7152 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:16:08.0772 7152 circlass - ok
08:16:08.0792 7152 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:16:08.0802 7152 CLFS - ok
08:16:08.0822 7152 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:16:08.0832 7152 clr_optimization_v2.0.50727_32 - ok
08:16:08.0882 7152 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:16:08.0882 7152 clr_optimization_v2.0.50727_64 - ok
08:16:08.0942 7152 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:16:08.0942 7152 clr_optimization_v4.0.30319_32 - ok
08:16:08.0982 7152 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:16:08.0992 7152 clr_optimization_v4.0.30319_64 - ok
08:16:09.0032 7152 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
08:16:09.0032 7152 clwvd - ok
08:16:09.0072 7152 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
08:16:09.0072 7152 CmBatt - ok
08:16:09.0082 7152 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:16:09.0082 7152 cmdide - ok
08:16:09.0132 7152 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
08:16:09.0142 7152 CNG - ok
08:16:09.0182 7152 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:16:09.0182 7152 Compbatt - ok
08:16:09.0202 7152 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:16:09.0202 7152 CompositeBus - ok
08:16:09.0212 7152 COMSysApp - ok
08:16:09.0232 7152 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:16:09.0232 7152 crcdisk - ok
08:16:09.0282 7152 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:16:09.0282 7152 CryptSvc - ok
08:16:09.0352 7152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:16:09.0362 7152 DcomLaunch - ok
08:16:09.0402 7152 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:16:09.0412 7152 defragsvc - ok
08:16:09.0442 7152 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:16:09.0452 7152 DfsC - ok
08:16:09.0492 7152 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:16:09.0502 7152 Dhcp - ok
08:16:09.0522 7152 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:16:09.0522 7152 discache - ok
08:16:09.0552 7152 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
08:16:09.0562 7152 Disk - ok
08:16:09.0582 7152 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:16:09.0592 7152 Dnscache - ok
08:16:09.0612 7152 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:16:09.0612 7152 dot3svc - ok
08:16:09.0632 7152 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:16:09.0642 7152 DPS - ok
08:16:09.0682 7152 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:16:09.0682 7152 drmkaud - ok
08:16:09.0732 7152 [ A4F408AD1065C7AD2ED332C68025B435 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:16:09.0742 7152 DXGKrnl - ok
08:16:09.0782 7152 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:16:09.0782 7152 EapHost - ok
08:16:09.0882 7152 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:16:09.0922 7152 ebdrv - ok
08:16:09.0952 7152 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:16:09.0952 7152 EFS - ok
08:16:10.0022 7152 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:16:10.0042 7152 ehRecvr - ok
08:16:10.0072 7152 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:16:10.0082 7152 ehSched - ok
08:16:10.0132 7152 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:16:10.0142 7152 elxstor - ok
08:16:10.0202 7152 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
08:16:10.0202 7152 EpsonBidirectionalService - ok
08:16:10.0262 7152 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
08:16:10.0272 7152 EpsonCustomerParticipation - ok
08:16:10.0312 7152 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:16:10.0312 7152 ErrDev - ok
08:16:10.0372 7152 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:16:10.0372 7152 EventSystem - ok
08:16:10.0462 7152 [ 23D401A43DADED10A153B9F3A7E66C91 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
08:16:10.0482 7152 EvtEng - ok
08:16:10.0512 7152 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:16:10.0512 7152 exfat - ok
08:16:10.0552 7152 ezSharedSvc - ok
08:16:10.0572 7152 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:16:10.0572 7152 fastfat - ok
08:16:10.0612 7152 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:16:10.0622 7152 Fax - ok
08:16:10.0642 7152 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
08:16:10.0642 7152 fdc - ok
08:16:10.0692 7152 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:16:10.0692 7152 fdPHost - ok
08:16:10.0712 7152 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:16:10.0722 7152 FDResPub - ok
08:16:10.0752 7152 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:16:10.0752 7152 FileInfo - ok
08:16:10.0772 7152 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:16:10.0772 7152 Filetrace - ok
08:16:10.0802 7152 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:16:10.0802 7152 flpydisk - ok
08:16:10.0822 7152 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:16:10.0832 7152 FltMgr - ok
08:16:10.0872 7152 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:16:10.0882 7152 FontCache - ok
08:16:10.0932 7152 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:16:10.0932 7152 FontCache3.0.0.0 - ok
08:16:10.0972 7152 [ 6AA4E6B4EA50620AB622A048394C4AA2 ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
08:16:10.0982 7152 FPLService - ok
08:16:11.0012 7152 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:16:11.0012 7152 FsDepends - ok
08:16:11.0032 7152 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:16:11.0042 7152 Fs_Rec - ok
08:16:11.0062 7152 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:16:11.0072 7152 fvevol - ok
08:16:11.0112 7152 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:16:11.0112 7152 gagp30kx - ok
08:16:11.0172 7152 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
08:16:11.0182 7152 GamesAppService - ok
08:16:11.0242 7152 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:16:11.0262 7152 gpsvc - ok
08:16:11.0312 7152 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:16:11.0322 7152 gusvc - ok
08:16:11.0352 7152 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:16:11.0352 7152 hcw85cir - ok
08:16:11.0402 7152 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:16:11.0402 7152 HdAudAddService - ok
08:16:11.0452 7152 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:16:11.0452 7152 HDAudBus - ok
08:16:11.0472 7152 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:16:11.0472 7152 HidBatt - ok
08:16:11.0492 7152 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:16:11.0502 7152 HidBth - ok
08:16:11.0542 7152 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
08:16:11.0552 7152 HidIr - ok
08:16:11.0572 7152 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
08:16:11.0572 7152 hidserv - ok
08:16:11.0622 7152 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
08:16:11.0622 7152 HidUsb - ok
08:16:11.0652 7152 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:16:11.0652 7152 hkmsvc - ok
08:16:11.0672 7152 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:16:11.0682 7152 HomeGroupListener - ok
08:16:11.0712 7152 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:16:11.0712 7152 HomeGroupProvider - ok
08:16:11.0802 7152 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
08:16:11.0802 7152 HP Support Assistant Service - ok
08:16:11.0852 7152 [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
08:16:11.0862 7152 HPAuto - ok
08:16:11.0872 7152 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
08:16:11.0882 7152 HPClientSvc - ok
08:16:11.0972 7152 [ 8F123D1FA65ADECEA0244C615EA95DFA ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
08:16:11.0992 7152 hpCMSrv - ok
08:16:12.0042 7152 [ BDFE112FA2F3422842E83DA631065B37 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
08:16:12.0042 7152 hpdskflt - ok
08:16:12.0152 7152 [ E7C7829BA0395E48F8C8FE16B8832344 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
08:16:12.0162 7152 hpqwmiex - ok
08:16:12.0192 7152 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:16:12.0192 7152 HpSAMD - ok
08:16:12.0232 7152 [ A92D6DE158BC0671D9336580F6414044 ] hpsrv C:\Windows\system32\Hpservice.exe
08:16:12.0232 7152 hpsrv - ok
08:16:12.0292 7152 [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
08:16:12.0292 7152 HPWMISVC - ok
08:16:12.0332 7152 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:16:12.0342 7152 HTTP - ok
08:16:12.0362 7152 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:16:12.0362 7152 hwpolicy - ok
08:16:12.0392 7152 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:16:12.0402 7152 i8042prt - ok
08:16:12.0442 7152 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
08:16:12.0452 7152 iaStor - ok
08:16:12.0482 7152 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
08:16:12.0492 7152 IAStorDataMgrSvc - ok
08:16:12.0522 7152 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:16:12.0532 7152 iaStorV - ok
08:16:12.0572 7152 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
08:16:12.0572 7152 iBtFltCoex - ok
08:16:12.0692 7152 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
08:16:12.0712 7152 IconMan_R - ok
08:16:12.0762 7152 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:16:12.0782 7152 idsvc - ok
08:16:12.0822 7152 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:16:12.0822 7152 iirsp - ok
08:16:12.0902 7152 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:16:12.0912 7152 IKEEXT - ok
08:16:12.0962 7152 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
08:16:12.0972 7152 intaud_WaveExtensible - ok
08:16:13.0022 7152 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
08:16:13.0022 7152 IntcDAud - ok
08:16:13.0052 7152 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:16:13.0052 7152 intelide - ok
08:16:13.0372 7152 [ 33FAA40B288002C89529DBD14F3AB72C ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
08:16:13.0612 7152 intelkmd - ok
08:16:13.0632 7152 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:16:13.0632 7152 intelppm - ok
08:16:13.0662 7152 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:16:13.0672 7152 IPBusEnum - ok
08:16:13.0702 7152 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:16:13.0702 7152 IpFilterDriver - ok
08:16:13.0742 7152 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:16:13.0752 7152 iphlpsvc - ok
08:16:13.0772 7152 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:16:13.0772 7152 IPMIDRV - ok
08:16:13.0792 7152 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:16:13.0792 7152 IPNAT - ok
08:16:13.0832 7152 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:16:13.0832 7152 IRENUM - ok
08:16:13.0862 7152 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:16:13.0862 7152 isapnp - ok
08:16:13.0992 7152 [ BD66240828D1497C9E4204D83A24BB47 ] iscFlash C:\Users\Bob\AppData\Local\Temp\7zS938F.tmp\iscflashx64.sys
08:16:14.0022 7152 iscFlash - ok
08:16:14.0062 7152 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:16:14.0062 7152 iScsiPrt - ok
08:16:14.0112 7152 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
08:16:14.0112 7152 iwdbus - ok
08:16:14.0202 7152 [ 5A9894E80575647DC77A7D1954B05CE7 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
08:16:14.0202 7152 jhi_service - ok
08:16:14.0222 7152 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
08:16:14.0232 7152 kbdclass - ok
08:16:14.0262 7152 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:16:14.0262 7152 kbdhid - ok
08:16:14.0282 7152 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:16:14.0292 7152 KeyIso - ok
08:16:14.0322 7152 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:16:14.0322 7152 KSecDD - ok
08:16:14.0342 7152 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:16:14.0352 7152 KSecPkg - ok
08:16:14.0372 7152 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:16:14.0372 7152 ksthunk - ok
08:16:14.0402 7152 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:16:14.0412 7152 KtmRm - ok
08:16:14.0472 7152 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:16:14.0482 7152 LanmanServer - ok
08:16:14.0522 7152 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:16:14.0532 7152 LanmanWorkstation - ok
08:16:14.0572 7152 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:16:14.0582 7152 lltdio - ok
08:16:14.0622 7152 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:16:14.0632 7152 lltdsvc - ok
08:16:14.0662 7152 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:16:14.0662 7152 lmhosts - ok
08:16:14.0712 7152 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
08:16:14.0722 7152 LMS - ok
08:16:14.0742 7152 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:16:14.0752 7152 LSI_FC - ok
08:16:14.0762 7152 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:16:14.0772 7152 LSI_SAS - ok
08:16:14.0782 7152 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:16:14.0792 7152 LSI_SAS2 - ok
08:16:14.0832 7152 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:16:14.0832 7152 LSI_SCSI - ok
08:16:14.0862 7152 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:16:14.0862 7152 luafv - ok
08:16:14.0882 7152 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:16:14.0882 7152 Mcx2Svc - ok
08:16:14.0902 7152 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
08:16:14.0912 7152 megasas - ok
08:16:14.0942 7152 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:16:14.0952 7152 MegaSR - ok
08:16:14.0982 7152 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
08:16:14.0982 7152 MEIx64 - ok
08:16:15.0052 7152 Microsoft SharePoint Workspace Audit Service - ok
08:16:15.0092 7152 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:16:15.0092 7152 MMCSS - ok
08:16:15.0112 7152 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:16:15.0112 7152 Modem - ok
08:16:15.0142 7152 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:16:15.0142 7152 monitor - ok
08:16:15.0192 7152 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:16:15.0192 7152 mouclass - ok
08:16:15.0212 7152 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
08:16:15.0222 7152 mouhid - ok
08:16:15.0242 7152 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:16:15.0252 7152 mountmgr - ok
08:16:15.0302 7152 [ 9FA705BE049065E8179925CFDDAE0B1C ] mozybackup C:\Program Files\MozyHome\mozybackup.exe
08:16:15.0302 7152 mozybackup - ok
08:16:15.0332 7152 [ A9B15FD316F6AB1AF8B4B936765DA16A ] mozyFilter C:\Windows\system32\DRIVERS\mozy.sys
08:16:15.0332 7152 mozyFilter - ok
08:16:15.0392 7152 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
08:16:15.0392 7152 MpFilter - ok
08:16:15.0412 7152 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:16:15.0422 7152 mpio - ok
08:16:15.0432 7152 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:16:15.0432 7152 mpsdrv - ok
08:16:15.0482 7152 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:16:15.0492 7152 MpsSvc - ok
08:16:15.0512 7152 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:16:15.0522 7152 MRxDAV - ok
08:16:15.0542 7152 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:16:15.0542 7152 mrxsmb - ok
08:16:15.0582 7152 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:16:15.0582 7152 mrxsmb10 - ok
08:16:15.0602 7152 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:16:15.0602 7152 mrxsmb20 - ok
08:16:15.0632 7152 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:16:15.0632 7152 msahci - ok
08:16:15.0642 7152 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:16:15.0652 7152 msdsm - ok
08:16:15.0682 7152 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:16:15.0682 7152 MSDTC - ok
08:16:15.0702 7152 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:16:15.0712 7152 Msfs - ok
08:16:15.0722 7152 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:16:15.0722 7152 mshidkmdf - ok
08:16:15.0732 7152 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:16:15.0732 7152 msisadrv - ok
08:16:15.0772 7152 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:16:15.0772 7152 MSiSCSI - ok
08:16:15.0782 7152 msiserver - ok
08:16:15.0802 7152 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:16:15.0812 7152 MSKSSRV - ok
08:16:15.0862 7152 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:16:15.0862 7152 MsMpSvc - ok
08:16:15.0892 7152 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:16:15.0892 7152 MSPCLOCK - ok
08:16:15.0912 7152 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:16:15.0912 7152 MSPQM - ok
08:16:15.0942 7152 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:16:15.0942 7152 MsRPC - ok
08:16:15.0962 7152 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:16:15.0972 7152 mssmbios - ok
08:16:16.0002 7152 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:16:16.0002 7152 MSTEE - ok
08:16:16.0012 7152 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:16:16.0012 7152 MTConfig - ok
08:16:16.0032 7152 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:16:16.0042 7152 Mup - ok
08:16:16.0092 7152 [ 48C9BA25EDA90E3DB07ADAC8CD32F5F3 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
08:16:16.0102 7152 MyWiFiDHCPDNS - ok
08:16:16.0142 7152 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:16:16.0152 7152 napagent - ok
08:16:16.0202 7152 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:16:16.0212 7152 NativeWifiP - ok
08:16:16.0262 7152 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
08:16:16.0282 7152 NDIS - ok
08:16:16.0322 7152 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:16:16.0332 7152 NdisCap - ok
08:16:16.0362 7152 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:16:16.0362 7152 NdisTapi - ok
08:16:16.0382 7152 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:16:16.0392 7152 Ndisuio - ok
08:16:16.0402 7152 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:16:16.0412 7152 NdisWan - ok
08:16:16.0432 7152 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:16:16.0432 7152 NDProxy - ok
08:16:16.0452 7152 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:16:16.0452 7152 NetBIOS - ok
08:16:16.0482 7152 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:16:16.0492 7152 NetBT - ok
08:16:16.0522 7152 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:16:16.0522 7152 Netlogon - ok
08:16:16.0562 7152 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:16:16.0572 7152 Netman - ok
08:16:16.0612 7152 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:16:16.0622 7152 netprofm - ok
08:16:16.0652 7152 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:16:16.0652 7152 NetTcpPortSharing - ok
08:16:16.0902 7152 [ FAD6C5610D020534401966CD72A1C306 ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
08:16:17.0122 7152 NETwNs64 - ok
08:16:17.0172 7152 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:16:17.0172 7152 nfrd960 - ok
08:16:17.0232 7152 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:16:17.0242 7152 NisDrv - ok
08:16:17.0282 7152 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
08:16:17.0282 7152 NisSrv - ok
08:16:17.0332 7152 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:16:17.0342 7152 NlaSvc - ok
08:16:17.0352 7152 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:16:17.0362 7152 Npfs - ok
08:16:17.0372 7152 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:16:17.0372 7152 nsi - ok
08:16:17.0392 7152 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:16:17.0392 7152 nsiproxy - ok
08:16:17.0452 7152 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:16:17.0472 7152 Ntfs - ok
08:16:17.0502 7152 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:16:17.0502 7152 Null - ok
08:16:17.0532 7152 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
08:16:17.0532 7152 nusb3hub - ok
08:16:17.0562 7152 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:16:17.0562 7152 nusb3xhc - ok
08:16:17.0602 7152 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
08:16:17.0602 7152 NVENETFD - ok
08:16:17.0632 7152 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:16:17.0632 7152 nvraid - ok
08:16:17.0662 7152 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:16:17.0662 7152 nvstor - ok
08:16:17.0682 7152 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:16:17.0682 7152 nv_agp - ok
08:16:17.0702 7152 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:16:17.0712 7152 ohci1394 - ok
08:16:17.0802 7152 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:16:17.0802 7152 ose - ok
08:16:18.0032 7152 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:16:18.0132 7152 osppsvc - ok
08:16:18.0162 7152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:16:18.0162 7152 p2pimsvc - ok
08:16:18.0202 7152 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:16:18.0202 7152 p2psvc - ok
08:16:18.0232 7152 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
08:16:18.0232 7152 Parport - ok
08:16:18.0252 7152 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:16:18.0252 7152 partmgr - ok
08:16:18.0282 7152 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:16:18.0292 7152 PcaSvc - ok
08:16:18.0312 7152 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:16:18.0312 7152 pci - ok
08:16:18.0342 7152 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:16:18.0342 7152 pciide - ok
08:16:18.0372 7152 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:16:18.0382 7152 pcmcia - ok
08:16:18.0402 7152 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:16:18.0402 7152 pcw - ok
08:16:18.0432 7152 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:16:18.0442 7152 PEAUTH - ok
08:16:18.0512 7152 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:16:18.0512 7152 PerfHost - ok
08:16:18.0582 7152 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:16:18.0602 7152 pla - ok
08:16:18.0642 7152 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:16:18.0652 7152 PlugPlay - ok
08:16:18.0662 7152 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:16:18.0672 7152 PNRPAutoReg - ok
08:16:18.0682 7152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:16:18.0692 7152 PNRPsvc - ok
08:16:18.0722 7152 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:16:18.0732 7152 PolicyAgent - ok
08:16:18.0762 7152 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:16:18.0772 7152 Power - ok
08:16:18.0802 7152 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:16:18.0802 7152 PptpMiniport - ok
08:16:18.0812 7152 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
08:16:18.0822 7152 Processor - ok
08:16:18.0852 7152 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:16:18.0862 7152 ProfSvc - ok
08:16:18.0872 7152 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:16:18.0872 7152 ProtectedStorage - ok
08:16:18.0892 7152 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:16:18.0902 7152 Psched - ok
08:16:18.0942 7152 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
08:16:18.0942 7152 PxHlpa64 - ok
08:16:19.0022 7152 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:16:19.0042 7152 ql2300 - ok
08:16:19.0062 7152 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:16:19.0062 7152 ql40xx - ok
08:16:19.0092 7152 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:16:19.0092 7152 QWAVE - ok
08:16:19.0122 7152 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:16:19.0132 7152 QWAVEdrv - ok
08:16:19.0142 7152 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:16:19.0152 7152 RasAcd - ok
08:16:19.0182 7152 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:16:19.0182 7152 RasAgileVpn - ok
08:16:19.0202 7152 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:16:19.0212 7152 RasAuto - ok
08:16:19.0232 7152 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:16:19.0232 7152 Rasl2tp - ok
08:16:19.0252 7152 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:16:19.0262 7152 RasMan - ok
08:16:19.0292 7152 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:16:19.0302 7152 RasPppoe - ok
08:16:19.0322 7152 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:16:19.0322 7152 RasSstp - ok
08:16:19.0342 7152 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:16:19.0352 7152 rdbss - ok
08:16:19.0362 7152 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
08:16:19.0372 7152 rdpbus - ok
08:16:19.0412 7152 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:16:19.0412 7152 RDPCDD - ok
08:16:19.0432 7152 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:16:19.0432 7152 RDPENCDD - ok
08:16:19.0462 7152 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:16:19.0462 7152 RDPREFMP - ok
08:16:19.0502 7152 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:16:19.0502 7152 RDPWD - ok
08:16:19.0542 7152 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:16:19.0552 7152 rdyboost - ok
08:16:19.0612 7152 [ 0C2B4C3B10D183BE116A38353E937F62 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
08:16:19.0612 7152 RegSrvc - ok
08:16:19.0642 7152 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:16:19.0652 7152 RemoteAccess - ok
08:16:19.0702 7152 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:16:19.0712 7152 RemoteRegistry - ok
08:16:19.0732 7152 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
08:16:19.0742 7152 RFCOMM - ok
08:16:19.0792 7152 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
08:16:19.0802 7152 RoxioNow Service - ok
08:16:19.0822 7152 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:16:19.0832 7152 RpcEptMapper - ok
08:16:19.0852 7152 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:16:19.0852 7152 RpcLocator - ok
08:16:19.0882 7152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:16:19.0892 7152 RpcSs - ok
08:16:19.0942 7152 [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
08:16:19.0942 7152 RSPCIESTOR - ok
08:16:19.0982 7152 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:16:19.0992 7152 rspndr - ok
08:16:20.0032 7152 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:16:20.0032 7152 RTL8167 - ok
08:16:20.0052 7152 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:16:20.0052 7152 SamSs - ok
08:16:20.0072 7152 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:16:20.0082 7152 sbp2port - ok
08:16:20.0112 7152 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:16:20.0122 7152 SCardSvr - ok
08:16:20.0142 7152 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:16:20.0142 7152 scfilter - ok
08:16:20.0172 7152 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:16:20.0192 7152 Schedule - ok
08:16:20.0212 7152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:16:20.0212 7152 SCPolicySvc - ok
08:16:20.0252 7152 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
08:16:20.0252 7152 sdbus - ok
08:16:20.0292 7152 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:16:20.0302 7152 SDRSVC - ok
08:16:20.0352 7152 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
08:16:20.0362 7152 SeaPort - ok
08:16:20.0392 7152 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:16:20.0392 7152 secdrv - ok
08:16:20.0422 7152 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:16:20.0432 7152 seclogon - ok
08:16:20.0452 7152 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
08:16:20.0462 7152 SENS - ok
08:16:20.0512 7152 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:16:20.0522 7152 SensrSvc - ok
08:16:20.0542 7152 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
08:16:20.0552 7152 Serenum - ok
08:16:20.0582 7152 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
08:16:20.0582 7152 Serial - ok
08:16:20.0622 7152 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:16:20.0632 7152 sermouse - ok
08:16:20.0662 7152 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:16:20.0662 7152 SessionEnv - ok
08:16:20.0682 7152 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:16:20.0682 7152 sffdisk - ok
08:16:20.0702 7152 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:16:20.0702 7152 sffp_mmc - ok
08:16:20.0712 7152 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:16:20.0712 7152 sffp_sd - ok
08:16:20.0762 7152 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:16:20.0762 7152 sfloppy - ok
08:16:20.0792 7152 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:16:20.0802 7152 SharedAccess - ok
08:16:20.0832 7152 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:16:20.0842 7152 ShellHWDetection - ok
08:16:20.0872 7152 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:16:20.0872 7152 SiSRaid2 - ok
08:16:20.0892 7152 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:16:20.0892 7152 SiSRaid4 - ok
08:16:20.0922 7152 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:16:20.0922 7152 Smb - ok
08:16:20.0982 7152 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:16:20.0982 7152 SNMPTRAP - ok
08:16:21.0002 7152 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:16:21.0002 7152 spldr - ok
08:16:21.0052 7152 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:16:21.0072 7152 Spooler - ok
08:16:21.0182 7152 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:16:21.0252 7152 sppsvc - ok
08:16:21.0272 7152 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:16:21.0272 7152 sppuinotify - ok
08:16:21.0292 7152 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:16:21.0292 7152 srv - ok
08:16:21.0332 7152 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:16:21.0332 7152 srv2 - ok
08:16:21.0362 7152 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
08:16:21.0362 7152 SrvHsfHDA - ok
08:16:21.0392 7152 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
08:16:21.0402 7152 SrvHsfV92 - ok
08:16:21.0432 7152 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
08:16:21.0442 7152 SrvHsfWinac - ok
08:16:21.0452 7152 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:16:21.0462 7152 srvnet - ok
08:16:21.0492 7152 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:16:21.0502 7152 SSDPSRV - ok
08:16:21.0522 7152 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:16:21.0522 7152 SstpSvc - ok
08:16:21.0602 7152 [ 20E27AA5BCC01C2149830C05FE22F675 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
08:16:21.0602 7152 STacSV - ok
08:16:21.0622 7152 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:16:21.0622 7152 stexstor - ok
08:16:21.0662 7152 [ BEB37CE4E7456F5EFA52D783D1E06D8C ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
08:16:21.0672 7152 STHDA - ok
08:16:21.0722 7152 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:16:21.0732 7152 stisvc - ok
08:16:21.0762 7152 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:16:21.0762 7152 swenum - ok
08:16:21.0792 7152 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:16:21.0802 7152 swprv - ok
08:16:21.0852 7152 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
08:16:21.0862 7152 SynTP - ok
08:16:21.0912 7152 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:16:21.0932 7152 SysMain - ok
08:16:21.0952 7152 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:16:21.0952 7152 TabletInputService - ok
08:16:21.0972 7152 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:16:21.0972 7152 TapiSrv - ok
08:16:21.0992 7152 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:16:21.0992 7152 TBS - ok
08:16:22.0092 7152 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:16:22.0112 7152 Tcpip - ok
08:16:22.0182 7152 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:16:22.0182 7152 TCPIP6 - ok
08:16:22.0212 7152 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:16:22.0212 7152 tcpipreg - ok
08:16:22.0222 7152 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:16:22.0222 7152 TDPIPE - ok
08:16:22.0262 7152 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:16:22.0262 7152 TDTCP - ok
08:16:22.0282 7152 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:16:22.0282 7152 tdx - ok
08:16:22.0292 7152 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:16:22.0292 7152 TermDD - ok
08:16:22.0332 7152 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:16:22.0352 7152 TermService - ok
08:16:22.0372 7152 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:16:22.0372 7152 Themes - ok
08:16:22.0402 7152 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:16:22.0402 7152 THREADORDER - ok
08:16:22.0422 7152 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:16:22.0432 7152 TrkWks - ok
08:16:22.0472 7152 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:16:22.0482 7152 TrustedInstaller - ok
08:16:22.0502 7152 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:16:22.0502 7152 tssecsrv - ok
08:16:22.0532 7152 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:16:22.0532 7152 TsUsbFlt - ok
08:16:22.0562 7152 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
08:16:22.0562 7152 TsUsbGD - ok
08:16:22.0602 7152 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:16:22.0602 7152 tunnel - ok
08:16:22.0612 7152 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:16:22.0622 7152 uagp35 - ok
08:16:22.0642 7152 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:16:22.0642 7152 udfs - ok
08:16:22.0672 7152 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:16:22.0682 7152 UI0Detect - ok
08:16:22.0722 7152 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:16:22.0722 7152 uliagpkx - ok
08:16:22.0752 7152 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:16:22.0752 7152 umbus - ok
08:16:22.0782 7152 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
08:16:22.0792 7152 UmPass - ok
08:16:22.0902 7152 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
08:16:22.0922 7152 UNS - ok
08:16:22.0952 7152 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:16:22.0962 7152 upnphost - ok
08:16:23.0012 7152 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:16:23.0022 7152 usbccgp - ok
08:16:23.0052 7152 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:16:23.0052 7152 usbcir - ok
08:16:23.0102 7152 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:16:23.0102 7152 usbehci - ok
08:16:23.0122 7152 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
08:16:23.0132 7152 usbhub - ok
08:16:23.0162 7152 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:16:23.0162 7152 usbohci - ok
08:16:23.0192 7152 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
08:16:23.0192 7152 usbprint - ok
08:16:23.0222 7152 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:16:23.0222 7152 USBSTOR - ok
08:16:23.0242 7152 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:16:23.0252 7152 usbuhci - ok
08:16:23.0282 7152 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
08:16:23.0282 7152 usbvideo - ok
08:16:23.0322 7152 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
08:16:23.0322 7152 usb_rndisx - ok
08:16:23.0352 7152 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:16:23.0362 7152 UxSms - ok
08:16:23.0372 7152 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:16:23.0382 7152 VaultSvc - ok
08:16:23.0382 7152 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:16:23.0382 7152 vdrvroot - ok
08:16:23.0412 7152 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:16:23.0422 7152 vds - ok
08:16:23.0442 7152 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:16:23.0442 7152 vga - ok
08:16:23.0452 7152 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:16:23.0452 7152 VgaSave - ok
08:16:23.0472 7152 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:16:23.0482 7152 vhdmp - ok
08:16:23.0512 7152 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:16:23.0512 7152 viaide - ok
08:16:23.0532 7152 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:16:23.0532 7152 volmgr - ok
08:16:23.0552 7152 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:16:23.0562 7152 volmgrx - ok
08:16:23.0582 7152 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:16:23.0582 7152 volsnap - ok
08:16:23.0612 7152 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:16:23.0612 7152 vsmraid - ok
08:16:23.0682 7152 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:16:23.0692 7152 VSS - ok
08:16:23.0712 7152 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:16:23.0712 7152 vwifibus - ok
08:16:23.0742 7152 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:16:23.0742 7152 vwififlt - ok
08:16:23.0772 7152 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
08:16:23.0772 7152 vwifimp - ok
08:16:23.0812 7152 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:16:23.0822 7152 W32Time - ok
08:16:23.0842 7152 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:16:23.0842 7152 WacomPen - ok
08:16:23.0882 7152 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:16:23.0882 7152 WANARP - ok
08:16:23.0892 7152 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:16:23.0892 7152 Wanarpv6 - ok
08:16:23.0982 7152 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:16:24.0002 7152 WatAdminSvc - ok
08:16:24.0052 7152 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:16:24.0082 7152 wbengine - ok
08:16:24.0092 7152 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:16:24.0092 7152 WbioSrvc - ok
08:16:24.0122 7152 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:16:24.0142 7152 wcncsvc - ok
08:16:24.0152 7152 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:16:24.0152 7152 WcsPlugInService - ok
08:16:24.0182 7152 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
08:16:24.0182 7152 Wd - ok
08:16:24.0212 7152 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:16:24.0222 7152 Wdf01000 - ok
08:16:24.0242 7152 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:16:24.0252 7152 WdiServiceHost - ok
08:16:24.0252 7152 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:16:24.0252 7152 WdiSystemHost - ok
08:16:24.0272 7152 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:16:24.0282 7152 WebClient - ok
08:16:24.0292 7152 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:16:24.0302 7152 Wecsvc - ok
08:16:24.0322 7152 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:16:24.0322 7152 wercplsupport - ok
08:16:24.0352 7152 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:16:24.0352 7152 WerSvc - ok
08:16:24.0402 7152 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:16:24.0402 7152 WfpLwf - ok
08:16:24.0422 7152 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:16:24.0422 7152 WIMMount - ok
08:16:24.0442 7152 WinDefend - ok
08:16:24.0452 7152 WinHttpAutoProxySvc - ok
08:16:24.0492 7152 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:16:24.0502 7152 Winmgmt - ok
08:16:24.0582 7152 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:16:24.0602 7152 WinRM - ok
08:16:24.0642 7152 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
08:16:24.0642 7152 WinUsb - ok
08:16:24.0692 7152 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:16:24.0702 7152 Wlansvc - ok
08:16:24.0742 7152 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:16:24.0742 7152 wlcrasvc - ok
08:16:24.0822 7152 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:16:24.0852 7152 wlidsvc - ok
08:16:24.0862 7152 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:16:24.0862 7152 WmiAcpi - ok
08:16:24.0892 7152 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:16:24.0892 7152 wmiApSrv - ok
08:16:24.0922 7152 WMPNetworkSvc - ok
08:16:24.0962 7152 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:16:24.0972 7152 WPCSvc - ok
08:16:24.0982 7152 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:16:24.0992 7152 WPDBusEnum - ok
08:16:25.0012 7152 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:16:25.0012 7152 ws2ifsl - ok
08:16:25.0042 7152 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
08:16:25.0042 7152 wscsvc - ok
08:16:25.0052 7152 WSearch - ok
08:16:25.0152 7152 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:16:25.0172 7152 wuauserv - ok
08:16:25.0182 7152 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:16:25.0192 7152 WudfPf - ok
08:16:25.0202 7152 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:16:25.0212 7152 WUDFRd - ok
08:16:25.0242 7152 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:16:25.0252 7152 wudfsvc - ok
08:16:25.0272 7152 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:16:25.0272 7152 WwanSvc - ok
08:16:25.0382 7152 [ D2FE4103450E52CB248D842501F84B90 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
08:16:25.0402 7152 ZeroConfigService - ok
08:16:25.0432 7152 ================ Scan global ===============================
08:16:25.0452 7152 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:16:25.0472 7152 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:16:25.0482 7152 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:16:25.0512 7152 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:16:25.0532 7152 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:16:25.0532 7152 [Global] - ok
08:16:25.0532 7152 ================ Scan MBR ==================================
08:16:25.0552 7152 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:16:26.0582 7152 \Device\Harddisk0\DR0 - ok
08:16:26.0582 7152 ================ Scan VBR ==================================
08:16:26.0592 7152 [ 08EC8476B8709BD4A150F02374D9CCD9 ] \Device\Harddisk0\DR0\Partition1
08:16:26.0592 7152 \Device\Harddisk0\DR0\Partition1 - ok
08:16:26.0632 7152 [ 62F489602672DEACC7CDACF555B9E308 ] \Device\Harddisk0\DR0\Partition2
08:16:26.0642 7152 \Device\Harddisk0\DR0\Partition2 - ok
08:16:26.0682 7152 [ 7221B686CC1DCC70E5C60D52E8A2AD3D ] \Device\Harddisk0\DR0\Partition3
08:16:26.0682 7152 \Device\Harddisk0\DR0\Partition3 - ok
08:16:26.0742 7152 [ 17207DAE91AD3F38E3306A60320503A8 ] \Device\Harddisk0\DR0\Partition4
08:16:26.0742 7152 \Device\Harddisk0\DR0\Partition4 - ok
08:16:26.0742 7152 ============================================================
08:16:26.0742 7152 Scan finished
08:16:26.0742 7152 ============================================================
08:16:26.0762 6040 Detected object count: 0
08:16:26.0762 6040 Actual detected object count: 0







aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-20 08:19:24
-----------------------------
08:19:24.727 OS Version: Windows x64 6.1.7601 Service Pack 1
08:19:24.727 Number of processors: 8 586 0x2A07
08:19:24.727 ComputerName: BOB-LAPTOP UserName: Bob
08:19:26.867 Initialize success
08:20:33.317 AVAST engine defs: 12082000
08:20:41.067 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:20:41.067 Disk 0 Vendor: TOSHIBA_ GU00 Size: 953869MB BusType: 3
08:20:41.077 Disk 0 MBR read successfully
08:20:41.087 Disk 0 MBR scan
08:20:41.097 Disk 0 Windows 7 default MBR code
08:20:41.107 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
08:20:41.247 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 936103 MB offset 409600
08:20:41.317 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17463 MB offset 1917548544
08:20:41.357 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1953312768
08:20:41.467 Disk 0 scanning C:\Windows\system32\drivers
08:20:56.247 Service scanning
08:21:58.447 Modules scanning
08:21:58.457 Disk 0 trace - called modules:
08:21:58.557 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
08:21:58.577 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007fb6790]
08:21:58.587 3 CLASSPNP.SYS[fffff88001c1743f] -> nt!IofCallDriver -> [0xfffffa8007ec3b10]
08:21:58.597 5 hpdskflt.sys[fffff88001fb7189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007d93050]
08:22:00.627 AVAST engine scan C:\Windows
08:22:04.407 AVAST engine scan C:\Windows\system32
08:26:15.829 AVAST engine scan C:\Windows\system32\drivers
08:26:33.419 AVAST engine scan C:\Users\Bob
08:27:00.109 File: C:\Users\Bob\AppData\Local\Jet Propulsion Laboratory\jbyqwtkd.dll **INFECTED** Win32:Trojan-gen
08:30:13.029 Disk 0 MBR has been saved successfully to "C:\Users\Bob\Desktop\MBR.dat"
08:30:13.029 The log file has been saved successfully to "C:\Users\Bob\Desktop\aswMBR.txt"



C:\Documents and Settings\Bob\AppData\Local\Jet Propulsion Laboratory\jbyqwtkd.dll Win32/Kryptik.AKGO.Gen trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Bob\AppData\Local\Temp\msimg32.dll Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\Documents and Settings\Bob\AppData\Local\Temp\NODAC94.tmp Win32/Kryptik.AKGO.Gen trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Bob\AppData\Local\Temp\NOD4F18.tmp Win32/Kryptik.AKGO.Gen trojan cleaned by deleting (after the next restart) - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:32 AM

Posted 20 August 2012 - 12:59 PM

UPDATE MALWAREBYTES,RUN A FULL SCAN and post the log

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{1c5ba6b1-0e86-7738-a494-d129f7ee995f}

Click on LOOK,post the generated log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 bposert

bposert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 20 August 2012 - 03:15 PM

Thanks again, Naranxp. After the reboot from adware cleaner, I got an error message from RunDLL:

There was a problem starting C:\Users\Bob\AppData\Local\Jet Propulsion Laboratory\jbyqwtkd.dll
The specified module could not be found.

Which is a good thing, but at least a little more cleanup from me.

The logs follow.

Best,
Bob

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bob :: BOB-LAPTOP [administrator]

8/20/2012 11:26:59 AM
mbam-log-2012-08-20 (11-26-59).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 435575
Time elapsed: 55 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






SystemLook 30.07.11 by jpshortstuff
Log created at 12:53 on 20/08/2012 by Bob
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{1c5ba6b1-0e86-7738-a494-d129f7ee995f}"
C:\Documents and Settings\Bob\AppData\Local\{1c5ba6b1-0e86-7738-a494-d129f7ee995f} d--hs-- [04:13 16/01/2012]
C:\Users\Bob\AppData\Local\{1c5ba6b1-0e86-7738-a494-d129f7ee995f} d--hs-- [04:13 16/01/2012]

-= EOF =-








MiniToolBox by Farbar Version: 23-07-2012
Ran by Bob (administrator) on 20-08-2012 at 13:00:27
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 1030 = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Bob-Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 4C-80-93-23-03-E9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 4C-80-93-23-03-E9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1030
Physical Address. . . . . . . . . : 4C-80-93-23-03-E8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::21fc:c556:f0e0:c541%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, August 20, 2012 5:56:34 AM
Lease Expires . . . . . . . . . . : Tuesday, August 21, 2012 5:56:40 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 374112403
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-6B-8B-66-08-2E-5F-7E-7F-03
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 08-2E-5F-7E-7F-03
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D5456802-D220-4DE3-9C87-4FB86F43CB3F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:470:3715:b944:52b9(Preferred)
Link-local IPv6 Address . . . . . : fe80::470:3715:b944:52b9%18(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: google.com
Addresses: 2607:f8b0:4007:800::1008
74.125.224.168
74.125.224.169
74.125.224.166
74.125.224.160
74.125.224.174
74.125.224.163
74.125.224.164
74.125.224.167
74.125.224.161
74.125.224.162
74.125.224.165


Pinging google.com [74.125.224.168] with 32 bytes of data:
Reply from 74.125.224.168: bytes=32 time=11ms TTL=56
Reply from 74.125.224.168: bytes=32 time=9ms TTL=56

Ping statistics for 74.125.224.168:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 9ms, Maximum = 11ms, Average = 10ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=62ms TTL=55
Reply from 72.30.38.140: bytes=32 time=85ms TTL=55

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 62ms, Maximum = 85ms, Average = 73ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...4c 80 93 23 03 e9 ......Microsoft Virtual WiFi Miniport Adapter #2
16...4c 80 93 23 03 e9 ......Microsoft Virtual WiFi Miniport Adapter
15...4c 80 93 23 03 e8 ......Intel® Centrino® Wireless-N 1030
13...08 2e 5f 7e 7f 03 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.8 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.8 281
192.168.0.8 255.255.255.255 On-link 192.168.0.8 281
192.168.0.255 255.255.255.255 On-link 192.168.0.8 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.8 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.8 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
18 58 ::/0 On-link
1 306 ::1/128 On-link
18 58 2001::/32 On-link
18 306 2001:0:4137:9e76:470:3715:b944:52b9/128
On-link
15 281 fe80::/64 On-link
18 306 fe80::/64 On-link
18 306 fe80::470:3715:b944:52b9/128
On-link
15 281 fe80::21fc:c556:f0e0:c541/128
On-link
1 306 ff00::/8 On-link
18 306 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/20/2012 08:35:41 AM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp: 0x4f5f9c86
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002e41b
Faulting process id: 0x1590
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (08/20/2012 08:31:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/20/2012 08:31:10 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/20/2012 08:31:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/20/2012 05:56:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2012 10:10:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2012 08:45:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2012 08:11:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2012 08:44:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2012 07:13:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/18/2012 08:42:43 AM) (Source: DCOM) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}

Error: (08/18/2012 08:27:27 AM) (Source: NetBT) (User: )
Description: The name "POSERT :1d" could not be registered on the interface with IP address 192.168.0.8.
The computer with the IP address 192.168.0.191 did not allow the name to be claimed by
this computer.

Error: (08/17/2012 08:51:35 AM) (Source: NetBT) (User: )
Description: The name "POSERT :1d" could not be registered on the interface with IP address 192.168.0.8.
The computer with the IP address 192.168.0.191 did not allow the name to be claimed by
this computer.

Error: (08/15/2012 06:46:44 PM) (Source: HTTP) (User: )
Description:

Error: (08/09/2012 02:12:29 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/09/2012 02:12:29 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/09/2012 02:12:28 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/09/2012 02:12:28 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/09/2012 02:12:27 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/09/2012 07:04:47 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.


Microsoft Office Sessions:
=========================
Error: (08/20/2012 08:35:41 AM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.16654f5f9c86ntdll.dll6.1.7601.177254ec49b8fc00000050002e41b159001cd7ee72e843d51C:\Users\Bob\Desktop\aswMBR.exeC:\Windows\SysWOW64\ntdll.dllb257f76f-eadc-11e1-9705-082e5f7e7f03

Error: (08/20/2012 08:31:15 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bob\Desktop\esetsmartinstaller_enu.exe

Error: (08/20/2012 08:31:10 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bob\Desktop\esetsmartinstaller_enu.exe

Error: (08/20/2012 08:31:02 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bob\Desktop\esetsmartinstaller_enu.exe

Error: (08/20/2012 05:56:34 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2012 10:10:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2012 08:45:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2012 08:11:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2012 08:44:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2012 07:13:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

7-Zip 9.20 (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader X (10.1.4) MUI (Version: 10.1.4)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
AMD APP SDK Runtime (Version: 2.5.709.2)
AMD Catalyst Install Manager (Version: 3.0.838.0)
Audacity 1.3.14 (Unicode)
AuthenTec TrueAPI (Version: 1.3.0.144)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bejeweled 3 (Version: 2.2.0.95)
Bing Bar (Version: 7.0.610.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0930.2209.37895)
Catalyst Control Center Graphics Previews Common (Version: 2011.0930.2209.37895)
Catalyst Control Center InstallProxy (Version: 2011.0930.2209.37895)
Catalyst Control Center Localization All (Version: 2011.0930.2209.37895)
Catalyst Control Center Profiles Mobile (Version: 2011.0930.2209.37895)
ccc-utility64 (Version: 2011.0930.2209.37895)
CCC Help Chinese Standard (Version: 2011.0930.2208.37895)
CCC Help Chinese Traditional (Version: 2011.0930.2208.37895)
CCC Help Czech (Version: 2011.0930.2208.37895)
CCC Help Danish (Version: 2011.0930.2208.37895)
CCC Help Dutch (Version: 2011.0930.2208.37895)
CCC Help English (Version: 2011.0930.2208.37895)
CCC Help Finnish (Version: 2011.0930.2208.37895)
CCC Help French (Version: 2011.0930.2208.37895)
CCC Help German (Version: 2011.0930.2208.37895)
CCC Help Greek (Version: 2011.0930.2208.37895)
CCC Help Hungarian (Version: 2011.0930.2208.37895)
CCC Help Italian (Version: 2011.0930.2208.37895)
CCC Help Japanese (Version: 2011.0930.2208.37895)
CCC Help Korean (Version: 2011.0930.2208.37895)
CCC Help Norwegian (Version: 2011.0930.2208.37895)
CCC Help Polish (Version: 2011.0930.2208.37895)
CCC Help Portuguese (Version: 2011.0930.2208.37895)
CCC Help Russian (Version: 2011.0930.2208.37895)
CCC Help Spanish (Version: 2011.0930.2208.37895)
CCC Help Swedish (Version: 2011.0930.2208.37895)
CCC Help Thai (Version: 2011.0930.2208.37895)
CCC Help Turkish (Version: 2011.0930.2208.37895)
Chuzzle Deluxe (Version: 2.2.0.95)
CutePDF Writer 2.8
CyberLink YouCam (Version: 3.5.1.3922)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
DVD Shrink 3.2
DVDFab 8.2.0.0 (03/08/2012) Qt
Energy Star Digital Logo (Version: 1.0.1)
EPSON Artisan 837 Series Printer Uninstall
Epson Connect
Epson Customer Participation (Version: 1.0.0.0)
Epson Download Navigator (Version: 1.0.1)
Epson Event Manager (Version: 2.50.0000)
Epson FAX Utility (Version: 1.20.00)
Epson PC-FAX Driver
EPSON Scan
EpsonNet Print (Version: 2.4j)
ESET Online Scanner v3
ESU for Microsoft Windows 7 (Version: 1.0.0)
Evernote v. 4.2.2 (Version: 4.2.2.3979)
Farm Frenzy (Version: 2.2.0.95)
FastStone Image Viewer 4.6 (Version: 4.6)
FATE - The Traitor Soul (Version: 2.2.0.95)
FFmpeg v0.6.2 for Audacity
FileZilla Client 3.5.3 (Version: 3.5.3)
Google Chrome (Version: 21.0.1180.79)
Google Talk Plugin (Version: 3.4.2.8800)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.1.16.1)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Connection Manager (Version: 4.1.23.1)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP DVB-T TV Tuner 8.0.64.43 (Version: 8.0.64.43)
HP Games (Version: 1.0.2.4)
HP MovieStore (Version: 1.0.047)
HP MovieStore (Version: 2.0)
HP On Screen Display (Version: 1.1.2)
HP Power Manager (Version: 1.4.7)
HP Product Detection (Version: 11.14.0004)
HP Quick Launch (Version: 2.7.2)
HP Setup (Version: 8.6.4530.3651)
HP Setup Manager (Version: 1.1.13253.3682)
HP SimplePass 2011 (Version: 5.3.0.273)
HP Software Framework (Version: 4.5.10.1)
HP Support Assistant (Version: 6.1.12.1)
IDT Audio (Version: 1.0.6345.0)
ImgBurn (Version: 2.5.7.0)
inSSIDer (Version: 2.1.4)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Display Audio Driver (Version: 6.14.00.3074)
Intel® Identity Protection Technology 1.2.22.0 (Version: 1.2.22.0)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.1.0.0096)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.1.1.0581)
Intel® Rapid Storage Technology (Version: 10.6.0.1002)
Intel® WiDi (Version: 2.1.42.0)
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software (Version: 15.01.0500.0903)
IrfanView (remove only) (Version: 4.32)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 31 (Version: 6.0.310)
JDownloader 0.9 (Version: 0.9)
Junk Mail filter update (Version: 15.4.3502.0922)
LAME v3.98.3 for Audacity
Mah Jong Medley (Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Firefox 8.0.1 (x86 en-US) (Version: 8.0.1)
Mozilla Thunderbird 11.0 (x86 en-US) (Version: 11.0)
MozyHome (Version: 2.14.1.193)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
My MP4Box GUI 0.5.5.4 (Version: 0.5.5.4)
Mystery P.I. - Stolen in San Francisco (Version: 2.2.0.95)
Namco All-Stars PAC-MAN (Version: 2.2.0.95)
NewsLeecher v3.9 Final
Notepad++ (Version: 5.9.6.2)
Paint.NET v3.5.10 (Version: 3.60.0)
Password Safe
Penguins! (Version: 2.2.0.95)
Picasa 3 (Version: 3.8)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
PX Profile Update (Version: 1.00.1.)
QuickPar 0.9 (Version: 0.9)
Realtek Ethernet Controller Driver (Version: 7.41.216.2011)
Realtek PCIE Card Reader (Version: 6.1.7601.83)
Recovery Manager (Version: 2.0.0)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.19.0)
RoxioNow Player (Version: 1.9.5.103)
Slingo Supreme (Version: 2.2.0.95)
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49 (Version: v2011.build.49)
Synaptics TouchPad Driver (Version: 15.3.29.0)
ThinkingRock 3.3
TMPGEnc Authoring Works 5 (Version: 5.0.8.26)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Validity WBF DDK (Version: 4.3.205.0)
VIP Access SDK (1.1.0.4) (Version: 1.1.0.4)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
VisiPics V1.30
VLC media player 2.0.2 (Version: 2.0.2)
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games App (HP Games) (Version: 4.0.5.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
YAMB
YouTube Downloader 3.5
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 8139.86 MB
Available physical RAM: 4705.75 MB
Total Pagefile: 16277.91 MB
Available Pagefile: 12658.34 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.09 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:914.16 GB) (Free:145 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:17.05 GB) (Free:1.87 GB) NTFS

========================= Users: ========================================

User accounts for \\BOB-LAPTOP

Administrator ASPNET Bob
Guest Katie


**** End of log ****





Farbar Service Scanner Version: 06-08-2012
Ran by Bob (administrator) on 20-08-2012 at 13:07:20
Running from "C:\Users\Bob\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



# AdwCleaner v1.801 - Logfile created 08/20/2012 at 13:09:32
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Bob - BOB-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Bob\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v8.0.1 (en-US)

Profile name : default
File : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\zz15swav.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[S1].txt - [288 octets] - [20/08/2012 13:08:40]
AdwCleaner[S2].txt - [1401 octets] - [20/08/2012 13:09:32]

########## EOF - C:\AdwCleaner[S2].txt - [1529 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:32 AM

Posted 20 August 2012 - 08:57 PM

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Documents and Settings\Bob\AppData\Local\{1c5ba6b1-0e86-7738-a494-d129f7ee995f}
C:\Users\Bob\AppData\Local\{1c5ba6b1-0e86-7738-a494-d129f7ee995f}

delete the folders


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#7 bposert

bposert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 20 August 2012 - 11:38 PM

Great, naranxp. Here are the logs.
Best,
Bob




"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "BTMTrayAgent" "Bluetooth Shell Extension" "Intel Corporation" "c:\program files (x86)\intel\bluetooth\btmshell.dll"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe"
+ "BCSSync" "Microsoft Office 2010 component" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\bcssync.exe"
+ "Easybits Recovery" "" "" "File not found: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
+ "EEventManager" "EEventManager Application" "SEIKO EPSON CORPORATION" "c:\program files (x86)\epson software\event manager\eeventmanager.exe"
+ "FUFAXRCV" "Fax Reception" "SEIKO EPSON CORPORATION" "c:\program files (x86)\epson software\fax utility\fufaxrcv.exe"
+ "FUFAXSTM" "Fax Transmission" "SEIKO EPSON CORPORATION" "c:\program files (x86)\epson software\fax utility\fufaxstm.exe"
+ "HP Quick Launch" "HP Message Service" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe"
+ "HPConnectionManager" "HPCMDelayStart Application" "Hewlett-Packard Development Company L.P." "c:\program files (x86)\hewlett-packard\hp connection manager\hpcmdelaystart.exe"
+ "HPOSD" "HP On Screen Display" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp on screen display\hposd.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
+ "NUSB3MON" "USB 3.0 Monitor" "Renesas Electronics Corporation" "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "MozyHome Status.lnk" "MozyHome Status Application" "Mozy, Inc." "c:\program files\mozyhome\mozystat.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Artisan 837(Network)" "EPSON Status Monitor 3" "SEIKO EPSON CORPORATION" "c:\windows\system32\spool\drivers\x64\3\e_iatihoa.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\users\bob\appdata\local\google\update\googleupdate.exe"
+ "Jet Propulsion Laboratory" "" "" "File not found: C:\Users\Bob\AppData\Local\Jet Propulsion Laboratory\jbyqwtkd.dll"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "BTMSentToExt" "Bluetooth Shell Extension" "Intel Corporation" "c:\program files (x86)\intel\bluetooth\btmshell.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "Notepad++64" "ShellHandler for Notepad++ (64 bit)" "" "c:\program files (x86)\notepad++\nppshell_04.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files (x86)\7-zip\7-zip.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "mozy" "MozyHome Shell Extensions" "Mozy, Inc." "c:\program files\mozyhome\mozyshell.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "mozy" "MozyHome Shell Extensions" "Mozy, Inc." "c:\program files\mozyhome\mozyshell.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files (x86)\7-zip\7-zip.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files (x86)\7-zip\7-zip.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
+ "mozy" "MozyHome Shell Extensions" "Mozy, Inc." "c:\program files\mozyhome\mozyshell.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "mozy" "MozyHome Shell Extensions" "Mozy, Inc." "c:\program files\mozyhome\mozyshell.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "mozy" "MozyHome Shell Extensions" "Mozy, Inc." "c:\program files\mozyhome\mozyshell.dll"
+ "mozy2" "MozyHome Shell Extensions" "Mozy, Inc." "c:\program files\mozyhome\mozyshell.dll"
+ "mozy3" "MozyHome Shell Extensions" "Mozy, Inc." "c:\program files\mozyhome\mozyshell.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "TrueSuite Website Log On" "Website Log On" "HP" "c:\program files (x86)\hp simplepass 2011\x64\iebho.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bingext.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "TrueSuite Website Log On" "Website Log On" "HP" "c:\program files (x86)\hp simplepass 2011\iebho.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bingext.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Add to Evernote 4" "" "" "File not found: C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-421853727-1289268357-2069232896-1001Core" "Google Installer" "Google Inc." "c:\users\bob\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-421853727-1289268357-2069232896-1001UA" "Google Installer" "Google Inc." "c:\users\bob\appdata\local\google\update\googleupdate.exe"
+ "\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" "HP Support Assistant" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\resources\hpsfmessenger\hpsfmsgr.exe"
+ "\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up" "HPTuneUp" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\hptuneup.exe"
+ "\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" "UtilTask" "Microsoft" "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\utiltask.exe"
+ "\Hewlett-Packard\HP Support Assistant\PC Health Analysis" "HP Support Assistant" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe"
+ "\Hewlett-Packard\HP Support Assistant\PC Tuneup" "HP Support Assistant" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe"
+ "\Hewlett-Packard\HP Support Assistant\Update Check" "HP Support Assistant Updater" "Hewlett-Packard" "c:\programdata\hewlett-packard\hp support framework\resources\updater\hpsfupdater.exe"
+ "\HPCeeScheduleForBob" "HP Ceement" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe"
+ "\HPCeeScheduleForBOB-LAPTOP$" "HP Ceement" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\MirageAgent" "YouCam Mirage" "CyberLink" "c:\program files (x86)\cyberlink\youcam\ycmmirage.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AESTFilters" "Andrea filters APO access service (64-bit)" "Andrea Electronics Corporation" "c:\program files\idt\wdm\aestsr64.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "AMPPALR3" "Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter" "Intel Corporation" "c:\program files\intel\bluetoothhs\bthsamppalservice.exe"
+ "aspnet_state" "Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start." "" "File not found: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bbsvc.exe"
+ "Bluetooth Device Monitor" "A process to monitor Bluetooth radio state and configure Bluetooth remote folders." "Intel Corporation" "c:\program files (x86)\intel\bluetooth\devmonsrv.exe"
+ "Bluetooth Media Service" "Provides Bluetooth Media Profiles support" "Intel Corporation" "c:\program files (x86)\intel\bluetooth\mediasrv.exe"
+ "Bluetooth OBEX Service" "Provides Bluetooth File Transfer Protocol support." "Intel Corporation" "c:\program files (x86)\intel\bluetooth\obexsrv.exe"
+ "BTHSSecurityMgr" "Manages the 802.1x security between two Bluetooth® High Speed connections." "Intel® Corporation" "c:\program files\intel\bluetoothhs\bthssecuritymgr.exe"
+ "EpsonBidirectionalService" "eEBAPI Core Process module" "SEIKO EPSON CORPORATION" "c:\program files (x86)\common files\epson\ebapi\eebsvc.exe"
+ "EpsonCustomerParticipation" "Epson Customer Participation" "SEIKO EPSON CORPORATION" "c:\program files\epson\epsoncustomerparticipation\epcp.exe"
+ "EvtEng" "Manages the event trace messages for all the Intel® PROSet/Wireless Software components." "Intel® Corporation" "c:\program files\intel\wifi\bin\evteng.exe"
+ "ezSharedSvc" "Provides licensing, security and parental control services for EasyBits applications. If this service is stopped or disabled, these applications will not function properly." "EasyBits Software AS" "c:\windows\syswow64\ezsharedsvchost.exe"
+ "FPLService" "Provides convenient and secure fingerprint authentication and identity management." "HP" "c:\program files (x86)\hp simplepass 2011\truesuiteservice.exe"
+ "GamesAppService" "WT Games App Services" "WildTangent, Inc." "c:\program files (x86)\wildtangent games\app\gamesappservice.exe"
+ "gusvc" "gusvc" "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "HP Support Assistant Service" "HP Support Assistant Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe"
+ "HPAuto" "HP Usage Improvement Tracking" "Hewlett-Packard" "c:\program files\hewlett-packard\hp auto\hpauto.exe"
+ "HPClientSvc" "HP Client Services" "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp client services\hpclientservices.exe"
+ "hpCMSrv" "Manages all HP embedded network connectivities." "Hewlett-Packard Development Company L.P." "c:\program files (x86)\hewlett-packard\hp connection manager\hpcmsrv.exe"
+ "hpqwmiex" "HP Software Framework WMI Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe"
+ "hpsrv" "HpService" "Hewlett-Packard Company" "c:\windows\system32\hpservice.exe"
+ "HPWMISVC" "HP Quick Launch WMI Service" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "IconMan_R" "Realtek Card Reader Icon Tool." "Realsil Microelectronics Inc." "c:\program files (x86)\realtek\realtek pcie card reader\riconman.exe"
+ "jhi_service" "Intel® Identity Protection Technology Host Interface Service - Allows applications to access the local Intel Identity Protection Technology" "Intel Corporation" "c:\program files (x86)\intel\services\ipt\jhi_service.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\groove.exe"
+ "mozybackup" "Backs up files to the MozyHome servers. Please DO NOT stop this service." "Mozy, Inc." "c:\program files\mozyhome\mozybackup.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "MyWiFiDHCPDNS" "Wireless PAN DHCP and DNS Server" "" "c:\program files\intel\wifi\bin\pandhcpdns.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "RegSrvc" "Provides registry access to all Intel® PROSet/Wireless Software components" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"
+ "RoxioNow Service" "Windows Service App" "Roxio" "c:\program files (x86)\roxio\roxionow player\rnowsvc.exe"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files (x86)\microsoft\bingbar\seaport.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\program files\idt\wdm\stacsv64.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "ZeroConfigService" "Manages the zero configuration service for all the Intel® PROSet/Wireless Software components." "Intel® Corporation" "c:\program files\intel\wifi\bin\zeroconfigservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Accelerometer" "HP Accelerometer" "Hewlett-Packard Company" "c:\windows\system32\drivers\accelerometer.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "AMPPAL" "Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\amppal.sys"
+ "AMPPALP" "Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\amppal.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl664.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "btmaux" "Bluetooth Auxiliary Driver" "Intel Corporation" "c:\windows\system32\drivers\btmaux.sys"
+ "btmhsf" "Bluetooth HighSpeed Filter Driver" "Intel Corporation" "c:\windows\system32\drivers\btmhsf.sys"
+ "clwvd" "CyberLink WebCam Virtual Driver" "CyberLink Corporation" "c:\windows\system32\drivers\clwvd.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "hpdskflt" "HP Disk Filter - SATA/RAID" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpdskflt.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iBtFltCoex" "Intel® Centrino® Wireless (Bluetooth Adapter) Driver" "Intel Corporation" "c:\windows\system32\drivers\ibtfltcoex.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "intaud_WaveExtensible" "Intel® WiDi Solution" "Intel Corporation" "c:\windows\system32\drivers\intelaud.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "intelkmd" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdpmd64.sys"
+ "iscFlash" "iscflashx64.sys" "Insyde Software" "c:\users\bob\appdata\local\temp\7zs938f.tmp\iscflashx64.sys"
+ "iwdbus" "Intel® WiDi Solution" "Intel Corporation" "c:\windows\system32\drivers\iwdbus.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "mozyFilter" "MozyHome Change Monitor" "Mozy, Inc." "c:\windows\system32\drivers\mozy.sys"
+ "NETwNs64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netwsw00.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nusb3hub" "USB 3.0 Hub Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3hub.sys"
+ "nusb3xhc" "USB 3.0 Host Controller Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3xhc.sys"
+ "NVENETFD" "NVIDIA MCP Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvm62x64.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PxHlpa64" "Px Engine Device Driver for 64-bit Windows" "Sonic Solutions" "c:\windows\system32\drivers\pxhlpa64.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSPCIESTOR" "Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtspstor.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv6.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt6.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt64.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.i420" "Helix I420 YUV Codec" "www.helixcommunity.org" "c:\windows\syswow64\i420vfw.dll"
+ "vidc.yv12" "Helix YV12 YUV Codec" "www.helixcommunity.org" "c:\windows\syswow64\yv12vfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "VDP Renderer" "VDP Filter" "Intel Corporation" "c:\program files (x86)\intel\bluetooth\vdpsnka.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "aac_parser" "Direct show parser filter for ADTS" "" "c:\windows\syswow64\aac_parser.ax"
+ "AC3Filter" "ac3filter" "" "c:\windows\syswow64\ac3dx.ax"
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CoreAAC Audio Decoder" "CoreAAC" "" "c:\windows\syswow64\coreaac.ax"
+ "CoreAVC Video Decoder" "CoreAVC DirectShow Video Decoder" "CoreCodec" "c:\windows\syswow64\avcdx.ax"
+ "Dirac Source" "Dirac Splitter" "Gabest" "c:\windows\syswow64\diracsplitter.ax"
+ "Dirac Splitter" "Dirac Splitter" "Gabest" "c:\windows\syswow64\diracsplitter.ax"
+ "Dirac Video Decoder" "Dirac Splitter" "Gabest" "c:\windows\syswow64\diracsplitter.ax"
+ "DS Video Buffer Filter" "WiDiAgent.dll COM object." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\dsbuffer_video.ax"
+ "FLV Source" "FLV Splitter" "Gabest" "c:\windows\syswow64\flvdx.dll"
+ "FLV Splitter" "FLV Splitter" "Gabest" "c:\windows\syswow64\flvdx.dll"
+ "FLV Video Decoder" "FLV Splitter" "Gabest" "c:\windows\syswow64\flvdx.dll"
+ "Intel® Mux Renderer" "Intel® TS Mux / Network Renderer" "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\intelmux.dll"
+ "Intel®WiDi H264 encoder" "" "" "c:\program files (x86)\common files\intel corporation\widiagent\h264_enc_filter.dll"
+ "MainConcept AAC Encoder" "AAC audio encoder filter" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mc_enc_aac_ds.ax"
+ "Matroska Source" "Matroska Splitter" "Gabest" "c:\windows\syswow64\matroskadx.ax"
+ "Matroska Splitter" "Matroska Splitter" "Gabest" "c:\windows\syswow64\matroskadx.ax"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prdmowrapper.dll"
+ "RadLight Ogg Splitter" "RLOgg" "RadLight" "c:\windows\syswow64\rlogg.ax"
+ "RadLight Speex Decoder" "RadLight Speex Decoder" "" "c:\windows\syswow64\rlspeexdec.ax"
+ "RadLight Theora Decoder" "RadLight Theora Decoder" "RadLight, LLC" "c:\windows\syswow64\rltheoradec.ax"
+ "RadLight Vorbis Decoder" "RLVorbisDec.ax" "RadLight" "c:\windows\syswow64\rlvorbisdec.ax"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\windows\syswow64\realmediadx.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\windows\syswow64\realmediadx.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\windows\syswow64\realmediadx.ax"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\windows\syswow64\realmediadx.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "TAK SourceFilter" "" "" "c:\windows\syswow64\takdsdecoder.ax"
+ "VDP Renderer" "VDP Filter" "Intel Corporation" "c:\program files (x86)\intel\bluetooth\vdpsnk.dll"
+ "WD Audio Filter" "WiDi Audio Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdaudiofilter.dll"
+ "WD Secure Source Filter" "Intel® WiDi Secure Video Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdsecuresourcefilter.dll"
+ "WDSource Filter" "WiDi Video Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdsourcefilter.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "CutePDF Writer Monitor" "" "" "c:\windows\system32\cpwmon64.dll"
+ "EPSON Artisan 837 Series 64MonitorBA" "EPSON Bi-directional Monitor AMD64" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_ilmhoa.dll"
+ "EpsonNet Print Port" "EpsonNet Print Port Monitor DLL" "SEIKO EPSON CORPORATION" "c:\windows\system32\enppmon.dll"





Rkill 2.2.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/20/2012 09:36:56 PM in x64 mode.
Windows Version: Windows 7 Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Bob\Desktop\rkill\rkill-08-20-2012-09-37-01.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]

Checking Windows Service Integrity:

* AppMgmt [Missing Service]
* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/20/2012 09:37:11 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:32 AM

Posted 20 August 2012 - 11:43 PM

"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Jet Propulsion Laboratory" "" "" "File not found: C:\Users\Bob\AppData\Local\Jet Propulsion Laboratory\jbyqwtkd.dll"

Launch autoruns and uncheck this entry

Download the file

Fix.reg

launch it,click YES

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 bposert

bposert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 21 August 2012 - 10:22 AM

Thanks so much, naranxp! Everything is working great now. I'd like to donate something - I don't think bc takes donations, but do you, or do you have a favorite charity?
Thanks again,
Bob

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:32 AM

Posted 21 August 2012 - 11:30 AM

You're most welcome :)

Edited by narenxp, 22 August 2012 - 06:19 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users