Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect, no luck


  • Please log in to reply
9 replies to this topic

#1 TheManInTheBox

TheManInTheBox

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 03 November 2012 - 09:19 PM

~Hey Bleepingcomputer:

So I got this thing a couple weeks ago. It randomly redirects me to a web site I did not want to access. I am sure everyone has heard of it before.

Thing is, I ran MalwareBytes, Spybot, McAfee, and Super AntiSpyware. No luck with any. Yet it is still there. I ran HijackThis, and I have no idea what I am reading :huh: I can figure out what some of the processes and registry entries are, but I don't want to go deleting them without someone to double check for me.

I also ran TDSSkiller and fixtdss, none of them picked anything up either. I am trying to avoid reformatting if possible.

Can anyone help? There is a beer in it for you!

Edited by Orange Blossom, 03 November 2012 - 09:36 PM.
Moved to AII from Windows 7. ~ OB


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:09 PM

Posted 03 November 2012 - 09:23 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 TheManInTheBox

TheManInTheBox
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 04 November 2012 - 10:37 AM

TDSSKiller Log:

22:39:48.0224 4116 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:39:48.0684 4116 ============================================================
22:39:48.0684 4116 Current date / time: 2012/11/03 22:39:48.0684
22:39:48.0684 4116 SystemInfo:
22:39:48.0684 4116
22:39:48.0684 4116 OS Version: 6.1.7601 ServicePack: 1.0
22:39:48.0684 4116 Product type: Workstation
22:39:48.0684 4116 ComputerName: MAX-PC
22:39:48.0684 4116 UserName: Max
22:39:48.0684 4116 Windows directory: C:\Windows
22:39:48.0684 4116 System windows directory: C:\Windows
22:39:48.0684 4116 Running under WOW64
22:39:48.0684 4116 Processor architecture: Intel x64
22:39:48.0684 4116 Number of processors: 2
22:39:48.0684 4116 Page size: 0x1000
22:39:48.0684 4116 Boot type: Normal boot
22:39:48.0684 4116 ============================================================
22:39:50.0090 4116 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:39:50.0096 4116 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
22:39:50.0099 4116 ============================================================
22:39:50.0099 4116 \Device\Harddisk1\DR1:
22:39:50.0100 4116 MBR partitions:
22:39:50.0100 4116 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
22:39:50.0100 4116 \Device\Harddisk0\DR0:
22:39:50.0100 4116 MBR partitions:
22:39:50.0100 4116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:39:50.0100 4116 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
22:39:50.0100 4116 ============================================================
22:39:50.0125 4116 C: <-> \Device\Harddisk0\DR0\Partition2
22:39:50.0126 4116 F: <-> \Device\Harddisk1\DR1\Partition1
22:39:50.0173 4116 ============================================================
22:39:50.0174 4116 Initialize success
22:39:50.0174 4116 ============================================================
22:40:12.0079 3180 ============================================================
22:40:12.0079 3180 Scan started
22:40:12.0079 3180 Mode: Manual; TDLFS;
22:40:12.0079 3180 ============================================================
22:40:13.0052 3180 ================ Scan system memory ========================
22:40:13.0052 3180 System memory - ok
22:40:13.0052 3180 ================ Scan services =============================
22:40:13.0121 3180 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:40:13.0124 3180 !SASCORE - ok
22:40:13.0234 3180 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:40:13.0237 3180 1394ohci - ok
22:40:13.0256 3180 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:40:13.0343 3180 ACPI - ok
22:40:13.0364 3180 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:40:13.0422 3180 AcpiPmi - ok
22:40:13.0518 3180 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:40:13.0520 3180 AdobeARMservice - ok
22:40:13.0605 3180 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:40:13.0608 3180 AdobeFlashPlayerUpdateSvc - ok
22:40:13.0632 3180 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:40:13.0646 3180 adp94xx - ok
22:40:13.0661 3180 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:40:13.0673 3180 adpahci - ok
22:40:13.0693 3180 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:40:13.0702 3180 adpu320 - ok
22:40:13.0718 3180 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:40:13.0719 3180 AeLookupSvc - ok
22:40:13.0747 3180 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:40:13.0754 3180 AFD - ok
22:40:13.0774 3180 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:40:13.0780 3180 agp440 - ok
22:40:13.0801 3180 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:40:13.0807 3180 ALG - ok
22:40:13.0824 3180 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:40:13.0831 3180 aliide - ok
22:40:13.0842 3180 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:40:13.0847 3180 amdide - ok
22:40:13.0864 3180 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:40:13.0866 3180 AmdK8 - ok
22:40:13.0871 3180 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:40:13.0876 3180 AmdPPM - ok
22:40:13.0921 3180 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:40:14.0000 3180 amdsata - ok
22:40:14.0045 3180 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:40:14.0055 3180 amdsbs - ok
22:40:14.0075 3180 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:40:14.0077 3180 amdxata - ok
22:40:14.0089 3180 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:40:14.0172 3180 AppID - ok
22:40:14.0202 3180 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:40:14.0208 3180 AppIDSvc - ok
22:40:14.0215 3180 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:40:14.0216 3180 Appinfo - ok
22:40:14.0242 3180 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:40:14.0244 3180 Apple Mobile Device - ok
22:40:14.0269 3180 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:40:14.0274 3180 AppMgmt - ok
22:40:14.0291 3180 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:40:14.0296 3180 arc - ok
22:40:14.0310 3180 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:40:14.0319 3180 arcsas - ok
22:40:14.0550 3180 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:40:14.0647 3180 aspnet_state - ok
22:40:14.0675 3180 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:40:14.0676 3180 AsyncMac - ok
22:40:14.0681 3180 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:40:14.0682 3180 atapi - ok
22:40:14.0715 3180 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:40:14.0722 3180 AudioEndpointBuilder - ok
22:40:14.0733 3180 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:40:14.0737 3180 AudioSrv - ok
22:40:14.0753 3180 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:40:14.0801 3180 AxInstSV - ok
22:40:14.0831 3180 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:40:14.0846 3180 b06bdrv - ok
22:40:14.0875 3180 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:40:14.0883 3180 b57nd60a - ok
22:40:14.0891 3180 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:40:14.0897 3180 BDESVC - ok
22:40:14.0902 3180 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:40:14.0904 3180 Beep - ok
22:40:14.0926 3180 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:40:15.0076 3180 BITS - ok
22:40:15.0105 3180 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:40:15.0107 3180 blbdrive - ok
22:40:15.0144 3180 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:40:15.0150 3180 Bonjour Service - ok
22:40:15.0157 3180 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:40:15.0159 3180 bowser - ok
22:40:15.0177 3180 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:40:15.0185 3180 BrFiltLo - ok
22:40:15.0189 3180 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:40:15.0197 3180 BrFiltUp - ok
22:40:15.0214 3180 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:40:15.0263 3180 Browser - ok
22:40:15.0320 3180 [ 7EFFCCD7B6EA4D3428F5B3ACE8DE8F5A ] Browser Defender Update Service C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
22:40:15.0327 3180 Browser Defender Update Service - ok
22:40:15.0346 3180 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:40:15.0356 3180 Brserid - ok
22:40:15.0366 3180 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:40:15.0373 3180 BrSerWdm - ok
22:40:15.0378 3180 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:40:15.0383 3180 BrUsbMdm - ok
22:40:15.0388 3180 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:40:15.0392 3180 BrUsbSer - ok
22:40:15.0400 3180 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:40:15.0404 3180 BTHMODEM - ok
22:40:15.0414 3180 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:40:15.0418 3180 bthserv - ok
22:40:15.0424 3180 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:40:15.0431 3180 cdfs - ok
22:40:15.0439 3180 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:40:15.0441 3180 cdrom - ok
22:40:15.0448 3180 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:40:15.0521 3180 CertPropSvc - ok
22:40:15.0564 3180 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:40:15.0568 3180 circlass - ok
22:40:15.0592 3180 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:40:15.0597 3180 CLFS - ok
22:40:15.0627 3180 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:40:15.0635 3180 clr_optimization_v2.0.50727_32 - ok
22:40:15.0655 3180 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:40:15.0664 3180 clr_optimization_v2.0.50727_64 - ok
22:40:15.0708 3180 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:40:15.0793 3180 clr_optimization_v4.0.30319_32 - ok
22:40:15.0799 3180 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:40:15.0807 3180 clr_optimization_v4.0.30319_64 - ok
22:40:15.0822 3180 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:40:15.0827 3180 CmBatt - ok
22:40:15.0841 3180 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:40:15.0847 3180 cmdide - ok
22:40:15.0870 3180 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:40:15.0877 3180 CNG - ok
22:40:15.0891 3180 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:40:15.0897 3180 Compbatt - ok
22:40:15.0908 3180 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:40:15.0991 3180 CompositeBus - ok
22:40:16.0029 3180 COMSysApp - ok
22:40:16.0047 3180 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:40:16.0051 3180 crcdisk - ok
22:40:16.0106 3180 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:40:16.0109 3180 CryptSvc - ok
22:40:16.0130 3180 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
22:40:16.0137 3180 CSC - ok
22:40:16.0158 3180 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
22:40:16.0165 3180 CscService - ok
22:40:16.0184 3180 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:40:16.0191 3180 DcomLaunch - ok
22:40:16.0204 3180 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:40:16.0215 3180 defragsvc - ok
22:40:16.0231 3180 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:40:16.0234 3180 DfsC - ok
22:40:16.0246 3180 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:40:16.0250 3180 Dhcp - ok
22:40:16.0256 3180 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:40:16.0257 3180 discache - ok
22:40:16.0283 3180 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:40:16.0285 3180 Disk - ok
22:40:16.0301 3180 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
22:40:16.0384 3180 dmvsc - ok
22:40:16.0415 3180 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:40:16.0420 3180 Dnscache - ok
22:40:16.0437 3180 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:40:16.0487 3180 dot3svc - ok
22:40:16.0516 3180 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:40:16.0519 3180 DPS - ok
22:40:16.0542 3180 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:40:16.0549 3180 drmkaud - ok
22:40:16.0578 3180 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:40:16.0673 3180 DXGKrnl - ok
22:40:16.0685 3180 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:40:16.0690 3180 EapHost - ok
22:40:16.0755 3180 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:40:16.0826 3180 ebdrv - ok
22:40:16.0844 3180 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:40:16.0922 3180 EFS - ok
22:40:16.0965 3180 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:40:17.0034 3180 ehRecvr - ok
22:40:17.0059 3180 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:40:17.0065 3180 ehSched - ok
22:40:17.0082 3180 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:40:17.0093 3180 elxstor - ok
22:40:17.0165 3180 [ C3D8C7E58D6194286A6D3985CABF19E7 ] enterceptAgent C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe
22:40:17.0181 3180 enterceptAgent - ok
22:40:17.0191 3180 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:40:17.0197 3180 ErrDev - ok
22:40:17.0223 3180 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:40:17.0228 3180 EventSystem - ok
22:40:17.0237 3180 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:40:17.0246 3180 exfat - ok
22:40:17.0262 3180 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:40:17.0266 3180 fastfat - ok
22:40:17.0286 3180 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:40:17.0375 3180 Fax - ok
22:40:17.0382 3180 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:40:17.0384 3180 fdc - ok
22:40:17.0389 3180 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:40:17.0391 3180 fdPHost - ok
22:40:17.0406 3180 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:40:17.0410 3180 FDResPub - ok
22:40:17.0416 3180 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:40:17.0417 3180 FileInfo - ok
22:40:17.0428 3180 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:40:17.0432 3180 Filetrace - ok
22:40:17.0446 3180 [ 04EB7C3063834C50FEF94AE77B05CBF9 ] Firehk C:\Windows\system32\DRIVERS\firehk.sys
22:40:17.0448 3180 Firehk - ok
22:40:17.0451 3180 [ 04EB7C3063834C50FEF94AE77B05CBF9 ] FirehkMP C:\Windows\system32\DRIVERS\firehk.sys
22:40:17.0452 3180 FirehkMP - ok
22:40:17.0458 3180 [ 91C7C2C38D51A1AB25F909189A2C2DB9 ] firelm01 C:\Windows\system32\drivers\firelm01.sys
22:40:17.0459 3180 firelm01 - ok
22:40:17.0491 3180 [ 7A5AF3EE86BBB96A5B2C96FACBFE124F ] FirePM C:\Windows\system32\Drivers\FirePM.sys
22:40:17.0494 3180 FirePM - ok
22:40:17.0533 3180 [ 9D0071CB93C9CEBFB927F443C75E3251 ] FireTDI C:\Windows\system32\Drivers\FireTDI.sys
22:40:17.0537 3180 FireTDI - ok
22:40:17.0542 3180 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:40:17.0543 3180 flpydisk - ok
22:40:17.0557 3180 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:40:17.0608 3180 FltMgr - ok
22:40:17.0660 3180 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:40:17.0672 3180 FontCache - ok
22:40:17.0678 3180 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:40:17.0744 3180 FontCache3.0.0.0 - ok
22:40:17.0764 3180 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:40:17.0769 3180 FsDepends - ok
22:40:17.0774 3180 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:40:17.0776 3180 Fs_Rec - ok
22:40:17.0793 3180 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:40:17.0797 3180 fvevol - ok
22:40:17.0804 3180 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:40:17.0811 3180 gagp30kx - ok
22:40:17.0863 3180 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:40:17.0868 3180 GEARAspiWDM - ok
22:40:17.0893 3180 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:40:17.0902 3180 gpsvc - ok
22:40:17.0925 3180 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:40:17.0928 3180 gupdate - ok
22:40:17.0932 3180 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:40:17.0934 3180 gupdatem - ok
22:40:17.0939 3180 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:40:17.0943 3180 hcw85cir - ok
22:40:17.0966 3180 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:40:17.0971 3180 HdAudAddService - ok
22:40:17.0997 3180 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:40:18.0000 3180 HDAudBus - ok
22:40:18.0018 3180 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:40:18.0022 3180 HidBatt - ok
22:40:18.0029 3180 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:40:18.0035 3180 HidBth - ok
22:40:18.0040 3180 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:40:18.0045 3180 HidIr - ok
22:40:18.0051 3180 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:40:18.0052 3180 hidserv - ok
22:40:18.0066 3180 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:40:18.0067 3180 HidUsb - ok
22:40:18.0075 3180 [ A5FA050FF3A5F3630C2598D32E339DEF ] HIPK C:\Windows\system32\drivers\HIPK.sys
22:40:18.0078 3180 HIPK - ok
22:40:18.0083 3180 [ E8EB147DC272DBA6F0EBA31D17E752C6 ] HIPPSK C:\Windows\system32\drivers\HIPPSK.sys
22:40:18.0085 3180 HIPPSK - ok
22:40:18.0090 3180 [ 1F95E665632A39AC57E1C605E49C5816 ] HIPQK C:\Windows\system32\drivers\HIPQK.sys
22:40:18.0092 3180 HIPQK - ok
22:40:18.0101 3180 [ 44CD99A1B57827ED9E98851B0BAEE851 ] hips C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe
22:40:18.0102 3180 hips - ok
22:40:18.0113 3180 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:40:18.0185 3180 hkmsvc - ok
22:40:18.0214 3180 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:40:18.0288 3180 HomeGroupListener - ok
22:40:18.0316 3180 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:40:18.0320 3180 HomeGroupProvider - ok
22:40:18.0337 3180 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:40:18.0402 3180 HpSAMD - ok
22:40:18.0446 3180 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:40:18.0456 3180 HTTP - ok
22:40:18.0461 3180 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:40:18.0465 3180 hwpolicy - ok
22:40:18.0496 3180 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:40:18.0506 3180 i8042prt - ok
22:40:18.0559 3180 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:40:18.0628 3180 iaStorV - ok
22:40:18.0673 3180 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:40:18.0767 3180 idsvc - ok
22:40:18.0790 3180 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:40:18.0798 3180 iirsp - ok
22:40:18.0833 3180 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:40:18.0917 3180 IKEEXT - ok
22:40:18.0945 3180 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:40:18.0948 3180 intelide - ok
22:40:18.0973 3180 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
22:40:18.0981 3180 intelppm - ok
22:40:18.0997 3180 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:40:19.0005 3180 IPBusEnum - ok
22:40:19.0028 3180 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:40:19.0105 3180 IpFilterDriver - ok
22:40:19.0136 3180 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:40:19.0204 3180 IPMIDRV - ok
22:40:19.0210 3180 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:40:19.0218 3180 IPNAT - ok
22:40:19.0285 3180 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:40:19.0295 3180 iPod Service - ok
22:40:19.0311 3180 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:40:19.0316 3180 IRENUM - ok
22:40:19.0330 3180 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:40:19.0334 3180 isapnp - ok
22:40:19.0354 3180 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:40:19.0419 3180 iScsiPrt - ok
22:40:19.0455 3180 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:40:19.0456 3180 kbdclass - ok
22:40:19.0470 3180 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:40:19.0473 3180 kbdhid - ok
22:40:19.0486 3180 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:40:19.0488 3180 KeyIso - ok
22:40:19.0502 3180 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:40:19.0552 3180 KSecDD - ok
22:40:19.0567 3180 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:40:19.0570 3180 KSecPkg - ok
22:40:19.0579 3180 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:40:19.0581 3180 ksthunk - ok
22:40:19.0601 3180 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:40:19.0614 3180 KtmRm - ok
22:40:19.0624 3180 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:40:19.0628 3180 LanmanServer - ok
22:40:19.0651 3180 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:40:19.0654 3180 LanmanWorkstation - ok
22:40:19.0674 3180 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:40:19.0676 3180 lltdio - ok
22:40:19.0696 3180 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:40:19.0705 3180 lltdsvc - ok
22:40:19.0722 3180 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:40:19.0724 3180 lmhosts - ok
22:40:19.0744 3180 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:40:19.0750 3180 LSI_FC - ok
22:40:19.0758 3180 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:40:19.0763 3180 LSI_SAS - ok
22:40:19.0782 3180 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:40:19.0786 3180 LSI_SAS2 - ok
22:40:19.0803 3180 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:40:19.0811 3180 LSI_SCSI - ok
22:40:19.0833 3180 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:40:19.0836 3180 luafv - ok
22:40:19.0858 3180 [ 20F77F14FE972AA028454047632B2AC8 ] McAfee SiteAdvisor Enterprise Service C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
22:40:19.0861 3180 McAfee SiteAdvisor Enterprise Service - ok
22:40:19.0929 3180 [ 5D992CA633358DD0E7A16D88829DA087 ] McAfeeEngineService C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
22:40:19.0931 3180 McAfeeEngineService - ok
22:40:19.0977 3180 [ 3EF9511390F9106DD8CF0747BAEB335C ] McAfeeFramework C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
22:40:19.0979 3180 McAfeeFramework - ok
22:40:20.0038 3180 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
22:40:20.0113 3180 McComponentHostService - ok
22:40:20.0121 3180 [ 40E2DAB104501594C8F93FA7BDFD3596 ] McShield C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
22:40:20.0124 3180 McShield - ok
22:40:20.0129 3180 [ 3077FEEFA81B025390092F7FBF2B51C5 ] McTaskManager C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
22:40:20.0131 3180 McTaskManager - ok
22:40:20.0153 3180 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:40:20.0215 3180 Mcx2Svc - ok
22:40:20.0235 3180 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:40:20.0242 3180 megasas - ok
22:40:20.0256 3180 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:40:20.0266 3180 MegaSR - ok
22:40:20.0282 3180 [ 648EC36615ABF5AE20E4EF61FEDB6B9C ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
22:40:20.0285 3180 mfeapfk - ok
22:40:20.0298 3180 [ 93E8625F4F7EB387091557696390A1FC ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
22:40:20.0301 3180 mfeavfk - ok
22:40:20.0319 3180 [ DC8C7417254A4F8FEBDD1257DB351147 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
22:40:20.0326 3180 mfehidk - ok
22:40:20.0339 3180 [ 1EE3C78D14024CA7ADAA0AF53A0037CD ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
22:40:20.0401 3180 mferkdet - ok
22:40:20.0453 3180 [ B6170FAD509317A963BE6D4C2E104D2F ] mfetdik C:\Windows\system32\drivers\mfetdik.sys
22:40:20.0578 3180 mfetdik - ok
22:40:20.0586 3180 [ E1E2EDC7753F6A264E0AB77C9EE873D0 ] mfevtp C:\Windows\system32\mfevtps.exe
22:40:20.0590 3180 mfevtp - ok
22:40:20.0603 3180 [ C0505A334CA4072FD71E7645910699CB ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
22:40:20.0669 3180 mfewfpk - ok
22:40:20.0710 3180 Microsoft SharePoint Workspace Audit Service - ok
22:40:20.0723 3180 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:40:20.0726 3180 MMCSS - ok
22:40:20.0731 3180 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:40:20.0735 3180 Modem - ok
22:40:20.0744 3180 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:40:20.0746 3180 monitor - ok
22:40:20.0756 3180 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:40:20.0757 3180 mouclass - ok
22:40:20.0767 3180 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:40:20.0769 3180 mouhid - ok
22:40:20.0775 3180 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:40:20.0778 3180 mountmgr - ok
22:40:20.0788 3180 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:40:20.0874 3180 MozillaMaintenance - ok
22:40:20.0900 3180 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:40:20.0978 3180 mpio - ok
22:40:20.0984 3180 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:40:20.0992 3180 mpsdrv - ok
22:40:21.0022 3180 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:40:21.0088 3180 MRxDAV - ok
22:40:21.0118 3180 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:40:21.0121 3180 mrxsmb - ok
22:40:21.0139 3180 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:40:21.0143 3180 mrxsmb10 - ok
22:40:21.0161 3180 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:40:21.0163 3180 mrxsmb20 - ok
22:40:21.0181 3180 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:40:21.0262 3180 msahci - ok
22:40:21.0284 3180 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:40:21.0369 3180 msdsm - ok
22:40:21.0378 3180 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:40:21.0386 3180 MSDTC - ok
22:40:21.0418 3180 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:40:21.0426 3180 Msfs - ok
22:40:21.0431 3180 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:40:21.0437 3180 mshidkmdf - ok
22:40:21.0449 3180 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:40:21.0451 3180 msisadrv - ok
22:40:21.0464 3180 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:40:21.0472 3180 MSiSCSI - ok
22:40:21.0476 3180 msiserver - ok
22:40:21.0489 3180 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:40:21.0496 3180 MSKSSRV - ok
22:40:21.0500 3180 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:40:21.0507 3180 MSPCLOCK - ok
22:40:21.0513 3180 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:40:21.0517 3180 MSPQM - ok
22:40:21.0532 3180 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:40:21.0585 3180 MsRPC - ok
22:40:21.0593 3180 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:40:21.0595 3180 mssmbios - ok
22:40:21.0621 3180 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:40:21.0626 3180 MSTEE - ok
22:40:21.0633 3180 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:40:21.0639 3180 MTConfig - ok
22:40:21.0654 3180 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:40:21.0734 3180 MTsensor - ok
22:40:21.0765 3180 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:40:21.0767 3180 Mup - ok
22:40:21.0784 3180 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:40:21.0790 3180 napagent - ok
22:40:21.0812 3180 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:40:21.0823 3180 NativeWifiP - ok
22:40:21.0897 3180 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:40:21.0908 3180 NDIS - ok
22:40:21.0925 3180 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:40:21.0933 3180 NdisCap - ok
22:40:21.0953 3180 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:40:21.0956 3180 NdisTapi - ok
22:40:21.0973 3180 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:40:22.0033 3180 Ndisuio - ok
22:40:22.0069 3180 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:40:22.0072 3180 NdisWan - ok
22:40:22.0086 3180 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:40:22.0089 3180 NDProxy - ok
22:40:22.0115 3180 [ 85E3DF39B5C7F5249EFD120907C0E2D2 ] NEOFLTR_650_15991 C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS
22:40:22.0117 3180 NEOFLTR_650_15991 - ok
22:40:22.0125 3180 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:40:22.0126 3180 NetBIOS - ok
22:40:22.0139 3180 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:40:22.0142 3180 NetBT - ok
22:40:22.0154 3180 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:40:22.0156 3180 Netlogon - ok
22:40:22.0174 3180 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:40:22.0180 3180 Netman - ok
22:40:22.0200 3180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:22.0291 3180 NetMsmqActivator - ok
22:40:22.0296 3180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:22.0298 3180 NetPipeActivator - ok
22:40:22.0320 3180 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:40:22.0326 3180 netprofm - ok
22:40:22.0342 3180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:22.0344 3180 NetTcpActivator - ok
22:40:22.0349 3180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:22.0350 3180 NetTcpPortSharing - ok
22:40:22.0365 3180 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:40:22.0370 3180 nfrd960 - ok
22:40:22.0382 3180 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:40:22.0387 3180 NlaSvc - ok
22:40:22.0392 3180 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:40:22.0403 3180 Npfs - ok
22:40:22.0409 3180 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:40:22.0411 3180 nsi - ok
22:40:22.0424 3180 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:40:22.0426 3180 nsiproxy - ok
22:40:22.0462 3180 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:40:22.0488 3180 Ntfs - ok
22:40:22.0493 3180 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:40:22.0495 3180 Null - ok
22:40:22.0723 3180 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:40:22.0939 3180 nvlddmkm - ok
22:40:22.0966 3180 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:40:23.0036 3180 nvraid - ok
22:40:23.0095 3180 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:40:23.0158 3180 nvstor - ok
22:40:23.0205 3180 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:40:23.0215 3180 nvsvc - ok
22:40:23.0272 3180 [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:40:23.0307 3180 nvUpdatusService - ok
22:40:23.0323 3180 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:40:23.0332 3180 nv_agp - ok
22:40:23.0345 3180 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:40:23.0353 3180 ohci1394 - ok
22:40:23.0377 3180 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:40:23.0441 3180 ose64 - ok
22:40:23.0534 3180 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:40:23.0738 3180 osppsvc - ok
22:40:23.0755 3180 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:40:23.0760 3180 p2pimsvc - ok
22:40:23.0780 3180 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:40:23.0794 3180 p2psvc - ok
22:40:23.0800 3180 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:40:23.0806 3180 Parport - ok
22:40:23.0813 3180 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:40:23.0815 3180 partmgr - ok
22:40:23.0831 3180 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:40:23.0834 3180 PcaSvc - ok
22:40:23.0843 3180 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:40:23.0846 3180 pci - ok
22:40:23.0852 3180 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:40:23.0853 3180 pciide - ok
22:40:23.0866 3180 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:40:23.0873 3180 pcmcia - ok
22:40:23.0898 3180 [ A87932FF09593BA8D197667A13E2A628 ] PCTBD C:\Windows\system32\Drivers\PCTBD64.sys
22:40:23.0901 3180 PCTBD - ok
22:40:23.0946 3180 [ 876FD95B7A3B7FE6179FBD16E7A6486C ] PCTCore C:\Windows\system32\drivers\PCTCore64.sys
22:40:23.0952 3180 PCTCore - ok
22:40:24.0007 3180 [ BA1F42A42F405F62CEFF6B69A2797F7C ] pctDS C:\Windows\system32\drivers\pctDS64.sys
22:40:24.0014 3180 pctDS - ok
22:40:24.0071 3180 [ C4775E7F54F3CC6307B73462B1B802C6 ] PCTSD C:\Windows\system32\Drivers\PCTSD64.sys
22:40:24.0075 3180 PCTSD - ok
22:40:24.0095 3180 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:40:24.0097 3180 pcw - ok
22:40:24.0114 3180 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:40:24.0122 3180 PEAUTH - ok
22:40:24.0163 3180 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:40:24.0186 3180 PeerDistSvc - ok
22:40:24.0232 3180 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:40:24.0236 3180 PerfHost - ok
22:40:24.0278 3180 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:40:24.0344 3180 pla - ok
22:40:24.0372 3180 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:40:24.0379 3180 PlugPlay - ok
22:40:24.0392 3180 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:40:24.0407 3180 PNRPAutoReg - ok
22:40:24.0416 3180 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:40:24.0419 3180 PNRPsvc - ok
22:40:24.0465 3180 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:40:24.0542 3180 PolicyAgent - ok
22:40:24.0631 3180 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:40:24.0654 3180 Power - ok
22:40:24.0759 3180 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:40:24.0794 3180 PptpMiniport - ok
22:40:24.0813 3180 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:40:24.0818 3180 Processor - ok
22:40:24.0836 3180 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:40:24.0840 3180 ProfSvc - ok
22:40:24.0854 3180 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:40:24.0856 3180 ProtectedStorage - ok
22:40:24.0919 3180 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:40:24.0968 3180 Psched - ok
22:40:25.0011 3180 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:40:25.0053 3180 ql2300 - ok
22:40:25.0068 3180 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:40:25.0073 3180 ql40xx - ok
22:40:25.0093 3180 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:40:25.0102 3180 QWAVE - ok
22:40:25.0107 3180 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:40:25.0114 3180 QWAVEdrv - ok
22:40:25.0132 3180 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:40:25.0137 3180 RasAcd - ok
22:40:25.0144 3180 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:40:25.0148 3180 RasAgileVpn - ok
22:40:25.0170 3180 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:40:25.0179 3180 RasAuto - ok
22:40:25.0191 3180 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:40:25.0193 3180 Rasl2tp - ok
22:40:25.0271 3180 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:40:25.0332 3180 RasMan - ok
22:40:25.0378 3180 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:40:25.0380 3180 RasPppoe - ok
22:40:25.0394 3180 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:40:25.0398 3180 RasSstp - ok
22:40:25.0417 3180 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:40:25.0422 3180 rdbss - ok
22:40:25.0435 3180 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:40:25.0437 3180 rdpbus - ok
22:40:25.0452 3180 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:40:25.0456 3180 RDPCDD - ok
22:40:25.0477 3180 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:40:25.0563 3180 RDPDR - ok
22:40:25.0568 3180 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:40:25.0569 3180 RDPENCDD - ok
22:40:25.0575 3180 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:40:25.0577 3180 RDPREFMP - ok
22:40:25.0610 3180 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:40:25.0673 3180 RDPWD - ok
22:40:25.0682 3180 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:40:25.0686 3180 rdyboost - ok
22:40:25.0706 3180 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:40:25.0713 3180 RemoteAccess - ok
22:40:25.0724 3180 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:40:25.0730 3180 RemoteRegistry - ok
22:40:25.0736 3180 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:40:25.0739 3180 RpcEptMapper - ok
22:40:25.0744 3180 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:40:25.0751 3180 RpcLocator - ok
22:40:25.0772 3180 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:40:25.0776 3180 RpcSs - ok
22:40:25.0784 3180 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:40:25.0789 3180 rspndr - ok
22:40:25.0799 3180 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:40:25.0857 3180 s3cap - ok
22:40:25.0862 3180 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:40:25.0864 3180 SamSs - ok
22:40:25.0937 3180 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:40:26.0015 3180 SASDIFSV - ok
22:40:26.0034 3180 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:40:26.0036 3180 SASKUTIL - ok
22:40:26.0056 3180 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:40:26.0146 3180 sbp2port - ok
22:40:26.0163 3180 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:40:26.0173 3180 SCardSvr - ok
22:40:26.0183 3180 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:40:26.0270 3180 scfilter - ok
22:40:26.0304 3180 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:40:26.0330 3180 Schedule - ok
22:40:26.0336 3180 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:40:26.0337 3180 SCPolicySvc - ok
22:40:26.0379 3180 [ CFEB26A26452D5337C2F3AADD8218FC3 ] sdAuxService C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
22:40:26.0384 3180 sdAuxService - ok
22:40:26.0461 3180 [ B906C04F469060F2DD7FCB84706B4493 ] sdCoreService C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
22:40:26.0473 3180 sdCoreService - ok
22:40:26.0491 3180 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:40:26.0564 3180 SDRSVC - ok
22:40:26.0571 3180 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:40:26.0578 3180 secdrv - ok
22:40:26.0607 3180 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:40:26.0687 3180 seclogon - ok
22:40:26.0719 3180 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:40:26.0726 3180 SENS - ok
22:40:26.0741 3180 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:40:26.0745 3180 SensrSvc - ok
22:40:26.0757 3180 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:40:26.0758 3180 Serenum - ok
22:40:26.0773 3180 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:40:26.0775 3180 Serial - ok
22:40:26.0788 3180 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:40:26.0793 3180 sermouse - ok
22:40:26.0808 3180 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:40:26.0869 3180 SessionEnv - ok
22:40:26.0873 3180 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:40:26.0879 3180 sffdisk - ok
22:40:26.0884 3180 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:40:26.0891 3180 sffp_mmc - ok
22:40:26.0896 3180 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:40:26.0977 3180 sffp_sd - ok
22:40:26.0982 3180 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:40:26.0988 3180 sfloppy - ok
22:40:27.0031 3180 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:40:27.0042 3180 SharedAccess - ok
22:40:27.0060 3180 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:40:27.0066 3180 ShellHWDetection - ok
22:40:27.0081 3180 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:40:27.0087 3180 SiSRaid2 - ok
22:40:27.0105 3180 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:40:27.0112 3180 SiSRaid4 - ok
22:40:27.0167 3180 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:40:33.0031 3180 SkypeUpdate - ok
22:40:33.0037 3180 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:40:33.0045 3180 Smb - ok
22:40:33.0063 3180 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:40:33.0071 3180 SNMPTRAP - ok
22:40:33.0081 3180 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:40:33.0083 3180 spldr - ok
22:40:33.0104 3180 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:40:33.0111 3180 Spooler - ok
22:40:33.0169 3180 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:40:33.0230 3180 sppsvc - ok
22:40:33.0246 3180 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:40:33.0253 3180 sppuinotify - ok
22:40:33.0270 3180 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:40:33.0276 3180 srv - ok
22:40:33.0294 3180 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:40:33.0299 3180 srv2 - ok
22:40:33.0314 3180 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:40:33.0317 3180 srvnet - ok
22:40:33.0339 3180 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:40:33.0343 3180 SSDPSRV - ok
22:40:33.0351 3180 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:40:33.0357 3180 SstpSvc - ok
22:40:33.0386 3180 Steam Client Service - ok
22:40:33.0414 3180 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:40:33.0421 3180 stexstor - ok
22:40:33.0453 3180 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:40:33.0461 3180 stisvc - ok
22:40:33.0467 3180 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:40:33.0469 3180 storflt - ok
22:40:33.0474 3180 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
22:40:33.0479 3180 StorSvc - ok
22:40:33.0504 3180 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:40:33.0568 3180 storvsc - ok
22:40:33.0594 3180 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:40:33.0601 3180 swenum - ok
22:40:33.0618 3180 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:40:33.0633 3180 swprv - ok
22:40:33.0674 3180 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:40:33.0708 3180 SysMain - ok
22:40:33.0720 3180 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:40:33.0795 3180 TabletInputService - ok
22:40:33.0823 3180 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:40:33.0884 3180 TapiSrv - ok
22:40:33.0891 3180 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:40:33.0894 3180 TBS - ok
22:40:33.0965 3180 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:40:34.0000 3180 Tcpip - ok
22:40:34.0040 3180 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:40:34.0050 3180 TCPIP6 - ok
22:40:34.0058 3180 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:40:34.0061 3180 tcpipreg - ok
22:40:34.0077 3180 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:40:34.0084 3180 TDPIPE - ok
22:40:34.0097 3180 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:40:34.0183 3180 TDTCP - ok
22:40:34.0227 3180 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:40:34.0229 3180 tdx - ok
22:40:34.0235 3180 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:40:34.0238 3180 TermDD - ok
22:40:34.0263 3180 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:40:34.0337 3180 TermService - ok
22:40:34.0343 3180 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:40:34.0346 3180 Themes - ok
22:40:34.0353 3180 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:40:34.0355 3180 THREADORDER - ok
22:40:34.0364 3180 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:40:34.0367 3180 TrkWks - ok
22:40:34.0385 3180 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:40:34.0389 3180 TrustedInstaller - ok
22:40:34.0402 3180 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:40:34.0504 3180 tssecsrv - ok
22:40:34.0511 3180 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:40:34.0603 3180 TsUsbFlt - ok
22:40:34.0610 3180 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:40:34.0688 3180 TsUsbGD - ok
22:40:34.0709 3180 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:40:34.0770 3180 tunnel - ok
22:40:34.0787 3180 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:40:34.0793 3180 uagp35 - ok
22:40:34.0815 3180 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:40:34.0820 3180 udfs - ok
22:40:34.0862 3180 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:40:34.0901 3180 UI0Detect - ok
22:40:34.0950 3180 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:40:34.0987 3180 uliagpkx - ok
22:40:35.0090 3180 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:40:35.0094 3180 umbus - ok
22:40:35.0184 3180 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:40:35.0188 3180 UmPass - ok
22:40:35.0208 3180 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
22:40:35.0280 3180 UmRdpService - ok
22:40:35.0319 3180 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:40:35.0330 3180 upnphost - ok
22:40:35.0376 3180 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:40:35.0460 3180 USBAAPL64 - ok
22:40:35.0523 3180 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:40:35.0606 3180 usbaudio - ok
22:40:35.0614 3180 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:40:35.0616 3180 usbccgp - ok
22:40:35.0655 3180 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:40:35.0662 3180 usbcir - ok
22:40:35.0675 3180 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:40:35.0678 3180 usbehci - ok
22:40:35.0691 3180 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:40:35.0696 3180 usbhub - ok
22:40:35.0705 3180 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:40:35.0706 3180 usbohci - ok
22:40:35.0735 3180 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:40:35.0740 3180 usbprint - ok
22:40:35.0754 3180 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:40:35.0758 3180 usbscan - ok
22:40:35.0773 3180 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:40:35.0833 3180 USBSTOR - ok
22:40:35.0857 3180 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:40:35.0944 3180 usbuhci - ok
22:40:35.0961 3180 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:40:36.0022 3180 usbvideo - ok
22:40:36.0028 3180 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:40:36.0030 3180 UxSms - ok
22:40:36.0036 3180 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:40:36.0037 3180 VaultSvc - ok
22:40:36.0044 3180 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:40:36.0046 3180 vdrvroot - ok
22:40:36.0080 3180 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:40:36.0148 3180 vds - ok
22:40:36.0167 3180 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:40:36.0172 3180 vga - ok
22:40:36.0178 3180 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:40:36.0179 3180 VgaSave - ok
22:40:36.0191 3180 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:40:36.0257 3180 vhdmp - ok
22:40:36.0273 3180 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:40:36.0279 3180 viaide - ok
22:40:36.0293 3180 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:40:36.0357 3180 vmbus - ok
22:40:36.0375 3180 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:40:36.0473 3180 VMBusHID - ok
22:40:36.0506 3180 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:40:36.0509 3180 volmgr - ok
22:40:36.0527 3180 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:40:36.0533 3180 volmgrx - ok
22:40:36.0553 3180 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:40:36.0557 3180 volsnap - ok
22:40:36.0572 3180 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:40:36.0581 3180 vsmraid - ok
22:40:36.0620 3180 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:40:36.0706 3180 VSS - ok
22:40:36.0712 3180 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:40:36.0716 3180 vwifibus - ok
22:40:36.0744 3180 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:40:36.0758 3180 W32Time - ok
22:40:36.0778 3180 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:40:36.0786 3180 WacomPen - ok
22:40:36.0805 3180 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:40:36.0807 3180 WANARP - ok
22:40:36.0813 3180 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:40:36.0815 3180 Wanarpv6 - ok
22:40:36.0859 3180 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:40:37.0002 3180 WatAdminSvc - ok
22:40:37.0052 3180 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:40:37.0179 3180 wbengine - ok
22:40:37.0189 3180 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:40:37.0199 3180 WbioSrvc - ok
22:40:37.0229 3180 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:40:37.0235 3180 wcncsvc - ok
22:40:37.0241 3180 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:40:37.0246 3180 WcsPlugInService - ok
22:40:37.0258 3180 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:40:37.0265 3180 Wd - ok
22:40:37.0298 3180 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
22:40:37.0374 3180 WDC_SAM - ok
22:40:37.0408 3180 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:40:37.0416 3180 Wdf01000 - ok
22:40:37.0429 3180 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:40:37.0432 3180 WdiServiceHost - ok
22:40:37.0438 3180 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:40:37.0440 3180 WdiSystemHost - ok
22:40:37.0456 3180 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:40:37.0509 3180 WebClient - ok
22:40:37.0524 3180 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:40:37.0534 3180 Wecsvc - ok
22:40:37.0541 3180 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:40:37.0548 3180 wercplsupport - ok
22:40:37.0555 3180 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:40:37.0558 3180 WerSvc - ok
22:40:37.0565 3180 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:40:37.0567 3180 WfpLwf - ok
22:40:37.0580 3180 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:40:37.0584 3180 WIMMount - ok
22:40:37.0595 3180 WinHttpAutoProxySvc - ok
22:40:37.0625 3180 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:40:37.0630 3180 Winmgmt - ok
22:40:37.0685 3180 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:40:37.0773 3180 WinRM - ok
22:40:37.0807 3180 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:40:37.0892 3180 WinUsb - ok
22:40:37.0952 3180 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:40:37.0969 3180 Wlansvc - ok
22:40:37.0981 3180 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:40:37.0986 3180 WmiAcpi - ok
22:40:38.0002 3180 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:40:38.0012 3180 wmiApSrv - ok
22:40:38.0017 3180 WMPNetworkSvc - ok
22:40:38.0027 3180 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:40:38.0033 3180 WPCSvc - ok
22:40:38.0048 3180 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:40:38.0052 3180 WPDBusEnum - ok
22:40:38.0061 3180 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:40:38.0064 3180 ws2ifsl - ok
22:40:38.0068 3180 WSearch - ok
22:40:38.0162 3180 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:40:38.0206 3180 wuauserv - ok
22:40:38.0214 3180 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:40:38.0217 3180 WudfPf - ok
22:40:38.0230 3180 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:38.0291 3180 WUDFRd - ok
22:40:38.0299 3180 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:40:38.0302 3180 wudfsvc - ok
22:40:38.0333 3180 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:40:38.0344 3180 WwanSvc - ok
22:40:38.0427 3180 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:40:38.0434 3180 YahooAUService - ok
22:40:38.0456 3180 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
22:40:38.0461 3180 yukonw7 - ok
22:40:38.0468 3180 ================ Scan global ===============================
22:40:38.0480 3180 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:40:38.0489 3180 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:40:38.0501 3180 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:40:38.0510 3180 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:40:38.0531 3180 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:40:38.0536 3180 [Global] - ok
22:40:38.0537 3180 ================ Scan MBR ==================================
22:40:38.0540 3180 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
22:40:38.0737 3180 \Device\Harddisk1\DR1 - ok
22:40:38.0767 3180 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:40:39.0077 3180 \Device\Harddisk0\DR0 - ok
22:40:39.0078 3180 ================ Scan VBR ==================================
22:40:39.0081 3180 [ 7DBE2D8CA6A5A65E713118FFEE08A77E ] \Device\Harddisk1\DR1\Partition1
22:40:39.0082 3180 \Device\Harddisk1\DR1\Partition1 - ok
22:40:39.0086 3180 [ 0AABC7E89A0BE5637083AA38DFBEE7AE ] \Device\Harddisk0\DR0\Partition1
22:40:39.0087 3180 \Device\Harddisk0\DR0\Partition1 - ok
22:40:39.0091 3180 [ CA348878133F6E9EB3375EAF5058F979 ] \Device\Harddisk0\DR0\Partition2
22:40:39.0093 3180 \Device\Harddisk0\DR0\Partition2 - ok
22:40:39.0093 3180 ============================================================
22:40:39.0093 3180 Scan finished
22:40:39.0093 3180 ============================================================
22:40:39.0105 5172 Detected object count: 0
22:40:39.0105 5172 Actual detected object count: 0

aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-03 23:05:40
-----------------------------
23:05:40.843 OS Version: Windows x64 6.1.7601 Service Pack 1
23:05:40.843 Number of processors: 2 586 0x4303
23:05:40.844 ComputerName: MAX-PC UserName: Max
23:05:42.230 Initialize success
23:05:54.918 AVAST engine defs: 12110301
23:05:55.808 The log file has been saved successfully to "C:\Users\Max\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-03 23:37:53
-----------------------------
23:37:53.678 OS Version: Windows x64 6.1.7601 Service Pack 1
23:37:53.678 Number of processors: 2 586 0x4303
23:37:53.679 ComputerName: MAX-PC UserName: Max
23:37:55.100 Initialize success
23:38:04.920 AVAST engine defs: 12110301
23:38:56.673 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-3
23:38:56.676 Disk 0 Vendor: WDC_WD5000AACS-00ZUB0 01.01B01 Size: 476940MB BusType: 3
23:38:56.678 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-a
23:38:56.681 Disk 1 Vendor: ST95005620AS SD26 Size: 476940MB BusType: 3
23:38:56.684 Disk 1 MBR read successfully
23:38:56.687 Disk 1 MBR scan
23:38:56.692 Disk 1 Windows 7 default MBR code
23:38:56.695 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:38:56.700 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
23:38:56.709 Disk 1 scanning C:\Windows\system32\drivers
23:39:01.058 Service scanning
23:39:15.486 Modules scanning
23:39:15.497 Disk 1 trace - called modules:
23:39:15.502 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:39:15.507 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004af1060]
23:39:15.513 3 CLASSPNP.SYS[fffff880011c843f] -> nt!IofCallDriver -> [0xfffffa8004af0040]
23:39:15.518 5 PCTCore64.sys[fffff8800112b720] -> nt!IofCallDriver -> [0xfffffa80047a3520]
23:39:15.524 7 ACPI.sys[fffff88000f847a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-a[0xfffffa80047a2060]
23:39:16.892 AVAST engine scan C:\Windows
23:39:18.406 AVAST engine scan C:\Windows\system32
23:41:19.538 AVAST engine scan C:\Windows\system32\drivers
23:41:25.105 AVAST engine scan C:\Users\Max
00:06:58.449 AVAST engine scan C:\ProgramData
00:12:14.180 Scan finished successfully
00:25:48.173 Disk 1 MBR has been saved successfully to "C:\Users\Max\Documents\MBR.dat"
00:25:48.178 The log file has been saved successfully to "C:\Users\Max\Documents\aswMBR.txt"

ESET online:

C:\Users\Max\AppData\Local\{E63E1D6C-F6DC-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Users\Max\AppData\Roaming\mdmcmg.dll a variant of Win32/Medfos.ET trojan
C:\Users\Max\AppData\Roaming\trlaui.dll a variant of Win32/Medfos.ED trojan
F:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
F:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Win32/Toolbar.AskSBar application


it looks like it found a redirector

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:09 PM

Posted 04 November 2012 - 10:39 AM

Run ESET again and makesure to checkmark REMOVE THREATS option.Post the new log


Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 TheManInTheBox

TheManInTheBox
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 05 November 2012 - 11:17 PM

This is from ESET (Looks like it got the redirect)

C:\Users\Max\AppData\Local\{E63E1D6C-F6DC-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Users\Max\AppData\Roaming\trlaui.dll a variant of Win32/Medfos.ED trojan cleaned by deleting - quarantined
F:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
F:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Win32/Toolbar.AskSBar application cleaned by deleting - quarantined


MBAM:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Max :: MAX-PC [administrator]

11/5/2012 9:55:31 PM
mbam-log-2012-11-05 (21-55-31).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 458510
Time elapsed: 41 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



MiniToolBox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Max (administrator) on 05-11-2012 at 22:50:48
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Max-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-22-15-0A-C3-4D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ec32:5c1e:98af:609e%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, November 05, 2012 7:09:40 PM
Lease Expires . . . . . . . . . . : Tuesday, November 06, 2012 7:09:40 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234889749
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-BE-A1-A6-00-22-15-0A-C3-4D
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4004:800::1003
74.125.228.9
74.125.228.0
74.125.228.2
74.125.228.14
74.125.228.3
74.125.228.7
74.125.228.4
74.125.228.5
74.125.228.8
74.125.228.1
74.125.228.6


Pinging google.com [74.125.228.14] with 32 bytes of data:
Reply from 74.125.228.14: bytes=32 time=16ms TTL=252
Reply from 74.125.228.14: bytes=32 time=14ms TTL=252

Ping statistics for 74.125.228.14:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 16ms, Average = 15ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=64ms TTL=51
Reply from 98.138.253.109: bytes=32 time=48ms TTL=51

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 48ms, Maximum = 64ms, Average = 56ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 22 15 0a c3 4d ......Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.12 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.12 276
192.168.1.12 255.255.255.255 On-link 192.168.1.12 276
192.168.1.255 255.255.255.255 On-link 192.168.1.12 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.12 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.12 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::ec32:5c1e:98af:609e/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
x64-Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
x64-Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
x64-Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
x64-Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
x64-Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/05/2012 07:18:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/05/2012 07:18:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/05/2012 07:18:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/05/2012 07:11:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/05/2012 07:11:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/05/2012 07:11:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/05/2012 07:11:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/05/2012 07:10:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/05/2012 07:10:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/05/2012 07:05:37 PM) (Source: MsiInstaller) (User: Max-PC)Max-PC
Description: Product: McAfee Agent -- McAfee Agent cannot be removed because other products are still using it.


System errors:
=============
Error: (11/05/2012 07:01:52 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/05/2012 07:01:52 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (11/05/2012 07:01:50 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (11/05/2012 06:59:41 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (11/05/2012 06:59:41 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (11/05/2012 06:57:09 PM) (Source: DCOM) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (11/05/2012 06:56:51 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (11/05/2012 06:56:50 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/05/2012 06:56:50 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/05/2012 06:56:49 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (11/05/2012 07:18:24 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Max\Downloads\esetsmartinstaller_enu.exe

Error: (11/05/2012 07:18:20 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Max\Downloads\esetsmartinstaller_enu.exe

Error: (11/05/2012 07:18:20 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Max\Downloads\esetsmartinstaller_enu.exe

Error: (11/05/2012 07:11:42 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Max\Downloads\esetsmartinstaller_enu.exe

Error: (11/05/2012 07:11:39 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Max\Downloads\esetsmartinstaller_enu.exe

Error: (11/05/2012 07:11:00 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Max\Downloads\esetsmartinstaller_enu.exe

Error: (11/05/2012 07:11:00 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Max\Downloads\esetsmartinstaller_enu.exe

Error: (11/05/2012 07:10:32 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Max\Downloads\esetsmartinstaller_enu.exe

Error: (11/05/2012 07:10:32 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Max\Downloads\esetsmartinstaller_enu.exe

Error: (11/05/2012 07:05:37 PM) (Source: MsiInstaller)(User: Max-PC)Max-PC
Description: Product: McAfee Agent -- McAfee Agent cannot be removed because other products are still using it.(NULL)(NULL)(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

Adobe AIR (Version: 3.4.0.2710)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AIM 7
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Browser Guard 4.0 (Version: 4.0.0.1606)
Citrix XenApp Plugin for Hosted Apps (Version: 11.0.14.5357)
DAPlayer 1.0.1.9
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Democracy 2 Demo
Diablo II
Diablo III (Version: 1.0.1.9558)
Diablo III Beta (Version: 0.10.0.9183)
Download Updater (AOL LLC)
EPSON Printer Software
EPSON Scan
ESET Online Scanner v3
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Foldit
FTL: Faster Than Light
GameSpy Arcade
Google Chrome (Version: 22.0.1229.94)
Google Update Helper (Version: 1.3.21.123)
Hacker Evolution Duality Demo
iBomber Defense Pacific Demo
iCloud (Version: 1.1.0.40)
iTunes (Version: 10.7.0.21)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Juniper Networks Host Checker (Version: 6.5.0.15991)
Juniper Networks Secure Application Manager (Version: 6.5.0.15991)
Juniper Networks Setup Client (Version: 2.1.4.7717)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
McAfee SiteAdvisor Enterprise Plus (Version: 3.0.0.638)
Medieval II Total War (Version: 1.03.000)
Medieval II Total War : Kingdoms : Americas (Version: 1.03.000)
Medieval II Total War : Kingdoms : Britannia (Version: 1.03.000)
Medieval II Total War : Kingdoms : Crusades (Version: 1.03.000)
Medieval II Total War : Kingdoms : Teutonic (Version: 1.03.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 16.0.1 (x86 en-US) (Version: 16.0.1)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
NVIDIA 3D Vision Controller Driver (Version: 275.33)
NVIDIA 3D Vision Controller Driver 296.10 (Version: 296.10)
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9610)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
OpenAL
Pandora (Version: 2.0.6)
PC Tools Spyware Doctor 9.0 (Version: 9.0)
PowerDVD
QuickTime (Version: 7.72.80.56)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Rome - Total War (Version: 1.5)
Sid Meier's Civilization V
Skype™ 5.10 (Version: 5.10.116)
Space Pirates and Zombies Demo
SpeedyPC Pro (Version: 3.0.0.0)
Star Wars: The Old Republic (Version: 1.00)
StarCraft II (Version: 1.4.3.21029)
Steam (Version: 1.0.0.0)
Stronghold 3
SUPERAntiSpyware (Version: 5.6.1012)
System Information Reporter (Version: 1.0.0.180)
System Requirements Lab
System Requirements Lab CYRI (Version: 4.5.1.0)
The Weather Channel App
The Weather Channel Desktop 6
Total War: SHOGUN 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598289) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Waveform Demo
XCOM: Enemy Unknown
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 4095.3 MB
Available physical RAM: 1734.22 MB
Total Pagefile: 8188.8 MB
Available Pagefile: 5993.39 MB
Total Virtual: 4095.88 MB
Available Virtual: 3952.54 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.66 GB) (Free:119.39 GB) NTFS
3 Drive d: (Medieval2) (CDROM) (Total:6.62 GB) (Free:0 GB) UDF
5 Drive f: () (Fixed) (Total:465.75 GB) (Free:89.59 GB) NTFS

========================= Users: ========================================

User accounts for \\MAX-PC

Administrator Guest Max
UpdatusUser

========================= Restore Points ==================================

29-10-2012 08:32:36 Scheduled Checkpoint
04-11-2012 20:06:04 Removed McAfee Agent.
04-11-2012 20:10:15 Removed McAfee Agent.
04-11-2012 20:12:17 Removed McAfee Agent.
04-11-2012 20:14:20 Removed McAfee Host Intrusion Prevention.
04-11-2012 20:19:17 Removed McAfee SiteAdvisor Enterprise Plus.
04-11-2012 20:26:59 Removed McAfee VirusScan Enterprise
04-11-2012 20:30:22 Removed McAfee Agent.
05-11-2012 23:33:28 Removed McAfee Agent.
05-11-2012 23:53:08 Removed McAfee Agent.
06-11-2012 00:02:23 Removed McAfee Agent.
06-11-2012 00:04:25 Removed McAfee VirusScan Enterprise
06-11-2012 00:05:22 Removed McAfee Agent.
06-11-2012 00:08:02 Removed McAfee Agent.
06-11-2012 00:08:31 Removed McAfee Host Intrusion Prevention.

**** End of log ****



FarBar:

Farbar Service Scanner Version: 04-11-2012
Ran by Max (administrator) on 05-11-2012 at 22:53:45
Running from "C:\Users\Max\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

adware cleaner:

# AdwCleaner v2.006 - Logfile created 11/05/2012 at 22:56:08
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Max - MAX-PC
# Boot Mode : Normal
# Running from : C:\Users\Max\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\2rioxa33.default\prefs.js

C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\2rioxa33.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [2835 octets] - [05/11/2012 22:56:08]

########## EOF - C:\AdwCleaner[S2].txt - [2895 octets] ##########


JRT:

Junkware Removal Tool (JRT) by Thisisu
Version: 2.7.1 (11.05.2012)
OS: Windows 7 Professional x64
Ran by Max on Mon 11/05/2012 at 23:08:16.91
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



*** Files:

Successfully deleted: [FILE] C:\Windows\tasks\SpeedyPC Pro.job
Successfully deleted: [FILE] C:\Windows\tasks\SpeedyPC Registration3.job
Successfully deleted: [FILE] C:\Windows\tasks\SpeedyPC Update Version3.job



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Chrome detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Mon 11/05/2012 at 23:16:10.13
End of Report

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:09 PM

Posted 05 November 2012 - 11:32 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 TheManInTheBox

TheManInTheBox
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 19 November 2012 - 06:29 PM

It seems like everything is working well. Sorry for the delay, have been doing a lot of running around


Heres FSS:


Farbar Service Scanner Version: 04-11-2012
Ran by Max (administrator) on 19-11-2012 at 18:22:21
Running from "C:\Users\Max\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-11-15 00:09] - [2012-10-03 12:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Here is RKill:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/19/2012 06:25:14 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Max\Downloads\FSS.exe (PID: 3240) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Max\Desktop\rkill\rkill-11-19-2012-06-25-19.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-21-1509043459-42054963-1243508497-1000\$8261a6c85c780c363d534a0088a02a9d\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-1509043459-42054963-1243508497-1000\$8261a6c85c780c363d534a0088a02a9d\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-1509043459-42054963-1243508497-1000\$8261a6c85c780c363d534a0088a02a9d\U\ [ZA Dir]

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/19/2012 06:25:25 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)


Here is Autoruns:

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ISTray" "PC Tools Security Component" "PC Tools" "c:\program files (x86)\pc tools\pc tools security\pctsgui.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "SDContextExt" "Spyware Doctor Component" "PC Tools" "c:\program files (x86)\pc tools\pc tools security\sdcontextext64.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "NvCplDesktopContext" "" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "SDContextExt" "Spyware Doctor Component" "PC Tools" "c:\program files (x86)\pc tools\pc tools security\sdcontextext64.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor enterprise\mcieplg.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "PC Tools Browser Guard BHO" "Browser Defender Toolbar" "Threat Expert Ltd." "c:\program files (x86)\pc tools\pc tools security\bdt\pctbrowserdefender.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealPlayer" "c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files (x86)\yahoo!\companion\installs\cpn0\ytsingleinstance.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor enterprise\mcieplg.dll"
+ "PC Tools Browser Guard" "Browser Defender Toolbar" "Threat Expert Ltd." "c:\program files (x86)\pc tools\pc tools security\bdt\pctbrowserdefender.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\FacebookUpdateTaskUserS-1-5-21-1509043459-42054963-1243508497-1000Core" "Facebook Installer" "Facebook Inc." "c:\users\max\appdata\local\facebook\update\facebookupdate.exe"
+ "\FacebookUpdateTaskUserS-1-5-21-1509043459-42054963-1243508497-1000UA" "Facebook Installer" "Facebook Inc." "c:\users\max\appdata\local\facebook\update\facebookupdate.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\RealUpgradeLogonTaskS-1-5-21-1509043459-42054963-1243508497-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\RealUpgradeScheduledTaskS-1-5-21-1509043459-42054963-1243508497-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\ReclaimerUpdateFiles_Max" "RealNetworks Installer" "RealNetworks, Inc." "c:\users\max\appdata\roaming\real\update\upgradehelper\realplayer\10.20\agent\rnupgagent.exe"
+ "\ReclaimerUpdateXML_Max" "RealNetworks Installer" "RealNetworks, Inc." "c:\users\max\appdata\roaming\real\update\upgradehelper\realplayer\10.20\agent\rnupgagent.exe"
+ "\RNUpgradeHelperLogonPrompt_Max" "RealNetworks Installer" "RealNetworks, Inc." "c:\users\max\appdata\roaming\real\update\upgradehelper\realplayer\10.20\agent\rnupgagent.exe"
+ "\RNUpgradeHelperResumePrompt_Max" "RealNetworks Installer" "RealNetworks, Inc." "c:\users\max\appdata\roaming\real\update\upgradehelper\realplayer\10.20\agent\rnupgagent.exe"
+ "\SpeedyPC Pro" "" "" "File not found: C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe"
+ "\SpeedyPC Registration3" "" "" "File not found: C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll"
+ "\SpeedyPC Update Version3" "" "" "File not found: C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "Browser Defender Update Service" "Browser Defender Update Service" "Threat Expert Ltd." "c:\program files (x86)\pc tools\pc tools security\bdt\bdtupdateservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files\microsoft office\office14\groove.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe"
+ "nvUpdatusService" "NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server." "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe"
+ "ose64" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "sdAuxService" "Provides auxiliary PC Tools Security services. If this service is disabled spyware protection will be reduced." "PC Tools" "c:\program files (x86)\pc tools\pc tools security\pctsauxs.exe"
+ "sdCoreService" "Provides spyware and malware protection for the system. If this service is disabled spyware protection will be disabled." "PC Tools" "c:\program files (x86)\pc tools\pc tools security\pctssvc.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe"
+ "Stereo Service" "Provides system support for NVIDIA Stereoscopic 3D driver" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files (x86)\yahoo!\softwareupdate\yahooauservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MTsensor" "ATK0110 ACPI Utility" "" "c:\windows\system32\drivers\asacpi.sys"
+ "NEOFLTR_650_15991" "NetBIOS Redirector" "Juniper Networks" "c:\windows\system32\drivers\neofltr_650_15991.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 306.97 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PCTBD" "PC Tools BD Driver" "PC Tools" "c:\windows\system32\drivers\pctbd64.sys"
+ "PCTCore" "PC Tools KDS Core Driver" "PC Tools" "c:\windows\system32\drivers\pctcore64.sys"
+ "pctDS" "PC Tools Data Store" "PC Tools" "c:\windows\system32\drivers\pctds64.sys"
+ "PCTSD" "PC Tools SD Driver" "PC Tools" "c:\windows\system32\drivers\pctsd64.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam64.sys"
+ "yukonw7" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk62x64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\shared files\audiofilter\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\shared files\audiofilter\claudfx.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\shared files\audiofilter\claudiocd.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\shared files\navfilter\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\shared files\videofilter\clline21.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\shared files\audiofilter\clauts.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\shared files\videofilter\clvsd.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
+ "PCTOOLS CONTENT FILTER PROVIDER" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp.dll"
+ "PCTOOLS over [MSAFD Tcpip [RAW/IP]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp.dll"
+ "PCTOOLS over [MSAFD Tcpip [RAW/IPv6]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp.dll"
+ "PCTOOLS over [MSAFD Tcpip [TCP/IP]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp.dll"
+ "PCTOOLS over [MSAFD Tcpip [TCP/IPv6]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp.dll"
+ "PCTOOLS over [MSAFD Tcpip [UDP/IP]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp.dll"
+ "PCTOOLS over [MSAFD Tcpip [UDP/IPv6]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64" "" "" ""
+ "PCTOOLS CONTENT FILTER PROVIDER" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp64.dll"
+ "PCTOOLS over [MSAFD Tcpip [RAW/IP]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp64.dll"
+ "PCTOOLS over [MSAFD Tcpip [RAW/IPv6]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp64.dll"
+ "PCTOOLS over [MSAFD Tcpip [TCP/IP]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp64.dll"
+ "PCTOOLS over [MSAFD Tcpip [TCP/IPv6]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp64.dll"
+ "PCTOOLS over [MSAFD Tcpip [UDP/IP]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp64.dll"
+ "PCTOOLS over [MSAFD Tcpip [UDP/IPv6]]" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files (x86)\common files\pc tools\lsp\pctlsp64.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Epson Inbox Language Monitor01" "Epson Printer Driver" "SEIKO EPSON CORPORATION" "c:\windows\system32\ep0slm01.dll"
+ "EPSON Stylus CX7400 Series 64MonitorBA" "EPSON Bi-directional Monitor" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_ilmcda.dll"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:09 PM

Posted 19 November 2012 - 08:58 PM

Now run RKILL given in previous instructions and post the new log

Edited by narenxp, 20 November 2012 - 09:57 PM.


#9 TheManInTheBox

TheManInTheBox
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 20 November 2012 - 06:19 PM

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/20/2012 06:19:15 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/20/2012 06:19:23 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)


How am I looking Doc?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:09 PM

Posted 20 November 2012 - 09:58 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users